docker
diff --git a/‎.agents/hooks/enforce-git-hygiene.sh‎
Lines changed: 20 additions & 0 deletions b/‎.agents/hooks/enforce-git-hygiene.sh‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎.agents/hooks/enforce-vendored.sh‎
Lines changed: 25 additions & 0 deletions b/‎.agents/hooks/enforce-vendored.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.agents/settings.json‎
Lines changed: 26 additions & 0 deletions b/‎.agents/settings.json‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎.agents/skills/check-pr/SKILL.md‎
Lines changed: 90 additions & 0 deletions b/‎.agents/skills/check-pr/SKILL.md‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎.agents/skills/create-pr/SKILL.md‎
Lines changed: 123 additions & 0 deletions b/‎.agents/skills/create-pr/SKILL.md‎
Lines changed: 123 additions & 0 deletions
diff --git a/‎.agents/skills/fix-issue/SKILL.md‎
Lines changed: 83 additions & 0 deletions b/‎.agents/skills/fix-issue/SKILL.md‎
Lines changed: 83 additions & 0 deletions
@@ -0,0 +1,20 @@
+#!/bin/bash
+# PreToolUse hook for the Bash tool.
+# Blocks dangerous git patterns that cause CI failures.
+set -euo pipefail
+
+input=$(cat)
+command=$(echo "$input" | jq -r '.tool_input.command // empty')
+
+if [ -z "$command" ]; then
+  exit 0
+fi
+
+# Block 'git add .' / 'git add -A' / 'git add --all'
+# These stage package-lock.json and other generated files.
+if echo "$command" | grep -qE 'git\s+add\s+(\.|--all|-A)(\s|$|;)'; then
+  echo "BLOCKED: do not use 'git add .' / 'git add -A' / 'git add --all'. Stage files explicitly by name." >&2
+  exit 2
+fi
+
+exit 0
@@ -0,0 +1,25 @@
+#!/bin/bash
+# PreToolUse hook for Edit and Write tools.
+# Blocks edits to vendored content that must be fixed upstream.
+set -euo pipefail
+
+input=$(cat)
+file_path=$(echo "$input" | jq -r '.tool_input.file_path // empty')
+
+if [ -z "$file_path" ]; then
+  exit 0
+fi
+
+# Block edits to vendored Hugo modules.
+if echo "$file_path" | grep -qE '/_vendor/'; then
+  echo "BLOCKED: _vendor/ is vendored from upstream Hugo modules. Fix in the source repo instead." >&2
+  exit 2
+fi
+
+# Block edits to vendored CLI reference data.
+if echo "$file_path" | grep -qE '/data/cli/'; then
+  echo "BLOCKED: data/cli/ is generated from upstream repos (docker/cli, docker/buildx, etc.). Fix in the source repo instead." >&2
+  exit 2
+fi
+
+exit 0
@@ -0,0 +1,26 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .agents/hooks/enforce-vendored.sh"
+          }
+        ],
+        "description": "Block edits to vendored content (_vendor/, data/cli/)"
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .agents/hooks/enforce-git-hygiene.sh"
+          }
+        ],
+        "description": "Block git add . and dangerous patterns"
+      }
+    ]
+  }
+}
@@ -0,0 +1,90 @@
+---
+name: check-pr
+description: >
+  Check a single PR's CI status, review comments, and requested changes.
+  Fix actionable failures and address feedback. "check PR 1234", "what's
+  the status of my PR", "address review comments on #500".
+argument-hint: "<pr-number>"
+context: fork
+---
+
+# Check PR
+
+Do one pass over PR **$ARGUMENTS**: check CI, read reviews, fix what's
+actionable, report status.
+
+## 1. Gather PR state
+
+```bash
+# Overall state
+gh pr view $ARGUMENTS --repo docker/docs --json state,title,url,headRefName
+
+# CI checks
+gh pr checks $ARGUMENTS --repo docker/docs --json name,state,detailsUrl
+
+# Top-level reviews
+gh pr view $ARGUMENTS --repo docker/docs --json reviews,reviewDecision
+
+# Inline (line-level) comments — NOT included in the above
+gh api repos/docker/docs/pulls/$ARGUMENTS/comments \
+  --jq '[.[] | {id: .id, author: .user.login, body: .body, path: .path, line: .line}]'
+```
+
+Always check both the reviews endpoint and the inline comments endpoint.
+A review with an empty body may still have line-level comments requiring
+action.
+
+## 2. If merged
+
+Report the final state. No further action needed.
+
+## 3. If closed without merge
+
+Read the closing context to understand why:
+
+```bash
+gh pr view $ARGUMENTS --repo docker/docs --json closedAt,comments \
+  --jq '{closedAt, lastComment: .comments[-1].body}'
+```
+
+Report the reason. Common causes: rejected by maintainers, superseded by
+another PR, closed by automation.
+
+## 4. If CI is failing
+
+- Read the failure details (follow `detailsUrl` if needed)
+- Determine if the failure is in the PR's changed files or pre-existing
+- **Actionable:** check out the branch, fix, commit, push
+  ```bash
+  git checkout <branch>
+  # fix the issue
+  git add <files>
+  git commit -m "fix: <description>"
+  git push
+  ```
+- **Pre-existing / upstream:** note it, do not block
+
+## 5. If review comments or changes requested
+
+- Read each unresolved comment
+- Address feedback in a follow-up commit
+- Push, then reply to each comment explaining what was done:
+  ```bash
+  gh api repos/docker/docs/pulls/$ARGUMENTS/comments \
+    --method POST \
+    --field in_reply_to=<comment-id> \
+    --field body="<response>"
+  ```
+- End every comment with a `Generated by [Claude Code](https://claude.com/claude-code)` footer
+- Re-request review if changes were requested
+
+## 6. Report
+
+```
+## PR #$ARGUMENTS: <title>
+
+**State:** <open|merged|closed>
+**CI:** <passing|failing|pending>
+**Review:** <approved|changes requested|pending>
+**Action taken:** <what was done, or "none needed">
+```
@@ -0,0 +1,123 @@
+---
+name: create-pr
+description: >
+  Push the current branch and create a pull request against docker/docs.
+  Use after changes are committed and reviewed. "create a PR", "submit the
+  fix", "open a pull request for this".
+---
+
+# Create PR
+
+Push the branch and create a properly structured pull request.
+
+## 1. Verify the branch
+
+```bash
+git log --oneline main..HEAD   # confirm commits exist
+git diff --quiet               # confirm no unstaged changes
+```
+
+## 2. Push the branch
+
+Confirm origin points to your fork, not upstream:
+
+```bash
+git remote get-url origin
+```
+
+Then push:
+
+```bash
+git push -u origin <branch-name>
+```
+
+## 3. Create the PR
+
+Derive the fork owner dynamically:
+
+```bash
+FORK_OWNER=$(git remote get-url origin | sed -E 's|.*[:/]([^/]+)/[^/]+(\.git)?$|\1|')
+```
+
+```bash
+gh pr create --repo docker/docs \
+  --head "${FORK_OWNER}:<branch-name>" \
+  --title "<concise summary under 70 chars>" \
+  --body "$(cat <<'EOF'
+## Summary
+
+<1-2 sentences: what was wrong and what was changed>
+
+Closes #NNNN
+
+Generated by [Claude Code](https://claude.com/claude-code)
+EOF
+)"
+```
+
+Keep the body short. Reviewers need to know what changed and why — nothing
+else.
+
+### Optional: Learnings section
+
+If while working on this PR you discovered something non-obvious about the
+repo — a convention not documented in AGENTS.md, a gotcha that tripped you
+up, a pattern that should be codified — add a Learnings section to the PR
+body:
+
+```markdown
+## Learnings
+
+- <what you learned and why it matters>
+```
+
+Add this section between the Summary and the `Closes` line. Only include
+learnings that would help future contributors avoid the same issue. Do not
+include things already documented in AGENTS.md or STYLE.md.
+
+The weekly PR learnings scanner reads these sections to surface recurring
+patterns for the team to codify.
+
+## 4. Apply labels and request review
+
+Use the Issues API for labels — `gh pr edit --add-label` silently fails:
+
+```bash
+gh api repos/docker/docs/issues/<pr-number>/labels \
+  --method POST \
+  --field 'labels[]=status/review'
+```
+
+Request review:
+
+```bash
+gh pr edit <pr-number> --repo docker/docs --add-reviewer docker/docs-team
+```
+
+Verify the reviewer was assigned:
+
+```bash
+gh pr view <pr-number> --repo docker/docs --json reviewRequests \
+  --jq '.reviewRequests[].slug'
+```
+
+If the team doesn't appear, use the API directly:
+
+```bash
+gh api repos/docker/docs/pulls/<pr-number>/requested_reviewers \
+  --method POST --field 'team_reviewers[]=docs-team'
+```
+
+## 5. Report
+
+Print the PR URL and current CI state:
+
+```bash
+gh pr view <pr-number> --repo docker/docs --json url,state
+gh pr checks <pr-number> --repo docker/docs --json name,state
+```
+
+## Notes
+
+- Always use `Closes #NNNN` (not "Fixes") for GitHub auto-close linkage
+- One issue, one branch, one PR — never combine
@@ -0,0 +1,83 @@
+---
+name: fix-issue
+description: >
+  Fix a single GitHub issue end-to-end: triage, research, write the fix,
+  review, and create a PR. Use when asked to fix an issue: "fix issue 1234",
+  "resolve #500", "create a PR for issue 200".
+argument-hint: "<issue-number>"
+---
+
+# Fix Issue
+
+Given GitHub issue **$ARGUMENTS**, decide what to do with it and either
+close it or fix it. This skill orchestrates the composable skills — it owns
+the decision tree, not the individual steps.
+
+## 1. Triage
+
+Invoke `/triage-issue $ARGUMENTS` to understand the issue and decide what
+to do. This runs in a forked subagent and returns a verdict.
+
+## 2. Act on the triage result
+
+If triage says **close it** — comment with the reason and close:
+```bash
+gh issue close $ARGUMENTS --repo docker/docs \
+  --comment "<one sentence explaining why>
+
+Generated by [Claude Code](https://claude.com/claude-code)"
+```
+Done.
+
+If triage says **escalate upstream** — comment noting the repo and stop:
+```bash
+gh issue comment $ARGUMENTS --repo docker/docs \
+  --body "This needs to be fixed in <upstream-repo>.
+
+Generated by [Claude Code](https://claude.com/claude-code)"
+```
+Done.
+
+If triage says **leave it open** — comment explaining what was checked and
+what's unclear. Do not close.
+Done.
+
+End every issue comment with a `Generated by [Claude Code](https://claude.com/claude-code)` footer.
+
+If triage says **fix it** — proceed to step 3.
+
+## 3. Research
+
+Invoke `/research` to locate affected files, verify facts, and identify
+the fix. The issue context carries over from triage. This runs inline —
+findings stay in conversation context for the write step.
+
+If research reveals the issue is upstream or cannot be fixed (e.g.
+unverifiable URLs), comment on the issue and stop.
+
+## 4. Write
+
+Invoke `/write` to create a branch, make the change, format, self-review,
+and commit.
+
+## 5. Review
+
+Invoke `/review-changes` to check the diff for correctness, coherence, and
+mechanical compliance. This runs in a forked subagent with fresh context.
+
+If issues are found, fix them and re-review until clean.
+
+## 6. Create PR
+
+Invoke `/create-pr` to push the branch and open a pull request.
+
+## 7. Return to main
+
+```bash
+git checkout main
+```
+
+## 8. Report
+
+Summarize what happened: the issue number, what was done (closed, escalated,
+fixed with a PR link), and why — in a sentence or two.