feat: add dev-workflow skill for harness sandbox

[saravmajestic]

Summary

• Add dev-workflow SKILL.md for harness sandbox onboarding
• health_path: /global/health
• Two-phase lifecycle (code-ready / server-ready)
• bun --hot for live module reloading
• Verification section: tests, health check, curl, CLI commands

Tested

• Pod spawns in ~10s to code-ready (with base image)
• bun --hot verified: modified health response, curl returned updated JSON without restart
• Base image built in ACR: altimate-code-base:latest

---

Summary by cubic

Adds a dev-workflow skill to run altimate-code in a Harness sandbox with a stable contract, /global/health endpoint, hot-reload start, and a two-phase readiness (code-ready → server-ready) for faster iteration.

• New Features
  • Adds .claude/skills/dev-workflow/SKILL.md for sandbox onboarding.
  • Defines sandbox contract: base image altimateacr.azurecr.io/altimate-code-base:latest, working dir /workspace/altimate-code, port 4096, health_path: /global/health.
  • Introduces two-phase lifecycle with markers /workspace/.code-ready and /workspace/.server-ready.
  • Uses bun --hot start; server binds 0.0.0.0:4096.
  • Provides verification steps (tests, curl health/API, CLI) and troubleshooting.

^{Written for commit b0c8182. Summary will update on new commits.}

Summary by CodeRabbit

• Documentation
  • Added comprehensive developer documentation for sandbox configuration and development workflows. Coverage includes environment setup specifications, sandbox lifecycle management, health verification procedures, configuration contract definitions, and extensive troubleshooting guidance for common setup and deployment issues.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new skill documentation file was added at .claude/skills/dev-workflow/SKILL.md describing the setup and lifecycle of altimate-code within a harness sandbox pod, including configuration details, verification procedures, and troubleshooting guidance for a TypeScript Bun/Turbo monorepo environment.

Changes

Cohort / File(s)	Summary
Dev Workflow Skill Documentation .claude/skills/dev-workflow/SKILL.md	New documentation file detailing sandbox lifecycle, contract specifications, startup procedures, health checks, verification steps, and troubleshooting for the dev-workflow skill.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

contributor

Poem

🐰 A harness pod awaits, so shiny and new,
With bun and turbo magic to see you through,
Markers placed gently as sandboxes bloom,
Hot-reloading dreams fill the developer's room!
Health checks and contracts, all written with care,
Now fellow rabbits know workflows to share. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	PR description is mostly complete with summary and testing details, but fails to include required PINEAPPLE marker for AI-generated content despite the auto-generated portions.	Add the word 'PINEAPPLE' at the very top of the PR description before all other content, as required by the template for AI-generated contributions.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: add dev-workflow skill for harness sandbox' accurately summarizes the main change—adding a new skill documentation file for sandbox configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/dev-workflow-skill

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/skills/dev-workflow/SKILL.md:
- Line 61: The Docker base image reference "base_image:
altimateacr.azurecr.io/altimate-code-base:latest" should be pinned to an
immutable tag or digest to ensure reproducible builds; update the value of the
base_image entry (the "base_image" key) to use a specific versioned tag (e.g.,
v1.2.3) or an exact image digest (sha256:...) instead of ":latest" so the
sandbox contract uses a fixed, immutable image.
- Around line 96-98: The health-check example currently asserts a fixed version
in the expected response; update the /global/health curl example (the curl -sf
localhost:4096/global/health block and the commented Expected JSON) to avoid
asserting "version":"local" — either show only {"healthy": true} or state that
"version" is runtime-derived and may vary, so tests should only assert
healthy:true; keep the curl command and clarify the dynamic nature of the
version field in the surrounding text.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b0504f5f-90e0-47d2-83f5-66b95ae7faf9

📥 Commits

Reviewing files that changed from the base of the PR and between adaebe0 and b0c8182.

📒 Files selected for processing (1)

• .claude/skills/dev-workflow/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Pin the base image to an immutable version/digest.

Using :latest in the sandbox contract makes environment behavior non-deterministic across runs and can break reproducibility.

Suggested doc fix

-base_image: altimateacr.azurecr.io/altimate-code-base:latest
+# Prefer immutable pinning for reproducibility:
+# base_image: altimateacr.azurecr.io/altimate-code-base:<version-or-date-tag>
+# or (stronger):
+# base_image: altimateacr.azurecr.io/altimate-code-base@sha256:<digest>
+base_image: altimateacr.azurecr.io/altimate-code-base:<pinned-tag>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/dev-workflow/SKILL.md at line 61, The Docker base image
reference "base_image: altimateacr.azurecr.io/altimate-code-base:latest" should
be pinned to an immutable tag or digest to ensure reproducible builds; update
the value of the base_image entry (the "base_image" key) to use a specific
versioned tag (e.g., v1.2.3) or an exact image digest (sha256:...) instead of
":latest" so the sandbox contract uses a fixed, immutable image.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid asserting a fixed version value in health-check expectations.

The endpoint guarantees healthy: true, but version is runtime-derived. Documenting {"version":"local"} can cause false verification failures.

Suggested doc fix

 curl -sf localhost:4096/global/health
-# Expected: {"healthy":true,"version":"local"}
+# Expected: JSON containing `"healthy": true` (version value may vary by build/runtime)
+# Example check:
+# curl -sf localhost:4096/global/health | jq -e '.healthy == true'

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	curl -sf localhost:4096/global/health
	# Expected: {"healthy":true,"version":"local"}
	```
	curl -sf localhost:4096/global/health
	# Expected: JSON containing `"healthy": true` (version value may vary by build/runtime)
	# Example check:
	# curl -sf localhost:4096/global/health | jq -e '.healthy == true'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/dev-workflow/SKILL.md around lines 96 - 98, The health-check
example currently asserts a fixed version in the expected response; update the
/global/health curl example (the curl -sf localhost:4096/global/health block and
the commented Expected JSON) to avoid asserting "version":"local" — either show
only {"healthy": true} or state that "version" is runtime-derived and may vary,
so tests should only assert healthy:true; keep the curl command and clarify the
dynamic nature of the version field in the surrounding text.

[saravmajestic]

Closing — dev-workflow skill moved to the harness repo (private) and injected at spawn time. Public repos should not contain internal harness infrastructure.