safe-pr
Installation
SKILL.md
Safe PR — Evidence-Rich Pull Request (Phase 4)
Open a pull request a senior engineer can approve with confidence, because the evidence is right there. This is the final phase of a slice: build (red-green-refactor) → CI (tdd-ci) → PR. Treat opening a PR as an outward-facing action — be careful and confirm before pushing.
The harness builds web and non-web apps, so evidence comes in two shapes:
- Web slice → Playwright screenshots + a recording of the passing acceptance run (plus the HTML report).
- Non-web slice (CLI / HTTP API / service) → terminal transcripts: the test-run output and a real endpoint invocation (CLI stdout, or an HTTP request+response). Transcripts stand in for screenshots/recordings.
Bundled resources:
assets/pr-body-template.md— the PR description structure (with an<!-- EVIDENCE -->marker the script fills).scripts/collect-evidence.mjs— collects evidence into the committed evidence folder and generates the PR body. For web slices it embeds screenshots and links the recording/report; for non-web slices (--type cli|api|servicewith--transcript) it embeds the transcripts as code blocks. Modality is auto-detected (Playwright artifacts → web) or forced with--type. It runs in two phases —--copy-only(copy + secret-scan) before you commit the evidence, then--body-only(build the body, pinned to the evidence commit) after — so embedded links resolve. It auto-detects repo visibility and, on private repos, renders screenshots as clickable blob links rather than inline images that wouldn't render. Run with Node.
Requires the GitHub CLI (
gh) authenticated, and a GitHub remote. Confirm both early (gh auth status,git remote -v).