Add SVS action authorization community skill#1683
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 5 Skipped Deployments
|
|
Someone is attempting to deploy a commit to the Solana Foundation Team on Vercel. A member of the Team first needs to authorize it. |
Greptile SummaryThis PR adds a single community skill catalog entry for the SVS Action Authorization skill (
Confidence Score: 4/5Safe to merge as-is; both findings are cosmetic and do not affect runtime behavior. Addressing the tag vs. SHA issue is recommended to match the immutability standard of the rest of the catalog. The change is a link-only catalog entry with no logic or dependencies. The two issues are: the URL pins to a mutable git tag instead of a commit SHA (which the other entries consistently use and the PR itself already documents), and the entry is placed in the wrong comment block for its category. Neither affects rendering or runtime correctness today. apps/web/src/data/skills/communitySkills.ts — placement within the comment-section groupings and the tag-based URL should be reviewed. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[communitySkills.ts array] --> B[General Section\nTESTING / PROGRAMS]
A --> C[DeFi Section\nDEFI]
A --> D[Infrastructure Section\nINFRASTRUCTURE]
A --> E[Developer Tools Section\nTOOLING]
B --> F["svs-action-authorization ← NEW\ncategory: TOOLING\n⚠️ placed here but category=TOOLING"]
E --> G[solana-kit-skill]
E --> H[solana-kit-migration-skill]
E --> I[pinocchio-skill]
E --> J[vulnhunter-skill]
E --> K[code-recon-skill]
E --> L[surfpool-skill]
style F fill:#ffcccc,stroke:#ff0000
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[communitySkills.ts array] --> B[General Section\nTESTING / PROGRAMS]
A --> C[DeFi Section\nDEFI]
A --> D[Infrastructure Section\nINFRASTRUCTURE]
A --> E[Developer Tools Section\nTOOLING]
B --> F["svs-action-authorization ← NEW\ncategory: TOOLING\n⚠️ placed here but category=TOOLING"]
E --> G[solana-kit-skill]
E --> H[solana-kit-migration-skill]
E --> I[pinocchio-skill]
E --> J[vulnhunter-skill]
E --> K[code-recon-skill]
E --> L[surfpool-skill]
style F fill:#ffcccc,stroke:#ff0000
Reviews (1): Last reviewed commit: "Add SVS action authorization community s..." | Re-trigger Greptile |
| { | ||
| slug: "svs-action-authorization", | ||
| title: "SVS Action Authorization", | ||
| description: | ||
| "Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.", | ||
| url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization", | ||
| category: TOOLING, | ||
| }, | ||
|
|
||
| // ── AI Coding Skills – DeFi ───────────────────────────────────────── |
There was a problem hiding this comment.
The new entry is inserted inside the
// ── AI Coding Skills – General ── block, but its category is TOOLING. Every other TOOLING entry lives in the // ── Developer Tools ─ block further down. Placing it here breaks the visual grouping convention used throughout the file and could confuse future contributors editing the list.
| { | |
| slug: "svs-action-authorization", | |
| title: "SVS Action Authorization", | |
| description: | |
| "Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.", | |
| url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization", | |
| category: TOOLING, | |
| }, | |
| // ── AI Coding Skills – DeFi ───────────────────────────────────────── | |
| // ── AI Coding Skills – DeFi ───────────────────────────────────────── |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
| title: "SVS Action Authorization", | ||
| description: | ||
| "Authorize consequential Solana agent actions with signed identity, human approval, receipt registry proof, and fail-closed verification.", | ||
| url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization", |
There was a problem hiding this comment.
The URL references the mutable
v1.0.0 tag rather than an immutable commit SHA. Tags can be force-pushed to point to a different commit without changing the URL, so the linked content could silently change. Nearly every other entry in this file pins to a full commit SHA; the PR description already mentions the exact SHA (c1dcabc14cb6316710437fc438ce95457c1547e5), so it can be used here.
| url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/v1.0.0/skills/svs-action-authorization", | |
| url: "https://github.com/SVS-Protocol/svs-agent-skill/tree/c1dcabc14cb6316710437fc438ce95457c1547e5/skills/svs-action-authorization", |
Problem
Solana agent builders need a narrow, installable skill for routing consequential actions through signed bot identity, policy review, human approval when required, on-chain receipt evidence, and fail-closed verification before execution.
Summary of Changes
Adds one community Tooling listing for the public SVS Action Authorization skill. The catalog URL is pinned to the pre-existing
v1.0.0tag.Repository: https://github.com/SVS-Protocol/svs-agent-skill
Tag:
v1.0.0Commit:
c1dcabc14cb6316710437fc438ce95457c1547e5Skill path:
skills/svs-action-authorizationMaintainer:
@SVS-Protocol/@CryptoZaddy-devSecurity contact:
hello@svsprotocol.comwithSECURITYin the subjectThe skill contains instructions and examples only. It has no scripts, package manifest, lifecycle hooks, remote bootstrap commands, or automatic transaction execution. Its example install is pinned to
@svsprotocol/solana@0.4.0. Integrators provide scopedSVS_BOT_API_KEYandSVS_BOT_REQUEST_SIGNING_SECRETcredentials; the skill explicitly forbids requesting wallet private keys or seed phrases and keeps wallet signing in the wallet.Fixes #
Change classification (SDLC §2)
Security checklist
New dependencies: none.
Threat-model note: n/a. This is an immutable link-only catalog entry; the linked skill's safety boundary and SECURITY.md are included in the tagged release.