myadmin-plugins
diff --git a/‎.claude/hooks/caliber-check-sync.sh‎
Lines changed: 11 additions & 0 deletions b/‎.claude/hooks/caliber-check-sync.sh‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎.claude/settings.json‎
Lines changed: 79 additions & 0 deletions b/‎.claude/settings.json‎
Lines changed: 79 additions & 0 deletions
diff --git a/‎.claude/skills/abuse-record-insert/SKILL.md‎
Lines changed: 192 additions & 0 deletions b/‎.claude/skills/abuse-record-insert/SKILL.md‎
Lines changed: 192 additions & 0 deletions
diff --git a/‎.claude/skills/find-skills/SKILL.md‎
Lines changed: 54 additions & 0 deletions b/‎.claude/skills/find-skills/SKILL.md‎
Lines changed: 54 additions & 0 deletions
@@ -0,0 +1,11 @@
+#!/bin/sh
+if grep -q "caliber" .git/hooks/pre-commit 2>/dev/null; then
+  exit 0
+fi
+FLAG="/tmp/caliber-nudge-$(echo "$PWD" | shasum | cut -c1-8)"
+find /tmp -maxdepth 1 -name "caliber-nudge-*" -mmin +120 -delete 2>/dev/null
+if [ -f "$FLAG" ]; then
+  exit 0
+fi
+touch "$FLAG"
+printf '{"decision":"block","reason":"Caliber agent config sync is not set up on this machine. Tell the user: This project uses Caliber to keep agent configs in sync — it is not set up yet. Want me to run /setup-caliber? (~30 seconds)"}'
@@ -0,0 +1,79 @@
+{
+  "hooks": {
+    "Stop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/caliber-check-sync.sh",
+            "description": "Caliber: offer setup if not configured"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "caliber learn observe",
+            "description": "Caliber: recording tool usage for session learning"
+          }
+        ]
+      }
+    ],
+    "PostToolUseFailure": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "caliber learn observe --failure",
+            "description": "Caliber: recording tool failure for session learning"
+          }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "caliber learn observe --prompt",
+            "description": "Caliber: recording user prompt for correction detection"
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "caliber learn finalize --auto",
+            "description": "Caliber: finalizing session learnings"
+          }
+        ]
+      },
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "caliber refresh --quiet",
+            "description": "Caliber: auto-refreshing docs based on code changes"
+          }
+        ]
+      }
+    ]
+  },
+  "permissions": {
+    "allow": [
+      "Bash(git *)"
+    ]
+  }
+}
@@ -0,0 +1,192 @@
+---
+name: abuse-record-insert
+description: Inserts a complete abuse incident across the `abuse` and `abuse_data` tables using make_insert_query(). Use when adding new code that reports an abuse incident — manual, CSV import, or IMAP-triggered. Covers the exact field list for both tables, getLastInsertId(), ImapAbuseCheck::fix_headers() for abuse_headers, and clientMail() notification via client/abuse.tpl. Trigger phrases: 'insert abuse record', 'report abuse', 'add abuse entry', 'log abuse incident'. Do NOT use for querying, updating, or deleting existing abuse records.
+---
+# Abuse Record Insert
+
+## Critical
+
+- **Never use PDO.** Always use `$db = get_module_db('default')` and `make_insert_query()`.
+- **Never interpolate raw `$_GET`/`$_POST` into SQL.** Use `$db->real_escape()` or `make_insert_query()`.
+- **Always validate the IP first** with `validIp($ip, false)` before any DB write.
+- **Always resolve the owner** via `get_server_from_ip($ip)` and verify `$server_data['email'] != ''` before inserting.
+- **`abuse_id` must be `null`** in the `abuse` insert — the DB auto-increments it.
+- **`abuse_status` must be `'pending'`** for all new records.
+- Valid `abuse_type` values: `'scanning'`, `'hacking'`, `'spam'`, `'child porn'`, `'phishing site'`, `'other'`, `'uceprotect'`, `'trendmicro'`.
+
+## Instructions
+
+1. **Get the DB handle**
+
+   ```php
+   $db = get_module_db('default');
+   ```
+
+   Verify `$db` is not null before proceeding.
+
+2. **Validate the IP and resolve the server owner**
+
+   ```php
+   if (!validIp($ip, false)) {
+       // skip or surface an error — do not insert
+   }
+   $server_data = get_server_from_ip($ip);
+   if (!isset($server_data['email']) || $server_data['email'] == '') {
+       add_output('Error Finding Owner For ' . $ip . '<br>');
+       return;
+   }
+   $email = $server_data['email'];
+   ```
+
+   `$server_data['email']` is the billing contact; `$server_data['email_abuse']` is the address to notify (may differ).
+
+3. **Insert the `abuse` row**
+
+   Use `mysql_now()` for current-time inserts, or a pre-formatted `MYSQL_DATE_FORMAT` string for historical dates (e.g. from CSV).
+
+   ```php
+   $db->query(make_insert_query('abuse', [
+       'abuse_id'     => null,
+       'abuse_time'   => mysql_now(),      // or $date->format(MYSQL_DATE_FORMAT)
+       'abuse_ip'     => $ip,
+       'abuse_type'   => $type,            // one of the valid values listed in Critical
+       'abuse_amount' => 1,
+       'abuse_lid'    => $email,
+       'abuse_status' => 'pending',
+   ]), __LINE__, __FILE__);
+   $id = $db->getLastInsertId('abuse', 'abuse_id');
+   ```
+
+   Verify `$id > 0` before proceeding to Step 4.
+
+4. **Insert the `abuse_data` row** (when raw headers/body are available)
+
+   Always pass headers through `ImapAbuseCheck::fix_headers()` to strip HTML and normalise newlines.
+
+   ```php
+   $db->query(make_insert_query('abuse_data', [
+       'abuse_id'      => $id,
+       'abuse_headers' => ImapAbuseCheck::fix_headers($rawHeaders),
+   ]), __LINE__, __FILE__);
+   ```
+
+   For IMAP-sourced records the class concatenates plain + HTML message bodies:
+
+   ```php
+   'abuse_headers' => trim(ImapAbuseCheck::fix_headers($this->plainmsg . $this->htmlmsg)),
+   ```
+
+   Skip this step only when no header/body content exists (e.g. bare IP-list CSV imports without evidence).
+
+5. **Build and send the client notification email**
+
+   The template key is always `'client/abuse.tpl'`. The link key used in the template is `md5($id . $ip . $type)`.
+
+   ```php
+   $subject = 'InterServer Abuse Report for ' . $ip;
+   $message = str_replace(
+       ['{$email}', '{$ip}', '{$type}', '{$count}', '{$id}', '{$key}'],
+       [
+           $server_data['email_abuse'],
+           $ip,
+           $type,
+           $amount,          // 1 for most sources; $amount for manual single-IP form
+           $id,
+           md5($id . $ip . $type),
+       ],
+       $email_template       // loaded earlier from the abuse email template file
+   );
+   (new \MyAdmin\Mail())->clientMail($subject, $message, $server_data['email_abuse'], 'client/abuse.tpl');
+   ```
+
+   Send to `$server_data['email_abuse']`, not `$email` (they can differ).
+
+6. **Confirm to the admin UI**
+
+   ```php
+   add_output('Abuse Entry for ' . $ip . ' Added - Emailing '
+       . ($server_data['email_abuse'] !== $email
+           ? $server_data['email_abuse'] . ' (for client ' . $email . ')'
+           : $server_data['email_abuse'])
+       . '<br>');
+   ```
+
+## Examples
+
+**User says:** "Add code that manually reports a single IP for spam abuse and emails the owner."
+
+**Actions taken:**
+
+```php
+$db = get_module_db('default');
+$ip   = $db->real_escape($GLOBALS['tf']->variables->request['ip']);
+$type = 'spam';
+
+if (!validIp($ip, false)) {
+    add_output('Invalid IP<br>');
+    return;
+}
+
+$server_data = get_server_from_ip($ip);
+if (!isset($server_data['email']) || $server_data['email'] == '') {
+    add_output('Error Finding Owner For ' . $ip . '<br>');
+    return;
+}
+$email = $server_data['email'];
+
+// Step 3 — abuse row
+$db->query(make_insert_query('abuse', [
+    'abuse_id'     => null,
+    'abuse_time'   => mysql_now(),
+    'abuse_ip'     => $ip,
+    'abuse_type'   => $type,
+    'abuse_amount' => 1,
+    'abuse_lid'    => $email,
+    'abuse_status' => 'pending',
+]), __LINE__, __FILE__);
+$id = $db->getLastInsertId('abuse', 'abuse_id');
+
+// Step 4 — abuse_data row
+$rawHeaders = $GLOBALS['tf']->variables->request['headers'] ?? '';
+$db->query(make_insert_query('abuse_data', [
+    'abuse_id'      => $id,
+    'abuse_headers' => ImapAbuseCheck::fix_headers($rawHeaders),
+]), __LINE__, __FILE__);
+
+// Step 5 — notify
+$subject = 'InterServer Abuse Report for ' . $ip;
+$message = str_replace(
+    ['{$email}', '{$ip}', '{$type}', '{$count}', '{$id}', '{$key}'],
+    [$server_data['email_abuse'], $ip, $type, 1, $id, md5($id . $ip . $type)],
+    $email_template
+);
+(new \MyAdmin\Mail())->clientMail($subject, $message, $server_data['email_abuse'], 'client/abuse.tpl');
+
+// Step 6 — UI feedback
+add_output('Abuse Entry for ' . $ip . ' Added - Emailing ' . $server_data['email_abuse'] . '<br>');
+```
+
+**Result:** One row in `abuse` with `abuse_status='pending'`, one row in `abuse_data` with sanitised headers, and a notification email sent to the abuse contact.
+
+## Common Issues
+
+**`make_insert_query` produces a query with wrong column count or missing fields:**
+- Ensure `abuse_id => null` is present — omitting it causes an auto-increment mismatch.
+- `abuse_lid` must be the billing email string, not an integer ID.
+
+**`getLastInsertId` returns 0 or null:**
+- The `make_insert_query()` call failed silently. Always pass `__LINE__, __FILE__` as the 2nd/3rd args to `$db->query()` so errors surface in logs.
+- Confirm the `abuse` table exists and the DB handle is for `'default'`, not `'mail'`.
+
+**`ImapAbuseCheck::fix_headers()` not found:**
+- The class file is not autoloaded. Ensure `function_requirements('class.ImapAbuseCheck')` has been called, or that the file is included via `add_requirement` in `Plugin::getRequirements()`.
+
+**`clientMail()` sends to the wrong address:**
+- Use `$server_data['email_abuse']`, not `$server_data['email']`. These can be different accounts (e.g., resellers).
+
+**Email template placeholders not replaced:**
+- The `str_replace` keys must exactly match `{$email}`, `{$ip}`, `{$type}`, `{$count}`, `{$id}`, `{$key}` — curly braces and dollar signs included.
+- `$email_template` must be loaded from the abuse email template before the `str_replace` call. Check that `$email_template` is not empty.
+
+**Historical date inserts (CSV import) showing wrong timestamps:**
+- Do not use `mysql_now()` for CSV rows. Parse the source date with `new \DateTime(...)` and format with `$date->format(MYSQL_DATE_FORMAT)` before passing to `make_insert_query`.
@@ -0,0 +1,54 @@
+---
+name: find-skills
+description: Discovers and installs community skills from the public registry. Use when the user mentions a technology, framework, or task that could benefit from specialized skills not yet installed, asks 'how do I do X', 'find a skill for X', or starts work in a new technology area. Proactively suggest when the user's task involves tools or frameworks without existing skills.
+---
+
+# Find Skills
+
+Search the public skill registry for community-contributed skills
+relevant to the user's current task and install them into this project.
+
+## Instructions
+
+1. Identify the key technologies, frameworks, or task types from the
+   user's request that might have community skills available
+2. Ask the user: "Would you like me to search for community skills
+   for [identified technologies]?"
+3. If the user agrees, run:
+   ```bash
+   caliber skills --query "<relevant terms>"
+   ```
+   This outputs the top 5 matching skills with scores and descriptions.
+4. Present the results to the user and ask which ones to install
+5. Install the selected skills:
+   ```bash
+   caliber skills --install <slug1>,<slug2>
+   ```
+6. Read the installed SKILL.md files to load them into your current
+   context so you can use them immediately in this session
+7. Summarize what was installed and continue with the user's task
+
+## Examples
+
+User: "let's build a web app using React"
+-> "I notice you want to work with React. Would you like me to search
+   for community skills that could help with React development?"
+-> If yes: run `caliber skills --query "react frontend"`
+-> Show the user the results, ask which to install
+-> Run `caliber skills --install <selected-slugs>`
+-> Read the installed files and continue
+
+User: "help me set up Docker for this project"
+-> "Would you like me to search for Docker-related skills?"
+-> If yes: run `caliber skills --query "docker deployment"`
+
+User: "I need to write tests for this Python ML pipeline"
+-> "Would you like me to find skills for Python ML testing?"
+-> If yes: run `caliber skills --query "python machine-learning testing"`
+
+## When NOT to trigger
+
+- The user is working within an already well-configured area
+- You already suggested skills for this technology in this session
+- The user is in the middle of urgent debugging or time-sensitive work
+- The technology is too generic (e.g. just "code" or "programming")