Skip to content

skills: expand reverse engineering workflows#144

Merged
gaelic-ghost merged 6 commits into
mainfrom
skills/expand-reverse-engineering
Jul 14, 2026
Merged

skills: expand reverse engineering workflows#144
gaelic-ghost merged 6 commits into
mainfrom
skills/expand-reverse-engineering

Conversation

@gaelic-ghost

@gaelic-ghost gaelic-ghost commented Jul 14, 2026

Copy link
Copy Markdown
Owner

Summary

  • expand Reverse Engineering Skills from 2 to 21 focused workflows
  • add Apple static, dynamic, dyld, Apple Silicon, kernel, and security-reporting guidance
  • add Cutter/Rizin, Malimite, Ghidra, Hopper, .NET, and Unity workflows
  • forward-test representative artifacts and capture observed tool limitations
  • bump the shared Socket version to 9.10.0

Verification

  • reverse-engineering metadata validator
  • all 21 generic skill validators
  • root Socket marketplace validator
  • Hermes compatibility validator
  • architecture consistency check
  • three independent artifact-driven forward tests

Summary by CodeRabbit

  • New Features

    • Added comprehensive reverse-engineering workflows for Apple, .NET, Unity, kernel, firmware, signing, runtime metadata, binary comparison, and security research.
    • Added guided integrations for Cutter/Rizin, Ghidra, Hopper, and Malimite.
    • Introduced reproducible artifact preservation, evidence capture, and decompiler-review workflows.
  • Documentation

    • Expanded plugin catalogs, architecture references, roadmap details, and workflow guidance.
    • Added validation guidance for skill metadata, links, and configuration.
  • Chores

    • Updated project and plugin versions to 9.10.0.

Why:
Define composable shared, Apple-domain, and tool-adapter workflows for modern binary research, preservation, and beta-aware analysis.

Verification:
- git diff --check
- uv run scripts/validate_socket_metadata.py
Why:
Add composable routing, decompiler review, preservation, and exact-build comparison workflows before platform-specific analysis skills.

Verification:
- generic skill validation for all six exported skills
- uv run plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py
- uv run scripts/validate_socket_metadata.py
- git diff --check
Why:
Provide stable, composable Apple artifact, runtime metadata, symbol, signing, and Apple Silicon analysis guidance before beta-sensitive and tool-specific workflows.

Verification:
- generic skill validation for all eleven exported skills
- uv run plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py
- uv run scripts/validate_socket_metadata.py
- git diff --check
@gaelic-ghost gaelic-ghost added the enhancement New feature or request label Jul 14, 2026
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@gaelic-ghost, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 46 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 766c58e6-b763-4691-a0c3-ba727c17e455

📥 Commits

Reviewing files that changed from the base of the PR and between 412a4e7 and 811abd4.

📒 Files selected for processing (2)
  • docs/maintainers/reverse-engineering-skills-plugin-plan.md
  • plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py
📝 Walkthrough

Walkthrough

The PR expands the reverse-engineering plugin with shared analysis, Apple, .NET, Unity, artifact-preservation, reporting, and tool-adapter skills; adds validation and evidence templates; refreshes generated architecture inventories; and bumps project and plugin versions to 9.10.0.

Changes

Reverse-engineering plugin expansion

Layer / File(s) Summary
Planning and workflow architecture
README.md, ROADMAP.md, docs/maintainers/...
Documents the expanded skill inventory, layered architecture, delivery phases, validation rules, and acceptance criteria.
Shared analysis and validation
plugins/reverse-engineering-skills/scripts/..., plugins/reverse-engineering-skills/skills/evidence-notes-workflow/..., plugins/reverse-engineering-skills/skills/select-analysis-path/...
Adds repository metadata validation, reusable evidence-record templates, analysis-path selection, and explicit skill invocation prompts.
Artifact and platform workflows
plugins/reverse-engineering-skills/skills/{preserve,inspect,analyze,compare,recover,report,research}*/...
Adds workflows for preserving and analyzing Apple, .NET, Unity, dyld, kernel, signing, crash, runtime, binary-version, decompiler, and security-research artifacts.
Tool adapters
plugins/reverse-engineering-skills/skills/use-{cutter-and-rizin,ghidra,hopper,malimite}/...
Adds thin tool-specific workflows covering capability discovery, bounded analysis, evidence preservation, and failure routing.
Architecture inventories
docs/architecture/ARCHITECTURE.md, docs/architecture/architecture.json
Refreshes generated products, manifests, targets, plugin-to-skill relationships, and marketplace ownership mappings.
Release metadata
plugins/*/.codex-plugin/plugin.json, plugins/*/pyproject.toml, pyproject.toml
Updates affected plugin and project versions from 9.9.1 to 9.10.0.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Researcher
  participant SelectAnalysisPath
  participant EvidenceNotesWorkflow
  participant ToolAdapter
  Researcher->>SelectAnalysisPath: Provide question and artifact identity
  SelectAnalysisPath->>EvidenceNotesWorkflow: Initialize required evidence records
  SelectAnalysisPath->>ToolAdapter: Select capability-matched adapter
  ToolAdapter->>EvidenceNotesWorkflow: Record analysis context and outputs
  EvidenceNotesWorkflow-->>Researcher: Return reproducible findings and next check
Loading

Possibly related PRs

Suggested labels: documentation

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the PR’s main change: expanding reverse-engineering workflows.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch skills/expand-reverse-engineering

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py (1)

154-170: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Add defensive guards for missing directories and non-object JSON.

If plugin.json contains valid JSON that is not an object (e.g. an array), manifest.get will raise an AttributeError. Additionally, if the skills directory is missing, SKILLS_ROOT.iterdir() will raise a FileNotFoundError. Adding defensive checks ensures the validation script fails gracefully with a standard Finding rather than an unhandled exception.

♻️ Proposed fixes
 def validate_manifest() -> list[Finding]:
     try:
         manifest = json.loads(PLUGIN_MANIFEST.read_text(encoding="utf-8"))
     except FileNotFoundError:
         return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "is missing")]
     except json.JSONDecodeError as error:
         return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), f"contains invalid JSON: {error}")]
+    if not isinstance(manifest, dict):
+        return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "manifest must be a JSON object")]
     if manifest.get("skills") != "./skills/":
         return [Finding(str(PLUGIN_MANIFEST.relative_to(REPO_ROOT)), "must export the authored ./skills/ directory")]
     return []
 
 
 def main() -> int:
     findings = validate_manifest()
-    skill_dirs = sorted(path for path in SKILLS_ROOT.iterdir() if path.is_dir())
+    skill_dirs = sorted(path for path in SKILLS_ROOT.iterdir() if path.is_dir()) if SKILLS_ROOT.is_dir() else []
     if not skill_dirs:
         findings.append(Finding("skills", "must contain at least one exported skill directory"))
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py` around
lines 154 - 170, Update validate_manifest to verify the parsed JSON is an object
before calling manifest.get, returning a Finding for valid non-object JSON.
Update main’s SKILLS_ROOT iteration to handle a missing directory and append the
standard “skills” Finding instead of allowing FileNotFoundError to escape;
preserve the existing empty-directory validation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/maintainers/reverse-engineering-skills-plugin-plan.md`:
- Around line 303-312: Reconcile Milestone 13 Exit Criteria status across docs:
in docs/maintainers/reverse-engineering-skills-plugin-plan.md lines 303-312,
align the five unchecked criteria with the completed Phase 3 ticket and Delivery
Sequence, or retain them unchecked with explicit justification; in ROADMAP.md
lines 402-408, update the corresponding criteria to the same status if they
remain open. Ensure both checklists agree.
- Around line 237-246: Rename the “Existing Non-Apple Domain Candidates” heading
above `reverse-engineering:inspect-dotnet-assemblies` and
`reverse-engineering:inspect-unity-artifacts` to reflect that these shipped
skills are existing non-Apple domain skills, matching the shipped framing used
by the other skill groups.

---

Nitpick comments:
In `@plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py`:
- Around line 154-170: Update validate_manifest to verify the parsed JSON is an
object before calling manifest.get, returning a Finding for valid non-object
JSON. Update main’s SKILLS_ROOT iteration to handle a missing directory and
append the standard “skills” Finding instead of allowing FileNotFoundError to
escape; preserve the existing empty-directory validation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1cf1d381-21e4-4d70-a4f4-7b1212eed143

📥 Commits

Reviewing files that changed from the base of the PR and between 7b16f51 and 412a4e7.

⛔ Files ignored due to path filters (8)
  • plugins/agent-portability-skills/uv.lock is excluded by !**/*.lock
  • plugins/apple-dev-skills/uv.lock is excluded by !**/*.lock
  • plugins/cardhop-app/mcp/uv.lock is excluded by !**/*.lock
  • plugins/productivity-skills/uv.lock is excluded by !**/*.lock
  • plugins/python-skills/uv.lock is excluded by !**/*.lock
  • plugins/things-app/mcp/uv.lock is excluded by !**/*.lock
  • plugins/things-app/uv.lock is excluded by !**/*.lock
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (94)
  • README.md
  • ROADMAP.md
  • docs/architecture/ARCHITECTURE.md
  • docs/architecture/architecture.json
  • docs/maintainers/reverse-engineering-skills-plugin-plan.md
  • plugins/agent-portability-skills/.codex-plugin/plugin.json
  • plugins/agent-portability-skills/pyproject.toml
  • plugins/agentdeck/.codex-plugin/plugin.json
  • plugins/android-dev-skills/.codex-plugin/plugin.json
  • plugins/apple-creator-studio-skills/.codex-plugin/plugin.json
  • plugins/apple-dev-skills/.codex-plugin/plugin.json
  • plugins/apple-dev-skills/pyproject.toml
  • plugins/cardhop-app/.codex-plugin/plugin.json
  • plugins/cardhop-app/mcp/pyproject.toml
  • plugins/cloud-deployment-skills/.codex-plugin/plugin.json
  • plugins/cloud-inference-skills/.codex-plugin/plugin.json
  • plugins/dotnet-skills/.codex-plugin/plugin.json
  • plugins/game-dev-skills/.codex-plugin/plugin.json
  • plugins/messaging-collaboration-skills/.codex-plugin/plugin.json
  • plugins/network-protocol-skills/.codex-plugin/plugin.json
  • plugins/productivity-skills/.codex-plugin/plugin.json
  • plugins/productivity-skills/pyproject.toml
  • plugins/python-skills/.codex-plugin/plugin.json
  • plugins/python-skills/pyproject.toml
  • plugins/reverse-engineering-skills/.codex-plugin/plugin.json
  • plugins/reverse-engineering-skills/scripts/validate_repo_metadata.py
  • plugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/SKILL.md
  • plugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/analyze-apple-silicon-arm64e/references/apple-silicon-arm64e.md
  • plugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/SKILL.md
  • plugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/audit-apple-signing-and-containment/references/apple-signing-and-containment.md
  • plugins/reverse-engineering-skills/skills/compare-binary-versions/SKILL.md
  • plugins/reverse-engineering-skills/skills/compare-binary-versions/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/SKILL.md
  • plugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/correlate-apple-symbols-and-crashes/references/apple-symbol-and-crash-correlation.md
  • plugins/reverse-engineering-skills/skills/evidence-notes-workflow/SKILL.md
  • plugins/reverse-engineering-skills/skills/evidence-notes-workflow/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/evidence-notes-workflow/references/analysis-records.md
  • plugins/reverse-engineering-skills/skills/inspect-apple-artifact/SKILL.md
  • plugins/reverse-engineering-skills/skills/inspect-apple-artifact/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/inspect-apple-artifact/references/apple-artifact-and-macho.md
  • plugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/SKILL.md
  • plugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/inspect-dotnet-assemblies/references/dotnet-assembly-analysis.md
  • plugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/SKILL.md
  • plugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/inspect-dyld-shared-cache/references/dyld-cache-workflow.md
  • plugins/reverse-engineering-skills/skills/inspect-unity-artifacts/SKILL.md
  • plugins/reverse-engineering-skills/skills/inspect-unity-artifacts/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/inspect-unity-artifacts/references/unity-artifact-analysis.md
  • plugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/SKILL.md
  • plugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/perform-apple-dynamic-analysis/references/apple-dynamic-analysis.md
  • plugins/reverse-engineering-skills/skills/preserve-binary-artifacts/SKILL.md
  • plugins/reverse-engineering-skills/skills/preserve-binary-artifacts/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/SKILL.md
  • plugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/recover-apple-runtime-metadata/references/apple-runtime-recovery.md
  • plugins/reverse-engineering-skills/skills/report-apple-security-research/SKILL.md
  • plugins/reverse-engineering-skills/skills/report-apple-security-research/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/report-apple-security-research/references/apple-security-reporting.md
  • plugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/SKILL.md
  • plugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/research-apple-kernel-boot-and-firmware/references/apple-system-artifacts.md
  • plugins/reverse-engineering-skills/skills/review-decompiler-output/SKILL.md
  • plugins/reverse-engineering-skills/skills/review-decompiler-output/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/select-analysis-path/SKILL.md
  • plugins/reverse-engineering-skills/skills/select-analysis-path/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/triage-artifact/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/use-cutter-and-rizin/SKILL.md
  • plugins/reverse-engineering-skills/skills/use-cutter-and-rizin/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/use-cutter-and-rizin/references/cutter-rizin-workflow.md
  • plugins/reverse-engineering-skills/skills/use-ghidra/SKILL.md
  • plugins/reverse-engineering-skills/skills/use-ghidra/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/use-ghidra/references/ghidra-workflow.md
  • plugins/reverse-engineering-skills/skills/use-hopper/SKILL.md
  • plugins/reverse-engineering-skills/skills/use-hopper/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/use-hopper/references/hopper-workflow.md
  • plugins/reverse-engineering-skills/skills/use-malimite/SKILL.md
  • plugins/reverse-engineering-skills/skills/use-malimite/agents/openai.yaml
  • plugins/reverse-engineering-skills/skills/use-malimite/references/malimite-workflow.md
  • plugins/rust-skills/.codex-plugin/plugin.json
  • plugins/server-side-jvm/.codex-plugin/plugin.json
  • plugins/server-side-swift/.codex-plugin/plugin.json
  • plugins/spotify/.codex-plugin/plugin.json
  • plugins/swift-lang/.codex-plugin/plugin.json
  • plugins/swiftasb-skills/.codex-plugin/plugin.json
  • plugins/things-app/.codex-plugin/plugin.json
  • plugins/things-app/mcp/pyproject.toml
  • plugins/things-app/pyproject.toml
  • plugins/web-dev-skills/.codex-plugin/plugin.json
  • pyproject.toml

Comment thread docs/maintainers/reverse-engineering-skills-plugin-plan.md Outdated
Comment thread docs/maintainers/reverse-engineering-skills-plugin-plan.md
@gaelic-ghost gaelic-ghost merged commit 4b89fdf into main Jul 14, 2026
2 checks passed
@gaelic-ghost gaelic-ghost deleted the skills/expand-reverse-engineering branch July 14, 2026 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant