From 9cf3396f589ff3f2bd98bceddf464224711c7e80 Mon Sep 17 00:00:00 2001 From: Amolith Date: Sun, 11 Jan 2026 09:33:55 -0700 Subject: [PATCH] feat(secrets): add resolving-secrets skill and update lunatask references Add new resolving-secrets skill for wrapping shell commands with opx to resolve secret references in environment variables. Update lunatask CLI references to mention trying lune directly first before falling back to the resolving-secrets skill. Assisted-by: Kimi K2 Thinking via Crush --- .../references/cli.md | 2 ++ skills/resolving-secrets/SKILL.md | 19 +++++++++++++++++++ .../references/installing-opx.md | 1 + .../references/cli.md | 2 ++ 4 files changed, 24 insertions(+) create mode 100644 skills/resolving-secrets/SKILL.md create mode 100644 skills/resolving-secrets/references/installing-opx.md diff --git a/skills/creating-tasks-through-lunatask/references/cli.md b/skills/creating-tasks-through-lunatask/references/cli.md index ca43d62fb3722d6e83088d5fbcd52c5d77d14666..2f4dee3497f8cf0d52a2233bd6e008df4283d0cd 100644 --- a/skills/creating-tasks-through-lunatask/references/cli.md +++ b/skills/creating-tasks-through-lunatask/references/cli.md @@ -1,5 +1,7 @@ When MCP tools are unavailable, use `lune` CLI. Destructive actions are interactive unless supplied `--force`. +**Try `lune` directly first**—it integrates with the system keyring. Only fall back to the `resolving-secrets` skill if the user isn't using keyring-based credential storage. + ## Creating tasks ```bash diff --git a/skills/resolving-secrets/SKILL.md b/skills/resolving-secrets/SKILL.md new file mode 100644 index 0000000000000000000000000000000000000000..414bf5e0faedcc65b189ee08dafa8c7c5087efab --- /dev/null +++ b/skills/resolving-secrets/SKILL.md @@ -0,0 +1,19 @@ +--- +name: resolving-secrets +description: Wraps shell commands to resolve secret references in environment variables to their actual values. Always use when invoking synu, crush, gh, hut, etc. Ask whether to use if an invocation fails due to missing credentials. +compatibility: Requires `fish` shell and `opx` Fish function +license: AGPL-3.0-or-later +metadata: + author: Amolith +--- + +Prefix commands with `fish -c "opx ..."`. + +```bash +fish -c "opx synu claude -p 'prompt'" +fish -c "opx hut todo ticket show -t '~singpolyma/soprani.ca' 465" +fish -c "opx gh issue view 123" +fish -c "opx crush" +``` + +Refer to [installing-opx.md](references/installing-opx.md) if it's unavailable. diff --git a/skills/resolving-secrets/references/installing-opx.md b/skills/resolving-secrets/references/installing-opx.md new file mode 100644 index 0000000000000000000000000000000000000000..96cb65fbec931e410c6b0ba0c32494b1587e0cbb --- /dev/null +++ b/skills/resolving-secrets/references/installing-opx.md @@ -0,0 +1 @@ +Yoink it from https://git.secluded.site/yadr/blob/main/dot_config/private_fish/functions/opx.fish?raw=1 into ~/.config/fish/functions/opx.fish diff --git a/skills/resuming-work-through-lunatask/references/cli.md b/skills/resuming-work-through-lunatask/references/cli.md index 323a46d0b2e7bdd168e58ede51b24a16314b9bf4..467633625e805383133bbc29430a3bbc10f28582 100644 --- a/skills/resuming-work-through-lunatask/references/cli.md +++ b/skills/resuming-work-through-lunatask/references/cli.md @@ -1,5 +1,7 @@ When MCP tools are unavailable, use `lune` CLI. Destructive actions are interactive unless supplied `--force`. +**Try `lune` directly first**—it integrates with the system keyring. Only fall back to the `resolving-secrets` skill if the user isn't using keyring-based credential storage. + ## Showing task details ```bash