skills/DEPLOYED.md

Deployed Skills

Record of skills deployed from this repository to dotfiles.

niri-window-capture

Deployed: 2025-11-08
To: ~/proj/dotfiles/claude/skills/niri-window-capture/
Status: Staged in dotfiles, awaiting rebuild

Security: HIGH RISK - invisible cross-workspace window capture

Pre-deployment checklist:

• SECURITY.md reviewed
• Audit logging implemented (logger -t niri-capture)
• Security warnings in SKILL.md and README.md
• Upstream feature request template created
• Niri block-out rules configured (user responsibility)
• System rebuilt
• Agents restarted

Files deployed:

• SKILL.md (184 lines) - Agent instructions
• SECURITY.md (196 lines) - Threat model and mitigations
• README.md (108 lines) - User guide
• UPSTREAM-REQUEST.md (108 lines) - Feature request for --no-clipboard
• IMPLEMENTATION-NOTES.md - Technical documentation
• scripts/capture-focused.sh - Capture current window
• scripts/capture-by-title.sh - Find and capture by title
• scripts/capture-all-windows.sh - Capture all windows
• examples/ - Usage examples

Next steps in dotfiles:

cd ~/proj/dotfiles

# Verify staged
git status

# Should see:
# - claude/skills/niri-window-capture/ (new directory)
# - home/claude.nix (modified)
# - home/opencode.nix (modified)

# Commit
git commit -m "Add niri-window-capture skill

Security-sensitive skill for invisible cross-workspace window capture.

Features:
- Capture windows from any workspace without switching
- Direct buffer rendering via niri compositor
- Audit logging to systemd journal (logger -t niri-capture)
- Comprehensive security documentation

Security requirements:
- User must configure niri block-out rules for sensitive apps
- All captures logged to journalctl --user -t niri-capture
- Screenshots always copied to clipboard (niri limitation)
- See SECURITY.md for complete threat model

Tested: cross-workspace capture works invisibly
Audit log: verified working
Upstream request: --no-clipboard flag template ready"

# Rebuild
sudo nixos-rebuild switch --flake .#delpad

# Restart agents
# - Exit and restart OpenCode
# - Restart Claude Code application

Verification after rebuild:

# Check deployment
ls -la ~/.claude/skills/niri-window-capture
ls -la ~/.config/opencode/skills/niri-window-capture

# Should be symlinks to nix store

# Test capture
~/.claude/skills/niri-window-capture/scripts/capture-focused.sh

# Check audit log
journalctl --user -t niri-capture -n 5

User configuration required:

# Edit ~/.config/niri/config.kdl
# Add window-rule for password managers:

window-rule {
    match app-id=r#"^org\.keepassxc\.KeePassXC$"#
    match app-id=r#"^org\.gnome\.World\.Secrets$"#
    block-out-from "screen-capture"
}

# Find app-id for your password manager:
niri msg --json windows | jq -r '.[] | "\(.app_id) - \(.title)"'

screenshot-latest

Status: Not yet deployed
Reason: Pending decision
Security: Low risk (finds existing files only)

Would be simple deployment once decided.

---

Deployment Process

1. Develop in ~/proj/skills/skills/<name>/
2. Deploy with ./bin/deploy-skill.sh <name>
3. Configure Nix in dotfiles (edit claude.nix + opencode.nix)
4. Commit to dotfiles git
5. Rebuild system: sudo nixos-rebuild switch --flake .#delpad
6. Restart agents
7. Record in this file

References

• Deployment strategy: DEPLOYMENT.md
• Deployment questions: DEPLOYMENT-QUESTIONS.md
• Dotfiles workflow: ~/proj/dotfiles/docs/skills-and-commands-workflow.md