skills: expand reverse engineering workflows#144
Conversation
Why: Define composable shared, Apple-domain, and tool-adapter workflows for modern binary research, preservation, and beta-aware analysis. Verification: - git diff --check - uv run scripts/validate_socket_metadata.py
Why: Add composable routing, decompiler review, preservation, and exact-build comparison workflows before platform-specific analysis skills. Verification: - generic skill validation for all six exported skills - uv run plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py - uv run scripts/validate_socket_metadata.py - git diff --check
Why: Provide stable, composable Apple artifact, runtime metadata, symbol, signing, and Apple Silicon analysis guidance before beta-sensitive and tool-specific workflows. Verification: - generic skill validation for all eleven exported skills - uv run plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py - uv run scripts/validate_socket_metadata.py - git diff --check
|
Warning Review limit reached
Next review available in: 46 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThe PR expands the reverse-engineering plugin with shared analysis, Apple, .NET, Unity, artifact-preservation, reporting, and tool-adapter skills; adds validation and evidence templates; refreshes generated architecture inventories; and bumps project and plugin versions to 9.10.0. ChangesReverse-engineering plugin expansion
Estimated code review effort: 4 (Complex) | ~45 minutes Sequence Diagram(s)sequenceDiagram
participant Researcher
participant SelectAnalysisPath
participant EvidenceNotesWorkflow
participant ToolAdapter
Researcher->>SelectAnalysisPath: Provide question and artifact identity
SelectAnalysisPath->>EvidenceNotesWorkflow: Initialize required evidence records
SelectAnalysisPath->>ToolAdapter: Select capability-matched adapter
ToolAdapter->>EvidenceNotesWorkflow: Record analysis context and outputs
EvidenceNotesWorkflow-->>Researcher: Return reproducible findings and next check
Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py (1)
154-170: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winAdd defensive guards for missing directories and non-object JSON.
If
plugin.jsoncontains valid JSON that is not an object (e.g. an array),manifest.getwill raise anAttributeError. Additionally, if theskillsdirectory is missing,SKILLS_ROOT.iterdir()will raise aFileNotFoundError. Adding defensive checks ensures the validation script fails gracefully with a standardFindingrather than an unhandled exception.♻️ Proposed fixes
def validate_manifest() -> list[Finding]: try: manifest = json.loads(PLUGIN_MANIFEST.read_text(encoding="utf-8")) except FileNotFoundError: return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "is missing")] except json.JSONDecodeError as error: return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), f"contains invalid JSON: {error}")] + if not isinstance(manifest, dict): + return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "manifest must be a JSON object")] if manifest.get("skills") != "./skills/": return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "must export the authored ./skills/ directory")] return [] def main() -> int: findings = validate_manifest() - skill_dirs = sorted(path for path in SKILLS_ROOT.iterdir() if path.is_dir()) + skill_dirs = sorted(path for path in SKILLS_ROOT.iterdir() if path.is_dir()) if SKILLS_ROOT.is_dir() else [] if not skill_dirs: findings.append(Finding("skills", "must contain at least one exported skill directory"))🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py` around lines 154 - 170, Update validate_manifest to verify the parsed JSON is an object before calling manifest.get, returning a Finding for valid non-object JSON. Update main’s SKILLS_ROOT iteration to handle a missing directory and append the standard “skills” Finding instead of allowing FileNotFoundError to escape; preserve the existing empty-directory validation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/maintainers/reverse-engineering-skills-plugin-plan.md`:
- Around line 303-312: Reconcile Milestone 13 Exit Criteria status across docs:
in docs/maintainers/reverse-engineering-skills-plugin-plan.md lines 303-312,
align the five unchecked criteria with the completed Phase 3 ticket and Delivery
Sequence, or retain them unchecked with explicit justification; in ROADMAP.md
lines 402-408, update the corresponding criteria to the same status if they
remain open. Ensure both checklists agree.
- Around line 237-246: Rename the “Existing Non-Apple Domain Candidates” heading
above `reverse-engineering:inspect-dotnet-assemblies` and
`reverse-engineering:inspect-unity-artifacts` to reflect that these shipped
skills are existing non-Apple domain skills, matching the shipped framing used
by the other skill groups.
---
Nitpick comments:
In `@plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py`:
- Around line 154-170: Update validate_manifest to verify the parsed JSON is an
object before calling manifest.get, returning a Finding for valid non-object
JSON. Update main’s SKILLS_ROOT iteration to handle a missing directory and
append the standard “skills” Finding instead of allowing FileNotFoundError to
escape; preserve the existing empty-directory validation.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 1cf1d381-21e4-4d70-a4f4-7b1212eed143
⛔ Files ignored due to path filters (8)
plugins/agent-portability-skills/uv.lockis excluded by!**/*.lockplugins/apple-dev-skills/uv.lockis excluded by!**/*.lockplugins/cardhop-app/mcp/uv.lockis excluded by!**/*.lockplugins/productivity-skills/uv.lockis excluded by!**/*.lockplugins/python-skills/uv.lockis excluded by!**/*.lockplugins/things-app/mcp/uv.lockis excluded by!**/*.lockplugins/things-app/uv.lockis excluded by!**/*.lockuv.lockis excluded by!**/*.lock
📒 Files selected for processing (94)
README.mdROADMAP.mddocs/architecture/ARCHITECTURE.mddocs/architecture/architecture.jsondocs/maintainers/reverse-engineering-skills-plugin-plan.mdplugins/agent-portability-skills/.codex-plugin/plugin.jsonplugins/agent-portability-skills/pyproject.tomlplugins/agentdeck/.codex-plugin/plugin.jsonplugins/android-dev-skills/.codex-plugin/plugin.jsonplugins/apple-creator-studio-skills/.codex-plugin/plugin.jsonplugins/apple-dev-skills/.codex-plugin/plugin.jsonplugins/apple-dev-skills/pyproject.tomlplugins/cardhop-app/.codex-plugin/plugin.jsonplugins/cardhop-app/mcp/pyproject.tomlplugins/cloud-deployment-skills/.codex-plugin/plugin.jsonplugins/cloud-inference-skills/.codex-plugin/plugin.jsonplugins/dotnet-skills/.codex-plugin/plugin.jsonplugins/game-dev-skills/.codex-plugin/plugin.jsonplugins/messaging-collaboration-skills/.codex-plugin/plugin.jsonplugins/network-protocol-skills/.codex-plugin/plugin.jsonplugins/productivity-skills/.codex-plugin/plugin.jsonplugins/productivity-skills/pyproject.tomlplugins/python-skills/.codex-plugin/plugin.jsonplugins/python-skills/pyproject.tomlplugins/reverse-engineering-skills/.codex-plugin/plugin.jsonplugins/reverse-engineering-skills/scripts/validate_repo_metadata.pyplugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/SKILL.mdplugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/agents/openai.yamlplugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/references/apple-silicon-arm64e.mdplugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/SKILL.mdplugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/agents/openai.yamlplugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/references/apple-signing-and-containment.mdplugins/reverse-engineering-skills/skills/compare-binary-versions/SKILL.mdplugins/reverse-engineering-skills/skills/compare-binary-versions/agents/openai.yamlplugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/SKILL.mdplugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/agents/openai.yamlplugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/references/apple-symbol-and-crash-correlation.mdplugins/reverse-engineering-skills/skills/evidence-notes-workflow/SKILL.mdplugins/reverse-engineering-skills/skills/evidence-notes-workflow/agents/openai.yamlplugins/reverse-engineering-skills/skills/evidence-notes-workflow/references/analysis-records.mdplugins/reverse-engineering-skills/skills/inspect-apple-artifact/SKILL.mdplugins/reverse-engineering-skills/skills/inspect-apple-artifact/agents/openai.yamlplugins/reverse-engineering-skills/skills/inspect-apple-artifact/references/apple-artifact-and-macho.mdplugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/SKILL.mdplugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/agents/openai.yamlplugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/references/dotnet-assembly-analysis.mdplugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/SKILL.mdplugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/agents/openai.yamlplugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/references/dyld-cache-workflow.mdplugins/reverse-engineering-skills/skills/inspect-unity-artifacts/SKILL.mdplugins/reverse-engineering-skills/skills/inspect-unity-artifacts/agents/openai.yamlplugins/reverse-engineering-skills/skills/inspect-unity-artifacts/references/unity-artifact-analysis.mdplugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/SKILL.mdplugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/agents/openai.yamlplugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/references/apple-dynamic-analysis.mdplugins/reverse-engineering-skills/skills/preserve-binary-artifacts/SKILL.mdplugins/reverse-engineering-skills/skills/preserve-binary-artifacts/agents/openai.yamlplugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/SKILL.mdplugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/agents/openai.yamlplugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/references/apple-runtime-recovery.mdplugins/reverse-engineering-skills/skills/report-apple-security-research/SKILL.mdplugins/reverse-engineering-skills/skills/report-apple-security-research/agents/openai.yamlplugins/reverse-engineering-skills/skills/report-apple-security-research/references/apple-security-reporting.mdplugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/SKILL.mdplugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/agents/openai.yamlplugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/references/apple-system-artifacts.mdplugins/reverse-engineering-skills/skills/review-decompiler-output/SKILL.mdplugins/reverse-engineering-skills/skills/review-decompiler-output/agents/openai.yamlplugins/reverse-engineering-skills/skills/select-analysis-path/SKILL.mdplugins/reverse-engineering-skills/skills/select-analysis-path/agents/openai.yamlplugins/reverse-engineering-skills/skills/triage-artifact/agents/openai.yamlplugins/reverse-engineering-skills/skills/use-cutter-and-rizin/SKILL.mdplugins/reverse-engineering-skills/skills/use-cutter-and-rizin/agents/openai.yamlplugins/reverse-engineering-skills/skills/use-cutter-and-rizin/references/cutter-rizin-workflow.mdplugins/reverse-engineering-skills/skills/use-ghidra/SKILL.mdplugins/reverse-engineering-skills/skills/use-ghidra/agents/openai.yamlplugins/reverse-engineering-skills/skills/use-ghidra/references/ghidra-workflow.mdplugins/reverse-engineering-skills/skills/use-hopper/SKILL.mdplugins/reverse-engineering-skills/skills/use-hopper/agents/openai.yamlplugins/reverse-engineering-skills/skills/use-hopper/references/hopper-workflow.mdplugins/reverse-engineering-skills/skills/use-malimite/SKILL.mdplugins/reverse-engineering-skills/skills/use-malimite/agents/openai.yamlplugins/reverse-engineering-skills/skills/use-malimite/references/malimite-workflow.mdplugins/rust-skills/.codex-plugin/plugin.jsonplugins/server-side-jvm/.codex-plugin/plugin.jsonplugins/server-side-swift/.codex-plugin/plugin.jsonplugins/spotify/.codex-plugin/plugin.jsonplugins/swift-lang/.codex-plugin/plugin.jsonplugins/swiftasb-skills/.codex-plugin/plugin.jsonplugins/things-app/.codex-plugin/plugin.jsonplugins/things-app/mcp/pyproject.tomlplugins/things-app/pyproject.tomlplugins/web-dev-skills/.codex-plugin/plugin.jsonpyproject.toml
Summary
Verification
Summary by CodeRabbit
New Features
Documentation
Chores