[STG-2502] proposal: auto-sync browse skill from stagehand to browse-plugin#2330
Draft
shrey150 wants to merge 2 commits into
Draft
[STG-2502] proposal: auto-sync browse skill from stagehand to browse-plugin#2330shrey150 wants to merge 2 commits into
shrey150 wants to merge 2 commits into
Conversation
Whenever packages/cli/skills/browse/SKILL.md changes on main, diff it against browserbase/browse-plugin's copy and open a PR there if it drifted. Keeps the plugin-marketplace distribution repo from silently going stale relative to the canonical skill shipped in the CLI. Diff+copy logic lives in scripts/sync-browse-plugin-skill.sh, kept separate from the workflow so it's unit-testable against two local checkouts without needing CI. Verified both branches against the real current files: no-op when in sync, correct copy when drifted (simulated by editing a scratch copy of browse-plugin). NOT YET FUNCTIONAL — needs a BROWSE_PLUGIN_SYNC_TOKEN secret with write access to browserbase/browse-plugin (contents + pull-requests). Default GITHUB_TOKEN won't work: PRs it authors don't trigger downstream CI (already bit us once, stagehand#2241), and classic PATs get 403'd by the org's SSO enforcement. Recommend a GitHub App installation — no existing cross-repo-PR pattern in this org to copy from, so this would be a new one, not a copy of a battle-tested setup. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
|
The first version triggered on every push to main touching packages/cli/skills/browse/SKILL.md, with no relationship to whether browse actually shipped a new version. That meant browse-plugin could get synced to describe CLI behavior that isn't published yet. Moved the sync into release.yml itself, as steps gated on the exact same should_publish/already_published condition that already gates "Publish browse to npm" and the browse Docker image — so it only fires on a genuine new release, same trigger the rest of the browse release pipeline already trusts. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linear: STG-2502
What
browserbase/browse-plugin(the static, git-pinned repo external marketplaces — Claude Code, Codex, Cursor, Gemini CLI, Grok Build, Droid — SHA-pin) carries its own copy of thebrowseCLI skill atskills/browse/SKILL.md. That copy is currently updated manually, which is exactly the kind of drift risk that's already caused confusion elsewhere in this effort (multiple repos disagreeing about which skill copy is current).This adds steps to the existing
release.yml"Release" job — right after "Tag browse release" — that diff the canonicalSKILL.mdagainst browse-plugin's copy and open a PR there if they've drifted. Nothing auto-merges — a human reviews the sync PR like any other.Trigger, corrected from the first version of this PR: the new steps are gated on
steps.browse_cli.outputs.should_publish == 'true' && steps.browse_cli.outputs.already_published != 'true'— the exact same condition that already gates "Publish browse to npm" and the browse Docker image a few steps up. This only fires on a genuine newbrowserelease, not on every push that happens to touch the skill file. (The first version of this PR triggered on any push tomaintouching the SKILL.md path, with no relationship to whether a new version actually shipped — wrong, since browse-plugin could then describe CLI behavior nobody can actually install yet. Fixed by moving the sync into the release job itself instead of a separate path-filtered workflow.)Why this shape, and what else was considered
npm install -g-able. Syncing on every SKILL.md edit reachingmain— including edits bundled with CLI code that hasn't been version-bumped/published yet — would let the marketplace-facing skill get ahead of what's actually shipped.SKILL.mdin the working tree) and git subtree (same end-state as this PR, just different tooling to produce the diff — no clear advantage). Manual sync is the status quo this is meant to replace.What's real vs. what's still needed
Real and tested (this PR):
scripts/sync-browse-plugin-skill.sh— the diff+copy logic, deliberately separated from the workflow so it's unit-testable without CI. Verified against the actual current files in both directions:changed=false, touches nothing.changed=trueand copies the canonical content over exactly.release.ymlpassesactionlintclean end-to-end (not just the new steps in isolation — the whole file, to make sure nothing existing broke).Not yet real — needs a decision before this can run:
BROWSE_PLUGIN_SYNC_TOKENsecret with write access tobrowserbase/browse-plugin(contents + pull-requests). The defaultGITHUB_TOKENwon't work — PRs authored byGITHUB_TOKENdon't trigger downstream CI, which already caused a silent-CI issue on stagehand#2241. A classic PAT won't work either — the org's SSO enforcement 403s those (hit repeatedly in past sessions). That leaves a GitHub App installation as the realistic option — there's no existing cross-repo-PR-opening pattern anywhere in this org (checked stagehand, core, browserbase-ai-sdk, integrations) to copy from, so this would be a new piece of infrastructure, not a config tweak.CODEOWNERSis currently just* @browserbase/gtm— worth deciding if sync PRs should route somewhere more specific.E2E Test Matrix
diff packages/cli/skills/browse/SKILL.md <browse-plugin>/skills/browse/SKILL.md(real files, both repos as of today)STAGEHAND_DIR=<real stagehand> BROWSE_PLUGIN_DIR=<real browse-plugin> scripts/sync-browse-plugin-skill.shchanged=falseSKILL.mddeliberately edited to simulate driftchanged=true, thendiff <canonical> <scratch-copy>→ exit 0 (files now identical)actionlint .github/workflows/release.yml(full file, post-edit)gh pr createsteps work end-to-end.Not proven: the actual cross-repo checkout/push/PR-open steps, since they need a real
BROWSE_PLUGIN_SYNC_TOKENthis environment doesn't have. That's the actual open question for the team — not the diff logic or the trigger condition, both of which are verified.🤖 Generated with Claude Code