فهرست منبع

refactor(skills): trim over-budget descriptions to the 700-char gate

Trim 22 skill frontmatter descriptions (description + when_to_use) under the
tests/validate.sh 700-char hard cap, ahead of its WARN->FAIL flip. Each rewrite
is one capability clause + a flat trigger-keyword list; large when_to_use fields
were folded into the description and removed.

Catalog totals (skill description chars, soft budget 35000):
  before: 55424
  after:  36762  (-18662)

Remaining over-budget warns are the 4 sibling-lane skills (claude-code-ops,
fleet-worker, fleetflow, loop-ops), owned by another lane.

Also two in-body author-machine value sanitizations so a cold agent on another
machine won't copy them verbatim:
- process-compose-ops: X:\00_Orchestration\compose-portless -> <your-process-compose-dir>,
  -p 8888 -> -p <your-pc-port>, with an 'example values' note at first use.
- portless-ops: axiom.lab / --tld lab -> <your-app>.<your-tld> / --tld <your-tld>,
  keeping one labeled worked example in the CLI quick reference.

Co-Authored-By: Claude <noreply@anthropic.com>
0xDarkMatter 5 روز پیش
والد
کامیت
e0b865f4b3

+ 1 - 2
skills/adr-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: adr-ops
-description: "Author, index, and lint Architecture Decision Records — append-only project memory that recovers the WHY behind a system's shape. Scaffold the next sequential ADR, enforce the canonical frontmatter + section format, manage supersession with bidirectional integrity, and treat the directory as the index. Triggers on: adr, architecture decision record, decision record, decision log, why was this decided, record this decision, supersede an adr, adr template, adr lint, adr index, docs/adr, append-only decision, new adr, next adr number."
-when_to_use: "Use when a change constrains future options, seriously weighed alternatives, or has rationale the code can't show — e.g. 'record this as an ADR', 'why did we decide X', 'add a decision record', 'supersede ADR-007', 'lint our ADRs', 'what's the next ADR number'."
+description: "Author, index, and lint Architecture Decision Records — append-only memory that recovers the WHY behind a system's shape. Triggers on: adr, architecture decision record, decision log, record this decision, supersede an adr, why was this decided, adr template, next adr number."
 license: MIT
 allowed-tools: "Read Write Edit Bash Glob Grep"
 metadata:

+ 1 - 2
skills/asus-router-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: asus-router-ops
-description: "ASUS router configuration and hardening - Asuswrt-Merlin firmware, security hardening, encrypted DNS (DoT/DoH), VPN (WireGuard/OpenVPN), guest networks, VLAN/IoT isolation, AiMesh, AiProtection, JFFS scripts, QoS. Use for: asus router, asuswrt, merlin, asuswrt-merlin, router hardening, DNS Director, AiProtection, AiMesh, guest network, VPN Director, wireguard router, openvpn router, nvram, jffs, DoT, DoH, port forwarding, IoT isolation."
-when_to_use: "Use when configuring or hardening an ASUS router (stock Asuswrt or Asuswrt-Merlin) — e.g. 'harden my ASUS router', 'set up WireGuard or DoT', 'isolate IoT on a VLAN', 'configure AiMesh or guest networking'. Covers VPN Director, AiProtection, DNS, and JFFS scripts."
+description: "ASUS router config and hardening: Asuswrt-Merlin, security hardening, encrypted DNS (DoT/DoH), VPN (WireGuard/OpenVPN), guest networks, VLAN/IoT isolation, AiMesh, AiProtection. Triggers on: asus router, asuswrt, merlin, wireguard router, AiProtection, AiMesh, nvram, jffs, IoT isolation."
 license: MIT
 allowed-tools: "Read Write Bash"
 metadata:

+ 1 - 2
skills/cloudflare-ops/SKILL.md

@@ -1,12 +1,11 @@
 ---
 name: cloudflare-ops
-description: "Cloudflare Workers + Wrangler edge-platform operations - Workers runtime, bindings, local dev, secrets, deploy/CI, Pages-vs-Workers, observability. Use for: cloudflare, workers, wrangler, cloudflare pages, KV, D1, R2, durable objects, queues, hyperdrive, workers ai, vectorize, wrangler.toml, wrangler.jsonc, wrangler deploy, wrangler dev, wrangler secret, bindings, compatibility_date, static assets, edge functions, cron triggers, tail workers, gradual deployments."
+description: "Cloudflare Workers + Wrangler edge ops: runtime, bindings, local dev, secrets, deploy/CI, Pages-vs-Workers. Triggers on: cloudflare workers, wrangler, wrangler deploy, wrangler.toml, KV, D1, R2, durable objects, queues, vectorize, compatibility_date, edge functions."
 license: MIT
 allowed-tools: "Read Write Bash"
 metadata:
   author: claude-mods
   related-skills: "terraform-ops, nginx-ops"
-when_to_use: "Building, configuring, or deploying Cloudflare Workers; writing or fixing wrangler config; choosing or wiring a binding (KV/D1/R2/DO/Queues/Hyperdrive/AI/Vectorize); deciding Workers vs Pages; setting up local dev, secrets, or CI/CD for the edge; debugging deploy errors, CPU limits, or bundling."
 ---
 
 # Cloudflare Operations

+ 1 - 2
skills/color-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: color-ops
-description: "Color for developers - color spaces, accessibility contrast, palette generation, CSS color functions, design tokens, dark mode, and CVD simulation. Use for: color, colour, palette, contrast, accessibility, WCAG, APCA, OKLCH, OKLAB, HSL, color picker, color-mix, dark mode colors, design tokens, color system, color scale, color ramp, gradient, CVD, color blind, gamut, P3, sRGB, color naming, color harmony, color temperature, semantic colors."
-when_to_use: "Use when making color decisions for UI or design — e.g. 'generate an accessible palette', 'hit WCAG or APCA contrast targets', 'convert to OKLCH / pick a color space', 'build dark-mode and design-token color scales'. Covers contrast, CVD, gamut (P3/sRGB), and CSS color-mix."
+description: "Color for developers: color spaces, accessibility contrast, palette generation, CSS color functions, design tokens, dark mode. Triggers on: color, palette, contrast, WCAG, APCA, OKLCH, color-mix, dark mode colors, design tokens, CVD, color blind, P3, sRGB."
 license: MIT
 allowed-tools: "Read Write Bash"
 metadata:

+ 1 - 2
skills/ffmpeg-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: ffmpeg-ops
-description: "Comprehensive ffmpeg/ffprobe operations - probe-first media processing: transcode and compress (H.264/H.265/AV1/Opus), frame-accurate cut/trim/concat, EDL-driven editing, color grading and .cube LUTs, audio loudnorm and mixing, STT/Whisper audio prep, subtitles, GIF and thumbnails, HLS packaging, hardware encoding (NVENC/QSV/AMF/VideoToolbox), restoration, scene and silence detection, VMAF quality gates, screen capture, yt-dlp interop. Triggers on: ffmpeg, ffprobe, transcode, convert video, compress video, encode video, extract audio, trim video, cut video, concat videos, video to gif, thumbnail, contact sheet, burn subtitles, watermark, resize video, crop video, change fps, slow motion, timelapse, loudnorm, normalize audio, audio for whisper, transcription prep, scene detection, silence detection, remove silence, color grade, LUT, tonemap HDR, vmaf, nvenc, hardware encode, hls, remux, faststart, deinterlace, stabilize video, denoise video, screen record, EDL, keyframes."
-when_to_use: "Use for ANY ffmpeg/ffprobe invocation or media task - converting, cutting, grading, packaging, or preparing audio for STT - BEFORE hand-writing a command; the cookbook and scripts encode the footguns (seek accuracy, keyframe snapping, quoting, pix_fmt) that silently ruin output."
+description: "Comprehensive ffmpeg/ffprobe media processing: transcode, cut/trim/concat, color grading, loudness normalization, subtitles, GIFs, HLS packaging, hardware encoding, and quality gates (VMAF). Triggers on: ffmpeg, ffprobe, transcode, compress/convert video, extract audio, color grade, hls."
 license: MIT
 compatibility: "ffmpeg 5.0+ (6.0+ recommended). Scripts: bash + python3.10+. Optional per task: libvmaf, libass, libzimg, libvidstab."
 allowed-tools: "Read Write Edit Bash Glob Grep"

+ 1 - 2
skills/git-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: git-ops
-description: "Full git + worktree orchestrator. Rich status survey, per-worktree triage (prunable/WIP/ghost/orphan), commits, PRs, branches, releases, rebases — reads run inline, writes dispatch to a background Sonnet agent. Triggers on: status, state, where are we, git status, anything to commit, anything to push, commit, push, pull request, create PR, git diff, rebase, stash, branch, merge, release, tag, changelog, semver, cherry-pick, bisect, worktree, worktree survey, prunable worktrees, land worktree, land all, land everything, land pending work, land my worktrees, land the chips, batch land, clean up branches."
-when_to_use: "Use when the user asks to commit, push, create a PR, cut a release, rebase, stash, or manage branches/worktrees — e.g. 'where are we', 'anything to commit?', 'land this worktree', 'land everything that's done'."
+description: "Git + worktree orchestrator: status survey, per-worktree triage, commits, PRs, branches, releases, rebases — reads inline, writes to a background agent. Triggers on: git status, anything to commit, anything to push, commit, push, create PR, rebase, release, tag, changelog, worktree, land worktrees."
 license: MIT
 allowed-tools: "Read Bash Glob Grep Agent TaskCreate TaskUpdate"
 metadata:

+ 1 - 2
skills/github-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: github-ops
-description: "GitHub remote operations — repo creation, metadata (description/homepage/topics), releases, README 'Recent Updates' enforcement, issue / PR management with preview-before-send discipline, and read-only repo security-posture auditing. Companion to git-ops (local) and push-gate (pre-push safety). Three modes: new (first publish), update (subsequent release), audit (read-only checklist), plus atomic operations for issues and PRs. Triggers on: push to github, publish repo, ship release, cut release, gh release, set topics, repo description, github metadata, recent updates section, audit github repo, repo visibility, make repo public, gh repo create, gh issue, gh pr, create issue, comment on issue, close issue, triage issue, create PR, review PR, merge PR, pre-merge check, pr checks, security posture, dependabot, secret scanning, code scanning, branch protection, SECURITY.md, is this repo secure, audit repo security."
-when_to_use: "Use when the user asks to publish a repo, cut a GitHub release, set repo description/topics, audit a repo, or manage issues and PRs with gh — e.g. 'comment on issue #4', 'merge the PR', 'make the repo public'."
+description: "GitHub remote operations: repo creation, metadata, releases, issue/PR management with preview-before-send, and read-only security auditing. Triggers on: push to github, ship release, gh release, audit github repo, gh issue, gh pr, merge PR, branch protection, secret scanning, SECURITY.md."
 license: MIT
 allowed-tools: "Read Write Edit Bash Glob Grep"
 metadata:

+ 1 - 1
skills/isometric-ops/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: isometric-ops
-description: "Create, refine, compose, and export isometric illustrative assets for websites and games. Covers projection math (true isometric 30° vs 2:1 dimetric vs pixel 1:2), SVG/CSS/three.js generation, pixel-art workflow, Blender pre-render rigs, engine tilemaps (Godot/Unity/Phaser), AI generation with ControlNet structure control, asset sourcing and licences, and the companion iso-studio scene composer (standalone app: snap-to-grid staging, y-sort, blockout-to-ControlNet export). Use for: isometric, dimetric, axonometric, isometric illustration, isometric icon, isometric city, isometric room, isometric map, iso grid, isometric tiles, 2:1 tiles, tile spec, tileset, tilemap, y-sort, depth sorting, orthographic camera, SSR method, scale shear rotate, isometric CSS, isometric SVG, iso-studio, snap to grid, sprite sheet, spritesheet, atlas packing, isometric pixel art, Aseprite isometric, Blender isometric render, isometric AI generation, isometric LoRA, ControlNet isometric, isometric asset pack, Kenney isometric, isometric export."
+description: "Create, refine, compose, and export isometric/dimetric assets for web and games: projection math, SVG/CSS/three.js generation, pixel-art and Blender workflows, engine tilemaps, ControlNet AI generation, and the iso-studio composer. Triggers on: isometric, dimetric, tileset, y-sort."
 license: MIT
 allowed-tools: "Read Write Bash"
 metadata:

+ 1 - 1
skills/mac-ops/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: mac-ops
-description: "Comprehensive macOS workstation operations — diagnose kernel panics, identify failing drives, audit launchd startup items, decode wake reasons, triage TCC permission denials, manage APFS snapshots, recover from no-boot. Use for: Mac is slow, slow bootup, won't boot, kernel panic, kernel_task hot, mds_stores CPU, photoanalysisd, cloudd, login loop, gray screen, sleep wake failure, drive failing, IO errors, APFS snapshots eating space, Time Machine local snapshots, Spotlight indexing, launchd, LaunchAgent, LaunchDaemon, login items, TCC permissions, Full Disk Access, Screen Recording denied, Gatekeeper, quarantine, com.apple.quarantine, app is damaged, helper tool, /Library/PrivilegedHelperTools, pmset, wake reasons, dark wake, sysdiagnose, panic.ips, DiagnosticReports, configuration profile, MDM profile, remote diagnostics over SSH."
+description: "macOS workstation diagnostics: kernel panics, failing drives, launchd startup audit, wake reasons, TCC denials, APFS snapshots. Triggers on: mac is slow, won't boot, kernel panic, login loop, drive failing, launchd, TCC permissions, Full Disk Access, Gatekeeper, sysdiagnose."
 license: MIT
 allowed-tools: "Read Write Bash"
 metadata:

+ 1 - 17
skills/mapbox-ops/SKILL.md

@@ -1,22 +1,6 @@
 ---
 name: mapbox-ops
-description: >-
-  Advanced Mapbox GL JS toolkit for the WEB (mapbox-gl-js v3, not native/iOS):
-  build production map experiences — custom markers, thematic dataviz, 3D,
-  terrain, cinematic camera, style composition, performance, and hard-won
-  gotchas. Use for Mapbox GL JS work: custom markers, addImage / updateImage,
-  icon-image, SVG / canvas markers, icon-anchor / icon-offset, symbol layers,
-  geojson layers, clustering, feature-state hover /
-  select, queryRenderedFeatures, style expressions (interpolate / step / match /
-  case, zoom-outermost rule), line-dasharray, line casing, line-gradient,
-  hillshade, contours, setTerrain, raster-dem, fill-extrusion 3D buildings,
-  heatmap, choropleth / data-join, proportional symbols, basemap palette
-  recolour, setPaintProperty, v3 Standard style / slots / setConfigProperty /
-  lightPreset, style switcher / library, text labels / text-optional, popups,
-  flyTo / easeTo / freeCameraOptions camera animation, setStyle re-add,
-  map.resize, WebGL teardown, three.js custom layer / CustomLayerInterface /
-  threebox / animated 3D objects or models on the map,
-  or headless Playwright map verification.
+description: "Mapbox GL JS v3 (web) toolkit: custom markers, symbol/geojson layers, clustering, style expressions, 3D terrain/fill-extrusion, heatmaps, choropleths, camera animation, and performance gotchas. Use for any Mapbox GL JS work — markers, layers, style, 3D, or headless map verification."
 license: MIT
 compatibility: "Web mapbox-gl-js v3.x. screenshot_map.py needs Python 3.10+ and Playwright (chromium); check-mapbox-facts.py is stdlib-only Python 3.10+."
 metadata:

+ 1 - 2
skills/okf-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: okf-ops
-description: "Assess, validate, and adopt the Open Knowledge Format (OKF) across markdown+frontmatter knowledge bases. Use to scan a doc repo for OKF-readiness (how frontmatter-consistent it already is), validate a bundle for conformance, find good OKF-adoption candidates among many repos, or migrate a frontmatter-heavy repo onto OKF. Triggers on: OKF, open knowledge format, knowledge bundle, knowledge base format, assess docs, doc repo readiness, frontmatter conformance, validate frontmatter, type frontmatter, markdown knowledge base, adopt OKF, is this repo OKF-ready, index.md log.md."
-when_to_use: "Use when deciding whether/how to adopt OKF in a repo, scanning one or many doc trees for frontmatter consistency, or validating an OKF bundle — e.g. 'how OKF-ready is this repo', 'check this bundle conforms', 'which of my repos are good OKF candidates', 'validate the frontmatter in docs/'."
+description: "Assess, validate, and adopt the Open Knowledge Format (OKF) across markdown+frontmatter knowledge bases. Triggers on: OKF, open knowledge format, knowledge bundle, frontmatter conformance, validate frontmatter, markdown knowledge base, adopt OKF, is this repo OKF-ready, index.md log.md."
 license: MIT
 compatibility: "Python 3.8+. PyYAML used if present; falls back to a built-in parser otherwise."
 allowed-tools: "Read Bash Glob Grep"

+ 10 - 9
skills/portless-ops/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: portless-ops
-description: "Portless local-dev HTTPS proxy operations and integration. Use for: portless setup, named .localhost or custom-TLD URLs (axiom.lab, myapp.test), portless alias for externally-managed services, replacing Caddy/nginx for local dev, HTTP/2 dev servers, local CA generation and trust, portless service install (boot persistence on Windows/macOS/Linux), portless monorepo orchestration, Tailscale/Funnel dev sharing, git-worktree subdomain routing, portless.json configuration, agent-friendly URL discovery via portless get <name>, MCP-integration patterns, OAuth-with-portless TLD selection (.dev/.test for Google/Apple compliance), Vite/Next.js/Astro framework port injection, Windows openssl PATH gotcha, curl-vs-browser cert handling, custom TLD pitfalls (.local/.dev/.localhost), troubleshooting EADDRINUSE, /etc/hosts auto-sync, portless trust system store integration."
+description: "Portless local-dev HTTPS proxy: replaces port numbers with named URLs (Caddy/nginx alternative for local dev). Triggers on: portless, local https proxy, named localhost URL, custom TLD, portless alias, portless.json, local CA trust, boot persistence, monorepo routing, Tailscale dev sharing."
 license: MIT
 allowed-tools: "Read Write Bash Edit"
 metadata:
@@ -28,7 +28,7 @@ This SKILL.md adds **operational patterns** we've validated in production (Windo
 | Naming | `<name>.<tld>` shape — one TLD per proxy | per-service distinct TLDs (not supported) |
 | Process spawning | when invoked as `portless myapp <cmd>` | crash recovery, restart policy, health checks |
 
-**Key shape constraint:** portless always renders `<alias-name>.<tld>`. You can't have `0x.axiom` and `axiom.lab` in the same proxy because TLD is per-instance. Aliases like `portless alias 0x.axiom 8108` get the TLD appended → `0x.axiom.lab`.
+**Key shape constraint:** portless always renders `<alias-name>.<tld>`. You can't mix two TLDs in one proxy because TLD is per-instance — a dotted alias like `portless alias api.<app> 8108` gets the TLD appended → `api.<app>.<tld>`.
 
 ## Install
 
@@ -45,6 +45,7 @@ Record the pinned version in your repo. Upgrades are explicit PRs.
 ## CLI Quick Reference
 
 ```bash
+# example values — substitute your own (TLD, app name, ports)
 # Proxy lifecycle
 portless proxy start --tld lab --port 443   # HTTPS proxy on 443, *.lab routes
 portless proxy start --tld test --port 1355 # Non-privileged port for testing
@@ -75,13 +76,13 @@ portless service uninstall
 The common pattern: a process supervisor (Process Compose, PM2, Docker) runs your dev servers on fixed ports. Portless just routes named URLs to those ports.
 
 ```bash
-# Started by Process Compose, listening on 8108
-# Now make it reachable at https://axiom.lab
-portless alias axiom 8108
+# Started by Process Compose, listening on <your-port>
+# Now make it reachable at https://<your-app>.<your-tld>
+portless alias <your-app> <your-port>
 ```
 
 Decoupling means:
-- Restart the dev server (`pm2 restart axiom`, `process-compose process restart axiom`) → portless keeps routing transparently
+- Restart the dev server (`pm2 restart <your-app>`, `process-compose process restart <your-app>`) → portless keeps routing transparently
 - Swap one supervisor for another → portless layer is untouched
 
 **Source of truth pattern:** keep alias registration in your supervisor config. Example `scripts/install.ps1`:
@@ -157,13 +158,13 @@ Get-ScheduledTask | Where-Object {
 
 ### curl vs browser cert handling
 
-curl on Windows uses its own bundled CA store, not the system one. So `curl https://axiom.lab/` returns code 000 (cert untrusted) even after `portless trust`. Browsers work fine because they use the system store.
+curl on Windows uses its own bundled CA store, not the system one. So `curl https://<your-app>.<your-tld>/` returns code 000 (cert untrusted) even after `portless trust`. Browsers work fine because they use the system store.
 
 Test from curl with `-k` (skip verify), or `--cacert ~/.portless/ca.pem`:
 
 ```bash
-curl -k https://axiom.lab/        # quick test
-curl --cacert ~/.portless/ca.pem https://axiom.lab/   # proper
+curl -k https://<your-app>.<your-tld>/        # quick test
+curl --cacert ~/.portless/ca.pem https://<your-app>.<your-tld>/   # proper
 ```
 
 ## Common Errors

+ 22 - 22
skills/process-compose-ops/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: process-compose-ops
-description: "Process Compose orchestration for non-containerized local services. Use for: process-compose.yaml schema, replacing PM2/supervisord/Foreman, health checks (readiness_probe, liveness_probe), restart policies (always/exit_on_failure/no), process dependencies (depends_on conditions), TUI navigation and shortcuts (F4 maximize, Tab panes, r/s/t process control), REST API and MCP server integration, headless mode (-t=false for daemons), per-process and consolidated logging (log_location), cron and interval scheduling (availability.schedule), namespace grouping for multi-stack composition, environment variable handling (env files, secrets), Windows Task Scheduler boot persistence, supply-chain verified single-binary install, multi-replica processes, foreground/serial execution patterns, dry-run validation, project update (hot reload without restart), process restart/stop/start via CLI or TUI, log tailing and follow modes, shutdown timeouts and signals, agent-friendly MCP tools for process control."
+description: "Process Compose orchestration for non-containerized local services: process-compose.yaml schema, health checks, restart policies, dependencies, TUI/REST/MCP control, scheduling, and boot persistence. Use as a PM2/supervisord/Foreman replacement for local dev service management."
 license: MIT
 allowed-tools: "Read Write Bash Edit"
 metadata:
@@ -107,18 +107,18 @@ process-compose up -f config.yaml -t=false # Headless (no TUI)
 process-compose up -f config.yaml --dry-run  # Validate config without starting
 process-compose down                       # Stop all processes + project
 
-# Inspection (against running PC)
-process-compose -p 8888 process list       # all processes + status
-process-compose -p 8888 process logs <name> --follow
-process-compose -p 8888 attach             # TUI for running project
+# Inspection (against running PC)  (example values — substitute your own port/dir)
+process-compose -p <your-pc-port> process list       # all processes + status
+process-compose -p <your-pc-port> process logs <name> --follow
+process-compose -p <your-pc-port> attach             # TUI for running project
 
 # Process control
-process-compose -p 8888 process restart <name>
-process-compose -p 8888 process stop <name>
-process-compose -p 8888 process start <name>
+process-compose -p <your-pc-port> process restart <name>
+process-compose -p <your-pc-port> process stop <name>
+process-compose -p <your-pc-port> process start <name>
 
 # Reload config without stopping (hot update)
-process-compose -p 8888 project update -f config.yaml
+process-compose -p <your-pc-port> project update -f config.yaml
 
 # Standalone inspection (no running PC)
 process-compose info                       # config home info
@@ -165,15 +165,15 @@ Default API port is 8080. Common collisions:
 
 | Port 8080 user | Workaround |
 |---|---|
-| Dagu dashboard | Use `-p 8888` until Dagu decommissioned |
-| Tomcat / Spring Boot dev | Use `-p 8888` |
+| Dagu dashboard | Use `-p <your-pc-port>` until Dagu decommissioned |
+| Tomcat / Spring Boot dev | Use `-p <your-pc-port>` |
 | Other dev tool defaults | Pick anything free in 8000–9999 range |
 
 If you change the API port, every subsequent CLI call needs `-p <port>`:
 
 ```bash
-process-compose -p 8888 process list
-process-compose -p 8888 process logs axiom --follow
+process-compose -p <your-pc-port> process list
+process-compose -p <your-pc-port> process logs axiom --follow
 ```
 
 ## Windows Boot Persistence Pattern
@@ -182,7 +182,7 @@ Task Scheduler runs with minimal PATH. Use a wrapper script that sets PATH expli
 
 ```powershell
 # scripts/boot-start.ps1
-$root = "X:\00_Orchestration\compose-portless"
+$root = "<your-process-compose-dir>"
 $pcExe = "$root\bin\process-compose.exe"
 
 # Explicit PATH for managed services (Python, uv, Git tools, cloudflared, etc.)
@@ -204,7 +204,7 @@ if (Test-Path $envFile) {
 }
 
 # Launch headless
-& $pcExe -p 8888 -t=false -L "$root\logs\process-compose.log" up -f "$root\process-compose.yaml"
+& $pcExe -p <your-pc-port> -t=false -L "$root\logs\process-compose.log" up -f "$root\process-compose.yaml"
 ```
 
 Register as a Task Scheduler entry with `LogonType S4U` (runs at boot, no password, no interactive logon needed):
@@ -235,18 +235,18 @@ Register-ScheduledTask -TaskName "ProcessCompose-Boot" `
 process-compose up --dry-run -f process-compose.yaml
 
 # Hot-reload after editing config
-process-compose -p 8888 project update -f process-compose.yaml
+process-compose -p <your-pc-port> project update -f process-compose.yaml
 
 # Restart one service after code change
-process-compose -p 8888 process restart axiom
+process-compose -p <your-pc-port> process restart axiom
 
 # Watch logs of a misbehaving service
-process-compose -p 8888 process logs axiom --follow
+process-compose -p <your-pc-port> process logs axiom --follow
 
 # Stop one service temporarily for debugging
-process-compose -p 8888 process stop axiom
+process-compose -p <your-pc-port> process stop axiom
 # Now run it manually with your debugger, then:
-process-compose -p 8888 process start axiom
+process-compose -p <your-pc-port> process start axiom
 ```
 
 ## When to Use Process Compose vs Alternatives
@@ -262,7 +262,7 @@ process-compose -p 8888 process start axiom
 
 ## Worked Example
 
-See `X:\00_Orchestration\compose-portless\` for an 11-process production stack:
+See `<your-process-compose-dir>\` for an 11-process production stack:
 - `process-compose.yaml` — health-checked services with depends_on chains
 - `scripts/boot-start.ps1` — PATH-aware boot wrapper
 - `docs/MIGRATION-LOG.md` — full migration from PM2 + Caddy, every gotcha documented
@@ -278,7 +278,7 @@ BAD:  put secrets in process-compose.yaml (commits to git)
 GOOD: source from gitignored .env in boot wrapper
 
 BAD:  use API port 8080 (clashes with Dagu, Tomcat, others)
-GOOD: -p 8888 (or any free port), document the choice
+GOOD: -p <your-pc-port> (or any free port), document the choice
 
 BAD:  ignore readiness_probe and just hope services come up
 GOOD: configure http_get probe on a real endpoint; depends_on uses process_healthy

+ 1 - 2
skills/prompt-injection-defense/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: prompt-injection-defense
-description: "Defend the agent's instruction surface against adversarial content - hidden-Unicode prompt injection (Trojan Source bidi reordering, U+E0000 tag-block ASCII smuggling, zero-width text), homoglyph confusables, and poisoned context that a human reviewer can't see but the model obeys. Scan CLAUDE.md / AGENTS.md / SKILL.md / .cursorrules and MCP tool descriptions; sanitize fetched web pages, issue/PR bodies, and dependency READMEs before they enter context. Triggers on: prompt injection, hidden unicode, invisible characters, zero-width space, bidi override, Trojan Source, ASCII smuggling, tag characters, homoglyph, confusable, unicode steganography, poisoned CLAUDE.md, malicious tool description, MCP tool poisoning, instruction injection, jailbreak in file, is this file safe, sanitize untrusted content, scan for hidden text."
-when_to_use: "Use when vetting external CLAUDE.md / AGENTS.md / SKILL.md files or MCP tool descriptions, sanitizing fetched web pages or issue/PR bodies before they enter context, or asked 'is this file safe' / 'scan for hidden text'."
+description: "Defend the agent against adversarial Unicode it obeys but a human can't see: bidi/Trojan Source, tag-char smuggling, zero-width text, homoglyphs. Triggers on: prompt injection, zero-width space, Trojan Source, ASCII smuggling, poisoned CLAUDE.md, MCP tool poisoning, is this file safe."
 license: MIT
 allowed-tools: "Read Edit Write Bash Grep Glob Agent WebFetch"
 metadata:

+ 1 - 2
skills/pypi-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: pypi-ops
-description: "Publish Python packages to PyPI the 2026-best-practice way — OIDC Trusted Publishing with PEP 740 attestations via gh-action-pypi-publish, not stored API tokens. Use when: setting up PyPI publishing for a new package, a release workflow fails with `invalid-publisher` / `Trusted publishing exchange failure`, a first publish 404s because no pending publisher exists, a version upload is rejected as already existing, choosing between Trusted Publishing and an API token, publishing locally with `uv publish` or `twine`, wiring TestPyPI for a dry run, adding a release `environment` approval gate, or a tag-triggered publish built fine but never went live on PyPI. Triggers on: pypi, publish to pypi, pypi release, cut a release, trusted publishing, pending publisher, invalid-publisher, gh-action-pypi-publish, pypa publish, twine upload, twine check, uv publish, uv build, build sdist wheel, PEP 740, attestations, OIDC publish, id-token, environment pypi, testpypi, test.pypi.org, version already exists, file already exists, 400 reupload, api token pypi, __token__, hatchling build, package publishing, release automation pypi, secure pypi publishing, publish token theft, stale OIDC federation, trusted publisher audit, supply chain publishing, sha-pinned actions, mini shai-hulud, rotate pypi token, yank release."
-when_to_use: "Use when setting up or fixing PyPI publishing — especially a release CI that fails with invalid-publisher / no pending publisher, a first publish, choosing OIDC vs token, or publishing locally with uv/twine."
+description: "Publish Python packages to PyPI via OIDC Trusted Publishing (PEP 740 attestations, gh-action-pypi-publish) instead of stored tokens. Use for: invalid-publisher errors, pending-publisher 404s, uv publish/twine, TestPyPI, environment approval gates, and rotating/auditing publish tokens."
 license: MIT
 compatibility: "Python 3.8+ packaging; GitHub Actions for the OIDC flow; uv or twine for local publish"
 allowed-tools: "Read Write Edit Bash Glob Grep WebFetch"

+ 1 - 2
skills/r-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: r-ops
-description: "Modern R operations for data analysis, statistics, and reproducible work. Use for: R, Rstats, tidyverse, dplyr, tidyr, ggplot2, the native pipe |>, tibbles, data wrangling (filter/mutate/summarise/group_by/across/joins/pivot), reading and writing data (readr, readxl, arrow/Parquet, DBI/dbplyr databases, data.table::fread, rvest scraping), strings (stringr) and regex, dates/times (lubridate), factors (forcats), iteration and functional programming (purrr map family, list-columns), statistics and modeling (t.test/lm/glm, formulas, broom, tidymodels), high-performance data.table, time series (tsibble/fable, zoo/xts), and project workflow (renv, Quarto, here, testthat, styler, RStudio/Posit Projects). Covers tidyverse-first idioms with base R and data.table as named alternatives."
-when_to_use: "Use for any R / Rstats work — tidyverse data wrangling, statistics, ggplot2 visualization, or reproducible analysis — e.g. 'rewrite this in dplyr/tidyverse', 'how do I pivot/join/group these', 'plot this with ggplot2', 'fit a model and tidy it with broom', 'speed this up with data.table', 'set up an renv + Quarto project'. Leads with modern idioms (native |>, .by=, across, purrr map); names base R / data.table where they win."
+description: "Modern R for data analysis and statistics — tidyverse-first (dplyr, tidyr, ggplot2, native |> pipe), with base R and data.table as alternatives. Triggers on: R, Rstats, tidyverse, dplyr, tidyr, ggplot2, pivot/join/group, data.table, purrr map, broom, renv, Quarto."
 license: MIT
 compatibility: "R >= 4.1 (native |> pipe); tidyverse 2.0; Quarto"
 allowed-tools: "Read Write Bash"

+ 1 - 2
skills/repo-doctor/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: repo-doctor
-description: "Audit any repo against the agentic-quality doctrine (rules/agentic-quality.md) — score entry docs, docs indexing, comment contracts, structure, enforcement gates, and doc-commit pairing, then map every finding to its fix. Read-only scorer with TTY panel and --json envelope, plus deep references on comment doctrine, entry-doc anatomy (AGENTS.md vs CLAUDE.md, nesting), and large-monorepo structure. Triggers on: repo doctor, repo audit, repo health, audit this repo, code quality audit, agentic quality, is this repo agent-friendly, agent-ready, rate this repo, score this repo, doc drift, stale AGENTS.md, monster files, comment quality, commenting standards, repo structure review, monorepo structure, how should I structure this monorepo, nested CLAUDE.md, docs index, 00_INDEX."
-when_to_use: "Use to assess or improve how well a repo supports agentic development — e.g. 'audit this repo', 'is this codebase agent-friendly?', 'score our repos', 'why do agents struggle here?', 'how should this monorepo be structured?' — or before adopting the agentic-quality doctrine in an existing project. Not for diff-level review (use review/code-review) or code-smell hunting (use techdebt)."
+description: "Audit any repo against the agentic-quality doctrine — score entry docs, structure, and enforcement gates, then map each finding to its fix. Triggers on: repo doctor, repo audit, agentic quality, is this repo agent-friendly, doc drift, stale AGENTS.md, monorepo structure, nested CLAUDE.md."
 license: MIT
 allowed-tools: "Read Bash Glob Grep Agent"
 metadata:

تفاوت فایلی نمایش داده نمی شود زیرا این فایل بسیار بزرگ است
+ 0 - 0
skills/summon/SKILL.md


+ 1 - 2
skills/supply-chain-defense/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: supply-chain-defense
-description: "Behavioural-first software supply chain defense - catches poisoned npm/PyPI packages in the publish-to-advisory window that CVE tools miss. Use BEFORE every install or version bump (not only when an attack is suspected) - the 7-day cooldown gate + behavioural score catches freshly-published malware that CVE tools won't see for days. Socket.dev integration (free CLI + GitHub app + depscore MCP for Claude Code), stale-OIDC audit, dependency cooldown policy, publish-token rotation, VS Code extension audit, and a self-integrity scan that detects worm persistence hooks injected into Claude Code / VS Code settings. Triggers on: pip install, uv add, uv tool install, npm install, pnpm add, yarn add, cargo add, go get, composer require, gem install, upgrade dependency, version bump, adding dependency, vet package, is this package safe, before installing, pre-install check, preinstall-check, release cooldown, minimumReleaseAge, score a package, depscore, socket score, supply chain, supply chain attack, malicious package, poisoned dependency, npm worm, Shai-Hulud, behavioural scanning, Socket.dev, socket scan, dependency security, postinstall malware, OIDC token theft, compromised maintainer, typosquat, dependency confusion, package provenance, SLSA, persistence hook, malicious VS Code extension."
-when_to_use: "Use before any dependency install or version bump — e.g. 'is this package safe', 'pre-install check', 'score this package' — or when investigating a suspected malicious package or worm persistence hook."
+description: "Behavioural-first defense against poisoned npm/PyPI packages in the publish-to-advisory window CVE tools miss. Use before every install or version bump: 7-day cooldown gate, Socket.dev behavioural score, stale-OIDC audit, publish-token rotation, and a worm-persistence self-scan."
 license: MIT
 allowed-tools: "Read Edit Write Bash Glob Grep Agent WebFetch"
 metadata:

+ 1 - 2
skills/svg-brand-tint-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: svg-brand-tint-ops
-description: "Recolour, vectorise, and theme ANY SVG to a brand palette with a live zero-dependency studio that emits a copy-paste CSS filter. Triggers on: recolour svg, brand tint an svg, theme an svg, duotone svg, tri-tone svg, feComponentTransfer duotone/tri-tone, recolour a diagram, cloudcraft/draw.io/figma svg to brand, svg css filter, theme-aware svg, tone map svg, brand-tint a diagram export, tint an icon set, png to svg, png to vector, raster to vector, image trace, vectorise a logo, trace a png to svg, threshold vectorization, illustrator image trace."
-when_to_use: "Use when a designer or dev needs to recolour / duotone / tri-tone an SVG to brand colours, turn a raster (PNG/JPG) into vector paths, or bake a theme-aware SVG tint into an app — e.g. 'recolour this CloudCraft/draw.io/Figma export to our petrol palette', 'make a duotone of this logo', 'convert this PNG to SVG', 'trace this image to vector', 'give me the CSS filter to theme these icons'."
+description: "Recolour, vectorise, and theme any SVG to a brand palette with a zero-dependency studio that emits a copy-paste CSS filter. Triggers on: recolour svg, brand tint an svg, duotone svg, recolour a diagram, cloudcraft/draw.io/figma svg to brand, svg css filter, png to svg, vectorise a logo, image trace."
 license: MIT
 metadata:
   author: claude-mods

+ 1 - 1
skills/threejs-ops/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: threejs-ops
-description: "Application/game-scale three.js — ES modules + import maps (UMD builds are dead), GLTF asset pipeline (DRACO/KTX2/meshopt, gltf-transform, gltfpack, CC0 sources), AnimationMixer crossfading, game loops (fixed timestep, dt clamp), physics (@dimforge/rapier3d vs cannon-es), react-three-fiber + drei, and scale (InstancedMesh, LOD, draw-call budgets, disposal, boids/steering). Use for: three.js app, three.js game, import map, three.min.js, UMD, GLTFLoader, DRACOLoader, KTX2Loader, meshopt, gltf-transform, gltfpack, glb optimize, CC0 models, Quaternius, Kenney, Poly Pizza, AnimationMixer, crossfade, animation blending, skeletal animation, morph targets, game loop, fixed timestep, rapier, rapier3d, cannon-es, character controller, kinematic body, react-three-fiber, r3f, drei, InstancedMesh, LOD, frustum culling, draw calls, dispose geometry, WebGL memory leak, WebGPURenderer, TSL, boids, steering, waypoint, NPC ambient life."
+description: "Application/game-scale three.js: ES modules, GLTF pipeline (DRACO/KTX2/meshopt), AnimationMixer, physics (rapier/cannon-es), react-three-fiber, and performance at scale (InstancedMesh, LOD, draw calls). Triggers on: three.js, GLTFLoader, r3f, game loop, WebGL memory leak, boids."
 license: MIT
 compatibility: "Web three.js r150+ (ES modules only — UMD builds removed in r160). check-three-facts.py is stdlib-only Python 3.10+."
 metadata:

+ 1 - 2
skills/ytdlp-ops/SKILL.md

@@ -1,7 +1,6 @@
 ---
 name: ytdlp-ops
-description: "yt-dlp operations - the media ACQUISITION layer that feeds ffmpeg-ops: format selection (-S sort vs -f filters) that avoids post-download transcodes, --download-sections clip-at-download, audio-only extraction for STT pipelines (-x --audio-format opus), playlists + --download-archive incremental channel syncs, cookies/auth (--cookies-from-browser), rate limiting and politeness, SponsorBlock mark/remove, output templates (-o), subtitle download (--write-subs/--write-auto-subs), remux-vs-recode doctrine, and failure triage (403s, throttling, geo blocks, the nsig-extraction class that means yt-dlp is outdated). Triggers on: yt-dlp, ytdlp, youtube-dl, download video, download youtube, download from youtube, download playlist, download channel, archive channel, channel sync, rip audio, youtube to mp3, youtube to mp4, save video, grab video, video downloader, download subtitles, download transcript, clip from youtube, download section, sponsorblock, cookies-from-browser, download-archive, nsig, requested format is not available, sign in to confirm, download livestream, record stream, live-from-start, premiere, impersonate."
-when_to_use: "Use for ANY yt-dlp invocation or download-from-platform task BEFORE hand-writing a command - format selection and politeness flags encode footguns (silent VP9-to-H.264 transcodes, account flags, keyframe-snapped clips, full-channel rewalks) that waste hours or get IPs blocked. Post-download processing belongs to ffmpeg-ops; this skill ends when the file is on disk in the right codec."
+description: "yt-dlp media acquisition layer feeding ffmpeg-ops: format selection avoiding post-download transcodes, clip-at-download, cookies/auth, channel archive sync, SponsorBlock, subtitles, failure triage (403s, nsig). Triggers on: yt-dlp, download video/playlist/channel, youtube to mp3."
 license: MIT
 compatibility: "yt-dlp 2025.x+ (releases near-monthly; run the verifier FIRST when anything fails). ffmpeg on PATH required for merge/remux/extract-audio. A JS runtime (deno auto-enabled; node via --js-runtimes node) required for full YouTube format extraction. Scripts: bash."
 allowed-tools: "Read Write Edit Bash Glob Grep"

برخی فایل ها در این مقایسه diff نمایش داده نمی شوند زیرا تعداد فایل ها بسیار زیاد است