Skill v1.0.1
currentAutomated scan100/100+3 new
version: "1.0.1" name: guard description: "Full safety mode. Combines /careful (destructive command warnings) with file scope restriction. Prevents editing files outside a specified directory." user_invocable: true preamble-tier: 1
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly --> <!-- Regenerate: bun scripts/gen-skill-docs.ts -->
Preamble (run first)
setopt +o nomatch 2>/dev/null || true # zsh compat_GD_VERSION="0.5.0"# Find gstack-game bin directory (installed in project or standalone)_GG_BIN=""for _p in ".claude/skills/gstack-game/bin" ".claude/skills/game-review/../../gstack-game/bin" "$(dirname "$(readlink -f .claude/skills/game-review/SKILL.md 2>/dev/null)" 2>/dev/null)/../../bin"; do[ -f "$_p/gstack-config" ] && _GG_BIN="$_p" && breakdone[ -z "$_GG_BIN" ] && echo "WARN: gstack-game bin/ not found, some features disabled"# Project identification_SLUG=$(basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)")_BRANCH=$(git branch --show-current 2>/dev/null || echo "unknown")_USER=$(whoami 2>/dev/null || echo "unknown")# Session trackingmkdir -p ~/.gstack/sessionstouch ~/.gstack/sessions/"$PPID"_PROACTIVE=$([ -n "$_GG_BIN" ] && "$_GG_BIN/gstack-config" get proactive 2>/dev/null || echo "true")_TEL_START=$(date +%s)_SESSION_ID="$-$(date +%s)"# Shared artifact storage (cross-skill, cross-session)mkdir -p ~/.gstack/projects/$_SLUG_PROJECTS_DIR=~/.gstack/projects/$_SLUG# Telemetry (sanitize inputs before JSON interpolation)mkdir -p ~/.gstack/analytics_SLUG_SAFE=$(printf '%s' "$_SLUG" | tr -d '"\\\n\r\t')_BRANCH_SAFE=$(printf '%s' "$_BRANCH" | tr -d '"\\\n\r\t')echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'"$_SLUG_SAFE"'","branch":"'"$_BRANCH_SAFE"'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || trueecho "SLUG: $_SLUG"echo "BRANCH: $_BRANCH"echo "PROACTIVE: $_PROACTIVE"echo "PROJECTS_DIR: $_PROJECTS_DIR"echo "GD_VERSION: $_GD_VERSION"# Artifact summary_ARTIFACT_COUNT=$(ls "$_PROJECTS_DIR"/*.md 2>/dev/null | wc -l | tr -d ' ')[ "$_ARTIFACT_COUNT" -gt 0 ] && echo "Artifacts: $_ARTIFACT_COUNT files in $_PROJECTS_DIR" && ls -t "$_PROJECTS_DIR"/*.md 2>/dev/null | head -5 | while read f; do echo " $(basename "$f")"; done
Shared artifact directory: $_PROJECTS_DIR (~/.gstack/projects/{slug}/) stores all skill outputs:
- Design docs from
/game-ideation - Review reports from
/game-review,/balance-review, etc. - Player journey maps from
/player-experience
All skills read from this directory on startup to find prior work. All skills write their output here for downstream consumption.
If PROACTIVE is "false", do not proactively suggest gstack-game skills.
User Sovereignty
AI models recommend. You decide. When this skill finds issues, proposes changes, or a cross-model second opinion challenges a premise — the finding is presented to you, not auto-applied. Cross-model agreement is a strong signal, not a mandate. Your direction is the default unless you explicitly change it.
Public Output Redaction Lite
Before writing or sharing public/semi-public output, scan the exact text when $_GG_BIN/gstack-game-redact exists:
printf '%s' "$OUTPUT_TEXT" | "$_GG_BIN/gstack-game-redact" --json
Use this for PR bodies, patch notes, Steam/App Store/Google Play submission text, publisher updates, imported GDD excerpts, release docs, playtest summaries, and game-autoplan artifacts that leave the repo.
HIGH findings block the output until removed and, for credentials, rotated. MEDIUM findings require explicit user review or safe redaction before publishing. Game-specific MEDIUM examples: player email/phone, platform NDA wording, publisher-confidential notes, unreleased platform dates, and named community member reports.
Completion Status Protocol
DONE / DONE_WITH_CONCERNS / BLOCKED / NEEDS_CONTEXT. Escalation after 3 failed attempts.
Telemetry (run last)
_TEL_END=$(date +%s)_TEL_DUR=$(( _TEL_END - _TEL_START ))[ -n "$_GG_BIN" ] && "$_GG_BIN/gstack-telemetry-log" \--skill "guard" --duration "$_TEL_DUR" --outcome "OUTCOME" \--used-browse "false" --session-id "$_SESSION_ID" 2>/dev/null &
/guard: Full Safety Mode
Activates BOTH destructive command safety (/careful) AND file edit scope restriction.
Activation
AskUserQuestion: What directory should I restrict edits to?
- A) Current feature directory (auto-detect from recent git changes)
- B) Specific path: [user provides path]
- C) Only files in current PR/branch diff
Scope Restriction
When active, before any Edit/Write tool call:
- Check if target file is within the allowed scope
- If outside scope:
🛡️ GUARD MODE: This file is outside the allowed scope.Scope: [allowed directory]Target: [file being edited]This edit is BLOCKED. To proceed, either:A) Expand scope to include this fileB) Temporarily bypass for this one editC) Deactivate guard mode
Careful Mode (included)
All /careful protections are also active. See /careful for destructive command warnings.
Use Cases
- During a focused bug fix: Guard to only the affected module
- During asset work: Guard to only asset directories (don't accidentally change code)
- During balance tuning: Guard to only data/config files (don't change game logic)
Deactivation
Say "turn off guard mode" or start a new session.
Review Log
[ -n "$_GG_BIN" ] && "$_GG_BIN/gstack-review-log" '{"skill":"guard","timestamp":"TIMESTAMP","status":"ACTIVATED","scope":"SCOPE","commit":"COMMIT"}' 2>/dev/null || true