# Deployed Skills Record of skills deployed from this repository to dotfiles. ## niri-window-capture **Deployed**: 2025-11-08 **To**: `~/proj/dotfiles/claude/skills/niri-window-capture/` **Status**: Staged in dotfiles, awaiting rebuild **Security**: HIGH RISK - invisible cross-workspace window capture **Pre-deployment checklist**: - [X] SECURITY.md reviewed - [X] Audit logging implemented (logger -t niri-capture) - [X] Security warnings in SKILL.md and README.md - [X] Upstream feature request template created - [ ] Niri block-out rules configured (user responsibility) - [ ] System rebuilt - [ ] Agents restarted **Files deployed**: - SKILL.md (184 lines) - Agent instructions - SECURITY.md (196 lines) - Threat model and mitigations - README.md (108 lines) - User guide - UPSTREAM-REQUEST.md (108 lines) - Feature request for --no-clipboard - IMPLEMENTATION-NOTES.md - Technical documentation - scripts/capture-focused.sh - Capture current window - scripts/capture-by-title.sh - Find and capture by title - scripts/capture-all-windows.sh - Capture all windows - examples/ - Usage examples **Next steps in dotfiles**: ```bash cd ~/proj/dotfiles # Verify staged git status # Should see: # - claude/skills/niri-window-capture/ (new directory) # - home/claude.nix (modified) # - home/opencode.nix (modified) # Commit git commit -m "Add niri-window-capture skill Security-sensitive skill for invisible cross-workspace window capture. Features: - Capture windows from any workspace without switching - Direct buffer rendering via niri compositor - Audit logging to systemd journal (logger -t niri-capture) - Comprehensive security documentation Security requirements: - User must configure niri block-out rules for sensitive apps - All captures logged to journalctl --user -t niri-capture - Screenshots always copied to clipboard (niri limitation) - See SECURITY.md for complete threat model Tested: cross-workspace capture works invisibly Audit log: verified working Upstream request: --no-clipboard flag template ready" # Rebuild sudo nixos-rebuild switch --flake .#delpad # Restart agents # - Exit and restart OpenCode # - Restart Claude Code application ``` **Verification after rebuild**: ```bash # Check deployment ls -la ~/.claude/skills/niri-window-capture ls -la ~/.config/opencode/skills/niri-window-capture # Should be symlinks to nix store # Test capture ~/.claude/skills/niri-window-capture/scripts/capture-focused.sh # Check audit log journalctl --user -t niri-capture -n 5 ``` **User configuration required**: ```bash # Edit ~/.config/niri/config.kdl # Add window-rule for password managers: window-rule { match app-id=r#"^org\.keepassxc\.KeePassXC$"# match app-id=r#"^org\.gnome\.World\.Secrets$"# block-out-from "screen-capture" } # Find app-id for your password manager: niri msg --json windows | jq -r '.[] | "\(.app_id) - \(.title)"' ``` ## screenshot-latest **Status**: Not yet deployed **Reason**: Pending decision **Security**: Low risk (finds existing files only) Would be simple deployment once decided. --- ## Deployment Process 1. **Develop** in `~/proj/skills/skills//` 2. **Deploy** with `./bin/deploy-skill.sh ` 3. **Configure** Nix in dotfiles (edit claude.nix + opencode.nix) 4. **Commit** to dotfiles git 5. **Rebuild** system: `sudo nixos-rebuild switch --flake .#delpad` 6. **Restart** agents 7. **Record** in this file ## References - Deployment strategy: DEPLOYMENT.md - Deployment questions: DEPLOYMENT-QUESTIONS.md - Dotfiles workflow: ~/proj/dotfiles/docs/skills-and-commands-workflow.md