feat(skills): integrate osdu-activity skill with markdown output

Daniel Scholl (MS]requested to merge
activity into main

  • Summary of changes

    • Introduced a new bundled skill: osdu-activity, including its skill metadata and three wrapper scripts (mr.py, pipeline.py, issue.py) to surface GitLab activity (open MRs, pipeline statuses, and issues) via the osdu-activity CLI.
    • Expanded the bundled-skills update mechanism to handle multiple CLIs (osdu-quality, osdu-engagement, osdu-activity) and return a consolidated result.
    • Updated related OS-specific skill definitions and prompt routing to include osdu-activity as a surfaced capability.
    • Updated osdu-engagement, osdu-quality, and related script definitions to lean more on markdown/token-efficient outputs, adjust usage/help text, and reflect new default output modes.
    • Enhanced tests to cover new update-bundled-skills behavior and how multiple CLIs are discovered/updated.
    • Updated prompts/system and skill references to include osdu-activity in the routing and descriptions.

  • Key modifications and their purpose

    • Added new OSDU Activity CLI binding
      • New files:
        • src/agent/_bundled_skills/osdu-activity/SKILL.md
        • src/agent/_bundled_skills/osdu-activity/scripts/mr.py
        • src/agent/_bundled_skills/osdu-activity/scripts/pipeline.py
        • src/agent/_bundled_skills/osdu-activity/scripts/issue.py
      • Purpose: Wraps the osdu-activity CLI to surface MRs, pipelines, and issues per project with provider-based filtering and output formats.
      • issue.py specifics:
        • Prerequisites check ensures authentication via GITLAB_TOKEN or glab, and ensures osdu-activity CLI is present.
        • Builds and runs the osdu-activity issue command with options for project, provider, ADR filter, limit, and output format.
      • mr.py / pipeline.py specifics:
        • Similar prerequisites checks and command construction for MR and pipeline queries respectively.
        • Support for project/provider filtering, style (table/list), limits, and output format.
    • Updates to related skill definitions and prompts
      • osdu-engagement SKILL.md updated to reflect new command names and to incorporate osdu-activity into the contributor/activity ecosystem.
      • osdu-quality SKILL.md and other skill docs updated to prefer markdown outputs and adjust token budgets, usage patterns, and recommendations.
      • Updated system prompts to include osdu-activity in the skill routing, enabling direct queries for open MRs, pipeline status, and issues.
    • Bundled skills update mechanism improved
      • Updated src/agent/update.py: update_bundled_skills now discovers and updates multiple CLIs (osdu-quality, osdu-engagement, osdu-activity) instead of only osdu-quality.
      • Behavior tracked via updated tests: it now collects updated/skipped/failed per CLI, returns a combined message, and supports more robust error handling.
    • Tests updated to reflect new update flow
      • Tests in tests/unit/test_update.py updated to validate:
        • No skills installed: function returns success with a skipped/not-installed message.
        • Single skill update success: mocks installed CLI and asserts success and presence of the updated CLI in the message.
        • All skills update success: mocks all installed CLIs and asserts updated message.
        • Skill update failure: simulates non-zero exit code and validates failure messaging.
        • Timeout during update: simulates TimeoutExpired and ensures timeout messaging.
        • Mixed success and skip: ensures behavior when some CLIs are installed and some are not.
    • Minor script wording/usage adjustments across OS tool wrappers
      • osdu-engagement and osdu-quality script descriptions and option help texts updated to emphasize token-efficient markdown outputs and safer defaults.
      • Contributions/decisions/trends scripts in osdu-engagement updated to align with markdown defaults and more explicit usage examples.

  • Notable technical details

    • New issue.py wrapper
      • check_prerequisites() validates authentication via GITLAB_TOKEN or glab auth, and validates presence of osdu-activity CLI.
      • Uses subprocess.run to verify osdu-activity is installed and to execute the issue surface command, capturing output for failure messaging.
    • New MR/Pipeline wrappers
      • Each wrapper follows the same pattern: prereq checks, command construction with -p, --provider, -l, -o options, and execution with error handling.
      • Output format options include json, markdown, and tty, with markdown preferred for token efficiency in many scripts.
    • Multi-CLI update flow
      • update_bundled_skills now loops over ["osdu-quality", "osdu-engagement", "osdu-activity"] and aggregates per-skill results into updated/skipped/failed lists.
      • Returns a combined message indicating updated components, any skipped CLIs, and any failures.
    • Tests
      • Tests now simulate a broader set of scenarios for update_bundled_skills, covering no installed CLIs, single/multiple updates, timeouts, and partial success.

  • Security impact analysis

    • New osdu-activity issue.py wrapper
      • Authentication handling relies on environment variable GITLAB_TOKEN or glab auth status; credentials are not printed or echoed, reducing exposure risk in logs. Dependency on external CLIs (osdu-activity, glab) introduces potential external risk if those tools have vulnerabilities; ensure these CLIs are kept up to date and trusted.
    • Authentication and access control
      • The code enforces authentication presence before querying data, reducing the risk of unauthorized access if credentials are missing. Messages and errors avoid leaking tokens or secrets; guidance is provided for proper configuration.
    • Update flow changes
      • Updating multiple bundled CLIs through a centralized updater reduces drift risk and ensures consistent behavior across skills, but relies on the security posture of each CLI. If any CLI has a vulnerability, the updater could trigger it across all skills.
    • Prompt/system changes
      • Adding osdu-activity to the system prompt expands capability surface; ensure that the expanded surface is protected and that access remains governed by the existing authentication and authorization controls for GitLab entities.

  • Last specific change or security finding discussed

    • Tests updated to cover update_bundled_skills behavior.

Merge request reports