docs(skills): ban python wrappers and mid-run skill edits in audit contract#7
Merged
Merged
Conversation
…ntract
Tightens the SQL-first audit contract after a test trace blew the 4-call
ceiling with python3 subprocess loops around `topline` and mid-run
`skill_manage` edits. Both are now explicitly banned in the default flow.
- hermes/SKILL.md: 1.3.0 -> 1.4.0
- Readiness probe now describes the doctor / query-help fallback for
stale binaries (a real failure mode when PR #5 merged but the local
binary wasn't rebuilt). Recommends `scripts/install-local.sh`.
- Hard ceiling section lists three banned classes: REST fan-out,
python/subprocess wrappers around topline, mid-run skill edits.
- Two new pitfalls (10, 11) covering python wrappers and mid-run
skill_manage usage.
- claude-code/SKILL.md: mirrors the same contract in shorter form.
No code, no behavior change to the CLI itself.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Latest test trace of the SQL-first audit contract blew the 4-call ceiling because:
topline --agent query sqlcalls inpython3/execute_codesubprocess loops to "verify" and "reshape" the output. Same anti-pattern as REST fan-out, different surface.skill_manageduring the audit to patch the topline-os-cli / topline-os-crm-audits skills — meaning the contract being tested wasn't the documented contract.The two were the new dominant failure modes after this week's earlier PRs (#4, #5, #6) successfully killed REST-first fallback and adopted
query doctoras step 1. Tightening the contract closes both loopholes.What
skills/hermes/SKILL.md(1.3.0 -> 1.4.0)query doctor/query helpfallback for stale binaries (real failure mode hit when feat(query):query doctorreadiness probe + Hermes-aware install script (Phase 1) #5 merged but the local binary wasn't rebuilt). Recommendsscripts/install-local.shas the fix.pipeline audit,opportunities search,conversations search, message loops).python3/execute_code/subprocess.runwrappers aroundtopline. CLI returns JSON; parse it directly. Reshape in SQL with a finalSELECT.skill_manageedits to either bundled skill during execution. Contract is read-only during a run; propose edits in a separate turn.skills/claude-code/SKILL.mdMirrors the same contract in the shorter Claude Code-targeted form.
What this is not
querycommands,pipeline audit, or any tool. They remain available for the drilldown / diagnostic exceptions that already require the user to explicitly ask.Follow-ups (separate PRs)
docs/plans/2026-05-13-sql-first-retrieval-improvements.md(query template registry).os-mcpview rollforward (contact_timelineUNION appointments/call_events,pipeline_activity_window,pipeline_snapshot,pipeline_movement_window,warehouse_freshness) — different repo.