Skip to content

feat(greptile): add greptile skills plugin#243

Merged
amondnet merged 1 commit into
mainfrom
amondnet/greptile
Jul 2, 2026
Merged

feat(greptile): add greptile skills plugin#243
amondnet merged 1 commit into
mainfrom
amondnet/greptile

Conversation

@amondnet

@amondnet amondnet commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a new built-in plugin greptile (v1.0.0) bundling three skills.sh-managed agent skills from greptileai/skills (MIT license):

  • check-pr — checks a PR/MR/changelist for unresolved review comments, failing status checks, and incomplete descriptions
  • cli-review — runs a Greptile CLI review for the current local branch
  • greploop — iteratively improves a PR until Greptile gives a 5/5 confidence score

The skills are installed under plugins/greptile/.agents/skills/{check-pr,cli-review,greploop}/ via bunx skills add, tracked by skills-lock.json. .claude-plugin/plugin.json is the source-of-truth manifest ("skills": "./.agents/skills/"); the Codex, Antigravity, and Cursor runtime manifests (.codex-plugin/plugin.json, plugin.json, .cursor-plugin/plugin.json) were generated with bun scripts/cli.ts multi-format.

Changes

  • plugins/greptile/ — new plugin: installed skills, skills-lock.json, and the four version-bearing runtime manifests
  • .claude-plugin/marketplace.json — registers the greptile entry (source of truth)
  • .agents/plugins/marketplace.json, .cursor-plugin/marketplace.json — regenerated via multi-format (greptile entry only, no unrelated drift)
  • release-please-config.json — adds plugins/greptile package with extra-files covering all 4 version-bearing manifests
  • .release-please-manifest.json — adds "plugins/greptile": "1.0.0"
  • README.md — adds the Greptile entry under Built-in Plugins

claude plugin validate plugins/greptile passes (one pre-existing-pattern warning: missing author field, consistent with other built-in plugins in this repo).

Note: claude plugin validate .claude-plugin/marketplace.json currently reports a pre-existing duplicate asana marketplace entry validation error. This is unrelated to this PR — the asana plugin entry already existed before this change and is untouched here.

Related issue

N/A — not tied to a tracked issue.

Checklist

  • PR title follows Conventional Commits
  • Tests added or updated, and the suite passes (bun run test) — N/A, no test suite for static plugin manifests/skills
  • Lint/format pass (bun run lint) — N/A, not run for this static content change
  • Documentation updated if behavior changed (README Built-in Plugins section)
  • No breaking change, or a BREAKING CHANGE: note is included

Summary by cubic

Adds a new built-in greptile plugin (v1.0.0) with three agent skills—check-pr, cli-review, and greploop—to automate PR checks and Greptile reviews on GitHub, GitLab, and Perforce. Registers the plugin in all marketplaces and sets up release automation.

  • New Features
    • New plugins/greptile with skills managed by skills.sh: check-pr, cli-review, greploop (tracked in skills-lock.json).
    • Runtime manifests added: .claude-plugin/plugin.json, .codex-plugin/plugin.json, .cursor-plugin/plugin.json, and plugin.json (all at v1.0.0).
    • Marketplace entries updated: .claude-plugin/marketplace.json, .agents/plugins/marketplace.json, .cursor-plugin/marketplace.json.
    • Release automation: release-please-config.json and .release-please-manifest.json updated to version plugins/greptile and bump all manifests together.
    • Docs: README updated under Built-in Plugins.
    • Validation: claude plugin validate plugins/greptile passes; a duplicate asana entry warning is pre-existing and unchanged.

Written for commit e820a0a. Summary will update on new commits.

- install check-pr, cli-review, greploop skills from greptileai/skills via skills.sh
- register plugin in Claude/Codex/Cursor marketplaces and release-please
- document plugin in README built-in plugins section
@vercel

vercel Bot commented Jul 2, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
claude-code-plugins Ready Ready Preview, Comment Jul 2, 2026 10:03am

Request Review

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@amondnet, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 33 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 60fb936e-d584-43cf-b699-1bcf2cf0b6dc

📥 Commits

Reviewing files that changed from the base of the PR and between 5d28f4d and e820a0a.

📒 Files selected for processing (18)
  • .agents/plugins/marketplace.json
  • .claude-plugin/marketplace.json
  • .cursor-plugin/marketplace.json
  • .release-please-manifest.json
  • README.md
  • plugins/greptile/.agents/skills/check-pr/SKILL.md
  • plugins/greptile/.agents/skills/check-pr/references/gitlab-api.md
  • plugins/greptile/.agents/skills/check-pr/references/graphql-queries.md
  • plugins/greptile/.agents/skills/cli-review/SKILL.md
  • plugins/greptile/.agents/skills/greploop/SKILL.md
  • plugins/greptile/.agents/skills/greploop/references/gitlab-api.md
  • plugins/greptile/.agents/skills/greploop/references/graphql-queries.md
  • plugins/greptile/.claude-plugin/plugin.json
  • plugins/greptile/.codex-plugin/plugin.json
  • plugins/greptile/.cursor-plugin/plugin.json
  • plugins/greptile/plugin.json
  • plugins/greptile/skills-lock.json
  • release-please-config.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch amondnet/greptile

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🔍 Tessl Skill Review

plugins/greptile/.agents/skills/check-pr/SKILL.md

score

Review Details

Review Details

Dimension Score Detail
conciseness ██░ 2/3 The skill is fairly long with some redundancy between the main body and the reference files (e.g., GraphQL queries and GitLab API calls appear in both). The key field comparison tables and platform detection logic are useful, but the Perforce sections sometimes explain things Claude would know (e.g., what CL fields mean). Some tightening is possible.
actionability ███ 3/3 The skill provides fully executable bash commands for all three platforms at every step — detection, fetching, polling, resolving threads, committing fixes, and re-shelving. Commands are copy-paste ready with clear placeholders, and the GraphQL queries are complete and functional.
workflow clarity ███ 3/3 The 9-step workflow is clearly sequenced with explicit validation checkpoints: waiting for pending checks before analysis (step 3), categorizing issues before acting (step 5), asking the user before fixing (step 7), and resolving threads only after fixes are made (step 8). The polling loop with 30-second intervals and terminal state conditions provides a clear feedback loop.
progressive disclosure ███ 3/3 The main SKILL.md provides a complete overview with inline essentials, while appropriately referencing two bundle files (references/graphql-queries.md and references/gitlab-api.md) for detailed API specifics. References are one level deep, clearly signaled with markdown links, and the bundle files contain complementary detail that supports the main content without duplication issues being severe.

Overall: This is a well-structured, highly actionable skill that covers three VCS platforms with executable commands at every step. The workflow is clearly sequenced with appropriate validation checkpoints and user confirmation before destructive actions. The main weakness is moderate verbosity — some content is duplicated between the main body and reference files, and a few sections explain things Claude already knows, but overall the skill is effective and well-organized.

Suggestions:

  • Reduce duplication by removing the full GraphQL queries and GitLab API examples from the main SKILL.md body, keeping only brief summaries with references to the bundle files where the complete queries already exist.

plugins/greptile/.agents/skills/cli-review/SKILL.md

score

Review Details

Review Details

Dimension Score Detail
conciseness ███ 3/3 Every section is lean and purposeful. No unnecessary explanations of what Greptile is, what CLI tools are, or how npm works. Each step provides only the commands and decision logic Claude needs.
actionability ███ 3/3 All commands are concrete, copy-paste ready bash commands. Each step specifies exact commands to run, what to check for, and what to do in success/failure cases. No pseudocode or vague instructions.
workflow clarity ███ 3/3 The 5-step workflow is clearly sequenced with explicit validation at each stage: check git repo, check CLI installation, check authentication, run review with fallback, then summarize. Each step includes error handling and fallback paths (e.g., JSON fails → --agent, npm unavailable → curl installer).
progressive disclosure ███ 3/3 This is a simple, single-purpose skill under 50 lines with no need for external references. The content is well-organized into clearly labeled sequential sections, making it easy to navigate without additional files.

Overall: This is a well-crafted skill that efficiently guides Claude through a multi-step CLI workflow with clear sequencing, concrete commands, and appropriate error handling at each stage. It respects Claude's intelligence by avoiding unnecessary explanations while providing all the decision logic needed for edge cases like missing tools, failed authentication, and output format fallbacks.


plugins/greptile/.agents/skills/greploop/SKILL.md

score

Review Details

Review Details

Dimension Score Detail
conciseness ██░ 2/3 The skill is quite long (~300+ lines) with substantial code blocks for three platforms (GitHub, GitLab, Perforce). While most content is actionable, there's repetition across platforms and some explanatory text that could be trimmed (e.g., explaining what fields mean, the Perforce webhook paragraph). The multi-platform coverage inherently adds bulk, but some of it could be better organized into reference files.
actionability ███ 3/3 The skill provides fully executable bash commands and API calls for every step across all three platforms. Code is copy-paste ready with specific CLI tools (gh, glab, p4), API endpoints, jq filters, and GraphQL queries. The polling loops, exit conditions, and commit commands are all concrete and complete.
workflow clarity ███ 3/3 The workflow is clearly sequenced (detect platform → identify PR → loop with steps A-F → report) with explicit exit conditions (5/5 confidence AND zero unresolved comments, or max 5 iterations). There are validation checkpoints (check if Greptile is already running before triggering, poll until completion, verify exit conditions before continuing). The max iteration cap prevents runaway loops.
progressive disclosure ██░ 2/3 The skill references two bundle files (references/gitlab-api.md and references/graphql-queries.md) appropriately, but the main SKILL.md still contains a large amount of inline detail that overlaps with those reference files (e.g., the GraphQL queries and GitLab API calls appear in both places). The Perforce-specific content could also be split into a reference file to reduce the main file's length.

Overall: This is a well-structured, highly actionable skill with clear workflow sequencing and explicit exit conditions across three VCS platforms. Its main weakness is length — the multi-platform coverage creates a long document where some content duplicates what's already in the reference files. The progressive disclosure could be improved by moving more platform-specific API details into the reference files and keeping the main skill leaner.

Suggestions:

  • Move the detailed GitLab polling/API code and Perforce Swarm API details into their respective reference files, keeping only concise summaries in the main SKILL.md to reduce duplication and length.
  • Trim explanatory text like 'Key field differences' tables and Perforce webhook explanations — Claude can infer these from the code examples provided.

To improve your score, point your agent at the Tessl optimization guide. Need help? Jump on our Discord.

Feedback

Report issues with this review at tesslio/skill-review, or send private feedback from your terminal with tessl feedback.

@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the new 'greptile' plugin across the repository. It registers the plugin in the marketplace files for Claude, Cursor, and Agents, updates the main README.md with installation instructions, and configures release-please. It also adds the Greptile agent skills ('check-pr', 'cli-review', and 'greploop') under the 'plugins/greptile/.agents/skills/' directory, along with their API reference documentation and plugin manifest files. There are no review comments provided, so I have no feedback to provide on the review itself.

@greptile-apps

greptile-apps Bot commented Jul 2, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds a new built-in plugin greptile (v1.0.0) bundling three agent skills (check-pr, cli-review, greploop) sourced from greptileai/skills, along with the corresponding marketplace registrations and release-please config.

  • check-pr and greploop skills handle GitHub, GitLab, and Perforce review workflows; greploop runs an automated fix-and-re-review loop up to 5 iterations.
  • cli-review runs a local Greptile CLI review from the checkout, with install and auth fallback flows.
  • Release-please is configured to track versioning across four runtime manifests (.claude-plugin/, .codex-plugin/, .cursor-plugin/, root plugin.json).

Confidence Score: 4/5

Safe to merge after addressing the git add -A issue in greploop; all other changes are manifest and config additions with no runtime side effects.

The greploop skill runs git add -A on each automated iteration, unconditionally staging every file in the working tree including any untracked secrets or sensitive config files, and immediately committing and pushing them. A user running greploop in a directory that contains an untracked .env or credentials file would have those silently pushed to their remote. The rest of the PR is straightforward and low-risk.

plugins/greptile/.agents/skills/greploop/SKILL.md — the automated commit step needs scoped staging instead of git add -A.

Security Review

  • Unguarded git add -A in greploop/SKILL.md: The automated fix loop stages all working-tree changes before committing and pushing. Any untracked file present at runtime — .env, credentials, generated secrets — is silently included in the commit and pushed to the remote without user review.
  • curl -fsSL … | sh fallback in cli-review/SKILL.md: The skill surfaces a pipe-to-shell install command for the Greptile CLI. Although the skill instructs the agent to ask for user permission before running it, the granted Bash(curl:*) tool permission allows the agent to execute this pattern; a misbehaving or jailbroken agent invocation could skip the confirmation step.

Important Files Changed

Filename Overview
plugins/greptile/.agents/skills/greploop/SKILL.md Defines the automated iterative-review loop; uses git add -A unconditionally, risking accidental staging of sensitive or unintended files on every iteration.
plugins/greptile/.agents/skills/cli-review/SKILL.md Defines local Greptile CLI review skill; Bash(command:*) in allowed-tools is broader than needed for a command -v check, and the `curl
plugins/greptile/.agents/skills/check-pr/SKILL.md Defines the PR/MR/CL inspection skill; uses git add <files> (targeted staging) for fixes — no issues found.
plugins/greptile/.claude-plugin/plugin.json Claude runtime manifest for the greptile plugin; correctly references ./.agents/skills/.
release-please-config.json Adds plugins/greptile package with extra-files covering all four version-bearing manifests; paths are relative to the package root and resolve correctly.
plugins/greptile/skills-lock.json Locks three skills from greptileai/skills with 64-char (SHA-256) computed hashes; no issues.
.claude-plugin/marketplace.json Registers the greptile plugin entry; minimal but consistent with adjacent entries.

Fix All in Claude Code

Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
plugins/greptile/.agents/skills/greploop/SKILL.md:364-366
`git add -A` in the automated loop stages every file in the working tree — including untracked secrets, `.env` files, or any other sensitive content that happens to exist at review time. Because this runs on each iteration without user confirmation, one unintended file can be committed and pushed to the remote before the user notices. Prefer explicit staging of only the files touched by the fix step.

```suggestion
git add -u
git commit -m "address greptile review feedback (greploop iteration N)"
git push
```

### Issue 2 of 2
plugins/greptile/.agents/skills/cli-review/SKILL.md:11
`Bash(command:*)` is listed as an allowed tool solely so the skill can run `command -v greptile`. The wildcard `*` after `command` allows the agent to invoke any command through the shell builtin, which is much broader than the single existence-check it needs. A tighter pattern limits the blast radius if this skill is composed with others.

```suggestion
allowed-tools: Bash(git:*) Bash(greptile:*) Bash(command -v:*) Bash(curl:*) Bash(npm:*)
```

Reviews (1): Last reviewed commit: "feat(greptile): add greptile skills plug..." | Re-trigger Greptile

Comment thread plugins/greptile/.agents/skills/greploop/SKILL.md
Comment thread plugins/greptile/.agents/skills/cli-review/SKILL.md
@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2026

Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 18 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@amondnet amondnet merged commit 9c1aefc into main Jul 2, 2026
15 checks passed
@amondnet amondnet deleted the amondnet/greptile branch July 2, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant