One reviewable bundle under .claude/skills/recipes/pr-factory/: the recipe
SKILL.md/REMOVE.md on top, five component skills inside it (slack-bots,
pr-factory-core, gh-action-approval, vm-test-orchestrator, slack-canvas),
each with its own SKILL.md, REMOVE.md, files.txt manifest, and generated
files/ mirror. The recipe's own files.txt carries the architecture doc,
the composed-stack test, and the manifest/mirror sync infrastructure
(scripts/sync-skill-files.sh + src/skill-sync.test.ts) that every files/
folder in the bundle is generated by — applied by copy, like everything
else in the bundle. Nothing lands in src/, container/, or scripts/ until
an install applies the recipe.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...context
Audited every SKILL.md step against a clean nanoclaw 2.1.11 tree (all seven
core-version probes pass literally; every cp source resolves against its
component's files/ mirror; every barrel/anchor the edit steps quote exists
verbatim). Two fixes: the /add-slack version override now spells out
'pnpm install @chat-adapter/slack@4.26.0 --save-exact' (a caret range
re-resolves to 4.27.0, whose chat@4.27.0 types break the build against
core's chat@^4.24.0), and every apply section states that its commands run
from the repo root.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...bulary
The recipe is a standalone artifact now that every core capability it
presupposes ships in nanoclaw 2.1.11: the prerequisite table anchors on
'requires nanoclaw >= 2.1.11' with the probe commands as the real check
(no PR numbers as history), failed-probe guidance says 'update core'
instead of naming PRs to land, and the bot_id->instance migration is
described as a legacy-substrate upgrade rather than a fork upgrade
throughout (SKILL.mds, REMOVE.md, files.txt, the shipped architecture
doc).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...t skills
New 'Tailoring the bots' section in the recipe SKILL.md: the verified core
mechanism (container/skills/<name> + per-group skills selection symlinked
at spawn; group-private project-level skills under
groups/<folder>/.claude/skills/), the precedence rule
(PR_FACTORY_REVIEW_SKILL replaces the seeded CLAUDE.local.md defaults in
every PR trigger), an interview flow an agent runs with the operator
(review standards -> triage categories and routing -> test environments
and depth) that generates the skill files, the supervisor-bot
propose_skill_edit loop as the iteration path, and one compact worked
review-skill skeleton.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

One paragraph in docs/skills-model.md: a composition worth sharing whole
can be contributed upstream as a single reviewable bundle under
.claude/skills/recipes/<name>/, components inside it each held to the
standalone-skill guidelines; fork-private recipes stay the default. One
matching line on the skill-guidelines checklist's recipe entry.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...orkflow
The clear_session + retrigger capability was broken (a clear was meant to
always pair with a retrigger, but the flow killed the container, deleted the
session, and removed the pr_threads index entry — leaving retrigger unable to
re-resolve the thread). Rather than fix it, rip it out entirely.
Removed across the pr-factory-core component mirror:
- session-ops.ts (clearWorkerSession / retriggerWorker) — file deleted; its
 only exports were those two functions + their result type.
- rebootstrapPrSession() in handler.ts — used solely by retriggerWorker; the
 synchronize/new-push path has its own inline re-bootstrap (handleSynchronize)
 and does not share it, so it goes too.
- The clear_session / retrigger container MCP tools (defs + registerTools entry)
 in container/agent-runner/src/mcp-tools/pr-factory.ts.
- The pr_clear_session / pr_retrigger host delivery-action registrations and the
 clearWorkerSession/retriggerWorker re-exports in index.ts.
- Test coverage scoped to clear/retrigger (the two tool cases + the four-action
 registration list); the host default-repo guard now rides pr_submit_test_results.
- All clear/retrigger references in SKILL.md, files.txt, and docs/pr-factory.md.
The supervisor's propose_skill_edit / skill-feedback capability stays. A skill
edit now applies to the next PR the worker triages; the docs say so plainly.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...w one
orchestrator.onVmReady() armed a 30-minute timeout keyed by prNumber but never
cleared a timer already armed for the same PR. A second VM-ready for the same PR
(e.g. a re-run) orphaned the first timer, which then fired against the wrong run
and was never cancelled. Clear the prior timer before setting the new one.
Keying stays by prNumber — a factory instance serves one repo (now documented).
Adds an orchestrator guard test: two onVmReady calls for the same PR plus one
results submission leave no orphaned timer to fire past the ceiling.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

...notes
DOCS-1 (read-only token): make load-bearing in pr-factory-core SKILL.md +
docs/pr-factory.md that the injected GitHub credential MUST be a fine-grained
read-only PAT (contents/pull_requests/metadata: read) — all writes go through
the human-approved credentialed_gh path. Framed as a required setup step + a
security-model note.
DOCS-2 (single-repo): state plainly that a factory instance serves ONE repo
(PR_FACTORY_DEFAULT_REPO); run/VM/timeout state is keyed per-PR within it.
Reframe PR_FACTORY_GH_REPO_ALLOWLIST as a write-target guard, not a multi-repo
switch.
DOCS-3 (apply/remove fixes):
- Fix the writeOutboundDirect core-version probe: replace the markdown-escaped
 pipe (broke on copy-paste) with a pipe-free awk.
- Recipe REMOVE.md deletes the recipe-owned guard tests FIRST; per-component
 REMOVE validate steps say they are skipped during full-recipe removal.
- Surface the @chat-adapter/slack 4.26.0 exact-pin at the /add-slack step with a
 version check; drop the refuted claim about that skill's text.
- Warn not to re-run /add-slack after slack-bots (clobbers the 3-line patch;
 slack-ignore-senders.test.ts catches it); add "skip if already present" to
 every append step.
- Replace slack-canvas's prose delivery.ts revert with the exact code blocks.
- Reconcile the contradictory review-skill container-config guidance to one
 instruction (default skills:'all' → no config change).
- Drop the "optional component" framing; the recipe is applied as a unit so the
 stack/sync tests are always satisfied.
DOCS-4 (adopter docs): gh-in-container requirement (base image ships no gh),
tester→VM SSH provisioning, host-restart drops in-flight runs / orphans VMs,
cost/scale, single-trust-domain, and a de-meta sweep of the docs/SKILL prose.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>