Skip to content

docs: remediate all documentation review findings#440

Merged
zircote merged 1 commit into
mainfrom
docs/review-remediation
Jun 11, 2026
Merged

docs: remediate all documentation review findings#440
zircote merged 1 commit into
mainfrom
docs/review-remediation

Conversation

@zircote

@zircote zircote commented Jun 11, 2026

Copy link
Copy Markdown
Owner

Summary

Remediates every finding from the documentation quality review (2 critical, 7 major, 8 minor):

  • Broken examples fixed: README workflow/action examples regenerated from the real workflow_call/action.yml inputs (the old ones failed at workflow startup if copied); phantom reusable-ci-rust.yml reference removed.
  • Profile automation repaired: update-profile-readme.yml was silently failing for 3 months — direct pushes to protected main were GH006-rejected and the retry loop swallowed the error. Now opens an auto-merge PR via the GitHub App token with set -euo pipefail.
  • Pinning consistency: every positive doc example now uses full-SHA pins (@2192c47… # main for this repo's workflows/actions; current release SHAs for third-party actions). Only deliberately-labeled WRONG examples and audit grep patterns retain mutable refs.
  • Markdown structural fixes: six docs had 3-backtick fences nesting 3-backtick code blocks (broken rendering, one phantom broken image) — outer fences converted to 4 backticks; ~40 unlabeled fences tagged.
  • Link integrity: ccpkg repo link (renamed), MIF/ccpkg spec deep links, private template repos de-linked, LICENSE added to back the README's MIT claim.
  • Compliance: attested-delivery skill now satisfies the strict skill-doc standard; profile-maintainer agent aligned to the shared structure; CONTRIBUTING describes the real toolchain.

Validation

  • actionlint clean on the modified workflow (including the pre-existing SC2046 in the step I touched)
  • lychee (offline + online, badges excluded): 0 errors across all public-facing docs
  • Fence-aware scan: zero unlabeled code fences remain in scope
  • All 8 skills pass the Purpose/Triggers/Usage strict check
  • pin-check simulation clean on both scanned dirs

@zircote
docs: remediate all documentation review findings
03accee 
Critical:
- README examples called nonexistent workflow/action inputs; regenerated
  every example from the actual workflow_call and action.yml inputs
- copilot-instructions.md referenced nonexistent reusable-ci-rust.yml

Major:
- update-profile-readme.yml pushed directly to protected main, was
  rejected (GH006), and the retry loop swallowed the failure — profile
  stale since 2026-03 while runs reported success. Now opens an
  auto-merge PR via the App token and fails loudly (set -euo pipefail)
- All positive doc examples now pin actions to full commit SHAs instead
  of @main/@v4 (README, skills, agents, presentations README)
- profile ccpkg link fixed (plugin-packaging -> ccpkg); MIF/ccpkg spec
  deep links fixed to /specification/overview/
- README private template repo links de-linked and marked private
- attested-delivery skill: Purpose/Triggers/Usage sections,
  allowed-tools frontmatter, trigger-phrase description
- CONTRIBUTING development setup rewritten for this repo's toolchain
- README structure tree updated (attested set, presentation skills,
  profile-maintainer agent)

Minor:
- Broken 3-backtick fence nesting fixed with 4-backtick outer fences in
  copilot-tuner, ecosystem-migrator, ai-tuning, ecosystem-migration,
  presentation-generation, presentations README (also fixes the phantom
  assets/diagram.png broken image)
- ~40 unlabeled code fences given language tags
- Nonexistent validate-sha-pinning.sh/validate-workflows.sh references
  replaced with actionlint + pin grep
- profile-maintainer agent aligned to shared agent structure
- example presentation author corrected; LICENSE (MIT) added; CHANGELOG
Copilot AI review requested due to automatic review settings June 11, 2026 17:34
@zircote zircote merged commit f20f443 into main Jun 11, 2026
4 checks passed
@zircote zircote deleted the docs/review-remediation branch June 11, 2026 17:35
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR remediates a broad set of documentation-quality findings across the repository, focusing on making examples copy/paste safe, aligning docs with current workflows/actions/inputs, and repairing the profile README automation to respect branch protection.

Changes:

  • Regenerated README/skill/agent examples to match real workflow_call and composite-action inputs, and updated uses: references to full 40-char SHA pins.
  • Reworked the profile README updater workflow to open an auto-merge PR via a GitHub App token instead of attempting direct pushes to protected main.
  • Fixed markdown structure/link integrity issues (code fence nesting, missing fence languages, updated/renamed links) and added an MIT LICENSE.

Reviewed changes

Copilot reviewed 25 out of 25 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
README.md Updates repository structure/docs, adds attested-delivery section, and refreshes workflow/action usage examples with SHA pins.
profile/README.md Updates external spec/repo links for MIF and ccpkg.
LICENSE Adds MIT license text to back the README’s license claim.
docs/presentations/README.md Fixes markdown fence nesting and updates workflow usage pin for presentation generation.
docs/presentations/drafts/example-presentation.md Corrects example author metadata.
CONTRIBUTING.md Replaces generic setup boilerplate with repo-specific tooling guidance (actionlint, gh-aw compilation, pin-check).
CHANGELOG.md Documents the documentation remediation and automation fixes as a “Fixed” set of entries.
agents/workflow-engineer.md Updates examples/fences and pins reusable workflow usage; adds action pin annotations.
agents/template-architect.md Fixes markdown fence language for the workflow diagram.
agents/security-auditor.md Updates checkout pin to a full SHA with version annotation.
agents/profile-maintainer.md Aligns agent doc structure and fixes fence language tags; adds “When Assisting Users” guidance.
agents/ecosystem-migrator.md Updates examples/pins, fixes nested fences, and replaces obsolete validation scripts with actionlint/grep guidance.
agents/copilot-tuner.md Fixes nested markdown fences (4-backtick outer fences) for correct rendering.
agents/content-strategist.md Adds language tags for code fences for consistent rendering.
.github/workflows/update-profile-readme.yml Changes profile update publishing strategy from direct push to PR-based auto-merge via GitHub App token; improves shell safety.
.github/skills/workflow-development/SKILL.md Updates workflow/action examples to SHA pins and modern validation guidance.
.github/skills/template-creation/SKILL.md Adds explicit fence language tag for directory layout example.
.github/skills/security-baseline/SKILL.md Replaces placeholder action reference with a fully pinned example SHA.
.github/skills/presentation-generation/SKILL.md Updates description wording and fixes nested fences for markdown correctness.
.github/skills/ecosystem-migration/SKILL.md Updates examples/pins and replaces obsolete validation scripts with actionlint/grep guidance.
.github/skills/content-pipeline/SKILL.md Adds explicit fence language tags for examples/diagrams.
.github/skills/attested-delivery/SKILL.md Brings skill doc into stricter format (Purpose/Triggers/Usage + allowed-tools).
.github/skills/ai-tuning/SKILL.md Fixes nested markdown fences (4-backtick outer fences).
.github/prompts/analyze-repo-activity.prompt.md Adds an explicit fence language tag for the usage example.
.github/copilot-instructions.md Fixes fence language tags and removes the nonexistent reusable Rust CI workflow reference; adds reusable-docs.
Comments suppressed due to low confidence (1)

README.md:188

  • The security-scan composite action language values in this example don’t match the action’s documented inputs (python, node, go, auto). Using javascript/rust here is misleading and can cause copy/paste failures.
    scan-secrets: true
    scan-dependencies: true
    language: python  # or javascript, go, rust

</details>

Comment thread README.md
Comment on lines +193 to +196
- uses: zircote/.github/actions/release-notes@2192c47863886d7a867b5042fb08de414f948f49 # main
with:
version: ${{ github.ref_name }}
output-file: CHANGELOG.md
from-tag: v1.0.0
include-contributors: true
Comment thread .github/workflows/update-profile-readme.yml
Comment on lines +145 to +149
- name: Generate App token
id: app-token
if: steps.changes.outputs.changed == 'true' && inputs.dry-run != true
uses: actions/create-github-app-token@bf559f85448f9380bcfa2899dbdc01eb5b37be3a # v3.0.0
with:
Comment thread agents/workflow-engineer.md
Comment on lines 112 to 114
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# ... implementation
Comment thread .github/skills/workflow-development/SKILL.md
Comment on lines 95 to +97
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: zircote/.github/actions/setup-python-uv@main
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: zircote/.github/actions/setup-python-uv@2192c47863886d7a867b5042fb08de414f948f49 # main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zircote