Skip to content

Add SVS action authorization community skill#1683

Open
CryptoZaddy-dev wants to merge 1 commit into
solana-foundation:mainfrom
CryptoZaddy-dev:codex/add-svs-action-authorization-skill
Open

Add SVS action authorization community skill#1683
CryptoZaddy-dev wants to merge 1 commit into
solana-foundation:mainfrom
CryptoZaddy-dev:codex/add-svs-action-authorization-skill

Conversation

@CryptoZaddy-dev

Copy link
Copy Markdown

Problem

Solana agent builders need a narrow, installable skill for routing consequential actions through signed bot identity, policy review, human approval when required, on-chain receipt evidence, and fail-closed verification before execution.

Summary of Changes

Adds one community Tooling listing for the public SVS Action Authorization skill. The catalog URL is pinned to the pre-existing v1.0.0 tag.

Repository: https://github.com/SVS-Protocol/svs-agent-skill
Tag: v1.0.0
Commit: c1dcabc14cb6316710437fc438ce95457c1547e5
Skill path: skills/svs-action-authorization
Maintainer: @SVS-Protocol / @CryptoZaddy-dev
Security contact: hello@svsprotocol.com with SECURITY in the subject

The skill contains instructions and examples only. It has no scripts, package manifest, lifecycle hooks, remote bootstrap commands, or automatic transaction execution. Its example install is pinned to @svsprotocol/solana@0.4.0. Integrators provide scoped SVS_BOT_API_KEY and SVS_BOT_REQUEST_SIGNING_SECRET credentials; the skill explicitly forbids requesting wallet private keys or seed phrases and keeps wallet signing in the wallet.

Fixes #


Change classification (SDLC §2)

  • Critical — auth, secrets/key handling, fund movement, deploy/CI security gates, or anything that changes who can do what
  • Standard — production-facing, non-critical (features, API/route changes, dependency updates, monitoring/config)
  • Low — no security impact (docs, tests, dev tooling, content)

Security checklist

  • No secrets, tokens, or credentials in source, env files, or CI logs.
  • No user input or external-service rendering changes.
  • No new dependencies.
  • No production error-handling paths changed.
  • Not a Critical change; threat-model note is n/a.

New dependencies: none.

Threat-model note: n/a. This is an immutable link-only catalog entry; the linked skill's safety boundary and SECURITY.md are included in the tagged release.

@vercel vercel Bot temporarily deployed to Preview – solana-com-media July 13, 2026 05:13 Inactive
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

5 Skipped Deployments
Project Deployment Actions Updated (UTC)
solana-com-accelerate Skipped Skipped Jul 13, 2026 5:13am
solana-com-breakpoint-2 Skipped Skipped Jul 13, 2026 5:13am
solana-com-docs Skipped Skipped Jul 13, 2026 5:13am
solana-com-media Skipped Skipped Jul 13, 2026 5:13am
templates Skipped Skipped Jul 13, 2026 5:13am

Request Review

@vercel vercel Bot temporarily deployed to Preview – solana-com-docs July 13, 2026 05:13 Inactive
@vercel vercel Bot temporarily deployed to Preview – solana-com-breakpoint-2 July 13, 2026 05:13 Inactive
@vercel vercel Bot temporarily deployed to Preview – solana-com-accelerate July 13, 2026 05:13 Inactive
@vercel vercel Bot temporarily deployed to Preview – templates July 13, 2026 05:13 Inactive
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

Someone is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

@greptile-apps

greptile-apps Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds a single community skill catalog entry for the SVS Action Authorization skill (svs-action-authorization) to the communitySkills.ts data file. The change is a low-risk, content-only addition — no logic, dependencies, or production code paths are modified.

  • The new entry uses a mutable v1.0.0 git tag in its URL rather than the immutable commit SHA (c1dcabc…) cited in the PR description, differing from the pinned-SHA convention followed by nearly all other entries in this file.
  • The entry is inserted inside the // ── AI Coding Skills – General ── comment block but carries category: TOOLING, while every other TOOLING entry lives in the // ── Developer Tools ── block, breaking the established organisational grouping.

Confidence Score: 4/5

Safe to merge as-is; both findings are cosmetic and do not affect runtime behavior. Addressing the tag vs. SHA issue is recommended to match the immutability standard of the rest of the catalog.

The change is a link-only catalog entry with no logic or dependencies. The two issues are: the URL pins to a mutable git tag instead of a commit SHA (which the other entries consistently use and the PR itself already documents), and the entry is placed in the wrong comment block for its category. Neither affects rendering or runtime correctness today.

apps/web/src/data/skills/communitySkills.ts — placement within the comment-section groupings and the tag-based URL should be reviewed.

Important Files Changed

Filename Overview
apps/web/src/data/skills/communitySkills.ts Adds a new TOOLING-category community skill entry for SVS Action Authorization; entry is placed in the "General" comment section rather than the "Developer Tools" section where all other TOOLING entries reside, and the URL is pinned to a mutable tag rather than an immutable commit SHA.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[communitySkills.ts array] --> B[General Section\nTESTING / PROGRAMS]
    A --> C[DeFi Section\nDEFI]
    A --> D[Infrastructure Section\nINFRASTRUCTURE]
    A --> E[Developer Tools Section\nTOOLING]
    B --> F["svs-action-authorization ← NEW\ncategory: TOOLING\n⚠️ placed here but category=TOOLING"]
    E --> G[solana-kit-skill]
    E --> H[solana-kit-migration-skill]
    E --> I[pinocchio-skill]
    E --> J[vulnhunter-skill]
    E --> K[code-recon-skill]
    E --> L[surfpool-skill]
    style F fill:#ffcccc,stroke:#ff0000
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[communitySkills.ts array] --> B[General Section\nTESTING / PROGRAMS]
    A --> C[DeFi Section\nDEFI]
    A --> D[Infrastructure Section\nINFRASTRUCTURE]
    A --> E[Developer Tools Section\nTOOLING]
    B --> F["svs-action-authorization ← NEW\ncategory: TOOLING\n⚠️ placed here but category=TOOLING"]
    E --> G[solana-kit-skill]
    E --> H[solana-kit-migration-skill]
    E --> I[pinocchio-skill]
    E --> J[vulnhunter-skill]
    E --> K[code-recon-skill]
    E --> L[surfpool-skill]
    style F fill:#ffcccc,stroke:#ff0000
Loading

Reviews (1): Last reviewed commit: "Add SVS action authorization community s..." | Re-trigger Greptile

Comment on lines +36 to 45
{
slug: "svs-action-authorization",
title: "SVS Action Authorization",
description:
"Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.",
url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization",
category: TOOLING,
},

// ── AI Coding Skills – DeFi ─────────────────────────────────────────

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The new entry is inserted inside the // ── AI Coding Skills – General ── block, but its category is TOOLING. Every other TOOLING entry lives in the // ── Developer Tools ─ block further down. Placing it here breaks the visual grouping convention used throughout the file and could confuse future contributors editing the list.

Suggested change
{
slug: "svs-action-authorization",
title: "SVS Action Authorization",
description:
"Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.",
url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization",
category: TOOLING,
},
// ── AI Coding Skills – DeFi ─────────────────────────────────────────
// ── AI Coding Skills – DeFi ─────────────────────────────────────────

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

title: "SVS Action Authorization",
description:
"Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.",
url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The URL references the mutable v1.0.0 tag rather than an immutable commit SHA. Tags can be force-pushed to point to a different commit without changing the URL, so the linked content could silently change. Nearly every other entry in this file pins to a full commit SHA; the PR description already mentions the exact SHA (c1dcabc14cb6316710437fc438ce95457c1547e5), so it can be used here.

Suggested change
url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization",
url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/c1dcabc14cb6316710437fc438ce95457c1547e5/skills/svs-action-authorization",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant