V0.3.4/upstream fix

[gimlichael]

This pull request significantly improves the robustness and automation of the .NET scaffold skills (dotnet-new-app-slnx and dotnet-new-lib-slnx) by introducing a manifest-driven approach for restoring all required shared assets, including dotfiles. It also adds a PowerShell script to automatically restore missing assets from the upstream repository, updates documentation to reflect these changes, and expands the changelog tooling for safer automation.

Manifest-driven asset recovery and automation:

• Added assets/shared.manifest.json to both dotnet-new-app-slnx and dotnet-new-lib-slnx skills, defining an authoritative list of all required shared scaffold files (including dot-prefixed files and folders) and their upstream source metadata. [1] [2]
• Added scripts/restore-missing-shared-assets.ps1 PowerShell script to detect and restore any missing shared assets directly from the upstream GitHub repository using the manifest. The script halts generation if any file cannot be restored, ensuring no incomplete scaffolds.

Guidance and documentation updates:

• Updated both SKILL.md files to:
  • Document the new manifest-driven restore policy and upstream metadata as the single source of truth for asset recovery, replacing the previous manual and iterative verification steps. [1] [2]
  • Specify that assets/shared.manifest.json is skill-internal and must never be copied into generated solutions. [1] [2]
  • Require immediate restoration via the script (or manual fetch using the raw base URL) if any manifest entry is missing, rather than diagnosing absence multiple ways. [1] [2]
  • Update post-generation verification checklists to require manifest completeness and script usage, and to halt on any restore failures. [1] [2] [3]

Changelog and tooling improvements:

• Updated CHANGELOG.md to document the new manifest-driven asset recovery, script-based restoration, and expanded git-keep-a-changelog yolo/auto mode, which now safely auto-drafts changelogs without confirmation prompts.
• Added dotnet-new-app-slnx and dotnet-new-lib-slnx to the skill install instructions in README.md.

[greptile-apps]

Greptile Summary

This PR introduces a manifest-driven approach to shared asset recovery for the dotnet-new-app-slnx and dotnet-new-lib-slnx scaffold skills, adds PowerShell scripts to automatically restore missing upstream files, and formalises a yolo/auto full-autonomy mode in the git-keep-a-changelog skill. Documentation, checklists, and the changelog are updated consistently throughout.

Confidence Score: 5/5

Safe to merge — all findings are P2 (minor usability and process suggestions).

No correctness defects or security issues were found. The two flagged items are: the -DryRun exit-code returning 0 even when files are missing (usability gap for CI), and the absence of evals/evals.json updates for the modified skills (process rule from AGENTS.md). Both are P2 and do not block merge.

Both restore-missing-shared-assets.ps1 copies warrant a quick look if the script is ever wired into a CI audit step.

Important Files Changed

Filename	Overview
skills/dotnet-new-app-slnx/scripts/restore-missing-shared-assets.ps1	New PowerShell script that reads the manifest and fetches missing files from upstream; -DryRun exits 0 even when files are absent, making it unreliable as a CI audit gate.
skills/dotnet-new-lib-slnx/scripts/restore-missing-shared-assets.ps1	Identical copy of the app-slnx restore script; same -DryRun exit-code issue applies.
skills/dotnet-new-app-slnx/assets/shared.manifest.json	New manifest listing 15 required shared scaffold files with upstream metadata; entries are accurate for the app scaffold variant.
skills/dotnet-new-lib-slnx/assets/shared.manifest.json	New manifest for the library variant; correctly adds LICENSE and .github/codecov.yml entries absent from the app manifest.
skills/dotnet-new-app-slnx/SKILL.md	Adds upstream source table, manifest-driven mismatch policy, and updated post-generation checklist; clear and well-structured.
skills/dotnet-new-lib-slnx/SKILL.md	Mirrors the app-slnx SKILL.md changes; upstream source table, mismatch policy, and checklist updates are consistent and correct.
skills/git-keep-a-changelog/SKILL.md	Adds the yolo/auto full-autonomy mode with clear rule exceptions; consistent with FORMS.md changes and well-guarded against misuse.
skills/git-keep-a-changelog/FORMS.md	Correctly annotates the confirmation-gate form to be skipped in yolo/auto mode; consistent with SKILL.md.
CHANGELOG.md	Updated 0.3.4 entry to reflect manifest-driven restore and yolo/auto changelog mode; bullet punctuation is consistent.
README.md	Adds npx skills add install lines for dotnet-new-app-slnx and dotnet-new-lib-slnx; straightforward and correct.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[npx skills add installs skill] --> B{All manifest\nentries present?}
    B -- Yes --> E[Proceed with scaffold generation]
    B -- No --> C[Run restore-missing-shared-assets.ps1]
    C --> D{Upstream fetch\nsucceeds?}
    D -- Yes --> E
    D -- No --> F[Halt — report failure\ndo not substitute placeholders]
    E --> G[Copy assets/shared to project root\nexcluding shared.manifest.json]
    G --> H[Apply placeholder substitution]
    H --> I[Post-generation checklist\nvalidate manifest completeness]

Loading

Comments Outside Diff (1)

1. skills/dotnet-new-app-slnx/SKILL.md, line 84-85 (link)

   evals/evals.json not updated for this skill modification

   AGENTS.md states: "If you add a new skill or modify an existing repo-managed skill, update that skill's evals/evals.json before considering the work complete." This PR introduces a new manifest-driven restore policy and the scripts/ subtree, which are meaningful behavioural changes, but no update to skills/dotnet-new-app-slnx/evals/evals.json is included. The same applies to dotnet-new-lib-slnx and git-keep-a-changelog, which also receive significant instruction changes in this PR.

   Context Used: AGENTS.md (source)

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: skills/dotnet-new-app-slnx/SKILL.md
   Line: 84-85
   
   Comment:
   **`evals/evals.json` not updated for this skill modification**
   
   `AGENTS.md` states: *"If you add a new skill or modify an existing repo-managed skill, update that skill's `evals/evals.json` before considering the work complete."* This PR introduces a new manifest-driven restore policy and the `scripts/` subtree, which are meaningful behavioural changes, but no update to `skills/dotnet-new-app-slnx/evals/evals.json` is included. The same applies to `dotnet-new-lib-slnx` and `git-keep-a-changelog`, which also receive significant instruction changes in this PR.
   
   **Context Used:** AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=9eea264a-e8c9-4acf-a7b4-05bb7a7c4031))
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: skills/dotnet-new-app-slnx/scripts/restore-missing-shared-assets.ps1
Line: 69-72

Comment:
**`-DryRun` always exits 0, even when files are missing**

When the script is invoked with `-DryRun` and missing files are detected, it exits with code `0`. Any CI pipeline or automated check that calls this script with `-DryRun` to audit completeness will never detect the gap from the exit code alone — it would need to parse stdout for the warning text. Exiting with code `1` when files are missing (even in dry-run mode) makes the script safe to use in `-WhatIf`-style pipeline steps.

```suggestion
if ($DryRun) {
    Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
    if ($missing.Count -gt 0) { exit 1 }
    exit 0
}
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: skills/dotnet-new-lib-slnx/scripts/restore-missing-shared-assets.ps1
Line: 69-72

Comment:
**`-DryRun` always exits 0, even when files are missing**

Same issue as the `dotnet-new-app-slnx` copy: when `-DryRun` is combined with missing files the script exits `0`, so any automated audit step that relies on the exit code will silently pass. Exiting `1` when files are absent keeps the dry-run safe to wire into pipelines.

```suggestion
if ($DryRun) {
    Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
    if ($missing.Count -gt 0) { exit 1 }
    exit 0
}
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: skills/dotnet-new-app-slnx/SKILL.md
Line: 84-85

Comment:
**`evals/evals.json` not updated for this skill modification**

`AGENTS.md` states: *"If you add a new skill or modify an existing repo-managed skill, update that skill's `evals/evals.json` before considering the work complete."* This PR introduces a new manifest-driven restore policy and the `scripts/` subtree, which are meaningful behavioural changes, but no update to `skills/dotnet-new-app-slnx/evals/evals.json` is included. The same applies to `dotnet-new-lib-slnx` and `git-keep-a-changelog`, which also receive significant instruction changes in this PR.

**Context Used:** AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=9eea264a-e8c9-4acf-a7b4-05bb7a7c4031))

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "💬 refine changelog yolo mode" | Re-trigger Greptile}

[greptile-apps]

-DryRun always exits 0, even when files are missing

When the script is invoked with -DryRun and missing files are detected, it exits with code 0. Any CI pipeline or automated check that calls this script with -DryRun to audit completeness will never detect the gap from the exit code alone — it would need to parse stdout for the warning text. Exiting with code 1 when files are missing (even in dry-run mode) makes the script safe to use in -WhatIf-style pipeline steps.

Suggested change

	if ($DryRun) {
	Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
	exit 0
	}
	if ($DryRun) {
	Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
	if ($missing.Count -gt 0) { exit 1 }
	exit 0
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: skills/dotnet-new-app-slnx/scripts/restore-missing-shared-assets.ps1
Line: 69-72

Comment:
**`-DryRun` always exits 0, even when files are missing**

When the script is invoked with `-DryRun` and missing files are detected, it exits with code `0`. Any CI pipeline or automated check that calls this script with `-DryRun` to audit completeness will never detect the gap from the exit code alone — it would need to parse stdout for the warning text. Exiting with code `1` when files are missing (even in dry-run mode) makes the script safe to use in `-WhatIf`-style pipeline steps.

```suggestion
if ($DryRun) {
    Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
    if ($missing.Count -gt 0) { exit 1 }
    exit 0
}
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

-DryRun always exits 0, even when files are missing

Same issue as the dotnet-new-app-slnx copy: when -DryRun is combined with missing files the script exits 0, so any automated audit step that relies on the exit code will silently pass. Exiting 1 when files are absent keeps the dry-run safe to wire into pipelines.

Suggested change

	if ($DryRun) {
	Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
	exit 0
	}
	if ($DryRun) {
	Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
	if ($missing.Count -gt 0) { exit 1 }
	exit 0
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: skills/dotnet-new-lib-slnx/scripts/restore-missing-shared-assets.ps1
Line: 69-72

Comment:
**`-DryRun` always exits 0, even when files are missing**

Same issue as the `dotnet-new-app-slnx` copy: when `-DryRun` is combined with missing files the script exits `0`, so any automated audit step that relies on the exit code will silently pass. Exiting `1` when files are absent keeps the dry-run safe to wire into pipelines.

```suggestion
if ($DryRun) {
    Write-Host "`n[DryRun] No files downloaded." -ForegroundColor Cyan
    if ($missing.Count -gt 0) { exit 1 }
    exit 0
}
```

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 738984e664

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Require explicit yolo/auto token before bypassing Step 3

Treating any message that contains auto anywhere as full-autonomy mode will unintentionally bypass the pending-change confirmation gate for normal requests like "automatically update the changelog". That can silently expand release scope to staged/unstaged/untracked changes even when the user did not ask for the special bypass mode, which contradicts the safety intent of Step 3 for concrete releases.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Restore app hidden assets outside assets/shared

The restore script only checks and repairs assets/shared, but the app scaffold also depends on hidden files under assets/app (for example assets/app/.github/workflows/ci-pipeline.yml is required by skills/dotnet-new-app-slnx/SKILL.md Step 5). If the installer drops dot-prefixed paths, this script will report success while that required app workflow file is still missing, leading to incomplete or incorrect app scaffolds.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Restore library dot-prefixed templates beyond shared assets

The library restore script is scoped to assets/shared only, but the library workflow requires dot-prefixed templates under assets/library/.docfx (skills/dotnet-new-lib-slnx/SKILL.md Step 5). When installer truncation removes .docfx, the script will not detect or recover those files, so generation can proceed with a broken library template set.

Useful? React with 👍 / 👎.