docs(install): per-agent install matrix + first-run welcome#62
Merged
Conversation
Adds explicit install commands for 8 native agents (Claude Code, Cursor, Codex CLI/App, Copilot CLI, Droid, Gemini CLI, OpenCode) plus SkillKit fallback for the remaining 24. Adds a 'what to type first' section so users discover the 5 daily-use commands without scanning all 22. SessionStart hook now prints a first-run welcome listing those 5 commands on the very first session, gated by ~/.pro-workflow/.welcomed.
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughREADME reorganizes install docs with multi-agent and manual install instructions, adds first-run smoke-test steps and a quick-start command table. scripts/session-start.js implements one-time first-run detection and prints an onboarding banner on initial launch; skills docs clarify permission and risk guidance. ChangesFirst-run Onboarding Experience
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRsPoem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Around line 117-124: The header "Any other agent (28 more via SkillKit)" is
inconsistent with the explicit supported list of agents; update the count to
match the actual number in the list (change "28 more" to "24 more") or add the
missing agent names so the list contains 28 entries; locate the "Any other agent
(28 more via SkillKit)" heading and the supported agent list (e.g., the code
block containing `npx skillkit install pro-workflow --agent <name>` and the
backtick-enclosed agent names) and make the count and the list consistent.
In `@scripts/session-start.js`:
- Around line 126-137: The try/catch around fs.mkdirSync(stateDir, { recursive:
true }) and fs.writeFileSync(firstRunFlag, ...) currently swallow errors; update
both catch blocks to log a warning including the error and the path (stateDir or
firstRunFlag) so failures are visible. In each catch, call the existing log
function (or console.warn) with a clear message like "[ProWorkflow] Warning:
failed to create stateDir <path>: <error>" and "[ProWorkflow] Warning: failed to
write firstRunFlag <path>: <error>" so operators can diagnose setup problems.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 1d5c2ea5-90fe-4a53-bbbf-9314dca2c973
📒 Files selected for processing (2)
README.mdscripts/session-start.js
Comment on lines
+126
to
+137
| try { fs.mkdirSync(stateDir, { recursive: true }); } catch (e) {} | ||
| log(''); | ||
| log('[ProWorkflow] First run detected. Five commands to know:'); | ||
| log(' /learn-rule capture a correction so it never repeats'); | ||
| log(' /wrap-up end-of-session ritual (audit + persist + handoff)'); | ||
| log(' /wiki init start a persistent FTS5 research wiki'); | ||
| log(' /develop research -> plan -> implement with gates'); | ||
| log(' /smart-commit quality-gated conventional commit'); | ||
| log('[ProWorkflow] Run /doctor to verify install. Full list: /list'); | ||
| log(''); | ||
| try { fs.writeFileSync(firstRunFlag, new Date().toISOString()); } catch (e) {} | ||
| } else { |
Contributor
There was a problem hiding this comment.
Don’t silently swallow first-run marker write failures.
If directory creation or marker write fails, users will repeatedly see “first run” with no clue why. Log a warning in these catch blocks so setup issues are diagnosable.
Suggested patch
- try { fs.mkdirSync(stateDir, { recursive: true }); } catch (e) {}
+ try { fs.mkdirSync(stateDir, { recursive: true }); } catch (e) {
+ log(`[ProWorkflow] Warning: could not create state dir at ${stateDir}: ${e.message}`);
+ }
@@
- try { fs.writeFileSync(firstRunFlag, new Date().toISOString()); } catch (e) {}
+ try { fs.writeFileSync(firstRunFlag, new Date().toISOString()); } catch (e) {
+ log(`[ProWorkflow] Warning: could not persist welcome flag at ${firstRunFlag}: ${e.message}`);
+ }📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| try { fs.mkdirSync(stateDir, { recursive: true }); } catch (e) {} | |
| log(''); | |
| log('[ProWorkflow] First run detected. Five commands to know:'); | |
| log(' /learn-rule capture a correction so it never repeats'); | |
| log(' /wrap-up end-of-session ritual (audit + persist + handoff)'); | |
| log(' /wiki init start a persistent FTS5 research wiki'); | |
| log(' /develop research -> plan -> implement with gates'); | |
| log(' /smart-commit quality-gated conventional commit'); | |
| log('[ProWorkflow] Run /doctor to verify install. Full list: /list'); | |
| log(''); | |
| try { fs.writeFileSync(firstRunFlag, new Date().toISOString()); } catch (e) {} | |
| } else { | |
| try { fs.mkdirSync(stateDir, { recursive: true }); } catch (e) { | |
| log(`[ProWorkflow] Warning: could not create state dir at ${stateDir}: ${e.message}`); | |
| } | |
| log(''); | |
| log('[ProWorkflow] First run detected. Five commands to know:'); | |
| log(' /learn-rule capture a correction so it never repeats'); | |
| log(' /wrap-up end-of-session ritual (audit + persist + handoff)'); | |
| log(' /wiki init start a persistent FTS5 research wiki'); | |
| log(' /develop research -> plan -> implement with gates'); | |
| log(' /smart-commit quality-gated conventional commit'); | |
| log('[ProWorkflow] Run /doctor to verify install. Full list: /list'); | |
| log(''); | |
| try { fs.writeFileSync(firstRunFlag, new Date().toISOString()); } catch (e) { | |
| log(`[ProWorkflow] Warning: could not persist welcome flag at ${firstRunFlag}: ${e.message}`); | |
| } | |
| } else { |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/session-start.js` around lines 126 - 137, The try/catch around
fs.mkdirSync(stateDir, { recursive: true }) and fs.writeFileSync(firstRunFlag,
...) currently swallow errors; update both catch blocks to log a warning
including the error and the path (stateDir or firstRunFlag) so failures are
visible. In each catch, call the existing log function (or console.warn) with a
clear message like "[ProWorkflow] Warning: failed to create stateDir <path>:
<error>" and "[ProWorkflow] Warning: failed to write firstRunFlag <path>:
<error>" so operators can diagnose setup problems.
Previous commit invented install commands for Cursor / Codex / Copilot CLI / Droid / Gemini CLI / OpenCode that don't actually work — pro-workflow is not published in those marketplaces, only in Claude Code's marketplace and SkillKit. Collapses those 6 sections into a single 'via SkillKit' block (the real cross-agent path) and keeps the manual clone fallback. Each agent's plugin format differs (Cursor MDC, Codex own, Gemini TOML, etc.) so SkillKit's translator is the only honest portable path today.
Tested 'npx skillkit install pro-workflow' — fails two ways: (1) bare name doesn't resolve, requires 'rohitg00/pro-workflow'; (2) SkillKit security scanner false-positives on standard Node patterns block four skills (auto-setup, permission-tuner, pro-workflow, safe-mode) on TA002 'autonomy abuse' and CI007 'shell chaining' rules. Rephrases triggering text in the four skills (no semantic change — 'auto-approve' to 'allow-list', 'curl | sh' to 'curl piped to a shell', etc). Updates README with the working command form including --force, and notes the upstream scanner issue. survey-generator still trips CI003/CI005 on legit child_process and template-literal usage; --force is unavoidable until SkillKit's scanner is tuned.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@skills/permission-tuner/SKILL.md`:
- Around line 47-53: The SKILL.md “Ask candidates” policy lists medium-risk
actions (Edit, Write, Bash git/npm) that must prompt every time, but the report
example later still auto-approves them; update the example section (the report
example starting around the “report example” block) so that any medium-risk
action listed under the “Ask candidates” header triggers a prompt/confirmation
flow rather than auto-approval—specifically change the example outputs for Edit,
Write, Bash(git add*/git commit*/npm install*) to show a prompt or “awaiting
user confirmation” state and reflect the decision only after explicit approval,
ensuring the example behavior matches the policy text.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 883b8811-4f7b-4ccf-8be3-27c748a378a2
📒 Files selected for processing (5)
README.mdskills/auto-setup/SKILL.mdskills/permission-tuner/SKILL.mdskills/pro-workflow/SKILL.mdskills/safe-mode/SKILL.md
✅ Files skipped from review due to trivial changes (1)
- skills/safe-mode/SKILL.md
🚧 Files skipped from review as they are similar to previous changes (1)
- README.md
Comment on lines
+47
to
53
| **Ask candidates** (medium risk — prompt user every time): | ||
| - `Edit` — file modifications | ||
| - `Write` — new file creation | ||
| - `Bash(git add*)` — staging changes | ||
| - `Bash(git commit*)` — creating commits | ||
| - `Bash(npm install*)` — dependency changes | ||
|
|
Contributor
There was a problem hiding this comment.
Resolve medium-risk policy conflict with the report example.
Line 47 says medium-risk actions should prompt every time, but the report example still auto-approves medium-risk operations (Line 98 onward). Please align the output example to “keep asking” for medium-risk items so the guidance is consistent and safer.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@skills/permission-tuner/SKILL.md` around lines 47 - 53, The SKILL.md “Ask
candidates” policy lists medium-risk actions (Edit, Write, Bash git/npm) that
must prompt every time, but the report example later still auto-approves them;
update the example section (the report example starting around the “report
example” block) so that any medium-risk action listed under the “Ask candidates”
header triggers a prompt/confirmation flow rather than
auto-approval—specifically change the example outputs for Edit, Write, Bash(git
add*/git commit*/npm install*) to show a prompt or “awaiting user confirmation”
state and reflect the decision only after explicit approval, ensuring the
example behavior matches the policy text.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Two onboarding gaps reported by users:
Inspired by the install matrix pattern from
obra/superpowers.What changed
README.md
npx skillkit install pro-workflow --agent <name>line./learn-rule,/wrap-up,/wiki init,/develop,/smart-commit) with one-line descriptions of what each does./doctor+/wrap-up) and notes the manual SQLite build step for marketplaces that skip post-install hooks.scripts/session-start.js
/doctorand/list.~/.pro-workflow/.welcomed(touched once, never shown again).Test plan
node scripts/session-start.jswith.welcomedabsent → welcome block prints, flag file creatednode scripts/session-start.jswith.welcomedpresent → original Ready line prints, no duplicate welcomeSummary by CodeRabbit
Documentation
New Features