OR Key
drop another .md file to compare - side-by-side diff against settings

settings

Keeps your account logins and keys in one secure place.
description: "Triggers on prompt mention of 'settings'."
personal 2 files 10 recent evals
Export

What it does for you

Keeps your account logins and keys in one secure place.

What it produces

A recent result, so you can see the kind of work it returns.

loading…

How to get it

These run inside the Snappy workspace. Want this working in your business? I set skills like this up with you, in one focused week.

Work with me
For developers how this skill is built, graded, and how it runs

at a glance- the short version

actorExported functions in state/lib/settings.ts.
auditorNone wired yet - eval is manual (Robert review).
eval modeshape
categorySystem

what's inside - the parts that make up a skill 3/4 present

A skill is just a few plain-text files. Only the main one is required. The rest are optional, added as the work needs them. This is what the skill is made of; how it runs is just below.

The skill
state/skills/settings/SKILL.md present
the skill itself, in plain text
The main file. It says what the skill is and lays out the steps in plain English.
Code
state/lib/settings.ts present
code the skill can run
Reusable code this skill can call when it needs to.
Scripts
state/bin/settings/ not present
helper scripts
Optional. Added when a skill has a few commands to run.
Loader
state/skills/settings/AGENTS.md present
what the AI loads on the fly
Loaded automatically the moment this skill is needed. Kept short on purpose.

how it's graded - what counts as a good run 4 criteria · 1 deterministic · 3 judge

Each row is one thing a good run has to get right. deterministic means a quick check decides, pass or fail. judge means the AI reads the result and rates it. Grading each piece on its own (instead of one overall score) shows exactly where a run fell short, so the fix is obvious.

name
kind
check
api_function_signatures_match
deterministic
The function signatures of listCredentials, checkCredential, env, and loadAll in state/lib/settings.ts exactly match the expected API, including parameter types and return types.
credential_listing_accuracy
judge
When listCredentials() is invoked, the output accurately reflects all credentials managed by snappy-os, without including extraneous or omitting valid credentials.
credential_checking_correctness
judge
When checkCredential(credentialName) is invoked, the output correctly indicates the validity or presence of the specified credential, aligning with the actual system state.
env_variable_retrieval
judge
When env() is invoked, it correctly returns the environment variables relevant to snappy-os operations as per spec, without leakage or missing critical variables.

how it runs - the shared frame every skill uses 5/5 present

Every skill runs the same way. One part does the work, a separate part checks it, and a short loader hands the AI exactly what it needs for the job. Anything this skill doesn't use shows a one-line note saying why, on purpose, not by accident.

makes the work The worker
present
Exported functions in state/lib/settings.ts. the worker
Does the actual work. Whatever it produces is what gets checked next.
checks the work The reviewer
present
None wired yet - eval is manual (Robert review). the checker
A separate checker grades the work, so the part that made it can't approve its own work.
frame
learns Self-correction
present
fixes itself learns from gaps
When a run hits a gap, the skill gets edited on the spot [FIXED] or queued for a bigger rewrite [LOGGED], so it keeps getting better.
tidies up Background fixes
present
queued for rewrite runs in the background
Bigger fixes that can't be made on the spot get queued and rewritten in the background later.
remembers Run history
present
state/log/evals.ndjson shape runs
Every run is written down here, so the next time this skill is used it already knows how the last runs went.
Critical rules the things this skill must not get wrong
  1. NEVER hardcode a token, never write one to git, never add a process.env.KEY || bash-fallback — always go through env("KEY") from state/lib/env.ts
  2. env("KEY") THROWS if missing and required is true (the default) — pass required: false only when absence is genuinely OK
  3. New credential? Add it to .env.cache (repo root, canonical) WITH a comment, then read it via env("KEY")
  4. The kernel path ~/.claude/skills/snappy-settings/.env.cache is a back-compat symlink → snappy-os repo root. Do NOT flip the direction; do NOT edit the symlink target
  5. A broken .env.cache symlink silently kills every external API call — fix the symlink first when anything that hits the network mysteriously fails; verify with ls -l ~/.claude/skills/snappy-settings/.env.cache
  6. Eval is manual (Robert review) — every run MUST file a row to state/log/pending-eval.ndjson via the eval.pending() helper
  7. +1 more in AGENTS.md →

what it has learned - fixes written back in over time sample

When a run hits something this skill didn't handle, the fix gets written back into the skill so it doesn't happen again. FIXED means it was corrected on the spot. LOGGED means it's queued for a bigger rewrite. Either way, the skill gets a little better and never makes the same mistake twice.

  1. Loading feedback rows…

how the work flows- who makes it, who checks it

actor Exported functions in state/lib/settings.ts.
auditor None wired yet - eval is manual (Robert review).

SKILL.md- the skill, written out in plain English

settings

Credential management API for all snappy-* skills.

Ported from kernel snappy-settings in Phase 0.5. See state/lib/settings.ts for the full API surface.

Steps

  • listCredentials() - see state/lib/settings.ts
  • checkCredential() - see state/lib/settings.ts
  • env() - see state/lib/settings.ts
  • loadAll() - see state/lib/settings.ts

Eval

Actor: the exported functions in state/lib/settings.ts. Auditor: none wired yet - eval is manual (Robert review). File a state/log/pending-eval.ndjson row on each run.

Score convention:

OutcomeScore
Pass on first try1.0
Failed first, auto-fix applied, re-check passed0.5
Still failing or unrecoverable0.0

Gotchas

via the Phase 0.5 driver. Only these rewrites were applied: already in state/lib/)

  1. realpathSync(process.argv[1]) CLI guard wrapped in try/catch
  • See the kernel SKILL.md for the original long-form guidance if you need it

(read-only reference at the kernel path above).

Graduation

This skill is prose. Graduate by defining a deterministic auditor and flipping eval: auto.

Rubric

criteria:
  - name: api_function_signatures_match
    kind: deterministic
    check: "The function signatures of listCredentials, checkCredential, env, and loadAll in state/lib/settings.ts exactly match the expected API, including parameter types and return types."
  - name: credential_listing_accuracy
    kind: judge
    check: "When listCredentials() is invoked, the output accurately reflects all credentials managed by snappy-os, without including extraneous or omitting valid credentials."
  - name: credential_checking_correctness
    kind: judge
    check: "When checkCredential(credentialName) is invoked, the output correctly indicates the validity or presence of the specified credential, aligning with the actual system state."
  - name: env_variable_retrieval
    kind: judge
    check: "When env() is invoked, it correctly returns the environment variables relevant to snappy-os operations as per spec, without leakage or missing critical variables."

AGENTS.md- what the AI loads when this skill comes up

settings - loader

Per-turn rules for the settings skill. Full reference: state/skills/settings/SKILL.md. Do not skip these.

Critical Rules

  • NEVER hardcode a token, never write one to git, never add a process.env.KEY || bash-fallback - always go through env("KEY") from state/lib/env.ts
  • env("KEY") THROWS if missing and required is true (the default) - pass required: false only when absence is genuinely OK
  • New credential? Add it to .env.cache (repo root, canonical) WITH a comment, then read it via env("KEY")
  • The kernel path ~/.claude/skills/snappy-settings/.env.cache is a back-compat symlink → snappy-os repo root. Do NOT flip the direction; do NOT edit the symlink target
  • A broken .env.cache symlink silently kills every external API call - fix the symlink first when anything that hits the network mysteriously fails; verify with ls -l ~/.claude/skills/snappy-settings/.env.cache
  • Eval is manual (Robert review) - every run MUST file a row to state/log/pending-eval.ndjson via the eval.pending() helper
  • SettingsPopover in snappy-chat cannot be opened via the openclaw exec bridge - no click passthrough through WKWebView, no JS-eval endpoint exposed over the bridge. To capture or interact with the SettingsPopover: use WKWebView.evaluateJavaScript in-process (Swift) or inject via the /dispatch/chat route with action=view-customize. Do not attempt cliclick through the bridge (no accessibility perms in the bridge process). This is a known hard limit: design-gap audits (2026-04-29) confirmed 8 gaps vs Claude Desktop but couldn't open the popover via bridge - the customize-view was captured via chat-inject-control instead.

Commands

| ui dashboard | state/skills/settings/resources/ui.openui |

whatinvocation
librarystate/lib/settings.ts (re-exports from kernel) + state/lib/env.ts
env file~/projects/snappy-os/.env.cache (canonical)
symlink checkls -l ~/.claude/skills/snappy-settings/.env.cache
list credentialsnpx tsx state/lib/settings.ts (runs listCredentials() as CLI)
eval log (manual)state/log/pending-eval.ndjson - write via eval.pending() helper
API functionslistCredentials() · checkCredential(key) · env(key, opts?) · loadAll()

Self-Test

An agent reading this should correctly:

  1. [ ] Refuse to add a process.env.KEY || fallback when env("KEY") throws
  2. [ ] Edit .env.cache (canonical repo root) not the symlink target when adding a credential
  3. [ ] File a pending-eval.ndjson row on every run (auditor is still manual)
  4. [ ] Know that SettingsPopover cannot be triggered via the openclaw exec bridge - use JS injection in-process or chat-inject-control

<!-- kernel-ok: historical attribution for the PID-loader pattern. -->

Self-correcting loader (PID feedback)

This is the rule that makes loaders learn. Ported from snappy-kernel, where it demonstrably worked: the snappy-dom-cartographer skill mapped Skool admin UI once, every later ship-agent inherited the full map for free.

Before you finish, do two things:

1. Fix gaps (P - proportional). MANDATORY. If this loader didn't cover your case - if you had to read another file, run an undocumented command, work around a wrong selector, or discover a quirk - you MUST attempt an Edit to this AGENTS.md before you log.

  • Default action: edit this file. Surgical. Add the missing line, table

row, or code example where it belongs. No restructuring.

  • Only LOGGED is allowed when: the fix needs >10 lines, spans multiple

files, or requires a structural rewrite. In that case the state/regen/drain.sh queue picks it up asynchronously.

  • "I didn't have time" / "it's minor" / "the next agent will figure it out"

are NOT valid reasons. Minor gaps compound - that's the whole point of this loop.

  • Concrete example of a valid P-fix: discover agent-browser screenshot

takes path positionally not as --output <path>. One line in a table. Edit it in. Do not just log it.

  • The goal: the next agent never has to leave the loader.

2. Log the result.

echo "[$(date -u +%FT%TZ)] settings: <what was missing or fixed> [FIXED|LOGGED] action_kind=<kind>" >> state/log/loader-feedback.log
  • <slug> MUST be the literal folder name of this loader

(state/skills/<slug>/AGENTS.md). The class token between [ts] and : is the producer slug, the writeback class, AND the grade class - they must be equal so state/lib/controller-tune.ts can pair the brief.

  • FIXED = you patched this loader inline (P-fix).
  • LOGGED = too large for inline; the PostToolUse enqueue + Stop-hook drain

will rewrite the loader from scratch on next session-end.

  • action_kind is the SECOND pairing predicate (added 2026-04-27, task #327).

Pick the value that describes what you actually did - same slug, different action_kind means the writeback satisfies a different brief layer:

  • shape-ok - only frontmatter-shape verification passed (rare from

a human; usually emitted by the lint, not a loader echo)

  • skill-ran - the skill ran end-to-end and an eval row landed

in state/log/evals.ndjson

  • loader-rewritten - you EDITED this AGENTS.md inline (the FIXED case),

OR the regen drain rewrote it

  • pattern-elevated - you promoted a recurring failure to a Critical Rule

(rule fix or new-skill scaffold) If you LOGGED (couldn't fix inline), omit action_kind - the inferrer will pick it up from your body keywords.

Do not skip this. Every agent run must leave the system better than it found it. The loader is the setpoint; you are the sensor; the gap is the error signal; closing the gap is the correction.

OpenUI Resource

  • Skill-owned OpenUI Lang resource: state/skills/settings/resources/ui.openui. Read it before rendering or editing this skill's generated component surface.
  • Treat this resource as a first-class artifact of the skill, not a generic chat response. Improve it when the skill's user-facing output needs to become richer.
  • System resources compose OpenUI primitives and inherit SnappyChat tokens. Use ui_contract: branded in SKILL.md only for deliberate platform or client visuals.

api.ts- the code it can call

#!/usr/bin/env npx tsx
/**
 * snappy-settings/api.ts -- Credential management API for all snappy-* skills.
 *
 * Re-exports env() and loadAll() from load.ts for consistency with other api.ts files.
 * Adds listCredentials() and checkCredential() for introspection (never exposes values).
 *
 * Usage:
 *   npx tsx api.ts list              # show all credential key names (NOT values)
 *   npx tsx api.ts check SLACK_USER_TOKEN  # check if a credential is present
 *
 * Or import as module:
 *   import { env, loadAll, listCredentials, checkCredential } from "./settings.ts";
 */

export { env, loadAll } from "./env.ts";

import { loadAll as _loadAll } from "./env.ts";
import { realpathSync } from "fs";

/** Returns all credential key names from .env.cache. Never returns values. */
export function listCredentials(): string[] {
  return Object.keys(_loadAll()).sort();
}

/** Checks whether a credential is present (boolean). Never returns the value. */
export function checkCredential(key: string): boolean {
  const creds = _loadAll();
  return key in creds && creds[key].length > 0;
}

// --- CLI ---

if ((() => { try { return import.meta.url === `file://${realpathSync(process.argv[1])}`; } catch { return false; } })()) {
  (async () => {
    const [, , cmd, ...args] = process.argv;

    switch (cmd) {
      case "list": {
        const keys = listCredentials();
        console.log(`${keys.length} credentials in .env.cache:`);
        for (const k of keys) {
          console.log(`  ${k}`);
        }
        break;
      }
      case "check": {
        const [key] = args;
        if (!key) { console.error("Usage: api.ts check <KEY>"); process.exit(1); }
        const present = checkCredential(key);
        console.log(`${key}: ${present ? "present" : "MISSING"}`);
        process.exit(present ? 0 : 1);
        break;
      }
      default:
        console.log("Usage: npx tsx api.ts [list|check] ...");
    }
  })();
}

scripts- helper scripts it can run

prose-only skill - 1 inline code block live in SKILL.md above (no state/bin/ sidecar yet).

how we check it- the checks, plus the last 10 runs

rubric shape schema-shape check (no inline rubric)
recent mean 1.00 · 10 runs actor/auditor: unverifiable
deps none declared
timestamp verb score primary_issue artifact
2026-04-25 04:11Z - 1.00 - -
2026-04-21 15:58Z - 1.00 - -
2026-04-21 15:57Z - 1.00 - -
2026-04-21 15:56Z - 1.00 - -
2026-04-21 03:53Z - 1.00 - -
2026-04-25 04:11Z - 1.00 - -
2026-04-21 15:58Z - 1.00 - -
2026-04-21 15:57Z - 1.00 - -
2026-04-21 15:56Z - 1.00 - -
2026-04-21 03:53Z - 1.00 - -