Open
Conversation
생활쓰레기 조회 스킬 문서와 기능 가이드를 추가하고, 프록시 라우트를 구현해 조회 흐름을 완성했다. 설치/설정 문서도 스킬 사용 흐름에 맞게 정리했다. Made-with: Cursor
…x SKILL.md newline - Drop user-supplied returnType and force "json" upstream so the cache key (which omits returnType) cannot be poisoned by alternate response shapes. - Add server tests covering: missing SGG_NM (400), missing API key (503), serviceKey injection + cache hit on second call, returnType=xml override ignored, upstream non-200 surfaced as 502. - Add trailing newline to household-waste-info/SKILL.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
vkehfdl1's review on PR NomaDamas#82: skill/docs claimed support for cond[DAT_CRTR_YMD::*] / cond[DAT_UPDT_PNT::*] filters and an optional returnType, but the proxy only forwards pageNo, numOfRows, and cond[SGG_NM::LIKE], and forces returnType=json. Typical user queries ("강남구 쓰레기 배출 요일") only need 시군구 검색, so shrink the documented contract to match the proxy instead of widening pass-through. - household-waste-info/SKILL.md: list only proxy-supported params, note returnType is server-forced, fix failure modes. - docs/features/household-waste-info.md: switch base example to the proxy route, drop the bare upstream curl, call out unsupported filters explicitly. - docs/install.md, docs/security-and-secrets.md, k-skill-setup/SKILL.md: describe the skill as calling the proxy /v1/household-waste/info route rather than the raw upstream endpoint.
The 인증/시크릿 column mixed user-side credentials, proxy URL hints, and "use this fallback" notes — confusing for end users who only need to know "do I have to log in or not?". Operator-managed secrets that ship in k-skill-proxy are not the user's problem. - Rename column to "사용자 로그인" with a one-line preface explaining the new contract. - Reclassify proxy-fronted skills (서울 지하철, 한강 수위, 부동산, 생활쓰레기, 가장 싼 주유소, 한국 법령 remote endpoint) to 불필요. - Only SRT, KTX, 토스증권 keep 필요 (real per-user account login). - Tighten the household-waste-info row to use the proxy-route phrasing consistent with the rest of the docs in this PR. - Update skill-docs tests to assert the new binary classification for 서울 지하철 and 한국 법령 rows.
The 설명 column was leaking implementation details — k-skill-proxy routing notes, upstream package names, anti-bot helper mentions — that don't help a user decide whether the skill does what they want. Rewrite each row to state only "what this skill does for the user", dropping references to k-skill-proxy, upstream library names (real-estate-mcp, kakaocli, daiso-mcp, coupang-mcp, tossctl, korean-law-mcp, Dynapath helper, Kakao Map anchor, Opinet, etc.) and proxy route paths. The 사용자 로그인 column already captures the "do I need credentials?" question, so the description is free to focus on the capability itself.
- KEDU_INFO_KEY로 /v1/neis/school-search, /v1/neis/school-meal 중계 - 시도교육청 자연어 해석(neis-office-codes.js) - k-schoollunch-menu 스킬, README·설치/설정/보안·프록시 문서 반영 - docs/adding-a-skill.md 스킬 추가 가이드 Made-with: Cursor
- upstream 생활쓰레기 프록시/스킬·skill-docs 변경 반영 - README 표에 학교 급식 행 복원, security에 KEDU_INFO_KEY·household 라우트 문구 정리 - NEIS 프록시 단위 테스트 블록 복원 Made-with: Cursor
The existing school lunch feature branch was mergeable in shape, but review found that the public household-waste route still forwarded unchecked pagination inputs, user-facing secrets docs suggested storing a server-only KEDU key locally, and the proxy/operator docs omitted the new household-waste env requirements. This follow-up validates the public query surface before fetch, aligns docs with the proxy-only secret policy, and keeps the requested validation workflow green by ignoring hidden metadata folders in the skill-layout checker. Constraint: Public proxy routes must stay narrow and keep upstream keys server-only Rejected: Forward arbitrary pageNo values | violates the documented public-route contract Rejected: Leave validate-skills unchanged | hidden metadata directories break the requested verification flow Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep household-waste parameter support and docs/tests in lockstep when widening this route Tested: npm run lint Tested: npm run typecheck Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: node --test scripts/skill-docs.test.js Tested: bash scripts/validate-skills.sh Tested: local proxy smoke (/health, household-waste invalid 400, household-waste valid 200) Not-tested: Live NEIS curl smoke test (KEDU_INFO_KEY unavailable locally)
Issue #0's core proxy and NEIS changes were already present on feature/#0, but the setup guide still omitted the hosted/self-host household-waste entry that users need when checking which features require local secrets. Add a regression test first, then document the household-waste row and guide link so the setup matrix stays aligned with the shipped proxy routes. Constraint: Keep the follow-up diff narrow and avoid touching already-approved proxy behavior Rejected: Leave the setup matrix as-is | it would keep user-facing docs inconsistent with the shipped route list Confidence: high Scope-risk: narrow Reversibility: clean Directive: When proxy-backed skills move between hosted and self-host flows, update docs/setup.md alongside the feature docs Tested: node --test scripts/skill-docs.test.js Tested: npm run lint Tested: npm run typecheck Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: bash scripts/validate-skills.sh Not-tested: Live hosted proxy deployment docs rendering on GitHub
The setup guide already described proxy-hosted household-waste and NEIS flows elsewhere, but the opening summary still omitted school lunch from the no-user-key hosted-proxy list. This adds a regression test first, then aligns the intro sentence and test label so the doc stays consistent with the shipped proxy-backed feature set. Constraint: Keep the follow-up scoped to existing Issue #0/PR NomaDamas#103 documentation surfaces Rejected: Broader setup guide rewrite | unnecessary for the approved follow-up Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep hosted-proxy/no-user-key summaries aligned with the per-feature setup matrix when adding new proxy-backed skills Tested: Targeted red/green skill-docs regression; npm run lint; npm run typecheck; node --test packages/k-skill-proxy/test/server.test.js; bash scripts/validate-skills.sh; node --test scripts/skill-docs.test.js; buildServer runtime smoke for /health, household-waste validation, and NEIS missing-key behavior Not-tested: Live NEIS upstream call with a real KEDU_INFO_KEY Related: PR NomaDamas#102 Related: PR NomaDamas#103
The approved PR NomaDamas#103 follow-up extends the setup-doc regression coverage so it checks the hosted KSKILL_PROXY_BASE_URL guidance and both household-waste + school-lunch setup entries, then updates the guide text to match the shipped hosted-proxy behavior. Constraint: Must stay within the approved PR NomaDamas#103 follow-up scope Rejected: Broader setup-doc wording sweep across unrelated features | unnecessary for this approved follow-up Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep docs/setup.md and scripts/skill-docs.test.js aligned whenever hosted proxy coverage changes Tested: node --test scripts/skill-docs.test.js Tested: npm run lint Tested: npm run typecheck Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: bash scripts/validate-skills.sh Tested: local buildServer(...).inject(...) smoke for /health and household-waste pagination Not-tested: Live NEIS curl smoke with a real KEDU_INFO_KEY
The feature/#0 follow-up already had the proxy/runtime fixes in place, but the branch still needed the final regression locks and doc wording that keep the review fixes durable. This commit adds lower-bound household-waste pagination tests and aligns install/security docs with the proxy-only KEDU_INFO_KEY policy so the school lunch feature stays on the hosted-proxy / no-user-key path. Constraint: Follow-up had to stay on feature/#0 so PR NomaDamas#103 updates in place Constraint: User-facing secrets guidance must not imply KEDU_INFO_KEY belongs in the default client env file Rejected: Broaden the pass into more proxy/doc rewrites | unnecessary beyond the approved Issue #0 follow-up Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep school lunch docs and regression text aligned with the hosted proxy policy whenever setup/security wording changes Tested: npm run lint; npm run typecheck; node --test packages/k-skill-proxy/test/server.test.js; bash scripts/validate-skills.sh; node --test scripts/skill-docs.test.js; local proxy smoke for /health, invalid household-waste 400, valid household-waste 200, NEIS without KEDU_INFO_KEY 503 Not-tested: Live NEIS curl against a valid KEDU_INFO_KEY-enabled proxy Related: PR NomaDamas#102 Related: PR NomaDamas#103
The setup skill had drifted behind docs/setup.md after the household-waste and school-lunch proxy follow-ups. This updates the skill guidance and locks it with a regression so future doc edits keep the hosted-proxy and server-only-key story consistent across the user-facing setup surfaces. Constraint: Follow-up scope is limited to the approved docs/setup consistency gap from PR NomaDamas#103 review Rejected: Broad setup-doc sweep | unnecessary beyond the approved drift fix Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep k-skill-setup/SKILL.md aligned with docs/setup.md whenever hosted proxy coverage changes Tested: npm run lint; npm run typecheck; node --test packages/k-skill-proxy/test/server.test.js; bash scripts/validate-skills.sh; node --test scripts/skill-docs.test.js; local buildServer smoke for /health and household-waste pagination Not-tested: Live upstream NEIS/Data.go.kr network calls with real server credentials Related: PR NomaDamas#103
- /v1/household-waste/info에 pageNo·numOfRows 필수, 값은 1·100만 허용(미충족·비정수 문자열은 400) - validateHouseholdWastePaginationQuery 오동작 수정 - validate-skills.sh에서 .cursor·.vscode 디렉터리 제외 - household-waste·k-skill-proxy 문서, 스킬, 패키지 README에 NEIS·생활쓰레기 curl 예시 정리 Made-with: Cursor
- setup.md·k-skill-setup: 생활쓰레기/급식을 기본 hosted·unset base URL 문구에 포함, 서버 키(DATA_GO_KR·KEDU) 명시 - 표·다음 문서: 생활쓰레기 행·가이드 링크, pageNo/numOfRows 필수 - proxy README·feature doc·household-waste 스킬: 키·페이지네이션·400 계약 보강 - skill-docs.test.js: hosted 생활쓰레기/급식 흐름 회귀 테스트, 예시 secrets에 KEDU_INFO_KEY 금지 Made-with: Cursor
Contributor
|
REQUEST CHANGES
Real Result
|
Fastify parses repeated query parameters as arrays, so the household-waste normalizer now rejects repeated scalar fields before any upstream request. This adds a regression test for duplicated cond[SGG_NM::LIKE] values and keeps invalid requests on the documented 400 bad_request path. Constraint: Household-waste validation must fail before any upstream fetch Rejected: Join repeated query values into one filter | ambiguous request semantics Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep repeated scalar query params on the 400 path unless the public contract is expanded intentionally Tested: node --test packages/k-skill-proxy/test/server.test.js; npm test; npm run lint; npm run typecheck; local proxy smoke on duplicated cond[SGG_NM::LIKE] Not-tested: Live household-waste upstream success path with a real DATA_GO_KR_API_KEY
Open
Contributor
|
수정 반영했습니다.
|
Contributor
|
중복
|
Contributor
|
REQUEST CHANGES
Real Result
So from this round's verification, the prior blocking issue is not fixed yet. |
Review follow-up found that mixed alias pagination params could still bypass the narrowed public route contract even after duplicate scalar handling was added. This tightens the query normalizer so pageNo/page_no and numOfRows/num_of_rows must appear exactly once and match the fixed allowed values, expands regression coverage for those alias combinations, and aligns the public docs/examples with the exact pageNo=1 + numOfRows=100 contract. The household-waste test setup was also de-duplicated within the scoped suite to keep the follow-up readable without widening behavior. Constraint: The public household-waste proxy route must stay narrow and reject ambiguous scalar query shapes before any upstream fetch Rejected: Keep alias resolution as first-non-null | mixed pageNo/page_no and numOfRows/num_of_rows would still bypass the documented 400 path Rejected: Broaden the route to support alternate page sizes | outside the approved issue scope and contrary to the fixed-value contract Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep household-waste docs and regression tests aligned whenever the allowed query surface changes, including alias handling Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: node --test scripts/skill-docs.test.js Tested: npm run lint Tested: npm run typecheck Tested: npm run test Tested: local proxy smoke on port 4121 for mixed pageNo/page_no 400, mixed numOfRows/num_of_rows 400, and returnType override reaching upstream with fixed pagination Not-tested: Live successful household-waste upstream response with a real DATA_GO_KR_API_KEY
Contributor
|
중복/별칭 household-waste 쿼리 검증 누락을 마저 막았습니다.
검증:
|
Contributor
|
REQUEST CHANGES
Real Result
RECOMMENDATION: REQUEST CHANGES |
Contributor
|
REQUEST CHANGES
Real Result
So from this round's real verification, the household-waste validation tightening described in the PR body/thread is still not actually enforced on the current branch. |
Contributor
|
중복/별칭 household-waste 쿼리 검증 누락이 이미
검증:
|
Contributor
|
REJECT Short reason: the household-waste validation tightening described in the PR is still not enforced on the current PR head Real Result
Recommendation: keep this blocked until duplicated scalar arrays and mixed alias duplicates are rejected with |
NEIS 급식·생활쓰레기 프록시·문서·skill-docs 테스트 정렬 충돌을 해소했다. Made-with: Cursor
Contributor
Author
검증 환경
테스트 결과
핵심 검증 항목생활쓰레기
NEIS 급식·학교검색
문서·보안 정합성
기타
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
수정내용
왜
테스트내용
기타 (main 브랜치 반영 필요)
이 건은 누락되지 않게 메인에도 동일하게 해당부분 수정 후 PR 드리겠습니다.
Co-Authored-By: Cursor (Sonnet 4.6)