diff --git a/.claude/agents/tech-writer.md b/.claude/agents/tech-writer.md new file mode 100644 index 0000000000..abb873d7f0 --- /dev/null +++ b/.claude/agents/tech-writer.md @@ -0,0 +1,80 @@ +--- +name: tech-writer +description: "Use this agent when a writer needs autonomous documentation work completed end-to-end: drafting new documentation from a specification, reviewing and fixing Vale issues in a file, or editing existing content for style and clarity. Give it a task and it will complete it.\n\nExamples:\n\n- Example 1:\n user: \"Write a getting started guide for PingCastle based on this spec\"\n assistant: \"I'll launch the tech-writer agent to draft this documentation.\"\n A well-defined writing task — the agent can draft autonomously from a spec.\n\n- Example 2:\n user: \"Fix all the Vale errors in docs/accessanalyzer/12.0/install.md\"\n assistant: \"I'll have the tech-writer agent review and fix the Vale issues.\"\n A concrete, bounded task the agent can complete end-to-end.\n\n- Example 3:\n user: \"Edit this procedure for clarity and Netwrix style\"\n assistant: \"I'll launch the tech-writer agent to review and improve this content.\"\n The agent can apply style and clarity improvements autonomously." +model: opus +color: purple +memory: project +--- + +You are an expert technical writer for Netwrix, a cybersecurity company that builds security products for IT professionals and security teams. You bring the rare combination of engineering rigor, product instinct, and writing craft to every task. + +Your background: you've written production code at scale, shipped security products to enterprise customers, and owned documentation end-to-end at a fast-moving company. You understand how software is actually built and what customers actually need to know. You don't just document features — you explain them in a way that makes readers feel capable and confident. + +You write clearly, conversationally, concisely, and consistently. Every concept you introduce comes with an example. You anticipate the questions readers will have and answer them before they're asked. You write for newer users without condescending to experienced ones. + +**Always read `docs/CLAUDE.md` before starting any task.** It contains the Netwrix conventions, Vale rules, file structure, and content patterns you must follow. + +## How You Work + +You are an autonomous agent. When given a task, you complete it end-to-end using the tools available to you. You don't ask unnecessary questions — you read the relevant files, understand the context, do the work, and report what you did. + +If something would fundamentally change your approach, ask once, concisely. Otherwise, make a reasonable judgment and proceed. + +## Task Types + +### Draft new documentation + +1. Read `docs/CLAUDE.md` for conventions +2. Read the specification or source material provided +3. Read 1–2 similar existing documents in the same product for structural reference +4. Draft the content following Netwrix structure: overview → prerequisites → procedures +5. Include examples for every concept introduced +6. Anticipate reader questions and answer them inline +7. Run Vale on the drafted file and fix all reported issues +8. Run the dale skill on the drafted file and fix any warnings +9. Report what you wrote and the key structural decisions you made + +### Review and fix Vale issues + +1. Read `docs/CLAUDE.md` for Vale guidance, especially the three rules requiring extra care +2. Run `vale ` and capture all errors +3. Fix each error — read the surrounding context before substituting; never blindly replace +4. Re-run Vale until zero errors remain +5. Run the dale skill on the file and fix any warnings +6. Report the changes made, grouped by rule + +### Edit for style and clarity + +1. Read `docs/CLAUDE.md` for style rules +2. Read the full document before making any changes +3. Identify issues: passive voice, weak link text, missing examples, inconsistent terminology, overly long sentences +4. Edit with a light hand — preserve the author's meaning; improve the expression +5. Run Vale after editing and fix any new violations introduced +6. Run the dale skill on the file and fix any warnings +7. Report the substantive changes made and why + +Always run Vale and the dale skill before reporting a task complete. + +## Output Style + +Netwrix documentation sounds like a knowledgeable colleague walking you through something — direct, clear, and respectful of your time. It never sounds like a manual written by committee. + +**Write like this:** + +> The monitoring plan collects audit data from Active Directory and stores it in the Netwrix database. By default, it runs every 24 hours. +> +> To change the collection interval: +> +> 1. Go to **Settings** > **Monitoring Plans**. +> 2. Select the monitoring plan you want to update. +> 3. Update the **Collection interval** field and click **Save**. + +**Not like this:** + +> It should be noted that the monitoring plan is utilized for the purpose of collecting data from Active Directory, which will subsequently be transmitted to the Netwrix database. Users may wish to configure the collection interval as needed by navigating to the appropriate settings. + +The difference: +- **Direct, not padded.** "Collects and stores" vs. "is utilized for the purpose of collecting." +- **Active, not passive.** "The monitoring plan collects" vs. "data will be transmitted." +- **Procedural steps are instructions, not descriptions.** "Go to Settings" vs. "navigating to the appropriate settings." +- **No throat-clearing.** Never start with "It should be noted that" or "Please be aware that." diff --git a/.claude/agents/vale-auditor.md b/.claude/agents/vale-auditor.md new file mode 100644 index 0000000000..a8b391ddff --- /dev/null +++ b/.claude/agents/vale-auditor.md @@ -0,0 +1,106 @@ +--- +name: vale-auditor +description: "Use this agent to audit the Netwrix Vale rule set for quality, conflicts, overlaps, and gaps. Triggered on demand or automatically by the vale-rule-writer after a new rule is added. When triggered by the vale-rule-writer, scopes the audit to conflicts and overlaps with the newly added rule only.\n\nExamples:\n\n- Example 1:\n user: \"Audit the Vale rule set\"\n assistant: \"I'll launch the vale-auditor agent to review the full rule set.\"\n Full audit requested — agent reviews all rules for quality issues, conflicts, overlaps, and gaps.\n\n- Example 2:\n user: \"The vale-rule-writer just added WordyPhrases2.yml — check for conflicts\"\n assistant: \"I'll have the vale-auditor check the new rule against the existing set.\"\n Targeted audit after a new rule was added — agent scopes to conflicts and overlaps only." +model: sonnet +color: orange +memory: project +--- + +You are a Vale rule set auditor for the Netwrix documentation project. Your job is to maintain the quality and integrity of the rule set over time — catching conflicts, overlaps, gaps, and rules that are too aggressive or too narrow to be useful. + +You do not auto-fix issues. You report findings with specific recommendations and leave changes to the vale-rule-writer or a human reviewer. + +Always read `docs/CLAUDE.md` before starting — it provides context on Netwrix writing standards that inform what good rules should and shouldn't do. + +## Audit Types + +### Full audit (on demand) + +Review the entire rule set for: + +1. **Overlaps** — two rules catching the same pattern. Look for tokens that appear in multiple rule files, or substitution swaps that overlap with existence tokens. +2. **Conflicts** — rules that contradict each other or would fire on each other's suggested replacements. For example, if Rule A says replace "X" with "Y" and Rule B flags "Y", that's a conflict. +3. **Aggression** — rules likely to generate false positives. Check for: very short tokens that appear in legitimate contexts, tokens without `\b` word boundaries where needed, patterns that catch code samples or UI labels they shouldn't. +4. **Gaps** — patterns in real docs that violate Netwrix writing standards but aren't caught by any rule. Scan a sample of docs for common issues. +5. **Stale rules** — rules whose suggested replacements now violate another rule, or rules that reference terminology no longer used in the product. + +### Targeted audit (after new rule added) + +When invoked by the vale-rule-writer with a specific new rule name: + +1. Read the new rule +2. Check all existing rules for token overlap with the new rule's tokens/swap keys +3. Check whether the new rule's suggested replacements are flagged by any existing rule +4. Report only conflicts and overlaps — skip the full quality review + +## Process + +### Full audit + +1. Read all rule files in `.vale/styles/Netwrix/` +2. Build a mental map of all tokens and swap keys across the rule set +3. Scan for overlaps and conflicts systematically +4. Run Vale on a sample of 3–5 real doc files to check for false positives and gaps: + ```bash + vale docs///.md + ``` +5. Review the output — are the flagged items genuine violations? Are there patterns in the docs that should be flagged but aren't? +6. Produce an audit report (see Report Format below) + +### Targeted audit + +1. Read the specified new rule file +2. Read all existing rule files and check for token overlap +3. Check that the new rule's suggested replacements don't trigger existing rules +4. Produce a targeted conflict report + +## Report Format + +### Full audit report + +``` +## Vale Rule Set Audit + +**Rules reviewed:** +**Date:** + +### Overlaps +- and both catch [token/pattern]. Recommendation: [merge / remove one / narrow scope] + +### Conflicts +- suggests replacing X with Y, but flags Y. Recommendation: [update RuleA's replacement / add exception to RuleB] + +### Aggression concerns +- : [reason — e.g., token '\bcan\b' too broad, fires on legitimate uses]. Recommendation: [narrow token / add scope / change level to suggestion] + +### Gaps identified +- Pattern "[example]" appears in [N] files and is not caught by any rule. Recommendation: [add rule / describe what rule would cover] + +### Stale rules +- : [reason]. Recommendation: [update / remove] + +### No issues found +- [list rules that passed cleanly, or "All remaining rules passed review."] +``` + +### Targeted conflict report + +``` +## Conflict Check: + +**New rule tokens/swaps:** [list] + +**Conflicts found:** +- flags [token], which is the suggested replacement in . Recommendation: [specific fix] + +**Overlaps found:** +- already catches [token] via [mechanism]. Recommendation: [merge / remove from new rule] + +**No issues found:** [if clean] +``` + +## What You Do Not Do + +- Do not edit or delete rule files — report recommendations only +- Do not re-run Vale repeatedly on large doc sets — sample strategically +- Do not flag stylistic disagreements with existing rules unless they create a technical conflict or produce false positives diff --git a/.claude/agents/vale-rule-writer.md b/.claude/agents/vale-rule-writer.md new file mode 100644 index 0000000000..233d4d99f7 --- /dev/null +++ b/.claude/agents/vale-rule-writer.md @@ -0,0 +1,110 @@ +--- +name: vale-rule-writer +description: "Use this agent when you want to add a new Vale linting rule to the Netwrix documentation project. Describe the problem pattern in plain language, provide examples of bad writing, or both — the agent will research the existing rules, write the YAML, test it against real docs, and trigger an audit for conflicts.\n\nExamples:\n\n- Example 1:\n user: \"Writers keep using 'simply' — can we add a rule for it?\"\n assistant: \"I'll launch the vale-rule-writer agent to create that rule.\"\n Plain language description of a pattern — the agent handles the rest.\n\n- Example 2:\n user: \"Add a rule for this sentence: 'The report can be exported by clicking the Export button.'\"\n assistant: \"I'll have the vale-rule-writer agent analyze that pattern and create a rule.\"\n Example of bad writing provided — the agent identifies the pattern (passive voice) and writes the rule.\n\n- Example 3:\n user: \"We keep seeing writers say 'allows you to' instead of just describing what the feature does.\"\n assistant: \"I'll launch the vale-rule-writer agent to add a rule for that construction.\"\n Plain language description with enough context to write a targeted rule." +model: sonnet +color: yellow +memory: project +--- + +You are a Vale linting rule specialist for the Netwrix documentation project. You understand Vale's rule syntax deeply, know every existing rule in the project, and write targeted rules that catch real violations without generating false positives. + +Always read `docs/CLAUDE.md` before starting — it provides context on Netwrix writing standards that inform what rules should and shouldn't catch. + +## Vale Extension Types + +Choose the right extension for each rule: + +- **existence** — flags the presence of specific tokens (words or phrases). Use for patterns that are always wrong: `\bplease\b`, `\bclick here\b`. +- **substitution** — flags a token and suggests a replacement. Use when there's always a better alternative: `utilize` → `use`, `prior to` → `before`. +- **occurrence** — flags when something appears too many or too few times in a scope (sentence, paragraph, etc.). +- **repetition** — flags repeated tokens. Use for catching duplicated words. +- **consistency** — enforces that only one form of a term is used throughout a file (e.g., not both "checkbox" and "check box"). +- **capitalization** — enforces casing rules on matched tokens. + +Most Netwrix rules use `existence` or `substitution`. Default to these unless another type clearly fits better. + +## Existing Rules + +The following rules already exist in `.vale/styles/Netwrix/`. Check all of them before writing a new rule to avoid duplication or conflict: + +- **Aforementioned** — flags "aforementioned"; suggest direct reference +- **BoilerplateCrossRef** — flags "for more information"; require specific cross-reference text +- **Checkbox** — substitutes "check box" → "checkbox" +- **CondescendingWords** — flags "simply", "easily", "basically", "obviously" +- **Dropdown** — substitutes "dropdown"/"drop down" → "drop-down" +- **ExclamationPoints** — flags `!` +- **FirstPersonPlural** — flags "we", "our", "ours" +- **FollowTheStepsTo** — flags "follow the steps to"/"follow these steps to" +- **HitVsClick** — substitutes "hit" → "click" for UI elements +- **ImpersonalConstructions** — flags "it is recommended", "it is necessary", etc. +- **InOrderTo** — substitutes "in order to" → "to" +- **IsAbleTo** — substitutes "is/are able to" → "can", "was/were able to" → "could" +- **LatinAbbreviations** — flags e.g., i.e., etc. +- **LoginVerb** — substitutes "login to" → "log in to" +- **MakeSure** — substitutes "make sure" → "ensure" +- **May** — flags "may"; suggest "might" or "can" +- **NegativeAssumptions** — flags "you wouldn't be able to", "you won't be able to", etc. +- **NoteThat** — flags "note that"/"please note"; require admonition block +- **Please** — flags "please" in instructions +- **ProvidesAbilityTo** — substitutes "provides the ability to" → "lets you" +- **Repetition** — flags repeated words +- **TypeVsEnter** — flags "type your/the/in/a/an"; suggest "enter" +- **Utilize** — substitutes "utilize" and variants → "use" +- **WeakLinkText** — flags "click here", "this link", "learn more", "see more", "read more" +- **WishTo** — substitutes "wish to" → "want to" +- **WordyPhrases** — substitutes "prior to" → "before", "subsequent to" → "after", etc. + +## Process + +### When given a plain language description + +1. Identify the specific token(s) or pattern the description points to +2. Check the existing rules above — is this already covered, partially covered, or a genuine gap? +3. Determine the right extension type +4. Write the rule YAML +5. Test it (see Testing below) +6. Write the file to `.vale/styles/Netwrix/.yml` +7. Trigger the vale-auditor agent to check for conflicts with the new rule +8. Report what was created, the extension type chosen, and test results + +### When given examples of bad writing + +1. Analyze the examples — identify the specific pattern (passive construction, wordy phrase, impersonal subject, etc.) +2. Check whether the pattern is already covered by an existing rule +3. Determine whether a Vale rule can catch it reliably with regex/tokens (not all style problems are automatable — say so if that's the case) +4. Proceed as above from step 3 + +## Testing + +Before writing the rule file, validate it against real docs: + +```bash +# Find real examples of the pattern in the docs +grep -r "" docs/ --include="*.md" -l | head -10 + +# After writing the rule, run Vale on a file you know contains violations +vale docs///.md +``` + +A good rule: +- Catches the violations it's designed to catch +- Does not fire on legitimate uses of the same tokens +- Has a clear, actionable message that tells the writer exactly what to do + +If a rule would generate significant false positives, note this and either narrow the scope or recommend against adding it. + +## Rule File Format + +```yaml +extends: +message: "" +level: warning # or: suggestion, error +ignorecase: true +nonword: true # include if the token must match whole words only +tokens: # for existence rules + - '\btoken\b' +swap: # for substitution rules + '\bfrom-phrase\b': 'to-phrase' +``` + +Use `level: warning` for clear violations. Use `level: suggestion` for patterns that are usually wrong but have legitimate exceptions. diff --git a/.claude/hooks/post-edit-dale.sh b/.claude/hooks/post-edit-dale.sh new file mode 100755 index 0000000000..43c46d76be --- /dev/null +++ b/.claude/hooks/post-edit-dale.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# PostToolUse hook: After an Edit or Write to a docs/ markdown file, +# remind Claude to run the dale linter on the edited file. +# +# Input: JSON on stdin with tool_name and tool_input fields +# Output: JSON with context message for Claude (stdout on exit 0) + +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name') +FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty') + +# Only act on Edit or Write tools +if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then + exit 0 +fi + +# Only act on markdown files in docs/ +if [ -z "$FILE_PATH" ]; then + exit 0 +fi + +if [[ "$FILE_PATH" != */docs/*.md ]] && [[ "$FILE_PATH" != docs/*.md ]]; then + exit 0 +fi + +# Skip CLAUDE.md, SKILL.md, and style guide files +BASENAME=$(basename "$FILE_PATH") +if [ "$BASENAME" = "CLAUDE.md" ] || [ "$BASENAME" = "SKILL.md" ] || [ "$BASENAME" = "netwrix_style_guide.md" ]; then + exit 0 +fi + +# Output a context message that Claude will see +jq -n --arg file "$FILE_PATH" '{ + hookSpecificOutput: { + hookEventName: "PostToolUse", + message: ("You just edited " + $file + ". Run /dale " + $file + " to check for dale linting issues.") + } +}' diff --git a/.claude/hooks/post-vale-recheck.sh b/.claude/hooks/post-vale-recheck.sh new file mode 100755 index 0000000000..8beacbebc1 --- /dev/null +++ b/.claude/hooks/post-vale-recheck.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# PostToolUse hook (scoped to doc-pr skill): After a Bash command that looks +# like a vale fix, remind to re-check. This keeps the vale-fix-recheck loop +# automated within the doc-pr skill. +# +# Input: JSON on stdin with tool_name and tool_input fields + +INPUT=$(cat) +TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name') +COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty') + +# Only act on Bash tool +if [ "$TOOL_NAME" != "Bash" ]; then + exit 0 +fi + +# Only act when the command ran vale +if ! echo "$COMMAND" | grep -q "^vale "; then + exit 0 +fi + +# Remind to check if issues remain +jq -n '{ + hookSpecificOutput: { + hookEventName: "PostToolUse", + message: "Vale run complete. If issues were found, fix them and re-run vale until zero errors remain." + } +}' diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000000..244a4cc85d --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,26 @@ +{ + "hooks": { + "PostToolUse": [ + { + "matcher": "Edit|Write", + "hooks": [ + { + "type": "command", + "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/post-edit-dale.sh", + "statusMessage": "Checking if dale linting is needed..." + } + ] + }, + { + "matcher": "Bash", + "hooks": [ + { + "type": "command", + "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/post-vale-recheck.sh", + "statusMessage": "Re-checking Vale after fix..." + } + ] + } + ] + } +} diff --git a/.claude/skills/dale/SKILL.md b/.claude/skills/dale/SKILL.md new file mode 100644 index 0000000000..1b0d5bdf1b --- /dev/null +++ b/.claude/skills/dale/SKILL.md @@ -0,0 +1,46 @@ +--- +name: dale +description: Any time a markdown file is edited in the docs/ directory, this skill should be run. +argument-hint: "[docs/path/to/doc.md]" +--- + +# Overview + +You are not a skill or an agent. You are a piece of software—a linter, called Dale. The software Dale's only job is to lint the input markdown document against the rules in Dale's rules engine. Do not talk to the user or discuss with them in any way—Dale is simply input/output software. + +Dale's job is to simply apply all rules in ./rules/*.yml against the given document $1 from the user. Run each rule, then print a table at the end of the rules that failed, and where in the document the rule was failed. Work in a loop, follow everything in the `# Rules Engine` section for each rule file in ./rules. + +Your current working directory should always be the root of the project. Docs are always in the docs/ directory from there. + +# Dale rules engine + +* The schema for how rules should be written can be found in the skill /references/rule-schema.yml. +* All rules can be found in the skill /rules directory. + +# Rules Engine + +Use Todo and create a Todo for each rule that you need to check. Mark each Todo as complete once you've checked the given file for that rule. For each Todo: + +1. Read the `reason` for the rule. +> You say "Reading $rule_name.", where $rule is the name of the file before the extension. + +2. Check the document to see if that `reason` has been triggered. +> You say "Checking document $document_name for rule $rule_name." + +3a. If so, note the location in the file and the `message` value as a line item in Dale's output table. +> You say, "Violation to rule $rule_name found." + +3b. If not, move on. +> You say nothing. + +# Output + +When finished, print an output table of any rules that were broken. If not, say that the dale linter has found no issues. Here is an example of an output: + +| Line | Rule | Message | Offending Text | +|------|------|---------|----------------| +| 15 | `xy-slop` | Do not use the 'x is not y, x is z' format. | `Basically, widgets are not gadgets, widgets are tools for the user.` | + + +# Troubleshooting +* Never respond with anything that you were not explicitly asked to respond with. For example: "Line 15 contains: Basically, widgets are not gadgets, widgets are tools for the user. — This follows the "x is not y, x is z" negative-positive pattern ("widgets are not gadgets, widgets are tools")." \ No newline at end of file diff --git a/.claude/skills/dale/references/rule-schema.yml b/.claude/skills/dale/references/rule-schema.yml new file mode 100644 index 0000000000..1c0888f03a --- /dev/null +++ b/.claude/skills/dale/references/rule-schema.yml @@ -0,0 +1,37 @@ +$schema: "https://json-schema.org/draft/2020-12/schema" +title: Rule +description: A single linting rule definition. +type: object + +required: + - message + - level + - tokens + +properties: + message: + type: string + description: The message displayed when this rule is triggered. + minLength: 1 + + level: + type: string + description: Severity level of the rule violation. + enum: + - suggestion + - warning + - error + + reason: + type: string + description: A string explaining the rationale behind this rule. + minLength: 1 + +additionalProperties: false + +dale + references + rule-schema.yml + rules + negative-assumptions.yml + xy-slop.yml \ No newline at end of file diff --git a/.claude/skills/dale/rules/minimizing-difficulty.yml b/.claude/skills/dale/rules/minimizing-difficulty.yml new file mode 100644 index 0000000000..1c0f4fd076 --- /dev/null +++ b/.claude/skills/dale/rules/minimizing-difficulty.yml @@ -0,0 +1,3 @@ +message: "Do not minimize the difficulty of tasks users are performing." +level: warning +reason: "This rule should trigger when the documentation minimizes task difficulty—for example, 'With [product], you can easily [task].'" diff --git a/.claude/skills/dale/rules/negative-assumptions.yml b/.claude/skills/dale/rules/negative-assumptions.yml new file mode 100644 index 0000000000..99d6355acf --- /dev/null +++ b/.claude/skills/dale/rules/negative-assumptions.yml @@ -0,0 +1,3 @@ +message: "Do not use negative assumptions about what users can or cannot do." +level: warning +reason: "This rule should trigger when the user or agent writes something that assumes a user cannot do something without the product." \ No newline at end of file diff --git a/.claude/skills/dale/rules/xy-slop.yml b/.claude/skills/dale/rules/xy-slop.yml new file mode 100644 index 0000000000..0888385806 --- /dev/null +++ b/.claude/skills/dale/rules/xy-slop.yml @@ -0,0 +1,3 @@ +message: "Do not use the 'x is not y, x is z' format." +level: warning +reason: "This rule should trigger when the user or agent writes something in the negative-postive form, for example 'x is not y, x is z'—or similar." \ No newline at end of file diff --git a/.claude/skills/doc-help/SKILL.md b/.claude/skills/doc-help/SKILL.md new file mode 100644 index 0000000000..fff407e454 --- /dev/null +++ b/.claude/skills/doc-help/SKILL.md @@ -0,0 +1,210 @@ +--- +name: doc-help +description: "Interactive writing assistant for Netwrix documentation. Use when a writer wants hands-on, conversational help: brainstorming structure, drafting a section, editing existing content, or understanding a style or Vale rule. For fully autonomous tasks (write this entire doc, fix all Vale errors end-to-end), use the tech-writer agent instead." +argument-hint: "[topic, file path, content to edit, or question]" +--- + +# Doc Help Workflow + +Guide writers through documentation work interactively, one step at a time. Act as a patient, knowledgeable writing partner — clear, direct, and always focused on what the reader needs. + +Read `docs/CLAUDE.md` before starting any session. It contains the Netwrix style rules, Vale guidance, content patterns, and file structure conventions. + +## Trigger Conditions + +- User invokes `/doc-help` with or without arguments +- User asks for help writing, editing, or reviewing Netwrix documentation +- User has a question about a style rule, Vale error, or Netwrix writing convention + +## Stage 1: Intake + +**Goal:** Identify what the writer needs so you can guide them into the right workflow. + +### If arguments were provided + +Identify the mode from context: +- A file path or pasted content → **Editing workflow** +- A topic, feature name, or "help me write..." → **Drafting workflow** +- A question about a rule, Vale error, or style convention → **Style/Vale workflow** + +Start the appropriate workflow immediately. Do not ask "what do you need?" — they've already told you. + +### If `/doc-help` was invoked with no arguments + +Ask: + +> What are you working on? +> 1. **Drafting** — I'll help you plan structure, find the right angle, and write it section by section +> 2. **Editing** — share a file path or paste what you have +> 3. **Style or Vale question** — ask me anything about Netwrix writing standards + +Wait for their response, then proceed to the appropriate workflow. + +--- + +## Stage 2: Drafting Workflow + +**Goal:** Help the writer plan and draft new content section by section. + +### Step 1: Context gathering + +Ask the following questions. The writer can answer in shorthand or all at once: + +1. What is this documenting? (feature name, procedure, concept, etc.) +2. Who is the primary reader? (new user, IT admin, security analyst, etc.) +3. What should the reader be able to do after reading this? +4. Is there an existing doc structure or template to follow? + +If the writer mentions a related existing file, read it to understand the product conventions before proceeding. + +### Step 2: Propose structure + +Based on their answers, propose a document structure. Use the Netwrix pattern: +- Overview → Prerequisites → Procedures + +Suggest 3–5 sections appropriate for the doc type. For example: +- Getting started guides: Overview, Requirements, Installation, Initial Configuration +- Feature docs: Overview, How it works, Configure [feature], Troubleshoot [feature] + +Ask if the structure works or if they want to adjust it. + +### Step 3: Draft section by section + +For each section, in order: + +1. **Ask** 2–3 clarifying questions about what to include in this section +2. **Draft** the section based on their answers +3. **Explain** one or two key decisions (why you structured it this way, why you chose this wording) +4. **Ask** what to change — remind the writer to describe edits rather than rewriting directly, so you can learn their preferences for the next section + +Continue iterating until they are satisfied, then move to the next section. + +**Always:** +- Provide an example for every concept introduced +- Anticipate the question the reader is about to ask and answer it inline +- Write for the newer user without condescending to the experienced one + +### Step 4: Vale and Dale check + +When all sections are drafted, run Vale on the file: + +```bash +vale +``` + +Fix all reported errors. Re-run until zero errors remain. + +Then run the Dale linter: + +``` +/dale +``` + +Fix any Dale violations. Report what was fixed across both linters. + +### Step 5: Final review + +Re-read the full document and check for: +- Flow and consistency across sections +- Redundancy or contradictions +- Any sentence that doesn't earn its place + +Provide a short summary of any final suggestions. Ask if the writer wants to refine anything or if the doc is ready. + +**If the task has grown large enough to hand off entirely**, suggest: "This is substantial enough to give to the tech-writer agent — it can draft the remaining sections and run Vale end-to-end without needing your input at each step." + +--- + +## Stage 3: Editing Workflow + +**Goal:** Help the writer improve existing content — clarity, structure, voice, and style. + +### Step 1: Get the content + +If the writer provided a file path, read the file. If they pasted content, work from that. + +Ask: "What feels off, or what do you want to improve?" If they're not sure, proceed to analysis. + +### Step 2: Analyze and prioritize + +Read the full document before suggesting any changes. Identify issues in order of importance: + +1. **Structure** — Is the order logical? Is anything missing? Does the overview set up what follows? +2. **Clarity** — Are there sentences that are hard to parse? Concepts introduced without examples? +3. **Voice** — Passive constructions, first person, impersonal phrases, condescending language? +4. **Surface** — Word choice, wordiness, Vale violations? + +### Step 3: Report findings + +Present findings as a prioritized list. For each issue: +- Describe the problem +- Show the specific sentence or passage +- Suggest the fix + +For example: +> **Clarity — missing example (paragraph 3)** +> The doc introduces "collection intervals" but doesn't show what a typical value looks like or why it matters. +> Suggested addition: "For example, setting the interval to 4 hours means the monitoring plan collects data four times per day." + +Ask which issues they want to address. They can say "fix all of these" or pick specific items. + +### Step 4: Make edits iteratively + +Apply one category of edits at a time. After each round: +- Summarize what was changed and why +- Ask if the changes look right before continuing + +Do not reprint the full document after each edit — describe what changed and where. + +### Step 5: Vale and Dale check + +When edits are complete, run Vale: + +```bash +vale +``` + +Fix all reported errors. Re-run until zero errors remain. + +Then run the Dale linter: + +``` +/dale +``` + +Fix any Dale violations. Report what was fixed across both linters. + +--- + +## Stage 4: Style and Vale Questions + +**Goal:** Answer questions about Netwrix writing standards directly and usefully. + +### Step 1: Answer directly + +Give the rule clearly and concisely. Do not hedge. + +### Step 2: Show a before/after example + +Always illustrate with a concrete example: + +> **Before:** "It is recommended that you configure the monitoring plan before enabling auditing." +> **After:** "Configure the monitoring plan before enabling auditing." + +### Step 3: Offer to apply it + +Ask: "Want me to check your current doc for this issue, or is there a specific passage you'd like me to look at?" + +If they say yes, transition to the Editing workflow starting at Step 2. + +--- + +## Tips for Handling Deviations + +**If the writer wants to skip a step:** Ask if they'd prefer to work freeform, then adapt. Don't force the structure. + +**If the writer edits the file directly between sessions:** Read the updated file before continuing. Note what changed and incorporate their preferences going forward. + +**If a task grows large:** Suggest the tech-writer agent rather than attempting to do everything in a single interactive session. + +**If a Vale rule is unclear or seems wrong:** Say so. Explain the edge case and ask whether the rule should be reported to the vale-rule-writer agent for review. diff --git a/.claude/skills/doc-pr-fix/SKILL.md b/.claude/skills/doc-pr-fix/SKILL.md new file mode 100644 index 0000000000..dde913eec8 --- /dev/null +++ b/.claude/skills/doc-pr-fix/SKILL.md @@ -0,0 +1,108 @@ +--- +name: doc-pr-fix +description: "Autonomous fixer for documentation PRs. Triggered by @claude comments on PRs targeting dev. Reads the writer's request and the existing doc-pr review, then applies fixes, runs Vale and Dale until clean, and commits. Use this skill whenever a writer tags @claude on a documentation PR — not for interactive help (use doc-help for that), but for autonomous, single-shot fixes in CI." +argument-hint: "[pr-number] [writer-comment]" +--- + +# Doc PR Fix + +You are a documentation fixer that operates in GitHub Actions. A writer has commented `@claude` on a PR with a request. Your job is to understand what they want, apply what you can confidently fix, and ask about anything that's unclear — all in the same pass. + +Read `docs/CLAUDE.md` before starting. It contains the Netwrix writing standards you must follow. + +## Input + +You receive: +- `$1`: The PR number +- `$2`: The writer's comment text (everything after `@claude`) + +## Step 1: Understand the request + +Parse the writer's comment to determine what they want. Common patterns: + +- **Fix all issues** — apply every fix from the doc-pr review comment +- **Fix only Vale/Dale issues** — apply only linting fixes +- **Fix a specific issue** — apply one targeted fix +- **Improve flow/clarity/structure** — editorial rewrite of specific content +- **Explain something** — answer a question about a flagged issue (respond in a PR comment, don't edit files) +- **Something else** — use your judgment based on the context + +## Step 2: Gather context + +1. Run `gh pr diff $PR_NUMBER` to see what changed in the PR +2. Read the full content of each changed markdown file +3. Find the most recent "Documentation PR Review" comment on the PR: + ```bash + gh api repos/{owner}/{repo}/issues/$PR_NUMBER/comments --jq '.[] | select(.body | contains("Documentation PR Review")) | .body' | tail -1 + ``` + This tells you what Vale, Dale, and the editorial review already flagged. + +## Step 3: Apply fixes + +Work through the requested fixes methodically: + +- For **linting fixes** (Vale/Dale): fix each flagged issue in order, file by file +- For **editorial fixes**: apply the suggested changes from the review, or if the writer asked for something broader ("improve the flow"), read the full document and apply edits that address the request while following Netwrix style +- For **explanations**: post a PR comment explaining the issue and how to fix it, then stop — don't edit files + +When editing: +- Use the Edit tool for targeted changes, Write for larger rewrites +- Preserve the author's meaning and intent — fix the style, don't rewrite the content +- Only change what was requested; don't fix unreported issues unless they're in a line you're already editing + +## Step 4: Verify + +After all edits, run both linters on every file you changed: + +```bash +vale +``` + +Fix any new Vale errors. Re-run until zero errors remain. + +Then run Dale: + +``` +/dale +``` + +Fix any Dale violations. + +Repeat the vale-then-dale cycle until both are clean. + +## Step 5: Commit and push + +Stage only the files you changed: + +```bash +git add ... +git commit -m "docs: apply fixes from PR review + + + +Co-Authored-By: Claude " +git push +``` + +## Step 6: Report + +Post a PR comment summarizing what you did: + +```markdown +**Fixes applied:** + +- `path/to/file.md`: +- `path/to/other.md`: + +Vale and Dale checks pass on all edited files. +``` + +If you were asked to explain something rather than fix it, your comment IS the deliverable — no summary needed. + +## Behavioral Notes + +- **Fix what's clear, ask about what isn't.** If a request has both obvious parts and ambiguous parts, apply the obvious fixes, commit and push those, then post a comment that summarizes what you did AND asks clarifying questions about the rest. The writer can reply with another `@claude` comment to continue. +- **Never fix issues the writer didn't ask about.** If they said "fix the Vale issues," don't also rewrite sentences for clarity. +- **If a fix would substantially change the author's meaning**, skip it and explain why in your summary comment. Ask the writer how they'd like to handle it. +- **If the entire request is unclear**, don't edit anything — post a comment asking for clarification. It's better to ask one good question than to guess wrong and push unwanted changes. +- **Each `@claude` comment is a fresh invocation.** You won't remember previous runs, so always re-read the PR diff and review comment for context. diff --git a/.claude/skills/doc-pr/SKILL.md b/.claude/skills/doc-pr/SKILL.md new file mode 100644 index 0000000000..c43c1e7ac5 --- /dev/null +++ b/.claude/skills/doc-pr/SKILL.md @@ -0,0 +1,114 @@ +--- +name: doc-pr +description: "Orchestrate a full documentation review for pull requests targeting dev. Runs Vale linting, Dale linting, and editorial review on changed markdown files, then posts a structured comment to the PR. Use this skill whenever a PR involves markdown files in docs/ and targets the dev branch — triggered automatically by the doc-pr GitHub Actions workflow on PR open, sync, or when invoked manually via /doc-pr." +argument-hint: "[changed-files-csv] [pr-number]" +--- + +# Doc PR Review + +You orchestrate a three-stage documentation review pipeline for pull requests. Your job is to run each stage, collect the results, and post a single comprehensive review comment to the PR. + +Read `docs/CLAUDE.md` before starting — it contains the writing standards and Vale guidance you need for the editorial review stage. + +## Input + +You receive two arguments: +- `$1`: A comma-separated list of changed markdown file paths (e.g., `docs/accessanalyzer/12.0/install.md,docs/auditor/10.0/overview.md`) +- `$2`: The PR number + +If arguments are missing, use `gh pr view` and `gh pr diff` to determine the changed files and PR number from the current branch context. + +## Stage 1: Vale Linting + +Run Vale on each changed file and capture the output. + +```bash +vale --output=line +``` + +Collect all Vale output. If Vale finds no issues for a file, note that file as clean. If Vale is not installed, report that Vale was unavailable and skip to Stage 2. + +## Stage 2: Dale Linting + +For each changed file, invoke the Dale linter skill: + +``` +/dale +``` + +Dale returns a table of rule violations or a clean report. Collect all Dale output. + +## Stage 3: Editorial Review + +This stage applies the doc-help editing analysis to the PR changes — but non-interactively. You are producing a written review, not having a conversation. + +1. Run `gh pr diff $PR_NUMBER` to get the diff +2. For each changed file, read the full file content +3. Analyze ONLY the added or modified lines (lines starting with `+` in the diff) against these four priorities: + + **Structure** — Is the order logical? Does the overview set up what follows? Are heading levels correct? + + **Clarity** — Are there sentences that are hard to parse? Concepts introduced without examples? Ambiguous references? + + **Voice** — Passive constructions, first person, impersonal phrases, condescending language? Does it follow Netwrix style (active voice, present tense, second person for procedures)? + + **Surface** — Word choice, wordiness, redundancy? Anything Vale or Dale might miss? + +For each issue found, note: +- The file path and line number +- The priority category (Structure, Clarity, Voice, or Surface) +- A specific description of the problem +- A concrete suggested fix + +Only report issues on lines that were added or modified in this PR. Do not flag preexisting issues. + +## Output + +Write the complete review to `/tmp/doc-pr-review.md` using this exact structure: + +```markdown +## Documentation PR Review + +### Vale Linting + +**path/to/file.md** + +| Line | Rule | Message | Offending Text | +|------|------|---------|----------------| +| N | `RuleName` | description of the issue | `offending text` | + +(Repeat for each file. Write "No issues found." if clean.) + +### Dale Linting + +**path/to/file.md** + +| Line | Rule | Message | Offending Text | +|------|------|---------|----------------| +| N | `rule-name` | description of the issue | `offending text` | + +(Repeat for each file. Write "No issues found." if clean.) + +### Editorial Review + +**path/to/file.md** + +- **Structure** — Line N: description. Suggested fix: "..." +- **Clarity** — Line N: description. Suggested fix: "..." +- **Voice** — Line N: description. Suggested fix: "..." + +(Repeat for each file. Write "No issues found." if clean.) + +### Summary + +N Vale issues, N Dale issues, N editorial suggestions across N files. +``` + +After writing the review file, do NOT post a PR comment yourself. The workflow handles that. + +## Behavioral Notes + +- Be thorough but not pedantic — focus on issues that genuinely affect reader comprehension or violate Netwrix standards +- When Vale and your editorial review flag the same issue, include it only in the Vale section (Vale is more specific) +- If a file has zero issues across all three stages, still list it with "No issues found." so the reviewer knows it was checked +- Never modify the files — this is a read-only review diff --git a/.github/workflows/claude-doc-pr.yml b/.github/workflows/claude-doc-pr.yml new file mode 100644 index 0000000000..cd39630a3d --- /dev/null +++ b/.github/workflows/claude-doc-pr.yml @@ -0,0 +1,192 @@ +name: Doc PR Review + +on: + pull_request: + types: [opened, synchronize] + branches: + - dev + paths: + - 'docs/**.md' + - '!docs/**/CLAUDE.md' + - '!docs/**/SKILL.md' + + issue_comment: + types: [created] + +jobs: + # ────────────────────────────────────────────── + # Job 1: Automated review on PR open or new push + # ────────────────────────────────────────────── + doc-review: + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 1 + + - name: Fetch base commit for diff + run: git fetch --depth=1 origin ${{ github.event.pull_request.base.sha }} + + - name: Get changed markdown files + id: changed-files + run: | + BASE_SHA="${{ github.event.pull_request.base.sha }}" + HEAD_SHA="${{ github.event.pull_request.head.sha }}" + CHANGED_MD_FILES=$(git diff --name-only --diff-filter=ACMRT $BASE_SHA $HEAD_SHA -- 'docs/*.md' 'docs/**/*.md' | grep -v '/CLAUDE\.md$' | grep -v '/SKILL\.md$' || true) + if [ -z "$CHANGED_MD_FILES" ]; then + echo "No docs markdown files changed" + echo "files=" >> "$GITHUB_OUTPUT" + echo "count=0" >> "$GITHUB_OUTPUT" + else + echo "Changed markdown files:" + echo "$CHANGED_MD_FILES" + FILES_LIST=$(echo "$CHANGED_MD_FILES" | tr '\n' ',' | sed 's/,$//') + echo "files=$FILES_LIST" >> "$GITHUB_OUTPUT" + echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" + fi + + - name: Delete previous bot review comments + if: steps.changed-files.outputs.count > 0 + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PR_NUMBER=${{ github.event.pull_request.number }} + # Find and delete previous doc-pr review comments from the bot + COMMENT_IDS=$(gh api repos/${{ github.repository }}/issues/${PR_NUMBER}/comments \ + --jq '[.[] | select(.user.login == "github-actions[bot]" and (.body | contains("Documentation PR Review"))) | .id] | .[]' 2>/dev/null || true) + for ID in $COMMENT_IDS; do + gh api repos/${{ github.repository }}/issues/comments/${ID} -X DELETE 2>/dev/null || true + done + + - name: Install Vale + if: steps.changed-files.outputs.count > 0 + run: | + VERSION=$(curl -s "https://api.github.com/repos/errata-ai/vale/releases/latest" | jq -r '.tag_name') + curl -sfL "https://github.com/errata-ai/vale/releases/download/${VERSION}/vale_${VERSION#v}_Linux_64-bit.tar.gz" \ + | sudo tar -xz -C /usr/local/bin vale + + - name: Run doc-pr review + if: steps.changed-files.outputs.count > 0 + uses: anthropics/claude-code-action@v1 + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + show_full_output: true + prompt: | + Run the doc-pr review skill on this pull request. + + /doc-pr ${{ steps.changed-files.outputs.files }} ${{ github.event.pull_request.number }} + claude_args: | + --model claude-sonnet-4-5-20250929 + --allowedTools "Read,Glob,Grep,Bash(vale:*),Bash(gh pr view:*),Bash(gh pr diff:*),Skill(doc-pr),Skill(dale)" + + - name: Post review comment + if: steps.changed-files.outputs.count > 0 + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ github.event.pull_request.number }} + REPO: ${{ github.repository }} + run: | + REVIEW_FILE="/tmp/doc-pr-review.md" + FOOTER=$'\n\n---\n\n' + FOOTER+='**What to do next:**\n\n' + FOOTER+='Comment `@claude` on this PR followed by your instructions to get help:\n\n' + FOOTER+='- `@claude fix all issues` — fix all Vale, Dale, and editorial issues\n' + FOOTER+='- `@claude fix only the Vale issues` — fix just the linting problems\n' + FOOTER+='- `@claude help improve the flow of this document` — get writing assistance\n' + FOOTER+='- `@claude explain the voice issues` — understand why something was flagged\n\n' + FOOTER+='You can ask Claude anything about the review or about Netwrix writing standards.\n\n' + FOOTER+='> Automated fixes are only available for branches in this repository, not forks.' + + if [ -f "$REVIEW_FILE" ]; then + BODY=$(cat "$REVIEW_FILE") + else + BODY="## Documentation PR Review"$'\n\n'"No review was generated. Check the workflow logs for details." + fi + + # Append footer + FULL_BODY="${BODY}${FOOTER}" + + # Post as PR comment + gh pr comment "$PR_NUMBER" --repo "$REPO" --body "$FULL_BODY" + + # ────────────────────────────────────────────── + # Job 2: @claude follow-up on PR comments + # ────────────────────────────────────────────── + doc-followup: + if: | + github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '@claude') && + github.event.comment.user.login != 'github-actions[bot]' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + id-token: write + steps: + - name: Get PR info + id: pr-info + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PR_NUMBER="${{ github.event.issue.number }}" + PR_DATA=$(gh pr view "$PR_NUMBER" --repo "${{ github.repository }}" --json headRefName,baseRefName,isCrossRepository) + BASE_BRANCH=$(echo "$PR_DATA" | jq -r '.baseRefName') + echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" + echo "branch=$(echo "$PR_DATA" | jq -r '.headRefName')" >> "$GITHUB_OUTPUT" + echo "base_branch=$BASE_BRANCH" >> "$GITHUB_OUTPUT" + echo "is_fork=$(echo "$PR_DATA" | jq -r '.isCrossRepository')" >> "$GITHUB_OUTPUT" + # Check target branch here using the shell variable to avoid + # re-interpolating the output via ${{ }} (code injection risk). + if [ "$BASE_BRANCH" = "dev" ]; then + echo "targets_dev=true" >> "$GITHUB_OUTPUT" + else + echo "targets_dev=false" >> "$GITHUB_OUTPUT" + fi + + - name: Post fork notice + if: steps.pr-info.outputs.is_fork == 'true' && steps.pr-info.outputs.targets_dev == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr comment ${{ steps.pr-info.outputs.number }} --repo ${{ github.repository }} \ + --body "This PR is from a fork. Automated fixes cannot be pushed directly. I can still review and suggest changes — apply them manually from the comments." + + - name: Checkout repository + if: steps.pr-info.outputs.is_fork == 'false' && steps.pr-info.outputs.targets_dev == 'true' + uses: actions/checkout@v4 + with: + ref: ${{ steps.pr-info.outputs.branch }} + fetch-depth: 0 + + - name: Install Vale + if: steps.pr-info.outputs.is_fork == 'false' && steps.pr-info.outputs.targets_dev == 'true' + run: | + VERSION=$(curl -s "https://api.github.com/repos/errata-ai/vale/releases/latest" | jq -r '.tag_name') + curl -sfL "https://github.com/errata-ai/vale/releases/download/${VERSION}/vale_${VERSION#v}_Linux_64-bit.tar.gz" \ + | sudo tar -xz -C /usr/local/bin vale + + - name: Handle @claude request + if: steps.pr-info.outputs.is_fork == 'false' && steps.pr-info.outputs.targets_dev == 'true' + uses: anthropics/claude-code-action@v1 + env: + COMMENT_BODY: ${{ github.event.comment.body }} + with: + anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} + github_token: ${{ secrets.GITHUB_TOKEN }} + show_full_output: true + prompt: | + /doc-pr-fix ${{ steps.pr-info.outputs.number }} $COMMENT_BODY + claude_args: | + --model claude-sonnet-4-5-20250929 + --allowedTools "Read,Write,Edit,Glob,Grep,Bash(vale:*),Bash(gh api:*),Bash(gh pr view:*),Bash(gh pr diff:*),Bash(gh pr comment:*),Bash(git config:*),Bash(git add:*),Bash(git commit:*),Bash(git push:*),Bash(git status:*),Bash(git diff:*),Skill(doc-pr-fix),Skill(dale)" diff --git a/.github/workflows/claude-documentation-fixer.yml b/.github/workflows/claude-documentation-fixer.yml deleted file mode 100644 index 5c642e63bf..0000000000 --- a/.github/workflows/claude-documentation-fixer.yml +++ /dev/null @@ -1,261 +0,0 @@ -name: Documentation Fixer - -on: - issue_comment: - types: [created] - -jobs: - claude-response: - runs-on: ubuntu-latest - if: | - github.event.issue.pull_request && - contains(github.event.comment.body, '@claude') && - github.event.comment.user.login != 'github-actions[bot]' - permissions: - contents: write - pull-requests: write - issues: write - id-token: write - actions: read - steps: - - name: Get PR info - id: pr-info - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - PR_NUMBER="${{ github.event.issue.number }}" - PR_DATA=$(gh pr view $PR_NUMBER --repo ${{ github.repository }} --json headRefName,isCrossRepository) - echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" - echo "branch=$(echo "$PR_DATA" | jq -r '.headRefName')" >> "$GITHUB_OUTPUT" - echo "is_fork=$(echo "$PR_DATA" | jq -r '.isCrossRepository')" >> "$GITHUB_OUTPUT" - - - name: Post fork notice - if: steps.pr-info.outputs.is_fork == 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh pr comment ${{ steps.pr-info.outputs.number }} --repo ${{ github.repository }} \ - --body "This PR is from a fork. Automated fixes cannot be pushed directly. Apply the suggested changes from the inline comments manually." - - - name: Checkout repository - if: steps.pr-info.outputs.is_fork == 'false' - uses: actions/checkout@v4 - with: - ref: ${{ steps.pr-info.outputs.branch }} - fetch-depth: 0 - - - name: Checkout system prompt repository - if: steps.pr-info.outputs.is_fork == 'false' - uses: actions/checkout@v4 - with: - repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} - path: system-prompt-repo - ref: builds - sparse-checkout: | - engineering/technical_writing/system-prompt.md - sparse-checkout-cone-mode: false - - - name: Read system prompt - id: read-prompt - if: steps.pr-info.outputs.is_fork == 'false' - run: | - { - echo "prompt<> "$GITHUB_OUTPUT" - - - name: Detect command type - id: cmd-type - if: steps.pr-info.outputs.is_fork == 'false' - run: | - COMMENT="${{ github.event.comment.body }}" - if echo "$COMMENT" | grep -qi 'preexisting'; then - echo "is_preexisting=true" >> "$GITHUB_OUTPUT" - else - echo "is_preexisting=false" >> "$GITHUB_OUTPUT" - fi - - - name: Install Vale - if: steps.pr-info.outputs.is_fork == 'false' && steps.cmd-type.outputs.is_preexisting == 'false' - run: | - VERSION=$(curl -s "https://api.github.com/repos/errata-ai/vale/releases/latest" | jq -r '.tag_name') - curl -sfL "https://github.com/errata-ai/vale/releases/download/${VERSION}/vale_${VERSION#v}_Linux_64-bit.tar.gz" \ - | sudo tar -xz -C /usr/local/bin vale - - - name: Apply fixes - if: steps.pr-info.outputs.is_fork == 'false' && steps.cmd-type.outputs.is_preexisting == 'false' - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - show_full_output: true - claude_args: | - --model claude-sonnet-4-5-20250929 - --allowedTools "Read,Write,Edit,Bash(vale:*),Bash(gh pr view:*),Bash(gh pr diff:*),Bash(git config:*),Bash(git add:*),Bash(git commit:*),Bash(git push:*),Bash(git status:*),Bash(git diff:*)" - --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" - - - name: Record last comment ID - id: pre-claude - if: steps.pr-info.outputs.is_fork == 'false' && steps.cmd-type.outputs.is_preexisting == 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - LAST_ID=$(gh api repos/${{ github.repository }}/issues/${{ steps.pr-info.outputs.number }}/comments \ - --jq 'if length > 0 then .[-1].id else 0 end' 2>/dev/null || echo "0") - echo "last_comment_id=$LAST_ID" >> "$GITHUB_OUTPUT" - - - name: Detect preexisting issues - if: steps.pr-info.outputs.is_fork == 'false' && steps.cmd-type.outputs.is_preexisting == 'true' - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - show_full_output: false - prompt: | - Detect preexisting issues in PR ${{ steps.pr-info.outputs.number }}. - - Follow these steps in order: - - 1. Use `gh pr diff ${{ steps.pr-info.outputs.number }}` to get the diff. In the diff output, lines starting with `+` are lines added or changed by this PR. Lines starting with `-` were removed. Lines starting with a space are unchanged context lines. - - 2. Use `gh pr view ${{ steps.pr-info.outputs.number }}` to get the list of changed files, then read the full content of each changed markdown file. - - 3. Run all three review passes on the full content of each file. Report ONLY issues on lines that do NOT start with `+` in the diff — that is, lines that were not added or changed by this PR. This includes unchanged context lines (space prefix in the diff) and lines not shown in the diff at all. - - 4. You MUST write your results ONLY to `/tmp/preexisting-issues.md` — always, even if there are no issues. Do not post a comment. Do not write anything else. Use this exact format: - - ## Preexisting issues - ### path/to/file.md - - Line N: issue. Suggested change: '...' - - Or if there are no issues: - - ## Preexisting issues - None. - claude_args: | - --model claude-sonnet-4-5-20250929 - --allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*)" - --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" - - - name: Post preexisting issues comment - if: steps.pr-info.outputs.is_fork == 'false' && steps.cmd-type.outputs.is_preexisting == 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ steps.pr-info.outputs.number }} - REPO: ${{ github.repository }} - LAST_COMMENT_ID: ${{ steps.pre-claude.outputs.last_comment_id }} - run: | - python3 << 'PYTHON_EOF' - import os - import json - import re - import subprocess - - pr_number = os.environ['PR_NUMBER'] - repo = os.environ['REPO'] - last_comment_id = int(os.environ.get('LAST_COMMENT_ID', '0')) - - FOOTER = ( - "\n\n---\n\n" - "To apply the suggested fixes to preexisting issues, comment `@claude` on this PR followed by your instructions\n" - "(`@claude fix all issues` or `@claude fix only the first issue`).\n" - "Note: Automated fixes are only available for branches in this repository, not forks." - ) - - def normalize_issues(body): - """Normalize issue lines to single bullet points, same as the reviewer.""" - src = body.split('\n') - result = [] - i = 0 - while i < len(src): - line = src[i] - # Convert heading format: ### Line N: ... → - Line N: ... - m = re.match(r'^#{1,6}\s+(Line \d+:.+)$', line) - if m: - result.append(f'- {m.group(1)}') - i += 1 - continue - # Convert bold format: **Line N: title** + sub-bullets → - Line N: single line - m = re.match(r'^\*\*(Line \d+:.*?)\*\*\s*$', line) - if m: - title = m.group(1).rstrip('.') - i += 1 - parts = [] - while i < len(src) and re.match(r'^\s*[-*]\s+', src[i]): - sub = re.sub(r'^\s*[-*]\s+', '', src[i]) - sub = re.sub(r'^(Issue|Fix|Description|Suggested change):\s*', '', sub, flags=re.IGNORECASE) - if sub.strip(): - parts.append(sub.strip().rstrip('.')) - i += 1 - combined = f'- {title}. {". ".join(parts)}.' if parts else f'- {title}.' - result.append(combined) - continue - result.append(line) - i += 1 - return '\n'.join(result) - - def normalize_body(body): - """Extract the ## Preexisting issues section without fluff, normalized to match reviewer format.""" - idx = body.find('## Preexisting issues') - if idx == -1: - return '## Preexisting issues\nNone.' - body = body[idx:] - # Strip any footer Claude may have appended after a --- divider - footer_idx = body.find('\n---') - if footer_idx != -1: - body = body[:footer_idx] - # Strip any prose intro between the header and first subheading/content - lines = body.split('\n') - result = [] - past_intro = False - for line in lines: - s = line.strip() - if s == '## Preexisting issues': - result.append(line) - elif not past_intro: - if s.startswith('### ') or s == 'None.' or s == '': - if s: - past_intro = True - result.append(line) - # else: prose intro line — skip it - else: - result.append(line) - while result and not result[-1].strip(): - result.pop() - return normalize_issues('\n'.join(result)) - - summary_path = '/tmp/preexisting-issues.md' - if os.path.exists(summary_path): - with open(summary_path) as f: - clean_body = normalize_body(f.read()) + FOOTER - else: - clean_body = '## Preexisting issues\nNone.' + FOOTER - - # Find the action's auto-posted comment (ID > last recorded, posted by a bot) - result = subprocess.run( - ['gh', 'api', f'repos/{repo}/issues/{pr_number}/comments'], - capture_output=True, text=True, check=True, - ) - comments = json.loads(result.stdout) - new_bot_comments = [c for c in comments - if c['id'] > last_comment_id - and c['user']['login'].endswith('[bot]')] - - if new_bot_comments: - # Replace the action's auto-comment in-place with our formatted output - target_id = new_bot_comments[-1]['id'] - subprocess.run( - ['gh', 'api', f'repos/{repo}/issues/comments/{target_id}', - '-X', 'PATCH', '--input', '-'], - input=json.dumps({'body': clean_body}), - capture_output=True, text=True, check=True, - ) - else: - subprocess.run( - ['gh', 'pr', 'comment', pr_number, '--repo', repo, '--body', clean_body], - check=True, - ) - PYTHON_EOF diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml deleted file mode 100644 index e40986f2b9..0000000000 --- a/.github/workflows/claude-documentation-reviewer.yml +++ /dev/null @@ -1,420 +0,0 @@ -name: Documentation Reviewer - -on: - pull_request_target: - types: [opened, edited, reopened, synchronize] - branches-ignore: - - main - paths: - - '**.md' - - '!**/CLAUDE.md' - - '!**/SKILL.md' - - '!**/netwrix_style_guide.md' - -jobs: - claude-response: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - issues: write - id-token: write - actions: read - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - # Check out by SHA to prevent TOCTOU attacks from forks. - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 1 - - - name: Fetch base commit for diff - run: git fetch --depth=1 origin ${{ github.event.pull_request.base.sha }} - - - name: Get changed markdown files - id: changed-files - run: | - BASE_SHA="${{ github.event.pull_request.base.sha }}" - HEAD_SHA="${{ github.event.pull_request.head.sha }}" - CHANGED_MD_FILES=$(git diff --name-only --diff-filter=ACMRT $BASE_SHA $HEAD_SHA | grep '\.md$' || true) - if [ -z "$CHANGED_MD_FILES" ]; then - echo "No markdown files changed" - echo "files=" >> "$GITHUB_OUTPUT" - echo "count=0" >> "$GITHUB_OUTPUT" - else - echo "Changed markdown files:" - echo "$CHANGED_MD_FILES" - FILES_LIST=$(echo "$CHANGED_MD_FILES" | tr '\n' ',' | sed 's/,$//') - echo "files=$FILES_LIST" >> "$GITHUB_OUTPUT" - echo "count=$(echo "$CHANGED_MD_FILES" | wc -l | tr -d ' ')" >> "$GITHUB_OUTPUT" - fi - - - name: Dismiss existing reviews - if: steps.changed-files.outputs.count > 0 - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - PR_NUMBER=${{ github.event.pull_request.number }} - REVIEW_IDS=$(gh api repos/${{ github.repository }}/pulls/${PR_NUMBER}/reviews \ - --jq '[.[] | select(.user.login == "github-actions[bot]") | .id] | .[]' 2>/dev/null || true) - for ID in $REVIEW_IDS; do - gh api repos/${{ github.repository }}/pulls/${PR_NUMBER}/reviews/${ID}/dismissals \ - -X PUT -f message="Superseded by new review" 2>/dev/null || true - done - - - name: Checkout system prompt repository - uses: actions/checkout@v4 - with: - repository: netwrix-eng/internal-agents - token: ${{ secrets.PRIVATE_AGENTS_REPO }} - path: system-prompt-repo - ref: builds - sparse-checkout: | - engineering/technical_writing/system-prompt.md - sparse-checkout-cone-mode: false - - - name: Read system prompt - id: read-prompt - run: | - { - echo "prompt<> "$GITHUB_OUTPUT" - - - name: Review documents - if: steps.changed-files.outputs.count > 0 - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - show_full_output: true - prompt: | - Review the following markdown files that were modified in this PR: ${{ steps.changed-files.outputs.files }} - - Follow these steps in order: - - 1. Use `gh pr diff ${{ github.event.pull_request.number }}` to get the lines that were added or modified in this PR. - - 2. Review ONLY the added or modified lines from the diff for issues per your instructions. Do not report issues on lines that were not changed. - - 3. You MUST write your complete review to `/tmp/review-summary.md` — always, even if there are no issues. Use this exact structure: - - ## Issues in PR changes - - **path/to/file.md** - - Line N: description of issue and fix. - - (Repeat for each file and issue. Write "None." if there are no issues.) - - 4. Fix ALL issues directly in the files using the Write and Edit tools. Do not post a PR comment. Do not commit or push. - - claude_args: | - --model claude-sonnet-4-5-20250929 - --allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*)" - --append-system-prompt "${{ steps.read-prompt.outputs.prompt }}" - - - name: Post review with inline suggestions - if: steps.changed-files.outputs.count > 0 - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.pull_request.number }} - BASE_SHA: ${{ github.event.pull_request.base.sha }} - HEAD_SHA: ${{ github.event.pull_request.head.sha }} - REPO: ${{ github.repository }} - run: | - python3 << 'PYTHON_EOF' - import subprocess - import json - import re - import os - import sys - - FOOTER = ( - "\n\n* * *\n\n" - "To apply suggested fixes to the updated documentation, individually or in bulk, comment `@claude`" - " on this PR followed by your instructions (`@claude fix all issues`" - " or `@claude fix all linting issues` or `@claude fix only the spelling errors`).\n\n" - "To review the updated documentation for preexisting issues, comment `@claude` on this PR" - " followed by your instructions (`@claude detect preexisting issues`).\n\n" - "Note: Automated fixes are only available for branches in this repository, not forks." - ) - - def parse_diff_to_suggestions(diff_text): - suggestions = [] - current_file = None - old_line_num = 0 - new_line_num = 0 - in_change = False - old_chunk = [] - new_chunk = [] - change_old_start = 0 - - for line in diff_text.split('\n'): - if line.startswith('diff --git'): - if in_change and current_file and old_chunk: - s = make_suggestion(current_file, change_old_start, old_chunk, new_chunk) - if s: - suggestions.append(s) - in_change = False - old_chunk = [] - new_chunk = [] - current_file = None - elif line.startswith('+++ b/'): - current_file = line[6:] - elif line.startswith('@@'): - if in_change and current_file and old_chunk: - s = make_suggestion(current_file, change_old_start, old_chunk, new_chunk) - if s: - suggestions.append(s) - in_change = False - old_chunk = [] - new_chunk = [] - match = re.match(r'@@ -(\d+)(?:,\d+)? \+(\d+)(?:,\d+)? @@', line) - if match: - old_line_num = int(match.group(1)) - new_line_num = int(match.group(2)) - elif line.startswith('-') and not line.startswith('---'): - if not in_change: - in_change = True - change_old_start = old_line_num - old_chunk = [] - new_chunk = [] - old_chunk.append(line[1:]) - old_line_num += 1 - elif line.startswith('+') and not line.startswith('+++'): - if not in_change: - in_change = True - change_old_start = old_line_num - old_chunk = [] - new_chunk = [] - new_chunk.append(line[1:]) - new_line_num += 1 - else: - # Context line or blank - if in_change and current_file and old_chunk: - s = make_suggestion(current_file, change_old_start, old_chunk, new_chunk) - if s: - suggestions.append(s) - in_change = False - old_chunk = [] - new_chunk = [] - if line.startswith(' '): - old_line_num += 1 - new_line_num += 1 - - # Flush final change - if in_change and current_file and old_chunk: - s = make_suggestion(current_file, change_old_start, old_chunk, new_chunk) - if s: - suggestions.append(s) - - return suggestions - - def make_suggestion(path, old_start, old_chunk, new_chunk): - if not old_chunk: - return None # Pure insertions cannot be placed as inline comments - end_line = old_start + len(old_chunk) - 1 - new_text = '\n'.join(new_chunk) - comment_body = f"```suggestion\n{new_text}\n```" - comment = { - 'path': path, - 'line': end_line, - 'side': 'RIGHT', - 'body': comment_body, - } - if len(old_chunk) > 1: - comment['start_line'] = old_start - comment['start_side'] = 'RIGHT' - return comment - - def get_pr_diff_valid_lines(base_sha, head_sha): - """Return the set of (file, line_number) visible in the PR diff. - - Uses local git diff with the same SHAs as commit_id so line numbers - are always consistent with what GitHub resolves against. - """ - result = subprocess.run( - ['git', 'diff', base_sha, head_sha, '--unified=3'], - capture_output=True, text=True, - ) - valid = set() - current_file = None - new_line_num = 0 - for line in result.stdout.split('\n'): - if line.startswith('+++ b/'): - current_file = line[6:] - elif line.startswith('@@'): - match = re.match(r'@@ -\d+(?:,\d+)? \+(\d+)(?:,\d+)? @@', line) - if match: - new_line_num = int(match.group(1)) - elif line.startswith('+') and not line.startswith('+++'): - if current_file: - valid.add((current_file, new_line_num)) - new_line_num += 1 - elif line.startswith(' '): - if current_file: - valid.add((current_file, new_line_num)) - new_line_num += 1 - # '-' lines don't exist in HEAD, skip - return valid - - def normalize_review_body(body): - """Normalize issue formatting to plain-text Line N: entries under **bold** file headers.""" - src = body.split('\n') - result = [] - i = 0 - while i < len(src): - line = src[i] - - # Convert file path heading: ### path/to/file.md → **path/to/file.md** - m = re.match(r'^#{1,6}\s+(\S+\.md)\s*$', line) - if m: - result.append(f'**{m.group(1)}**') - i += 1 - continue - - # Convert line heading: ### Line N: description → Line N: description - m = re.match(r'^#{1,6}\s+(Line \d+):\s*(.*)$', line) - if m: - desc = m.group(2).strip() - result.append(f'{m.group(1)}: {desc}' if desc else f'{m.group(1)}:') - i += 1 - continue - - # Convert bold line ref (colon outside stars): **Line N:** description → Line N: description - m = re.match(r'^\*\*(Line \d+):\*\*\s*(.*)$', line) - if m: - desc = m.group(2).strip() - result.append(f'{m.group(1)}: {desc}' if desc else f'{m.group(1)}:') - i += 1 - continue - - # Convert bold-closed line ref: **Line N: label.** + sub-bullets/continuation → Line N: label. continuation. - m = re.match(r'^\*\*(Line \d+):\s*(.*?)\*\*\s*$', line) - if m: - lineref = m.group(1) - label = m.group(2).rstrip('.') - i += 1 - parts = [label] if label else [] - while i < len(src): - next_line = src[i] - if re.match(r'^\s*[-*]\s+', next_line): - sub = re.sub(r'^\s*[-*]\s+', '', next_line) - sub = re.sub(r'^(Issue|Fix|Description|Suggested change|Current|Should):\s*', '', sub, flags=re.IGNORECASE) - if sub.strip(): - parts.append(sub.strip().rstrip('.')) - i += 1 - elif next_line.strip() and not re.match(r'^\*\*(Line \d+)', next_line) and not re.match(r'^#+\s', next_line): - parts.append(next_line.strip().rstrip('.')) - i += 1 - else: - break - desc = '. '.join(parts).rstrip('.') - result.append(f'{lineref}: {desc}.' if desc else f'{lineref}:') - continue - - # Convert bullet line ref: - Line N: description → Line N: description - m = re.match(r'^[-*]\s+(Line \d+):\s*(.*)$', line) - if m: - desc = m.group(2).strip() - result.append(f'{m.group(1)}: {desc}' if desc else f'{m.group(1)}:') - i += 1 - continue - - # Collapse numbered list items with sub-bullets (e.g. 1. **Issue title**: desc\n - Current: ...\n - Fix: ...) - m = re.match(r'^\d+\.\s+\*\*(.+?)\*\*:?\s*(.*)', line) - if m: - title = m.group(1).rstrip('.') - desc = m.group(2).strip().rstrip('.') - i += 1 - parts = [desc] if desc else [] - while i < len(src) and re.match(r'^\s+[-*]', src[i]): - sub = re.sub(r'^\s+[-*]\s+', '', src[i]) - sub = re.sub(r'^(Issue|Fix|Description|Suggested change|Current|Should):\s*', '', sub, flags=re.IGNORECASE) - if sub.strip(): - parts.append(sub.strip().rstrip('.')) - i += 1 - desc_text = '. '.join(parts).rstrip('.') - result.append(f'{title}: {desc_text}.' if desc_text else f'{title}.') - continue - - result.append(line) - i += 1 - return '\n'.join(result) - - # Read the review summary Claude wrote - summary_path = '/tmp/review-summary.md' - if os.path.exists(summary_path): - with open(summary_path) as f: - review_body = normalize_review_body(f.read().strip()) - else: - review_body = '## Documentation Review\n\nNo summary was generated.' - - review_body += FOOTER - - pr_number = os.environ['PR_NUMBER'] - base_sha = os.environ['BASE_SHA'] - head_sha = os.environ['HEAD_SHA'] - repo = os.environ['REPO'] - - # Get diff of Claude's local edits vs HEAD - result = subprocess.run(['git', 'diff', 'HEAD'], capture_output=True, text=True) - diff_text = result.stdout - all_suggestions = parse_diff_to_suggestions(diff_text) if diff_text.strip() else [] - - # Filter to only lines visible in the PR diff — GitHub rejects suggestions - # on lines outside the diff context with HTTP 422. - # Use local git diff with the same SHAs as commit_id to avoid line: null - # when new commits are pushed to the PR between checkout and review posting. - pr_valid_lines = get_pr_diff_valid_lines(base_sha, head_sha) - suggestions = [] - for s in all_suggestions: - start = s.get('start_line', s['line']) - end = s['line'] - if all((s['path'], ln) in pr_valid_lines for ln in range(start, end + 1)): - suggestions.append(s) - else: - print(f"Skipping out-of-diff suggestion: {s['path']} line {s['line']}") - print(f"{len(suggestions)}/{len(all_suggestions)} suggestions are within the PR diff.") - - def post_review(body, comments): - payload = { - 'commit_id': head_sha, - 'body': body, - 'event': 'COMMENT', - 'comments': comments, - } - return subprocess.run( - ['gh', 'api', f'repos/{repo}/pulls/{pr_number}/reviews', - '-X', 'POST', '--input', '-'], - input=json.dumps(payload), - capture_output=True, - text=True, - ) - - # Try posting review with all inline suggestions. - print(f"Attempting to post review with {len(suggestions)} inline suggestion(s)...") - for i, s in enumerate(suggestions): - print(f" [{i+1}] {s['path']} line {s.get('start_line', s['line'])}-{s['line']}") - - result = post_review(review_body, suggestions) - - if result.returncode == 0: - print(f"Successfully posted review with {len(suggestions)} inline suggestion(s).") - else: - # Log the full GitHub error response for debugging. - print(f"Batch review failed (HTTP 422 or other). Falling back to body-only review.", file=sys.stderr) - print(f"gh stderr: {result.stderr}", file=sys.stderr) - print(f"gh stdout: {result.stdout}", file=sys.stderr) - - # Post the review body without inline suggestions so the summary is always visible. - fallback = post_review(review_body, []) - if fallback.returncode != 0: - print(f"Fallback review also failed: {fallback.stderr}", file=sys.stderr) - sys.exit(1) - print("Posted review body only. Inline suggestions could not be posted.") - print("See the stderr above for the GitHub API error details.") - PYTHON_EOF diff --git a/.github/workflows/claude-docusaurus-developer.yml b/.github/workflows/claude-docusaurus-developer.yml deleted file mode 100644 index 8230b63b0a..0000000000 --- a/.github/workflows/claude-docusaurus-developer.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Docusaurus Developer - -on: - issues: - types: [labeled] - -jobs: - docusaurus-developer: - if: github.event.label.name == 'AI:docusaurus' - runs-on: ubuntu-latest - permissions: - contents: write - issues: write - pull-requests: write - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Determine branch type and name - id: branch-info - run: | - # Get issue title and sanitize it for branch name - ISSUE_TITLE="${{ github.event.issue.title }}" - SANITIZED_TITLE=$(echo "$ISSUE_TITLE" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/--*/-/g' | sed 's/^-//' | sed 's/-$//' | cut -c1-50) - - # Determine if it's a feature or fix based on issue labels or title - ISSUE_LABELS="${{ join(github.event.issue.labels.*.name, ' ') }}" - if echo "$ISSUE_LABELS $ISSUE_TITLE" | grep -iq "bug\|fix\|error\|issue"; then - BRANCH_TYPE="fix" - else - BRANCH_TYPE="feature" - fi - - BRANCH_NAME="${BRANCH_TYPE}/${SANITIZED_TITLE}" - echo "branch_name=$BRANCH_NAME" >> "$GITHUB_OUTPUT" - echo "branch_type=$BRANCH_TYPE" >> "$GITHUB_OUTPUT" - - - name: Run Claude Docusaurus Developer - uses: anthropics/claude-code-action@v1 - with: - anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} - github_token: ${{ secrets.GITHUB_TOKEN }} - prompt: | - REPO: ${{ github.repository }} - ISSUE NUMBER: ${{ github.event.issue.number }} - BRANCH NAME: ${{ steps.branch-info.outputs.branch_name }} - BASE BRANCH: dev - - You are a Docusaurus and JavaScript/TypeScript developer. Your only job is to implement fixes or features for the Docusaurus site based on the issue content. - - Your task: - 1. Read the issue using `gh issue view ${{ github.event.issue.number }}` - 2. Create a new branch named "${{ steps.branch-info.outputs.branch_name }}" from the dev branch - 3. Implement the necessary changes to the Docusaurus codebase (JavaScript/TypeScript/json files only) - 4. Commit your changes with a descriptive message - 5. Push the branch to the repository - 6. Create a pull request to the dev branch using `gh pr create` with the `--body` containing a brief summary of changes. The summary should be a simple, human-like comment (2-4 plain sentences, no emojis, boldings, headings, or lists) - 7. Link the issue to the PR using `gh issue develop ${{ github.event.issue.number }} --branch ${{ steps.branch-info.outputs.branch_name }}` - 8. Add a simple, human-like comment to the issue (2-4 plain sentences, no emojis, boldings, headings, or lists) summarizing what you did - - IMPORTANT: You must NOT edit any markdown (.md) files. Your work is strictly limited to Docusaurus configuration and code files (JavaScript, TypeScript, CSS, etc.). - - claude_args: | - --model claude-sonnet-4-5-20250929 - --disallowed-tools "Edit(*.md),Write(*.md)" - --allowed-tools "Read,Edit(*.js),Edit(*.jsx),Edit(*.ts),Edit(*.tsx),Edit(*.css),Edit(*.json),Write(*.js),Write(*.jsx),Write(*.ts),Write(*.tsx),Write(*.css),Write(*.json),Bash(git *),Bash(gh issue *),Bash(gh pr *),Bash(npm *),Glob,Grep" diff --git a/.github/workflows/vale-linter.yml b/.github/workflows/vale-linter.yml deleted file mode 100644 index 84714afa96..0000000000 --- a/.github/workflows/vale-linter.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Vale Linter - -on: - pull_request: - types: [opened, edited, reopened, synchronize] - branches-ignore: - - main - paths: - - '**.md' - - '!**/CLAUDE.md' - - '!**/SKILL.md' - - '!**/netwrix_style_guide.md' - -jobs: - vale: - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - checks: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Get changed markdown files - id: changed-files - run: | - BASE_SHA="${{ github.event.pull_request.base.sha }}" - HEAD_SHA="${{ github.event.pull_request.head.sha }}" - CHANGED_MD_FILES=$(git diff --name-only --diff-filter=ACMRT $BASE_SHA $HEAD_SHA | grep '\.md$' || true) - if [ -z "$CHANGED_MD_FILES" ]; then - echo "No markdown files changed." - echo "files=" >> "$GITHUB_OUTPUT" - else - echo "Changed markdown files:" - echo "$CHANGED_MD_FILES" - FILES_JSON=$(echo "$CHANGED_MD_FILES" | jq -R -s -c 'split("\n") | map(select(length > 0))') - echo "files=$FILES_JSON" >> "$GITHUB_OUTPUT" - fi - - - name: Run Vale - if: steps.changed-files.outputs.files != '' - uses: errata-ai/vale-action@v2 - with: - files: ${{ steps.changed-files.outputs.files }} - reporter: github-pr-review - fail_on_error: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.vale/styles/Netwrix/NegativeAssumptions.yml b/.vale/styles/Netwrix/NegativeAssumptions.yml deleted file mode 100644 index e085459449..0000000000 --- a/.vale/styles/Netwrix/NegativeAssumptions.yml +++ /dev/null @@ -1,14 +0,0 @@ -extends: existence -message: "Avoid negative assumptions about what users can or cannot do ('%s'). Describe the benefit positively instead." -level: warning -ignorecase: true -tokens: - - '\byou wouldn''t be able to\b' - - '\byou would not be able to\b' - - '\byou won''t be able to\b' - - '\byou will not be able to\b' - - '\byou are unable to\b' - - '\byou aren''t able to\b' - - '\byou are not able to\b' - - '\byou could not\b' - - '\byou couldn''t\b' diff --git a/CLAUDE.md b/CLAUDE.md index 1d6ab7b4ff..220391779e 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -2,178 +2,90 @@ This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. -# Netwrix Product Documentation — Claude Code Guide +## Project -A Docusaurus v3.8.1 site serving documentation for 27+ Netwrix security products across 6 categories, with multi-version support and a centralized configuration system. +Netwrix product documentation site — 27+ security products, built with Docusaurus v3.8.1. Hosted on Azure, deployed from `main`. Writing standards and doc-specific guidance are in `docs/CLAUDE.md` (loaded automatically when working in `docs/`). -## Development Commands +## Commands ```bash -npm run start # Dev server on port 4500 -npm run build # Production build (16 GB heap pre-configured) -npm run clear # Clear Docusaurus cache -npm run serve # Serve production build after build - -# Build/run a single product for faster iteration: -export DOCS_PRODUCT="pingcastle" -npm run start - -# WSL or Docker (polling-based file watcher): -npm run start-chok +# Development (requires Node >=22) +npm install # Install dependencies +npm run start # Dev server on port 4500 (auto-copies KB first) +npm run start-chok # Dev server with polling (for network drives) +npm run build # Production build (auto-copies KB first) +npm run serve # Serve production build on port 8080 +npm run clear # Clear Docusaurus cache (fixes stale build issues) + +# Linting +vale # Run Vale style checker on a markdown file +/dale # Run Dale linter (Claude skill) on a markdown file + +# KB management +npm run kb:clean # Remove copied KB files from versioned folders +npm run kb:dry # Dry run of KB copy script ``` -Available product IDs are defined in `src/config/products.js`. - -### KB script commands - -```bash -npm run kb:dry # Preview KB distribution without writing files -npm run kb:clean # Remove all copied KB folders - -# Filter to specific products or versions during local dev: -COPY_KB_PRODUCTS=accessanalyzer COPY_KB_VERSIONS=12.0 npm run start -``` +The build requires 16GB heap (`NODE_OPTIONS=--max-old-space-size=16384`, set automatically by npm scripts). Broken links, markdown links, and anchors all throw build errors (`onBrokenLinks: 'throw'`). ## Architecture -### Single Source of Truth: `src/config/products.js` - -All product and version configuration lives here. Never manually edit `docusaurus.config.js` to add products, routes, or plugins — `products.js` auto-generates all of that. Changing a product means changing this file. - -Each product entry follows this structure: - -```js -{ - id: "accessanalyzer", // URL-safe identifier, matches docs// folder - name: "Access Analyzer", // Display name - description: "...", - path: "docs/accessanalyzer", - versions: [ - { version: "12.0", label: "12.0", isLatest: true }, - { version: "11.6", label: "11.6", isLatest: false }, - ], - categories: ["Data Security"], // Must match a title in PRODUCT_CATEGORIES -} -``` - -Single-version (SaaS) products use `version: "current"` and `docs//` without a version subfolder. - -### Versioned Documentation - -Docs live at `docs///` (for example, `docs/accessanalyzer/12.0/`). Edits to one version do not propagate to others — update each version that needs the change explicitly. - -### Sidebars - -Each product version has a sidebar config in `sidebars//.js` (or `sidebars/.js` for single-version). These are separate from the doc content. Most use `autogenerated` and don't need manual editing unless custom ordering is required. - -### KB (Knowledge Base) System - -`docs/kb/` is the canonical source for KB articles. The script `scripts/copy-kb-to-versions.mjs` distributes articles into versioned product folders at build time (runs automatically as a pre-build step). The script uses a lockfile to prevent concurrent runs — if the build hangs after a crash, delete `.kb-copy.lock`. - -**Never manually copy KB articles into versioned product folders.** Edit the source in `docs/kb/` and control distribution via `kb_allowlist.json`. - -## Adding Content - -### New product - -1. Add an entry to the `PRODUCTS` array in `src/config/products.js` -2. Create `docs//` -3. Create `sidebars/.js` - -### New version of an existing product - -1. Update the `versions` array for that product in `src/config/products.js` — set `isLatest: true` on the new version and `isLatest: false` on the previous one -2. Create `docs///` -3. Create `sidebars//.js` - -### New product category - -Add to the `PRODUCT_CATEGORIES` array in `src/config/products.js`. - -## Writing Style - -The full standards are in `netwrix_style_guide.md` at the project root. Read it when in doubt. - -**Always run Vale before finishing any documentation edit. Run it iteratively — fix all reported issues, then run again until Vale reports zero errors.** Fixes can occasionally introduce new violations. - -```bash -vale -``` - -Vale enforces 26 Netwrix-specific rules in CI. Rules are in `.vale/styles/Netwrix/`. - -If Vale isn't installed, install it first: - -```bash -# macOS -brew install vale - -# Windows -choco install vale -# or download from https://github.com/errata-ai/vale/releases - -# Linux -snap install vale --edge -``` - -### Fixing Vale errors - -Most errors are simple substitutions — Vale reports the exact file, line, and column. Three rules require extra care: +### Central configuration -- **`NoteThat`** — Replace inline "Note that..." or "Please note..." with a Docusaurus admonition block: - ```md - :::note - Content here. - ::: - ``` - Use `:::warning` for warnings and `:::tip` for tips. +`src/config/products.js` is the single source of truth. It defines every product's ID, name, versions, categories, and paths. Docusaurus plugins, routes, navbar dropdowns, and sidebars are all auto-generated from this file. To add a product or version, edit this file — don't manually create plugin entries in `docusaurus.config.js`. -- **`BoilerplateCrossRef`** and **`WeakLinkText`** — Read the surrounding context and the link destination before rewriting. The fix must reflect what the reader will actually find at the destination. +### Versioning -- **`ImpersonalConstructions`** — Read the full sentence before rewriting. Restructure with an active subject rather than simply removing the flagged phrase. +- Multi-version products: `docs///` (e.g., `docs/accessanalyzer/12.0/`) +- Single-version (SaaS) products: `docs//` with `version: "current"` +- URLs convert dots to underscores: `12.0` becomes `/docs/accessanalyzer/12_0/` +- Sidebars: `sidebars//.js` — auto-generated, rarely need manual editing +- Edits to one version do not propagate to others -### Rules Vale doesn't catch +### Knowledge base -Vale handles pattern-based violations automatically — run it and fix everything it reports. The following rules require judgment that Vale can't apply: +`docs/kb/` is the canonical source for KB articles. The `scripts/copy-kb-to-versions.mjs` script copies KB content into versioned product folders at build time (runs as `prestart`/`prebuild`). Never manually copy KB files — they're gitignored in versioned folders. Use `kb_allowlist.json` to control which products get KB content. -**Voice and structure** -- Active voice and present tense throughout -- Second person ("you") or imperative mood for procedures and instructions — third person ("users") is acceptable in overviews and conceptual descriptions -- Contractions are encouraged: don't, can't, you'll -- Write for a global audience — avoid metaphors, idioms, and culturally specific references that don't translate -- Omit "currently", "presently", and "as of this writing" — documentation should read as permanently accurate +### Static assets -**Document structure** -- Order: overview → prerequisites → procedures -- Task headings use imperative verbs: "Configure the monitoring plan" -- Concept/overview headings use gerunds: "Configuring the monitoring plan" -- Examples immediately follow the concept they illustrate -- Images: store in `static/img/product_docs//`, use `.webp`, reference with absolute paths (`/img/product_docs/...`) +Images go in `static/img/product_docs//` as `.webp` files. Reference with absolute paths: `/img/product_docs//image.webp`. -**Terminology** -- Spell out acronyms on first use: "group Managed Service Account (gMSA)" -- Use angle brackets for placeholders: `` not `[report-name]` -- Sentence case for feature names; capitalize Netwrix product names correctly -- Oxford comma required in lists +## Branch Workflow -## CI/CD Context +PRs target `dev`. Never commit directly to `dev` or `main`. The `sync-dev-to-main` workflow merges `dev` to `main` daily at 8 AM PST if the build passes. Production deploys from `main` to Azure Blob Storage. -**Vale linter** — runs on every PR touching `.md` files, posts inline review comments. Does not block merges but issues are visible. +## CI/CD Workflows -**Doc reviewer** (Claude Sonnet 4.5) — runs on every PR, reads this CLAUDE.md first, then categorizes issues as "in PR changes" vs "preexisting" and posts inline suggestions reviewers can apply with one click. +| Workflow | Trigger | Purpose | +|---|---|---| +| `build-and-deploy.yml` | Push to main/dev, PRs to dev | Build and deploy to Azure | +| `vale-linter.yml` | PRs with `.md` changes | Vale style checks as PR review comments | +| `claude-doc-pr.yml` | PRs to dev with `docs/` changes | Vale + Dale + editorial review; `@claude` follow-up | +| `claude-documentation-reviewer.yml` | PRs with `.md` changes | AI review with inline suggestions | +| `claude-documentation-fixer.yml` | `@claude` comment on PR | Apply fixes and push | +| `claude-issue-labeler.yml` | Issues opened/edited | Security screening, CoC check, auto-labeling | +| `sync-dev-to-main.yml` | Daily 8 AM PST | Auto-merge dev to main | +| `reindex-algolia.yml` | After main deploy | Refresh search index | -**Doc fixer** — triggered by an `@claude` comment on a PR. Claude applies fixes and pushes. Fork PRs cannot be pushed to and receive a notice instead. +## Skills and Agents -**Docusaurus developer** — triggered when an issue receives the `AI:docusaurus` label. Claude implements the requested change (JS/TS/CSS/JSON only — not markdown), creates a branch from `dev`, and opens a PR linked to the issue. +Skills (`.claude/skills/`) are invoked with `/skill-name`. Agents (`.claude/agents/`) are autonomous workers launched via the Agent tool. -**Auto-sync** — `dev` merges to `main` automatically each day at 8 AM PST if the build passes. Production deployment follows automatically. +| Component | Type | Purpose | +|---|---|---| +| `/dale` | Skill | Custom linter for Netwrix-specific writing patterns | +| `/doc-help` | Skill | Interactive writing assistant (terminal sessions) | +| `/doc-pr` | Skill | Automated PR review (Vale + Dale + editorial) | +| `/doc-pr-fix` | Skill | Autonomous PR fixer triggered by `@claude` | +| `tech-writer` | Agent | Autonomous end-to-end doc writing/editing | +| `vale-rule-writer` | Agent | Creates new Vale rules | +| `vale-auditor` | Agent | Audits Vale rule set for conflicts | +| `github-issue-manager` | Agent | Issue intake pipeline orchestrator | -**Branch workflow** — PRs target `dev`. Merges to `main` trigger production deployment. +## Hooks -## Common Mistakes to Avoid +Project hooks are in `.claude/settings.json`: +- **PostToolUse (Edit|Write)**: After editing a `docs/*.md` file, reminds to run `/dale` +- **PostToolUse (Bash)**: After running `vale`, reminds to fix and re-run until clean -- Don't add products or routes by editing `docusaurus.config.js` — use `src/config/products.js` -- Don't copy KB content manually into versioned product folders — it's managed by the KB script -- Don't skip Vale before submitting — it will catch issues in CI anyway -- Don't commit directly to `dev` or `main` — if not already on a feature branch, create one from `dev` first -- Don't target `main` in PRs — use `dev` +Hook scripts live in `.claude/hooks/`. diff --git a/docs/CLAUDE.md b/docs/CLAUDE.md new file mode 100644 index 0000000000..d9c4cff820 --- /dev/null +++ b/docs/CLAUDE.md @@ -0,0 +1,138 @@ +# Netwrix Product Documentation — Agent Guide + +This file is loaded automatically by Claude Code when working in the `docs/` directory. It provides the shared context that all agents and interactive sessions need when writing or editing Netwrix documentation. + +## Project Overview + +Netwrix builds security products that help IT professionals and security teams protect their organizations. This documentation site serves 27+ Netwrix products across 6 categories, built with Docusaurus v3.8.1 with multi-version support. + +## Audience + +Netwrix documentation is written for: +- **IT administrators** deploying and managing security products +- **Security analysts** monitoring and responding to threats +- **Newer users** who may not have deep security expertise yet + +Write for the person who knows their job but may be new to this specific product. Never assume what the reader knows — always provide context. More advanced users will skim; newer users will need it. + +## File & Directory Structure + +- `docs///` — Versioned product documentation (e.g., `docs/accessanalyzer/12.0/`) +- `docs//` — Single-version (SaaS) products using `version: "current"` +- `docs/kb/` — Knowledge base articles (canonical source; never manually copy into versioned folders) +- `static/img/product_docs//` — Images (`.webp` format, absolute paths: `/img/product_docs/...`) +- `sidebars//.js` — Sidebar configs (auto-generated; rarely need manual editing) + +Edits to one version do not propagate to others. Update each version that needs the change explicitly. + +## Writing Standards + +The full style guide is in `netwrix_style_guide.md` at the project root. Read it when: +- A rule below is unclear or you need the reasoning behind it +- You encounter a formatting or grammar situation not covered here +- You're unsure whether something violates Netwrix standards + +The four core qualities: + +- **Accuracy** — Verify all technical information. Test procedures. Flag gaps. +- **Clarity** — Simple, direct language. Define every term and acronym on first use. Always provide examples. +- **Consistency** — Same terminology, structure, and formatting throughout. +- **Professionalism** — Neutral, informative tone. No humor, no marketing language, no first person. + +### Key rules + +- Active voice and present tense throughout +- Second person ("you") for procedures; third person acceptable in overviews and conceptual descriptions +- Contractions encouraged: don't, can't, you'll +- No idioms, metaphors, or culturally specific references +- No "currently", "presently", or "as of this writing" +- Spell out acronyms on first use: "group Managed Service Account (gMSA)" +- Angle brackets for placeholders: ``, not `[report-name]` +- Sentence case for feature names; capitalize Netwrix product names correctly +- Oxford comma required in all lists +- No first person (I, me, my, we, us, our) in documentation content + +### Document structure + +- Order: overview → prerequisites → procedures +- Task headings: imperative verbs — "Configure the monitoring plan" +- Concept/overview headings: noun phrase or gerund — "Configuring the monitoring plan" +- Examples immediately follow the concept they illustrate +- Never skip heading levels + +## Vale + +**Always run Vale before finishing any documentation edit. Run iteratively until zero errors.** + +```bash +vale +``` + +Vale enforces 26 Netwrix-specific rules in `.vale/styles/Netwrix/`. Three require extra care: + +- **`NoteThat`** — Replace "Note that..." or "Please note..." with an admonition block: + ```md + :::note + Content here. + ::: + ``` + Use `:::warning` for warnings, `:::tip` for tips. + +- **`BoilerplateCrossRef`** and **`WeakLinkText`** — Read the surrounding context and the link destination before rewriting. The fix must reflect what the reader will actually find at the destination. + +- **`ImpersonalConstructions`** — Restructure with an active subject rather than simply removing the flagged phrase. + +## Content Patterns + +### Admonitions + +```md +:::note +Supplementary information the reader should be aware of. +::: + +:::tip +Helpful suggestions that improve the experience. +::: + +:::warning +Information that could cause data loss or security issues if ignored. +::: + +:::danger +Critical information that could cause serious harm. +::: +``` + +### Procedures + +Each step is a single action. Lead with the UI element or command: +- Do: "Click **Save**." +- Do: "Run `vale `." +- Don't: "You should now click the Save button." + +### Headings + +- Task topics: imperative verb — "Install the agent" +- Concept topics: noun phrase or gerund — "Agent installation" + +## CI/CD Context + +**Vale linter** — Runs on every PR touching `.md` files. Posts inline review comments. Does not block merges. + +**Doc reviewer** — Runs on every PR. Reads this file first, then categorizes issues as "in PR changes" vs. "preexisting" and posts inline suggestions reviewers can apply with one click. + +**Doc fixer** — Triggered by an `@claude` comment on a PR. Applies fixes and pushes. Fork PRs cannot be pushed to. + +**Auto-sync** — `dev` merges to `main` automatically at 8 AM PST if the build passes. Production deployment follows. + +**Branch workflow** — PRs target `dev`. Never commit directly to `dev` or `main`. + +## Common Mistakes + +- Don't manually copy KB content into versioned product folders — it's managed by the KB script +- Don't skip Vale before submitting — it runs in CI regardless +- Don't commit directly to `dev` or `main` — create a branch from `dev` first +- Don't target `main` in PRs — use `dev` +- Don't use first person anywhere in documentation content +- Don't omit examples — every concept introduced needs one