Skill654 estrellas del repoactualizado today

vellum-boundary-guard

# ClaudeWave: vellum-boundary-guard Vellum Boundary Guard validates architectural separation in the Vellum Assistant codebase by enforcing package import restrictions, HTTP and IPC endpoint ownership, security domain boundaries, and skill isolation rules. Use this skill when editing imports, creating new endpoints, moving code between packages, or making changes that touch assistant, gateway, client, or skill module boundaries.

Ver fuente Repositorio: vellum-assistant

Instalar en Claude Code

Copiar

git clone --depth 1 https://github.com/vellum-ai/vellum-assistant /tmp/vellum-boundary-guard && cp -r /tmp/vellum-boundary-guard/.cursor/skills/vellum-boundary-guard ~/.claude/skills/vellum-boundary-guard

Después abre una sesión nueva de Claude Code; el skill carga automáticamente.

Definición

SKILL.md

# Vellum Boundary Guard

## Package Import Boundaries

Enforce these boundaries:

- `assistant/` must not import from `gateway/` via relative paths.
- `gateway/` must not import from `assistant/` via relative paths.
- `assistant/` and `skills/` must not import from each other directly.
- Runtime code must not import from `meta/`.
- Shared cross-package logic belongs in `packages/`.

For tests that need behavior from another package, mock the boundary instead of importing real handlers.

## HTTP And IPC Boundaries

- Public inbound HTTP endpoints belong in `gateway/`.
- New CLI-to-assistant interactions should use Unix socket IPC through the existing IPC route pattern.
- Events from assistant runtime code should use the assistant event hub rather than new HTTP endpoints when possible.

## Security Ownership Boundaries

- Gateway owns trust rules and gateway security files.
- CES owns credential files.
- The assistant must not read gateway-owned directories directly.
- Clients must not read from the user's `~/.vellum` directory.
- Secrets must not be stored in workspace files.

## Skill Boundaries

First-party skills run as separate processes and should communicate through supported contracts. Do not bypass skill isolation with direct relative imports.

## Review Workflow

1. Search changed imports and new route registrations.
2. Identify any package-crossing dependency.
3. Decide whether the correct home is a package-local module, a shared `packages/` module, IPC, HTTP through gateway, or a skill contract.
4. If a violation exists, recommend the smallest boundary-preserving move.

## Verification

Prefer existing guard tests when available, then add focused tests for any new boundary rule or route pattern.

Del mismo repositorio

vellum-change-reviewSkill

Review Vellum Assistant code changes for correctness, repo-specific quality rules, security risks, and missing validation. Use when reviewing diffs, preparing a PR, finishing implementation work, or when the user asks for a code review, quality pass, or pre-merge check in this repository.

vellum-feature-flag-rolloutSkill

Guide Vellum Assistant feature flag changes and rollout hygiene. Use when adding, editing, reviewing, or documenting assistant feature flags, rollout-gated behavior, or platform flag follow-up work.

vellum-migration-checklistSkill

Validate Vellum Assistant database and workspace migrations. Use when adding, editing, reviewing, or testing migrations, release-note migrations, persisted schemas, workspace file formats, or data backfills.

vellum-pr-readinessSkill

Prepare Vellum Assistant branches for review by checking git hygiene, PR scope, tests, docs, migrations, Linear linking, and companion repo needs. Use before creating a pull request, splitting work into PRs, or asking whether a branch is ready.