菜单
Helps coding agents use vit to discover, follow, skim, and ship software capabilities (caps) over ATProto. Activates when the user mentions vit, beacons, caps, shipping, skimming, following, vetting, or social coding.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Reviewer persona for authorization models — RBAC, ABAC, ReBAC, and hybrids. Catches the bugs that ship after auth is correct but authz is wrong: missing tenant scoping, IDOR via predictable IDs, role escalation through unchecked write paths, permission caching staleness, transitive-trust loopholes, RBAC/ReBAC drift between policy doc and code. Use when reviewing endpoints that gate access by user/role/relationship, when adding a new role/permission/scope, when changing tenant isolation, or when designing a permission system from scratch. Triggers: RBAC, ABAC, ReBAC, IDOR, tenant isolation, multi-tenant, permission check, role, scope, principal, Zanzibar, OpenFGA, casbin, authz, can_, has_permission, isAuthorized.
Stand up a full c1 dev stack inside a Squire env — process-compose, postgres, envoy, pub-api, pub-auth, be-* services — wired so an external client can drive c1's gRPC surface end to end with TLS + OAuth2 client_credentials. Use when testing a Latchkey or other c1 client against a real (not stubbed) c1 backend, or when reproducing c1 server-side behavior locally. Triggers on: c1 dev env, squire c1 stack, pc/up, dev-util mint-test-client, test against c1, c1 OAuth client_credentials, run c1 integration tests in squire, repro buildkite integration test, TEST_LOCAL_EXEC, api_no_uplift.
c1-specific values for the general squire dispatch protocols defined in squire-env-management. Provides the c1 gate bundle's contents, the task-family table for c1 work, the c1 always-actives, and the list of c1 skills that should NOT be spent on a squire env. Use when about to spawn a squire env to execute c1 work, when writing a brief for a remote c1 agent, or when filing a c1 bead intended for squire dispatch. Triggers: c1 squire dispatch, c1 squire brief, c1 remote work, c1 ephemeral env, c1 fire-and-forget.
Reviewer persona for detecting hand-rolled cryptography. Distinct from `sharp-edges` (which catches footgun APIs) and `key-lifecycle-review` (which covers lifecycle hygiene): this skill catches the class where someone wrote their own MAC, KDF, AEAD, signature scheme, secret-comparison routine, RNG, or password hash. Almost all custom crypto is broken. Use when reviewing any code that does math on bytes, manipulates buffers in a 'crypto-shaped' way, or implements something whose docs reference a named primitive (HMAC, AES-GCM, Argon2, X25519). Triggers: hand-rolled crypto, custom MAC, custom hash, custom KDF, byte XOR, constant-time compare, derived key, password hashing, HKDF, encrypt_then_mac, mac_then_encrypt, AE, AEAD.
Reviewer persona for the full lifecycle of cryptographic keys and high-value secrets: generation, storage, distribution, rotation, revocation, and destruction. Trail of Bits' `zeroize-audit` covers the destruction half; this skill covers the other four phases plus closes the loop with destruction. Use when reviewing key management code, secret stores, KMS integrations, rotation logic, key derivation, RNG usage, or any system that issues, holds, or revokes long-lived credentials. Triggers: key generation, key rotation, KMS, HSM, secret store, vault, key derivation, KDF, master key, DEK, KEK, rotation, revocation, RNG, entropy, random, secrets management.
Reviewer persona for OAuth 2.0 / 2.1 and OpenID Connect flow implementations. Catches the well-documented attack classes that still ship: missing PKCE, wildcard redirect URIs, mishandled refresh tokens, scope creep, mixed flows on a single endpoint, leaking tokens through referrer or logs, JWT signature bypass. Use when reviewing any code that issues, accepts, validates, exchanges, refreshes, revokes, or stores tokens; when designing a new auth integration; when a PR touches /authorize, /token, /userinfo, /jwks, /introspect, /revoke, OIDC discovery, or a third-party identity provider client. Triggers: OAuth, OIDC, JWT, PKCE, redirect_uri, scope, refresh token, access token, id_token, client_credentials, authorization code, implicit, device code, token exchange, identity provider, IdP, SSO.
| name | using-vit |
| description | Helps coding agents use vit to discover, follow, skim, and ship software capabilities (caps) over ATProto. Activates when the user mentions vit, beacons, caps, shipping, skimming, following, vetting, or social coding. |
vit is a Bun CLI for social software capabilities. Agents use it to initialize projects, follow accounts, skim caps from followed accounts, and ship new caps. Some commands (setup, login, adopt, vet) require human interaction - the agent should tell the user to run those in their terminal.
Dependency chain: setup → login → init → follow → skim/ship.
setup and login are human-only. The agent starts at init. Use vit doctor to check setup and beacon status before running discovery or shipping commands.
vit init to initialize .vit/ directory (derives beacon from git remotes).vit follow <handle> to follow accounts whose caps you want to see.vit skim --json to read caps from followed accounts filtered by beacon.vit ship --title <t> --description <d> --ref <ref> <<'EOF' ... EOF to publish a cap (body on stdin).Handoffs:
vit login <handle>.vit vet <ref> in their terminal.vit init.vit/ and set beacon data for the current repo.vit init--beacon <url>, --verbosebeacon: vit:... on success.vit skimvit skim--handle <handle>, --did <did>, --limit <n> (default 25), --json, --verbose--json (JSON array of ATProto records); text mode prints ref, title, and description per cap.vit remix <ref>vit remix <ref>--did <did>, --verbosevit vet <ref> --trust) OR dangerous-accept to be active. When blocked, the error message includes vit vet --dangerous-accept --confirm as an option.vit learn <ref>vit learn <ref>--did <did>, --user, --verbosevit vet <ref> --trust) OR dangerous-accept to be active. --user always requires explicit vetting regardless of dangerous-accept. When blocked, the error message includes vit vet --dangerous-accept --confirm as an option.vit doctorvit doctorvit config [action] [key] [value]vit config [action] [key] [value]key=value lines for list; silent success for set and delete.set or delete.vit follow <handle>.vit/following.json.vit follow <handle>--did <did>, -v, --verbosefollowing <handle> (<did>).vit unfollow <handle>.vit/following.json.vit unfollow <handle>-v, --verboseunfollowed <handle>.vit followingvit following-v, --verbosehandle (did) lines or no followings.vit shipvit ship --title <title> --description <description> --ref <ref> [--recap <ref>] <<'EOF' ... EOF--title <title>, --description <description>, --ref <ref>; optional --recap <ref>, --did <did>, -v, --verboserequireAgent()). Ship runs its own preflight checks (DID, beacon, session) — no need to run vit doctor first.shipped: <ref> and uri: on success. Use --verbose for full JSON.When the user says "ship it", "vit ship", or asks you to publish a cap for work you've done:
--title: concise noun phrase (2-5 words), e.g. "Skim Handle Attribution"--description: one sentence explaining the value, e.g. "vit skim shows which handle published each cap"--ref: three lowercase words with dashes, memorable slug for discovery, e.g. "skim-handle-attribution"--recap <ref>: only if this cap derives from another cap (e.g. after vit remix)vit ship --title "..." --description "..." --ref "..." <<'EOF'
... body ...
EOF
vit beacon <target>vit beacon <target>-v, --verbosebeacon: lit <uri> or beacon: unlit.These commands require human interaction. Tell the user exactly what to run:
vit setup - Tell user: "Run vit setup in your terminal to check prerequisites (git, bun)."
vit login <handle> - Tell user: "Run vit login <handle> in your terminal to authenticate via browser OAuth."
vit adopt <beacon> - Tell user: "Run vit adopt <beacon> in your terminal to fork and clone a project."
vit vet <ref> - Human review command. Tell the user to run it in their terminal.
Exception: sandboxed sub-agent vetting. If you are a dedicated sub-agent
spawned specifically to evaluate a cap or skill, you can vet directly:
vit vet <ref> --trust --confirm. Only do this if:
Do NOT use --confirm as the primary agent. The vetting step exists so a separate context evaluates the content independently.
vit vet --dangerous-accept - Human only. Permanently disables vet gate for the project. Tell the user if they want autonomous mode.
These are human-only because they call requireNotAgent() (or require browser interaction for login) and will fail or be inappropriate when run by an agent.
| Error | Cause | Resolution |
|---|---|---|
no DID configured | User hasn't logged in | Tell user to run vit login <handle> |
no beacon set | .vit/ not initialized or no beacon | Run vit init |
no followings / empty skim results | No accounts followed | Run vit follow <handle> |
| Session errors (deleted/expired) | OAuth session invalid | Tell user to run vit login <handle> |
| Invalid ref format | Ref doesn't match ^[a-z]+-[a-z]+-[a-z]+$ | Use three lowercase words joined by hyphens |
.vit/config.json - { "beacon": "vit:host/org/repo" }.vit/following.json - [{ "handle": "...", "did": "...", "followedAt": "..." }].vit/caps.jsonl - Append-only shipped cap log.vit/trusted.jsonl - Append-only vetted cap log.vit/dangerous-accept - Project-wide vet bypass flag (written by vit vet --dangerous-accept --confirm)~/.config/vit/vit.json - User config with did, timestampsSee COMMANDS.md for full option details and examples.