snazy opened a new pull request, #445:
URL: https://github.com/apache/airflow-steward/pull/445
## Summary
- Add `magpie-ci-runner-audit`, a read-only skill for auditing GitHub
Actions runner compatibility across one repo, multiple repos, an Apache
project, or the Apache GitHub org.
- Detects retired GitHub-hosted runner labels and high-confidence macOS
runner/tool architecture mismatches.
- Includes a scanner script, skill loader symlinks, capability registration,
docs update, and eval coverage.
- Broad macOS architecture candidates are treated as false-positive-prone
triage input, not confirmed findings.
## Type of change
- [x] Skill change (`.claude/skills/<name>/`) — eval fixtures updated below
- [ ] Tool / bridge contract (`tools/<system>/*.md`)
- [ ] Python package (`tools/*/` with `pyproject.toml`)
- [ ] Groovy reference impl
- [ ] Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
- [x] Documentation (`docs/`, `README.md`, `CONTRIBUTING.md`)
- [ ] Project template (`projects/_template/`)
- [x] CI / dev loop (`prek`, workflows, validators)
- [ ] Other:
## Test plan
- [ ] `prek run --all-files` passes
- [ ] For Python packages touched: `uv run pytest` / `ruff check` / `mypy`
passes
- [ ] For Groovy bridges touched: command-line invocation tested end-to-end
- [x] For skill changes: eval suite passes for the affected skill
(`PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner
tools/skill-evals/evals/ci-runner-audit/`)
- [x] For skill *behaviour* changes: a new or updated eval fixture is
included in this PR
- [x] Other:
- `python3 -m py_compile skills/ci-runner-audit/scripts/scan_ci_runners.py`
- `PYTHONPATH=tools/skill-and-tool-validator/src python3 -c 'import
skill_and_tool_validator; raise SystemExit(skill_and_tool_validator.main())'`
- `tools/dev/check-placeholders.sh`
## RFC-AI-0004 compliance
- [x] HITL
- [x] Sandbox
- [x] Vendor neutrality
- [x] Conversational + correctable
- [x] Write-access discipline
- [ ] Privacy LLM
The skill is read-only. It does not edit workflows, open pull requests, post
comments, apply labels, or mutate remote state. It asks the user to define the
scan scope and reports evidence as TSV output. Repository/project scope is
parameterized rather than hard-coded.
## Linked issues
None.
## Notes for reviewers (optional)
The validator reports existing soft warnings in unrelated skills:
- `skills/security-issue-import-via-forwarder`
- `skills/setup-isolated-setup-verify`
This PR does not add new validator warnings.
`prek run --all-files` was not run locally. `lychee` was also not available
locally.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
