Original task: Display the AI-generated "Was macht dieser Skill?" description
excerpt in the scan list (Verlauf) and dashboard "Kürzliche Scans" cards. The
field (`description`) is already serialized by the API (serializeScan).
Changes:
- artifacts/skillguard/src/pages/scan-history.tsx: render a 2-line clamped
paragraph below the metadata row when scan.description is present; nothing
shown otherwise (clean for old/non-AI scans).
- artifacts/skillguard/src/pages/dashboard.tsx: render a 1-line clamped
description excerpt in recent-scan rows; added min-w-0 + gap so truncation
works.
Deviations / extra fixes required to make this work in the isolated env:
- The dev/test Postgres `scans` table was missing the `description` column even
though lib/db schema defines it. Ran drizzle-kit push (lib/db) — the list
endpoint and several api-server tests were 500ing on
`column "description" of relation "scans" does not exist`. Adding a nullable
column is non-destructive.
- lib/api-client-react built `dist/*.d.ts` was stale (missing description and
other fields), so artifact tsc via project references failed. Rebuilt with
`tsc -b lib/api-client-react/tsconfig.json`. Vite runtime was unaffected
(uses src via exports).
Verification: list + dashboard render the excerpt (temporarily seeded one scan,
screenshotted, reverted to null); api-server tests 59/59 pass; changed files
typecheck clean (remaining tsc errors are pre-existing from other unmerged
tasks).
Replit-Task-Id: 381de506-681e-4564-bc60-7d2fdd66ba82
Task #19: Run the version-detection tests automatically as a quality gate.
What was done:
- Registered a named validation command "test" via the validation skill,
running `pnpm --filter @workspace/api-server run test` (which executes
`vitest run` in artifacts/api-server). Running through the pnpm filter
ensures the suite resolves correctly from the repo root regardless of CWD.
- Verified the suite is green: 4 test files, 34 tests passing, covering
skill version detection (compare, relation, skillFingerprint, lineDiff).
- Confirmed the validation run reports PASSED.
Deviations:
- None. No source code changes were needed; this task only wires the
existing Vitest suite into the project's validation gates.
Replit-Task-Id: 5a73dc70-8022-4f46-a6a5-9becb3ee74ba
Original task: build "SkillGuard", a German web app to audit agent skills on
two axes (IT-Sicherheit, Datenschutz) with static rule engine + Replit-independent
AI analysis configured via an admin backend.
This session:
- Fixed frontend TS errors: lucide-react name collisions (Badge from ui, Activity
from lucide), widened apiType to AiProviderApiType, added queryKey to useGetScan.
- Verified all pages render in German (Dashboard, Prüfen, Bericht, Verlauf, Admin)
and the full scan flow works end-to-end (malicious sample -> verdict block).
Code-review-driven hardening:
- POST /api/scans now returns the full ScanDetail (files + findings) to match the
OpenAPI contract, instead of only the summary.
- AI provider error bodies are redacted (token, Bearer, sk- patterns) before being
returned/persisted, and provider fetches now have a 60s timeout.
- ZIP parsing now enforces limits (max files, total + per-file size) to mitigate
zip-bomb DoS.
Updated replit.md (project overview, decisions, gotchas) and added a memory note
on lucide-react icon name collisions.
