patternfly · evwilkin · Mar 19, 2026 · jpuzz0 · Mar 23, 2026 · evwilkin
diff --git a/plugins/pf-react/skills/repos-json-health-review/SKILL.md b/plugins/pf-react/skills/repos-json-health-review/SKILL.md
@@ -0,0 +1,65 @@
+---
+name: repos-json-health-review
+description: Flags archived or inactive Git repositories listed in PatternFly Analytics repos.json so entries can be pruned. Use when reviewing repos.json, auditing tracked codebases, or removing stale or archived repos from analytics.
+---
+
+# repos.json health review
+
+Keep PatternFly Analytics from tracking **archived** repositories and repos with **no meaningful code activity** past a configurable threshold (default **730 days**).
+
+## Plugin placement
+
+This is **analytics inventory hygiene**, not React UI work. It ships under **pf-react** only because the contribution table has no analytics-focused plugin; if that changes, relocate the skill to match.
+
+## Input
+
+- **File:** `repos.json` (project root or path the user supplies). Expect a top-level `repos` array; each entry has `git` (clone URL) and `name` (display label).
+
+## Outcomes
+
+For every row, assign one bucket:
+
+| Bucket | Meaning |
+|--------|---------|
+| **archived** | Host marks the project archived / read-only |
+| **stale** | Last code activity is before the cutoff |
+| **could not verify** | Auth failure, network, or unsupported host—**not** the same as stale |
+| **active** | Neither archived nor stale |
+
+Use the host’s best signal for **real code activity** (e.g. last push to the default branch), not noisy metadata-only updates. Field names and API notes: [reference.md](reference.md).
+
+## How to work
+
+1. Read `repos.json` and collect all `git` URLs with their `name`.
+2. For each URL, determine host (**GitHub**, **GitLab** including private instances, or other).
+3. Query the host using **whatever authenticated access the user’s environment already provides** (host CLI, REST with tokens, etc.). Prefer a deterministic per-repo lookup; if one path fails, try another before giving up.
+4. Do **not** treat auth or network failures as “stale”—bucket those as **could not verify** with a short reason.
+5. Produce the report below. **Do not** remove or edit `repos.json` entries unless the user explicitly asks.
+
+## Edge cases
+
+- **404 / moved / renamed:** Flag for manual verification; do not assume delete.
+- **Forks and mirrors:** Same rules; stale mirrors may still be poor analytics targets.
+- **Unknown hosts:** **could not verify** with explanation—not stale.
+
+## Optional script
+
+For a repeatable local run, execute the bundled **Node** script in `scripts/repos-json-health-review.js` (same directory as this file: `.../repos-json-health-review/scripts/`). Pass the path to `repos.json`; optional `--days <n>` and `--json`. Requires network and credentials as documented in the script. Does not modify `repos.json`.
+
+## Report format
+
+Use markdown with:
+
+1. **Threshold** (days) and **run date**
+2. **Archived** — table: name, git, notes
+3. **Stale** — table: name, git, last activity (and which field was used)
+4. **Could not verify** — table: name, git, reason
+5. **Active** — brief count or one-line summary
+
+**Good output:** Clear buckets, honest “unknown,” timestamps tied to named fields, no silent edits to the JSON file.
+
+**Bad output:** Calling repos stale because API calls failed, or pruning the list without explicit user consent.
+
+## Additional resources
+
+- [reference.md](reference.md) — host APIs, fields, encoding, and CLI patterns
diff --git a/plugins/pf-react/skills/repos-json-health-review/reference.md b/plugins/pf-react/skills/repos-json-health-review/reference.md
@@ -0,0 +1,56 @@
+# Reference: hosts, APIs, and fields
+
+## GitHub
+
+**REST:** `GET /repos/{owner}/{repo}` (same payload as `gh api repos/OWNER/REPO`).
+
+| Field | Use |
+|-------|-----|
+| `archived` | `true` → archived |
+| `pushed_at` | Prefer for “code activity” (last push); compare ISO 8601 to cutoff |
+| `updated_at` | Noisier (issues, wiki, settings); avoid as primary stale signal |
+| `disabled` | Rare; policy-disabled repo |
+
+Parse `owner` and `repo` from HTTPS or SSH URLs (strip trailing `.git`). Example metadata pull:
+
+```bash
+gh api "repos/OWNER/REPO" --jq '{archived, pushed_at, updated_at, html_url}'
+```
+
+If the host CLI is unavailable, use REST with a token the environment already exposes (e.g. `GITHUB_TOKEN`). Anonymous quotas are tight—prefer authenticated access.
+
+**Stale:** `pushed_at` is null or older than the cutoff.
+
+## GitLab
+
+**REST:** `GET /api/v4/projects/:id` where `:id` is numeric id or **URL-encoded path** (`namespace%2Fproject`).
+
+| Field | Use |
+|-------|-----|
+| `archived` | `true` → archived |
+| `last_repository_update` | Prefer when present (closest to “last git activity”) |
+| `last_activity_at` | Broader activity (issues, MRs, pushes); fallback |
+
+**Example request** (replace host, path, token):
+
+```bash
+curl --header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
+  "https://gitlab.example.com/api/v4/projects/PATH_ENCODED"
+```
+
+Private instances need a token with at least **read_api**. **401/403/404** on private or renamed projects: treat as **could not verify**, not stale.
+
+**Encoding path:** e.g. `group/my-project` → `group%2Fmy-project`
+
+```bash
+python3 -c "import urllib.parse; print(urllib.parse.quote('group/my-project', safe=''))"
+```
+
+**GitLab.com:** Some public projects respond without a token; private repos need a token.
+
+## Batch workflow (assistant or script)
+
+1. Parse all `git` URLs from `repos.json`.
+2. Group by host where helpful (github.com, gitlab hosts, etc.).
+3. For each URL, record `name`, URL, archived flag, activity timestamp, and classification notes.
+4. Emit the markdown report defined in `SKILL.md`; do not modify `repos.json` unless the user requests it.