From a48f52ff67e28673b9d23e94210632ad478c9f18 Mon Sep 17 00:00:00 2001 From: Teodor Calin Date: Thu, 9 Jul 2026 20:45:14 +0300 Subject: [PATCH 1/9] =?UTF-8?q?fix(site):=20full-sweep=20pass=203=20?= =?UTF-8?q?=E2=80=94=20nav=20chain=20repair,=20retention=20counterweight,?= =?UTF-8?q?=20command=20fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sweep findings (post-#112/#113 audit), all verified against source: Regressions fixed: - duplicate PageNav bars on the 5 new docs pages (layout auto-renders; dropped the manual second bar) - prev/next chain repaired to match docsNav across three clusters: python→node→swift→sdk-parity; gateway→pilot-director→service-agents→ app-store→mcp-setup→consent→security→enterprise; blueprints→firewalls→ diagnostics. service-agents and app-store docs pages had no page nav at all — added. Functional/consistency: - /for/mcp used the invalid 'pilotctl gateway start' form 3x (core CLI rejects it) — now 'pilotctl extras gateway start' - OpenClaw added to the toolchain lists on getting-started and security (matches skills.go); app-store docs description no longer says 'one PR to publish' - /for/networks: backboneCount was computed but never rendered — now shown on the Backbone card ('Agents live'), guarded so a failed stats fetch renders nothing; homepage onboarding CTA relabeled 'Browse the skills catalog' to stop conflating ClawHub skills with skill injection Skill-injection retention (honest counterweight, no dark patterns): - consent#skillinject: new 'What you lose if you turn it off' paragraph (agents go blind to the network, fall back to web_search/curl, never discover new specialists) + steer to manual mode when the concern is change control rather than injection - mitigation paragraph and commands block now document what already exists: 'pilotctl skills status' previews state/action/hash per file before an update lands; 'skills paths' lists managed files - getting-started disclosure and security page each carry one value sentence alongside the opt-out astro build green (345 pages). Co-Authored-By: Claude Fable 5 --- src/pages/docs/app-store.astro | 4 +++- src/pages/docs/consent.astro | 13 +++++++++---- src/pages/docs/diagnostics.astro | 2 +- src/pages/docs/enterprise-blueprints.astro | 2 +- src/pages/docs/enterprise.astro | 2 +- src/pages/docs/firewalls.astro | 2 +- src/pages/docs/gateway.astro | 2 +- src/pages/docs/getting-started.astro | 2 +- src/pages/docs/mcp-setup.astro | 2 -- src/pages/docs/node-sdk.astro | 4 +--- src/pages/docs/pilot-director.astro | 6 ++---- src/pages/docs/python-sdk.astro | 2 +- src/pages/docs/sdk-parity.astro | 2 +- src/pages/docs/security.astro | 8 +++----- src/pages/docs/service-agents.astro | 2 ++ src/pages/docs/swift-sdk.astro | 6 ++---- src/pages/for/mcp.astro | 6 +++--- src/pages/for/networks.astro | 4 +++- src/pages/index.astro | 2 +- 19 files changed, 37 insertions(+), 36 deletions(-) diff --git a/src/pages/docs/app-store.astro b/src/pages/docs/app-store.astro index f433d74..1391e8b 100644 --- a/src/pages/docs/app-store.astro +++ b/src/pages/docs/app-store.astro @@ -224,9 +224,11 @@ ipc.Serve(ctx, conn, d) // on the --socket the daemon su diff --git a/src/pages/docs/consent.astro b/src/pages/docs/consent.astro index 26330eb..9cd87b0 100644 --- a/src/pages/docs/consent.astro +++ b/src/pages/docs/consent.astro @@ -163,8 +163,9 @@ const bodyContent = `

Consent & Privacy Controls

What you're accepting: The injector fetches content at runtime from the public TeoSlayer/pilot-skills repository and writes it to your agent's config directory. In auto mode, this happens every 15 minutes. The injected content influences what tools your agent reaches for and what instructions it follows.

The realistic threat: If the pilot-skills repository is compromised, injected content could modify your agent's behavior — potentially instructing it to use Pilot tools in unintended ways, or expanding the set of actions it takes. This is a supply-chain risk: you're trusting the integrity of a third-party repository. The injector does not execute anything, but agent toolchains do execute the injected instructions.

-

Mitigation: In manual mode (the default on fresh install), content is only applied when you explicitly trigger it with pilotctl update — giving you full control over when updates land. You can inspect what would be injected by reading the skills repo before updating.

+

Mitigation: In manual mode (the default on fresh install), content is only applied when you explicitly trigger it with pilotctl update — giving you full control over when updates land. Before triggering, pilotctl skills status shows every managed file, its current state, the exact action the next update would take, and a content hash — so nothing changes without you seeing it coming. pilotctl skills paths lists every file the injector manages, and the content itself is a public repo you can read line by line.

Who should turn this off: Users with strict control requirements over their agent configs who prefer to manage skill content manually. Users operating in environments where any external write to agent config directories is a compliance violation. Users who have already managed their CLAUDE.md and don't want it modified.

+

What you lose if you turn it off: Your agents stop knowing Pilot exists. Every new session starts blind — no specialist directory, no pilot-director, no app-store awareness — and falls back to web_search and curl for live data. As the network grows (new specialists, new apps), disabled agents never find out. If your concern is change control rather than injection itself, manual mode keeps the capability while guaranteeing nothing updates until you run pilotctl update yourself — that's the trade most control-conscious users actually want.

Three modes — choose your risk / convenience trade-off

@@ -192,9 +193,13 @@ const bodyContent = `

Consent & Privacy Controls

Commands

-
# Check current mode, see which files are managed and their paths
+  
# Preview: current mode, every managed file, its state, the action the
+# next update would take, and a content hash — see changes before they land
 pilotctl skills status
 
+# List every file the injector manages
+pilotctl skills paths
+
 # Switch to auto — skills reconcile every 15 minutes in the background
 pilotctl skills set-mode auto
 
@@ -272,8 +277,8 @@ pilotd -sandbox -sandbox-dir /opt/pilot-data \\
   description="Four features ship on by default in Pilot Protocol: telemetry, broadcasts, reviews, and skill injection. Risk profiles, benefits, and opt-out commands for each."
   activePage="consent"
   canonicalPath="/docs/consent"
-  prev={{ label: "App Store", href: "/docs/app-store" }}
-  next={{ label: "Trust & Handshakes", href: "/docs/trust" }}
+  prev={{ label: "MCP Setup", href: "/docs/mcp-setup" }}
+  next={{ label: "Security", href: "/docs/security" }}
 >