Add ai/recap and ai/security shortcuts#1570
Merged
Merged
Conversation
Give agents two more `ai/` entry points so common session tasks have a single, discoverable trigger instead of ad-hoc phrasing: - `ai/recap` — prints the "recap" trigger word; the agent then reviews the conversation and reports accomplishments + unresolved threads (per the new "Session recap" section). Explicitly NOT the /audit design skill. - `ai/security` — runs Brakeman + bundler-audit, mirroring the CI security scan, exiting non-zero if either fails. Documents both in ai/README.md and the AI instruction files (CLAUDE.md and the mirrored copilot-instructions.md). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds two new ai/ convenience entry points to make common agent/session actions more discoverable, and documents their intended behavior in both the ai/ README and the project’s AI instruction files.
Changes:
- Add
ai/recap(prints the “recap” trigger word) andai/security(runs Brakeman + bundler-audit). - Document the new scripts in
ai/README.md. - Add a “Session recap” section and update the Quick Commands tables in
CLAUDE.mdand.github/copilot-instructions.md.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
CLAUDE.md |
Adds “Session recap” instructions and documents ai/recap + ai/security. |
ai/security |
New script to run Brakeman and bundler-audit locally. |
ai/recap |
New script that emits the “recap” trigger word for agent behavior. |
ai/README.md |
Documents the new ai/ commands and clarifies their meaning. |
.github/copilot-instructions.md |
Mirrors the “Session recap” + Quick Commands updates from CLAUDE.md. |
Comment on lines
+5
to
+17
| set -uo pipefail | ||
| source "$(dirname "$0")/.ruby-env" | ||
|
|
||
| status=0 | ||
|
|
||
| echo "→ Brakeman — Rails security static analysis" | ||
| bin/brakeman --no-pager || status=1 | ||
|
|
||
| echo | ||
| echo "→ bundler-audit — known CVEs in gems" | ||
| bin/bundler-audit || status=1 | ||
|
|
||
| exit $status |
| | `ai/db-migrate` | Run database migrations | | ||
| | `ai/security` | Security scan: Brakeman + bundler-audit (mirrors CI) | | ||
|
|
||
| All scripts pass through extra arguments, so `ai/test --fail-fast` works as expected. |
| # unanswered questions, unfinished tasks, and disagreements from either side. | ||
| # This script just prints the trigger word; the agent does the work per CLAUDE.md. | ||
| # Not the /audit design skill, and not ai/security (the security scan). | ||
| echo "recap" |
| | `ai/db-migrate` | Run database migrations | | ||
| | `ai/security` | Security scan: Brakeman + bundler-audit (mirrors CI) | | ||
|
|
||
| > **"ai <name>" means the `ai/` script of that name** (e.g. "ai test" → `ai/test`, "ai security" → `ai/security`) — shell scripts in `ai/`, not slash-command skills. If a referenced `ai/<name>` script doesn't exist, ask what's intended rather than substituting a similarly named skill. (`ai/recap` is special — it triggers the agent **Session recap** behavior above, not a real script's output; never confuse it with the `/audit` design skill or the `ai/security` scan.) |
| | `ai/db-migrate` | Run database migrations | | ||
| | `ai/security` | Security scan: Brakeman + bundler-audit (mirrors CI) | | ||
|
|
||
| > **"ai <name>" means the `ai/` script of that name** (e.g. "ai test" → `ai/test`, "ai security" → `ai/security`) — shell scripts in `ai/`, not slash-command skills. If a referenced `ai/<name>` script doesn't exist, ask what's intended rather than substituting a similarly named skill. (`ai/recap` is special — it triggers the agent **Session recap** behavior above, not a real script's output; never confuse it with the `/audit` design skill or the `ai/security` scan.) |
|
|
||
| All scripts pass through extra arguments, so `ai/test --fail-fast` works as expected. | ||
|
|
||
| Only the commands listed above exist. "ai <name>" refers to one of these `ai/` scripts — not a slash-command skill. Two phrases are special: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the goal of this PR and why is this important?
ai/entry points (mirroring the existingai/test,ai/lint, … pattern):ai/recap— prints therecaptrigger word; the agent then reviews the conversation and reports Recap (what was accomplished) + Unresolved (dropped threads, open questions, unfinished tasks, disagreements). Explicitly not the/auditdesign skill.ai/security— runs Brakeman + bundler-audit, mirroring the CI security scan; exits non-zero if either fails.How did you approach the change?
ai/.ai/README.md.CLAUDE.mdand the mirrored.github/copilot-instructions.md(kept in sync per project convention).Anything else to add?