HYPERFLEET-1236 - fix(dynamic-context): resolve hyperfleet-architecture skill availability dynamically

[rafabene]

Summary

• Fix hyperfleet-architecture skill availability detection in dynamic context across 4 skills in 3 plugins (hyperfleet-code-review, hyperfleet-operational-readiness, hyperfleet-adapter-authoring)
• The old approach used only a relative filesystem path from CLAUDE_SKILL_DIR, which failed for installed plugins because the install path includes a version directory (<plugin>/<version>/skills/...)
• Replace with two-tier detection: check ~/.claude/plugins/installed_plugins.json first (installed plugins), fall back to relative path (local dev)
• Document the cross-plugin skill detection pattern and testing matrix in CONTRIBUTING.md

Test plan

• Install both hyperfleet-code-review and hyperfleet-architecture plugins, run /review-pr — architecture check should execute (not skip)
• Run /review-local — architecture check should execute (not skip)
• Run with --plugin-dir in local dev — detection should work via relative path fallback
• Uninstall hyperfleet-architecture plugin — detection should correctly return "NOT available"

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign vkareh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 548987e6-6570-4254-9b48-4494f071776a

📥 Commits

Reviewing files that changed from the base of the PR and between c1f42c3 and df15157.

📒 Files selected for processing (7)

• CONTRIBUTING.md
• hyperfleet-adapter-authoring/skills/SKILL.md
• hyperfleet-code-review/.claude-plugin/plugin.json
• hyperfleet-code-review/skills/review-local/SKILL.md
• hyperfleet-code-review/skills/review-pr/SKILL.md
• hyperfleet-operational-readiness/.claude-plugin/plugin.json
• hyperfleet-operational-readiness/skills/operational-readiness-audit/SKILL.md

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

---

📝 Walkthrough

Summary by CodeRabbit

• Documentation

  • Added guidance for cross-plugin skill detection, including a two-tier availability check pattern and four scenario outcomes (installed vs local dev vs unavailable vs missing configuration).

• Chores

  • Bumped plugin versions: hyperfleet-code-review (0.7.0 → 0.7.1) and hyperfleet-operational-readiness (0.2.0 → 0.2.1).

• Improvements

  • Updated dynamic context skill availability detection to prefer the installed plugins registry first, with a conditional fallback for local development when the skill directory is configured.

Walkthrough

CONTRIBUTING.md adds a "Cross-Plugin Skill Detection" section establishing a two-tier dynamic-context pattern: grep ~/.claude/plugins/installed_plugins.json for hyperfleet-architecture@ first; if that fails or the file is absent, conditionally fall back to a CLAUDE_SKILL_DIR-relative SKILL.md existence check (guarded by CLAUDE_SKILL_DIR being set). A four-scenario test matrix documents expected outputs (available vs NOT available). The same detection command is applied to four skill manifests across hyperfleet-adapter-authoring, hyperfleet-code-review (review-local, review-pr), and hyperfleet-operational-readiness. Two plugin.json files receive patch version increments reflecting the implementation changes.

Supply chain note: This adds plugin-discovery logic dependent on the installed-plugins registry file ($HOME/.claude/plugins/installed_plugins.json). Registry unavailability or malformed entries silently fall back to filesystem checks without validation or error reporting. No checksum or signature verification is performed on discovered skills; availability is purely existence-based.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the primary change: fixing dynamic-context skill availability detection for hyperfleet-architecture across multiple plugins.
Description check	✅ Passed	The description directly relates to the changeset, explaining the bug fix, two-tier detection strategy, documentation updates, and test plan for the skill availability detection issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	PR modifies only Markdown and JSON files with no Go code. No log statements (slog, logr, zap, fmt.Print*) found. All bash dynamic context commands output non-sensitive data (availability, branch, l...
No Hardcoded Secrets	✅ Passed	No hardcoded secrets, API keys, tokens, credentials, base64 strings, embedded URLs, or sensitive variables found in modified files. Email in metadata is legitimate author attribution.
No Weak Cryptography	✅ Passed	No weak cryptographic primitives (md5, des, rc4, SHA1 for security) or insecure comparisons detected. PR adds documentation, version bumps, and shell script skill detection logic—no cryptographic i...
No Injection Vectors	✅ Passed	All shell commands use hardcoded plugin/skill names and paths with no user input interpolation. No CWE-78/89/79/502 injection patterns detected in any modified files.
No Privileged Containers	✅ Passed	PR contains no Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles. Changes are limited to Claude plugin metadata, skill detection logic, and documentation.
No Pii Or Sensitive Data In Logs	✅ Passed	PR introduces no new logging statements exposing PII. All hyperfleet-architecture skill detection changes output only "available"/"NOT available" via safe echo statements. Pre-existing dynamic cont...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rafabene]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.