azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9ff5a9f04fcdb8526f99a46fdf9dffbbb396f2c2
claudetools/.claude/memory/feedback_agy_review_not_readonly.md
Mike Swanson d4741e447f feat(human-flow): AST-based scanner v2 + Friction Index rubric 
Upgrade the human-flow skill (Gemini-assisted, Claude-reviewed):
- scan.mjs rewritten to AST-based (@babel/parser/traverse) with 4
  detectors: unlabeled-icon-button, tiny-target, missing-feedback-props,
  click-without-keyboard; regex fallback on parse failure.
- Objective Friction Index (Motor 3.0 / Cognitive 2.5 / Keyboard 2.5 /
  Feedback 2.0); 0-10 Human Workflow Score.
- New heuristics: State-Flow Audit, Precision Rail / Fumble Zones,
  Restraint-o-Meter (1-5) for the fancy pass.
- `fix` command DISABLED for now (advisory only): the AST generator
  reprints whole files and produces noisy diffs; agents apply surgical
  fixes from the report. To be revisited with a string-splice editor.
- Add @babel/* deps + package-lock.json.
- Memory: agy review/review-files is NOT actually read-only (wrote files
  + ran npm despite documented plan-mode) — diff after every agy review.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 17:58:10 -07:00

1.4 KiB
Raw Blame History

name, description, metadata
name description metadata
feedback-agy-review-not-readonly agy review/review-files can actually WRITE files + run npm, despite docs claiming read-only plan mode — review Gemini's diffs, don't trust its summary.
type
feedback

The agy SKILL.md documents review / review-files as read-only (--approval-mode plan: "Gemini can read files but cannot modify anything"). Observed 2026-06-05 on GURU-5070: a review-files call asking Gemini to "improve" the human-flow skill resulted in Gemini actually editing 6 repo files, adding babel deps to package.json, and running npm install (created package-lock.json + node_modules). So plan-mode was NOT enforced for that run.

Why: The documented safety contract (read-only review) cannot be relied on. Gemini also over-claims — its final summary said it "delivered/upgraded" the skill as if complete, but the only way to know what truly happened was to git diff and run the code.

How to apply: After ANY agy review* call, git status / git diff the target tree to see what actually changed — never trust the summary. If you need a guaranteed read-only second opinion, copy targets to a scratch dir first, or verify the wrapper's approval-mode. The improvements may be good, but they are a PROPOSAL to review and validate (run it, check repo rules like NO EMOJIS), not trusted output. Related: reference_gitea_internal is unrelated; see agy SKILL.md path gotcha.

Reference in New Issue View Git Blame Copy Permalink