Skip to content

feat(monitor): incremental registry sweeps + per-skill resilience#16

Merged
Ap6pack merged 1 commit into
mainfrom
claude/incremental-registry-monitor
Jul 6, 2026
Merged

feat(monitor): incremental registry sweeps + per-skill resilience#16
Ap6pack merged 1 commit into
mainfrom
claude/incremental-registry-monitor

Conversation

@Ap6pack

@Ap6pack Ap6pack commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Description

The registry monitor re-scanned every skill on every run, so a daily sweep cost the same as the baseline (~25 min + LLM re-escalation), and one flaky network fetch (an unwrapped httpx.ConnectTimeout) aborted the whole run — which is exactly what killed the last two live runs.

This makes the sweep incremental and resilient, so it behaves the way you'd expect: first run is the expensive baseline, every run after only pays for what actually changed.

What changed

  • Incremental scanning. build_snapshot() now takes the previous snapshot and only re-fetches + re-scans skills whose version/updated_at changed since the last snapshot; unchanged skills are carried forward untouched. The version/updated_at metadata comes free from the list endpoint, so change detection costs zero extra per-skill fetches. A daily run drops from ~25 min to seconds–minutes, and LLM cost drops to just the skills that changed.
  • --full / force_rescan. Re-scans every skill on a periodic cadence to catch silent same-version content swaps — trojanized updates that keep the same version number (the ClawHavoc pattern), which metadata-based detection can't see on its own.
  • Per-skill resilience. _scan_slug and the worker now catch any per-skill exception (timeouts included) and record it as an error instead of letting it abort the whole sweep.
  • Visibility. Each snapshot records scanned_count vs reused_count; the CLI prints Scanned N changed/new, reused M unchanged.
  • Workflow. Daily incremental cron (06:00 UTC) + weekly --full cron (Sun 07:00 UTC), a workflow_dispatch input to force a full run, and the timeout raised to 60 min for the weekly full sweep.

The one honest caveat, handled

Incremental detection trusts the registry's version metadata. A silent same-version swap would slip past a pure daily incremental — so the weekly --full sweep exists specifically to close that gap. Best of both: cheap dailies, full coverage weekly.

Type of Change

  • New feature
  • Bug fix (timeout could abort the whole sweep)
  • Infrastructure / CI

Checklist

  • Tests added (reuse, version/updated_at change, new skill, --full, errored-record retry, non-ClawHubError containment) — 1585 pass, 16 skipped
  • ruff check src/ tests/ passes
  • mypy clean
  • Docs updated (docs/crawl.md, snapshots README)

🤖 Generated with Claude Code

https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL


Generated by Claude Code

The registry monitor re-scanned every skill on every run, so a daily sweep
cost the same as the first (~25 min) and one flaky network fetch (an
unwrapped httpx ConnectTimeout) could abort the whole run.

Make the sweep incremental and resilient:

- build_snapshot() now takes the previous snapshot and only re-fetches +
  re-scans skills whose version/updated_at changed; unchanged skills are
  carried forward. The version/updated_at metadata comes free from the list
  endpoint, so change detection needs no per-skill fetch. First run (or
  --full) still scans everything.
- Add a --full flag / force_rescan to re-scan every skill on a periodic
  cadence, catching silent same-version content swaps that metadata-based
  detection would miss (the ClawHavoc trojanization pattern).
- Harden _scan_slug and the worker to catch any per-skill exception
  (timeouts included) so one bad skill can't kill the sweep.
- Record scanned_count/reused_count on each snapshot for visibility.
- Workflow: daily incremental + weekly (--full) cron, dispatch input to
  force full, timeout raised to 60m for the weekly full run.
- Tests for reuse, version/updated_at change, new skill, --full, errored-
  record retry, and non-ClawHubError containment. Docs updated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

✅ Malwar Scan Results

Metric Value
Verdict CLEAN
Risk Score 0/100
Findings 0

Scanned by Malwar — malware detection for agentic AI skills.

@Ap6pack Ap6pack merged commit 125cfe8 into main Jul 6, 2026
6 checks passed
@Ap6pack Ap6pack deleted the claude/incremental-registry-monitor branch July 6, 2026 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants