feat(trailmark): skills that reason about code as graphs#133
Open
tob-scott-a wants to merge 14 commits intomainfrom
Open
feat(trailmark): skills that reason about code as graphs#133tob-scott-a wants to merge 14 commits intomainfrom
tob-scott-a wants to merge 14 commits intomainfrom
Conversation
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review.
Tip: disable this comment in your organization's Code Review settings.
The trailmark plugin's 10 skills were missing .codex/skills/ mappings, which caused the validate_codex_skills CI check to fail. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Author
|
@claude review |
- Add Rationalizations (Do Not Skip) sections to 5 security skills: trailmark, audit-augmentation, crypto-protocol-diagram, mermaid-to-proverif, graph-evolution - Fix requires-python: diagram.py >= 3.12 (was 3.13), protocol.py >= 3.12 (was 3.11) to match trailmark's actual requirement - Rename diagram/ to diagramming-code/ to match SKILL.md frontmatter name and all cross-skill references; update Codex symlink Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The diagram.py script carries PEP 723 inline metadata declaring trailmark as a dependency. Plain python ignores this metadata, causing ImportError for users who haven't pre-installed trailmark. uv run processes the metadata and handles dependency resolution. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
plugins/trailmark/skills/vector-forge/references/mutation-frameworks.md
Outdated
Show resolved
Hide resolved
- Fix README directory tree: diagram/ -> diagramming-code/
- Fix diagram-types.md: python -> uv run for all script invocations
- Fix graph-evolution Phase 3: replace undefined shell variables
($BEFORE_JSON etc) with template substitutions ({before_json} etc)
- Fix vector-forge mutation-frameworks.md: replace cross-skill file
link with prose reference to genotoxic skill (avoids reference chain)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diagramming-code:
- Fix arrow syntax inconsistency: uncertain edges use ..-> not -.->
- Fix extra closing paren in diagram-types.md
- Fix diagram.py docstring to match uv run invocation
crypto-protocol-diagram:
- Remove reference chain: spec-parsing-patterns.md no longer links to
mermaid-sequence-syntax.md, inlines the arrow syntax instead
- Fix ProVerif example note: "Tamarin/ProVerif" -> "ProVerif"
trailmark:
- Replace "path/to/project" with {targetDir} in query-patterns.md
- Add uv run prefix to CLI examples in query-patterns.md
- Add circom to supported language list
- Add pre-analysis annotation kinds to annotation docs
genotoxic:
- Remove reference chains: triage-methodology.md and
mutation-frameworks.md no longer link to graph-analysis.md
vector-forge:
- Add trailmark to Prerequisites section
- Fix bare trailmark commands to use uv run with {targetDir}
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mermaid-to-proverif: - Fix ProVerif type error: verify(...) = true is a type mismatch since verify returns bitstring. Use let _ = verify(...) in instead, which aborts on destructor failure (correct ProVerif pattern) trailmark-summary, trailmark-structural: - Add 8 missing language extensions to find command (.rb, .php, .cs, .java, .hs, .erl, .cairo, .circom) - Remove unsupported .lean extension - Split .c -> --language c and .cpp -> --language cpp (separate parsers) All 7 security skills: - Rename "Rationalizations (Do Not Skip)" to "Rationalizations to Reject" per CLAUDE.md convention Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mermaid-to-proverif: - Fix ProVerif type errors in process template: pkey values cannot appear in bitstring positions. Add pkey2bs() and concat() to the function declarations and rewrite the template to use them, matching the sample-output.pv example trailmark-summary: - Split .js/.ts mapping: .js -> --language javascript, .ts -> --language typescript (separate parsers) graph-evolution: - Replace bare python with python3 in graph_diff.py invocations (python does not exist on modern Ubuntu/Debian/macOS) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
graph-evolution: - Change python3 to uv run for graph_diff.py invocations to match ecosystem convention trailmark-structural, trailmark-summary: - Add Rationalizations to Reject sections (both are security skills running blast radius, taint, and privilege boundary analysis) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
plugins/trailmark/skills/mermaid-to-proverif/references/crypto-to-proverif-mapping.md
Show resolved
Hide resolved
mermaid-to-proverif:
- Rename senc/sdec to aead_enc/aead_dec in Step 3 preamble to match
the process template and sample-output.pv
- Fix hkdf signature: hkdf(key, bitstring): key (first arg is DH
shared secret which has type key, not bitstring)
crypto-to-proverif-mapping.md:
- Fix hkdf declaration and summary table to match corrected signature
- Fix example to use concat/pkey2bs for type-correct HKDF input
graph-evolution:
- Replace $BEFORE_DIR/$AFTER_DIR shell vars in Phase 5 with
{before_dir}/{after_dir} template substitutions
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ProVerif correctness (mermaid-to-proverif): - Fix broken ForwardSecrecyTest pattern in security-properties.md: process waited on c_fs but nothing sent on it, past_session_key was never bound to any session. Replaced with working pattern that leaks long-term keys and checks session key secrecy. - Fix hkdf(bitstring,bitstring) -> hkdf(key,bitstring) in proverif-syntax.md to match SKILL.md and sample-output.pv - Fix type-incorrect example in proverif-syntax.md: tuple of (key,pkey,pkey) passed where bitstring expected. Now uses concat2/pkey2bs for type-correct serialization. - Align senc/sdec -> aead_enc/aead_dec in proverif-syntax.md and crypto-to-proverif-mapping.md to match SKILL.md and example - Fix auth query parameter count in security-properties.md: beginI fires before session key is known, so has fewer params Cross-skill consistency: - Fix 3 stale "diagram skill" references -> "diagramming-code" in trailmark/SKILL.md and preanalysis-passes.md - Add PEP 723 header to graph_diff.py for convention consistency README and helper skills: - Add trailmark-summary and trailmark-structural to README skills table and directory tree - Add secondary file extensions (.jsx, .tsx, .h, .hpp, .cc, .cxx) to language detection in summary and structural skills - Inline language mapping in trailmark-structural (was deferred to trailmark-summary, violating one-level-deep rule) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix endInitiator -> endI in mermaid-to-proverif Step 6 template (endInitiator was never declared as an event) - Add missing msg2_label constant to Step 3 constants block - Add .hh/.hxx C++ header extensions to language detection in trailmark-summary and trailmark-structural Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
plugins/trailmark/skills/mermaid-to-proverif/references/security-properties.md
Outdated
Show resolved
Hide resolved
…tness Step 6 Initiator template: - Add missing event beginI(pk(sk_I), pk_R) before first out — without it, authentication queries always report false attacks - Replace local new secret_I with free private_I [private] to match sample-output.pv's secrecy witness pattern security-properties.md: - Fix beginI/beginR from 3 args to 2 args in mutual auth section and query checklist (begin events fire before session key is known, so they only take the two public keys) - Update "Placing Events" table to match 2-param form Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
plugins/trailmark/skills/mermaid-to-proverif/references/proverif-syntax.md
Outdated
Show resolved
Hide resolved
proverif-syntax.md Two-Party Process example: - Fix type errors: pkey values passed directly to bitstring params in sign() and verify(). Now uses concat2(pkey2bs(...)) pattern. - Add missing pkey2bs declaration to function list - Add missing info_session constant declaration - Fix msg2_label -> msg2 in verification check example to match the file's own constant declarations trailmark-structural: - Fix contradiction: Rationalizations table said "Install trailmark first" but Execution section forbids install commands. Changed to "Report not installed and return" to match execution policy. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These are the public Claude skills associated with Trailmark (GitHub repository).
trailmarkdiagramming-codecrypto-protocol-diagramgenotoxicvector-forgegraph-evolutionmermaid-to-proverifaudit-augmentationThe vector-forge skill was used to create C2SP/wycheproof#224 (an initial offering of BLS-12-381 test vectors for the Wycheproof project) after discussing the idea with one of the Wycheproof maintainers at Real World Cryptography.
(There's more cool stuff I can talk about here, but I want to save it for the upcoming blog post that introduces Trailmark to the world. Stay tuned!)