fix(curator): defense-in-depth gates against bundled/hub skills

Previous invariants only gated the primary entry points (apply_automatic_transitions, archive_skill, CLI pin). Several paths were unprotected: - bump_view / bump_use / bump_patch / set_state / set_pinned wrote usage records unconditionally, which is confusing noise in .usage.json even though the review list filtered them out - restore_skill did not check whether a bundled skill now shadows the archived name - CLI unpin was asymmetric with CLI pin — it had no gate Fixes: - _mutate() (the shared counter / state writer) now drops silently when the skill is not agent-created. .usage.json never gains a record for a bundled or hub-installed skill. - restore_skill() refuses to restore under a name that is now bundled or hub-installed (would shadow upstream). - CLI unpin gate matches CLI pin. New tests: - 5 provenance-guard tests on skill_usage (one per mutator) - 1 end-to-end test that hammers every mutator at a bundled skill and a hub skill, asserts both are untouched on disk, and asserts the sidecar stays clean - 2 CLI tests proving pin/unpin refuse bundled skills symmetrically 64/64 tests passing (29 skill_usage + 27 curator + 8 new guards).
2026-05-02 08:47:26 +08:00 · 2026-04-26 06:17:01 -07:00
parent f40ccece11
commit 76df76477f
4 changed files with 184 additions and 2 deletions
--- a/tools/skill_usage.py
+++ b/tools/skill_usage.py
@@ -239,10 +239,18 @@ def get_record(skill_name: str) -> Dict[str, Any]:


 def _mutate(skill_name: str, mutator) -> None:
-    """Load, apply *mutator(record)* in place, save. Best-effort."""
+    """Load, apply *mutator(record)* in place, save. Best-effort.
+
+    Bundled and hub-installed skills are NEVER recorded in the sidecar.
+    This keeps .usage.json focused on agent-created skills (the only ones
+    the curator considers) and prevents stale counters from hanging around
+    for upstream-managed skills.
+    """
    if not skill_name:
        return
    try:
+        if not is_agent_created(skill_name):
+            return
        data = load_usage()
        rec = data.get(skill_name)
        if not isinstance(rec, dict):
@@ -361,7 +369,18 @@ def archive_skill(skill_name: str) -> Tuple[bool, str]:

 def restore_skill(skill_name: str) -> Tuple[bool, str]:
    """Move an archived skill back to ~/.hermes/skills/. Restores to the flat
-    top-level layout; original category nesting is NOT reconstructed."""
+    top-level layout; original category nesting is NOT reconstructed.
+
+    Refuses to restore under a name that now collides with a bundled or
+    hub-installed skill — that would shadow the upstream version.
+    """
+    # If a bundled or hub skill has since been installed under the same
+    # name, refuse to restore rather than shadow it.
+    if not is_agent_created(skill_name):
+        return False, (
+            f"skill '{skill_name}' is now bundled or hub-installed; "
+            "restore would shadow the upstream version"
+        )
    archive_root = _archive_dir()
    if not archive_root.exists():
        return False, "no archive directory"