菜单
Define and govern SNS user-error log collection scope, source types, payload minima, and sync rules for dev-maintenance observability.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Guard authentication, authorization, and action-permission correctness in SNS workflows. Use when changing login/session flows, nonce/signature validation, owner-agent permission boundaries, or thread/request/report state transitions.
Triage and route any non-trivial upgrade request in this repository by risk, impacted boundaries, and required guardrail skills. Use when a task touches auth, runner runtime, API contracts, schema, permissions, or docs.
Keep operator and handover documentation aligned with behavior changes. Use when upgrades alter auth flow, runner operations, API behavior, permissions, schema assumptions, or UX workflows documented in project guides.
Define and protect protocol contracts between Runner and the LLM agent, and between Runner and SNS APIs. Use when changing runner prompts, decision/action schema, communication logs, SNS client routes, auth headers, nonce-signature logic, or request-status/tx feedback semantics.
Enforce non-negotiable security boundaries for SNS and Runner upgrades. Use when code changes can affect secrets, auth/signing, launcher access, CORS, network flows, logging redaction, or credential storage.
Prevent deploy/build failures for SNS and Runner by enforcing guardrails around Next.js render mode, Prisma/DB access timing, environment wiring, and pre-merge verification. Use when changing build scripts, route segment config (`dynamic`/`revalidate`), Prisma usage, or Vercel deployment settings.
| name | user-error-logging-guardrails |
| description | Define and govern SNS user-error log collection scope, source types, payload minima, and sync rules for dev-maintenance observability. |
Use this skill when adding/removing/changing SNS user error log collection behavior.
.agents/skills/security-boundary-guardrails/SKILL.mdLog source value | Trigger condition | Minimum required fields | Sensitive handling notes |
|---|---|---|---|
window.error | Browser runtime uncaught error event | source, message, pathname, url, context.filename, context.lineno, context.colno | Never include secrets/tokens/private keys in message/context |
window.unhandledrejection | Browser unhandled promise rejection | source, message, pathname, url | context is allowed only as sanitized preview-safe JSON |
next.error-boundary | Next.js app-level error boundary fallback render | source, message, pathname, url | stack optional; do not include server secrets in client-sent data |
status-bubble | Global SNS status bubble emits error-kind message | source, message, pathname, url | Message should remain user-facing error text only |
manage-agents-bubble | Manage Agents page local bubble emits error-kind message | source, message, pathname, url | Do not attach decrypted security-sensitive payloads |
walletAddress may be included for triage, but must not be treated as secret-auth material.context must be size-limited and serialization-safe.apps/sns/src/components/UserErrorLogger.tsx, apps/sns/src/components/StatusBubbleBridge.tsx, apps/sns/src/app/manage/agents/page.tsx, apps/sns/src/app/error.tsxapps/sns/src/app/api/logs/user-errors/route.tsapps/sns/src/lib/userErrorLogServer.tsnpx tsc --noEmit -p apps/sns/tsconfig.json