Fix 6 issues from CodeRabbit review

AnExiledDev · AnExiledDev · commit e68327fdc8f1 · 2026-02-24T07:10:15.000Z
- chromaterm: username auto-detection fallback to root now works
- biome: nvm.sh sourcing no longer aborts under set -u
- setup.js: ccstatusline-settings.json added to DEFAULT_PRESERVE
- docs: spec-writer moved to Read-Only agents table (matches definition)
- guard-readonly-bash.py: docstring corrected (stderr, not JSON stdout)
- git-forensics SKILL.md: misleading "blame" comment fixed
diff --git a/.devcontainer/CHANGELOG.md b/.devcontainer/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 ## [v1.14.0] - 2026-02-24
 
+### Fixed (CodeRabbit review)
+- **chromaterm/install.sh** — username auto-detection now resets to empty before candidate loop, so `${USERNAME:-root}` fallback works correctly
+- **biome/install.sh** — nvm.sh sourcing wrapped in `set +u` / `set -u` to prevent unbound variable abort under `set -euo pipefail`
+- **setup.js** — `ccstatusline-settings.json` added to DEFAULT_PRESERVE so user customizations survive `--force` package updates
+- **docs agent-system.md** — spec-writer moved from Full-Access to Read-Only agents table (matches its `permissionMode: plan` definition)
+- **guard-readonly-bash.py** — docstring corrected from "Returns JSON on stdout" to "Outputs block reason to stderr"
+- **git-forensics/SKILL.md** — misleading "Blame through renames" comment fixed to "Show patch history through renames"
+
 ### Added
 
 #### Nuclear Workspace Scope Enforcement
diff --git a/.devcontainer/features/biome/install.sh b/.devcontainer/features/biome/install.sh
@@ -14,7 +14,9 @@ echo "[biome] Version: ${VERSION}"
 
 # Source NVM if available
 if [ -f /usr/local/share/nvm/nvm.sh ]; then
+    set +u
     source /usr/local/share/nvm/nvm.sh
+    set -u
 fi
 
 # Validate npm is available
diff --git a/.devcontainer/features/chromaterm/install.sh b/.devcontainer/features/chromaterm/install.sh
@@ -19,6 +19,7 @@ echo "[chromaterm] Starting ChromaTerm2 installation..."
 
 # ---------- USER ----------
 if [[ "${USERNAME}" == "auto" || "${USERNAME}" == "automatic" ]]; then
+    USERNAME=""
     for u in vscode node codespace; do
         if id -u "$u" >/dev/null 2>&1; then
             USERNAME="$u"
diff --git a/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/guard-readonly-bash.py b/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/guard-readonly-bash.py
@@ -12,7 +12,7 @@
 (>, >>), eval/exec, inline scripting (python -c, node -e), and
 path/backslash prefix bypasses (/usr/bin/rm, \\rm).
 
-Reads tool input from stdin (JSON). Returns JSON on stdout.
+Reads tool input from stdin (JSON). Outputs block reason to stderr.
 Exit 0: Command is safe (allowed)
 Exit 2: Command would modify state (blocked)
 """
diff --git a/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/git-forensics/SKILL.md b/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/git-forensics/SKILL.md
@@ -105,7 +105,7 @@ Track a file across renames. Without `--follow`, history stops at the rename:
 # Follow a file through renames
 git log --follow --oneline -- path/to/current_name.py
 
-# Blame through renames
+# Show patch history through renames
 git log --follow -p -- path/to/file.py
 ```
 
diff --git a/docs/src/content/docs/plugins/agent-system.md b/docs/src/content/docs/plugins/agent-system.md
@@ -122,6 +122,7 @@ These agents investigate, analyze, and report — they never modify files.
 | **git-archaeologist** | Git history analysis, blame, bisect, forensics | Haiku | git-forensics |
 | **perf-profiler** | Performance profiling, bottleneck identification | Sonnet | performance-profiling |
 | **security-auditor** | Security audit, vulnerability assessment, OWASP checks | Sonnet | security-checklist |
+| **spec-writer** | Specification authoring and refinement | Opus | specification-writing |
 
 ### Full-Access Agents
 
@@ -134,7 +135,6 @@ These agents can read and write files, run commands, and make changes to your co
 | **refactorer** | Behavior-preserving code transformations | Opus | Worktree | refactoring-patterns |
 | **doc-writer** | Documentation writing and maintenance | Opus | Worktree | documentation-patterns |
 | **migrator** | Code migration, framework upgrades | Opus | Worktree | migration-patterns |
-| **spec-writer** | Specification authoring and refinement | Opus | No | specification-writing |
 | **bash-exec** | Shell command execution and scripting | Sonnet | No | — |
 | **statusline-config** | Statusline customization | Sonnet | No | — |
 
diff --git a/setup.js b/setup.js
@@ -10,6 +10,7 @@ const DEFAULT_PRESERVE = [
 	"config/defaults/settings.json",
 	"config/defaults/main-system-prompt.md",
 	"config/defaults/keybindings.json",
+	"config/defaults/ccstatusline-settings.json",
 	"config/file-manifest.json",
 	".codeforge-preserve",
 ];
