feat(guardrails): add local skill scan workspace and move skill management under Guardrails#604
Draft
seviezhou wants to merge 6 commits into
Draft
feat(guardrails): add local skill scan workspace and move skill management under Guardrails#604seviezhou wants to merge 6 commits into
seviezhou wants to merge 6 commits into
Conversation
Replace usage of the external `upath` library with small internal helpers for normalizing and splitting path-like strings. Added normalizePathLike, splitPathSegments, and normalizePatternForMatch to: convert backslashes to slashes, collapse consecutive slashes, strip single-dot segments, and produce stable path segments for matching. Updated display name and grouping logic (getSkillDisplayName, getTwoLevelDisplayName, getGroupKeyFromPattern, and various grouping loops) to use splitPathSegments. Also added a guard to treat empty normalized patterns as non-matching. This removes the upath import and consolidates path handling behavior in-place.
Introduce a new internal/guardrails/skillscan package implementing a local scanner for skill files. Adds scanner engine (engine.go) with file/markdown views, base64 extraction, dedupe/aggregation, quick-scan and artifact hashing; file walker (walker.go) to collect and normalize files; hashing helper (hash.go); comprehensive built-in detection rules (rules.go) for prompt injection, exec, exfiltration, Web3 risks, obfuscation, etc.; types (types.go) for result shapes and tags; and unit tests (engine_test.go) validating markdown handling, base64 decoding, hashing stability, and rule detection. This enables deterministic content hashing and local security checks for skills using the built-in rulepack, with support for adding custom rules.
Move the Skill management UI into a new Guardrails-focused SkillScan page and remove legacy skill feature flags. SkillPage was renamed to frontend/src/pages/guardrails/SkillScanPage.tsx with a large refactor: added source scan state, scan-run orchestration, progress UI (per-source & global), Scan All, and UI/content updates. Routes and layout were updated to point /prompt/skill to /guardrails/skill-scan and to surface the Skill Scan entry in the Guardrails menu; UserPage and prompt index exports were deleted. GlobalExperimentalFeatures and FeatureFlagsContext no longer load or expose skill_user/skill_ide flags, and related UI toggles were removed. Server config handlers for the scenario flags "skill_user" and "skill_ide" were also removed from internal/server/config/config.go.
Refactor Skill Scan UI and backend to support tabbed views and use skill.entry_path when resolving content. Frontend: introduce Overview/Skills/Findings tabs, add finding types/state, include skill.path in searches and displays, and simplify the skills list by removing the complex grouping logic and related helpers (path normalization, grouping/splitting, copy-path action, etc.). Adjusted progress/status chips and layouts across SkillScanPage, SkillListDialog and SkillDetailDialog (fetch now prefers entry_path || path). Backend/types: expose entry_path on skill types and update skill manager accordingly. Overall this simplifies list behavior, surfaces path info, and prepares groundwork for findings UI.
Display the selected skill's path under its name in SkillScanPage and add a small copy button. Introduces handleCopyPath to write selectedSkill.path to the clipboard and show a notification. Adds layout/styling for the path (ellipsis handling) and a ContentCopy IconButton to copy the path.
seviezhou
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a local skill scan workspace under Guardrails and refactors the previous skill management flow into a scan-oriented experience.
What changed
Backend
internal/guardrails/skillscanentry_pathto distinguish skill directory path from entry markdown pathentry_pathwhen availableFrontend
Skill ScanOverviewtab for scan progress and source statusSkillstab for source browsing, skill listing, and markdown/raw content viewingFindingstab scaffold for future finding-level triageCleanup
skill_user/skill_idescenario flag handlingNotes
Findingsis currently a UI scaffold and will be populated once backend finding-level APIs are wired inTesting
internal/guardrails/skillscan