docs: document system layers, layer rules, and standard flows#656
Draft
docs: document system layers, layer rules, and standard flows#656
Conversation
…DE.md Replace flat "Core Module Structure" list with layered architecture description including dependency direction, explicit boundary rules, known exceptions (Wallet), standard data flow patterns, and anti-patterns to avoid. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
lklimek
changed the title
Keep ideal layer rules as the target for new code, but explicitly document accepted deviations in the current codebase. Do not refactor existing code to match model rules. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add script to copy claudius plugin agents and skills into .github/ for GitHub Copilot PR code review. Copilot only sees committed files, so this materializes plugin assets with namespace stripping. - scripts/sync-claudius.sh — copies skills + agents, strips claudius: prefix - .github/agents/ — 14 agent definitions - .github/skills/ — 11 skill definitions - .github/copilot-instructions.md — manually maintained, points to CLAUDE.md and review skill Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enhances contributor-facing documentation and Copilot review tooling by documenting the codebase’s architectural layering and by vendoring “claudius” agent/skill assets (plus security reference material) into .github/ so they are visible to GitHub Copilot PR review.
Changes:
- Reworks
CLAUDE.mdarchitecture section into explicit system layers, layer rules, standard flows, and anti-patterns. - Adds a sync script (
scripts/sync-claudius.sh) to materialize claudius plugin assets into.github/skills/and.github/agents/. - Adds/updates Copilot/agent/skill markdown and includes security best-practices references plus an update script for OWASP cheat sheets.
Reviewed changes
Copilot reviewed 71 out of 144 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/sync-claudius.sh | Adds a repo-local sync script to copy claudius skills/agents into .github/ and strip claudius: prefixes. |
| CLAUDE.md | Documents system layers, layer rules, standard flows, and anti-patterns for new code. |
| AGENTS.md | Points contributors/agents to follow CLAUDE.md first. |
| .github/skills/severity/SKILL.md | Adds a “severity” skill definition for consistent review finding severity classification. |
| .github/skills/security-best-practices/scripts/update-cheatsheets.sh | Adds a helper script to sparse-clone OWASP CheatSheetSeries and refresh local references. |
| .github/skills/security-best-practices/references/cheatsheets/Web_Service_Security_Cheat_Sheet.md | Adds security reference material (web service security). |
| .github/skills/security-best-practices/references/cheatsheets/User_Privacy_Protection_Cheat_Sheet.md | Adds security reference material (privacy protection). |
| .github/skills/security-best-practices/references/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md | Adds security reference material (open redirects/forwards). |
| .github/skills/security-best-practices/references/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md | Adds deprecated-stub reference pointing to TLS cheat sheet. |
| .github/skills/security-best-practices/references/cheatsheets/Third_Party_Payment_Gateway_Integration.md | Adds security reference material (payment gateway integration). |
| .github/skills/security-best-practices/references/cheatsheets/TLS_Cipher_String_Cheat_Sheet.md | Adds deprecated-stub reference pointing to TLS cheat sheet. |
| .github/skills/security-best-practices/references/cheatsheets/Serverless_FaaS_Security_Cheat_Sheet.md | Adds security reference material (serverless/FaaS). |
| .github/skills/security-best-practices/references/cheatsheets/Securing_Cascading_Style_Sheets_Cheat_Sheet.md | Adds security reference material (CSS security). |
| .github/skills/security-best-practices/references/cheatsheets/Secure_Product_Design_Cheat_Sheet.md | Adds security reference material (secure product design). |
| .github/skills/security-best-practices/references/cheatsheets/Secure_AI_Model_Ops_Cheat_Sheet.md | Adds security reference material (AI/ML model operations). |
| .github/skills/security-best-practices/references/cheatsheets/REST_Assessment_Cheat_Sheet.md | Adds security reference material (REST assessment). |
| .github/skills/security-best-practices/references/cheatsheets/Query_Parameterization_Cheat_Sheet.md | Adds security reference material (query parameterization). |
| .github/skills/security-best-practices/references/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.md | Adds security reference material (prototype pollution). |
| .github/skills/security-best-practices/references/cheatsheets/PHP_Configuration_Cheat_Sheet.md | Adds security reference material (PHP hardening). |
| .github/skills/security-best-practices/references/cheatsheets/OAuth2_Cheat_Sheet.md | Adds security reference material (OAuth 2.0). |
| .github/skills/security-best-practices/references/cheatsheets/NoSQL_Security_Cheat_Sheet.md | Adds security reference material (NoSQL security). |
| .github/skills/security-best-practices/references/cheatsheets/Network_Segmentation_Cheat_Sheet.md | Adds security reference material (network segmentation). |
| .github/skills/security-best-practices/references/cheatsheets/Legacy_Application_Management_Cheat_Sheet.md | Adds security reference material (legacy app management). |
| .github/skills/security-best-practices/references/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md | Adds security reference material (LDAP injection prevention). |
| .github/skills/security-best-practices/references/cheatsheets/JAAS_Cheat_Sheet.md | Adds security reference material (JAAS). |
| .github/skills/security-best-practices/references/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md | Adds security reference material (IDOR). |
| .github/skills/security-best-practices/references/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.md | Adds reference stub redirecting to Java security cheat sheet section. |
| .github/skills/security-best-practices/references/cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.md | Adds security reference material (IaC security). |
| .github/skills/security-best-practices/references/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md | Adds security reference material (HSTS). |
| .github/skills/security-best-practices/references/cheatsheets/Forgot_Password_Cheat_Sheet.md | Adds security reference material (forgot password). |
| .github/skills/security-best-practices/references/cheatsheets/Dependency_Graph_SBOM_Cheat_Sheet.md | Adds security reference material (SBOM/dependency graph). |
| .github/skills/security-best-practices/references/cheatsheets/Database_Security_Cheat_Sheet.md | Adds security reference material (DB security). |
| .github/skills/security-best-practices/references/cheatsheets/Cookie_Theft_Mitigation_Cheat_Sheet.md | Adds security reference material (cookie theft mitigation). |
| .github/skills/security-best-practices/references/cheatsheets/Automotive_Security.md | Adds security reference material (automotive security overview). |
| .github/skills/security-best-practices/references/cheatsheets/Access_Control_Cheat_Sheet.md | Adds deprecated-stub reference pointing to authorization cheat sheet. |
| .github/skills/security-best-practices/references/cheatsheets/ATTRIBUTION.md | Adds attribution and licensing note for vendored OWASP cheat sheets. |
| .github/skills/security-best-practices/references/cheatsheets/AJAX_Security_Cheat_Sheet.md | Adds security reference material (AJAX security). |
| .github/skills/rust-best-practices/evals/evals.json | Adds Rust best-practices evaluation prompts/expectations JSON. |
| .github/skills/review/SKILL.md | Adds a comprehensive multi-agent review methodology skill doc. |
| .github/skills/review-pr/SKILL.md | Adds a PR audit workflow skill doc (incl. GitHub commenting flow). |
| .github/skills/review-loop/SKILL.md | Adds an automated peer review feedback loop skill doc. |
| .github/skills/review-dependency/SKILL.md | Adds a dependency security review workflow skill doc. |
| .github/skills/personality/SKILL.md | Adds a “personality” skill definition (claudius persona instructions). |
| .github/skills/ci-loop/SKILL.md | Adds an automated CI monitoring/fix loop skill doc. |
| .github/skills/check-pr-comments/SKILL.md | Adds a workflow skill doc for verifying/triaging PR review comments. |
| .github/copilot-instructions.md | Instructs Copilot to follow CLAUDE.md and apply the review skill methodology. |
| .github/agents/ux-designer.md | Adds an agent definition for UX/UI design + accessibility reviews/specs. |
| .github/agents/technical-writer.md | Adds an agent definition for documentation authoring/maintenance. |
| .github/agents/technical-researcher.md | Adds an agent definition for technology evaluation and research. |
| .github/agents/rust-developer.md | Adds an agent definition for Rust implementation and code review. |
| .github/agents/qa-engineer.md | Adds an agent definition for QA/test planning and validation. |
| .github/agents/python-developer.md | Adds an agent definition for Python implementation and review. |
| .github/agents/project-reviewer.md | Adds an agent definition for cross-artifact/project consistency reviews. |
| .github/agents/go-developer.md | Adds an agent definition for Go implementation and review. |
| .github/agents/frontend-developer.md | Adds an agent definition for frontend implementation and review. |
| .github/agents/devops-engineer.md | Adds an agent definition for CI/CD, Docker, and infra-related work. |
| .github/agents/claudius.md | Adds a general-purpose “claudius” coordinator agent definition. |
| .github/agents/architect.md | Adds an agent definition for architecture/module boundary reviews. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
scripts/sync-claudius.sh
Outdated
Comment on lines
+103
to
+107
| local dest="$SKILLS_DIR/$name" | ||
|
|
||
| cp -r "$skill_dir" "$dest" | ||
| find "$dest" -name '*.md' -exec sed -i 's/claudius://g' {} + | ||
|
|
There was a problem hiding this comment.
cp -r "$skill_dir" "$dest" will create a nested directory if $dest already exists (e.g., it becomes .github/skills/<name>/<name>/...). Since clean_managed only deletes directories with the marker, any manually edited/unmarked skill dir would trigger this behavior. Consider removing $dest before copying, or using a copy mode that replaces the destination directory (e.g., rsync or an equivalent) to make the operation idempotent.
scripts/sync-claudius.sh
Outdated
Comment on lines
+105
to
+107
| cp -r "$skill_dir" "$dest" | ||
| find "$dest" -name '*.md' -exec sed -i 's/claudius://g' {} + | ||
|
|
There was a problem hiding this comment.
sed -i is GNU-specific; on macOS/BSD sed it fails unless an extension is provided. If this script is intended to be run by contributors on macOS, consider using a portable in-place edit approach (or branching on uname for the correct sed -i syntax).
scripts/sync-claudius.sh
Outdated
Comment on lines
+132
to
+134
| cp "$agent_file" "$dest" | ||
| sed -i 's/claudius://g' "$dest" | ||
| prepend_marker "$dest" |
There was a problem hiding this comment.
Same portability issue here: sed -i is not compatible with macOS/BSD sed without an explicit backup suffix. Consider making the in-place replace portable so the script behaves consistently across contributor environments.
Comment on lines
+39
to
+41
| # Remove old cheat sheets (but preserve ATTRIBUTION.md) | ||
| find "${TARGET_DIR}" -name '*_Cheat_Sheet.md' -o -name '*_Security.md' | xargs rm -f 2>/dev/null || true | ||
|
|
There was a problem hiding this comment.
The cleanup pipeline uses find ... | xargs rm, which is fragile if any filenames contain whitespace/newlines and can also match non-files. Consider using find with -type f and a NUL-delimited pipeline (-print0 + xargs -0) (or -exec rm -f {} +) to make deletions robust.
Comment on lines
+98
to
+101
| **In practice**, the codebase has established patterns that differ from the model: | ||
| - UI may **read** from DB through `AppContext` wrapper methods (e.g., `app_context.load_local_qualified_identities()`) | ||
| - UI may **write** to DB in `display_task_result()` for caching backend results | ||
| - `Wallet` (`model/wallet/`) mixes data, DB writes, and RPC calls — this is intentional |
There was a problem hiding this comment.
The “In practice” exceptions list doesn’t mention that there is already direct app_context.db.* usage in UI code (both reads and writes), beyond wrapper methods and beyond display_task_result() (e.g., src/ui/dashpay/contact_details.rs writes via save_contact_private_info, and src/ui/identities/identities_screen.rs deletes identities directly). If the intent is “avoid introducing new direct DB calls from UI”, consider documenting this as an existing legacy pattern here (or clarifying the anti-pattern wording) so the guidance matches what contributors will find in the codebase.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
lklimek
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AGENTS.mdpointing toCLAUDE.mdfor Copilot/agent compatibilityNote: Copilot integration commits (sync script + assets) were added and reverted — will be done separately.
Test plan
🤖 Co-authored by Claudius the Magnificent AI Agent