fix(eidolon-cache): scope rhythm-guard reply match + correct skill manifests (ARFD-363 usability audit)

[MidnightDarling]

What & why

A "this has to actually work for users" audit pass over the marketplace and both plugins, with every official-config claim verified against the live Claude Code and Codex plugin specs (via Exa: code.claude.com/docs, developers.openai.com/codex, and openai/codex source). It also closes the one review thread still open from PR #1.

Verified working (no change needed)

• pip install -e . → import rednote_butler → python -m rednote_butler.cli --help all succeed; 94 tests pass, ruff clean.
• All 7 JSON manifests parse; rhythm-guard.sh is mode 100755.
• Claude Code marketplace "source": "./plugins/rednote-butler" matches the official relative-path form.
• Codex .codex-plugin/plugin.json (interface block) + .agents/plugins/marketplace.json (source/policy/category) match the real Codex spec.
• Codex hook compatibility: Codex also sets CLAUDE_PLUGIN_ROOT and uses the same PreToolUse → permissionDecision (allow/deny/ask) schema, so rhythm-guard.sh works on Codex too.

Fixes in this PR

1. rhythm-guard.sh — narrow the third reply-detection pattern *cli.py*reply* → *rednote*cli.py*reply*. The earlier substring dragged an unrelated tool's cli.py reply into the rednote account gate (spurious ask, could interrupt other Bash workflows). The repo path always contains rednote-butler, so the ARFD-363 F9 absolute-path defence still holds. Resolves the open Codex review (PR fix(rednote-butler): harden v0.1.0 per ARFD-363 audit (15 findings) #1, P2).
2. Regression test pinning that a foreign cli.py reply passes through the hook with no decision.
3. SKILL.md ×2 — tools: is not a valid Claude Code skill frontmatter field (it was silently ignored); renamed to the spec field allowed-tools:.
4. check_env_keys.py — drop unused os/sys imports (ruff F401; the repo's "Ruff for lint" bar was failing under the wider scope).
5. Docs — correct stale test counts (65/75 → 94) in CLAUDE.md and docs/roadmap.md.

Review

• /code-review: no confirmed defects (logic traced + cross-file + independent finder agent all clean; both the "legit reply still gated" and "foreign reply passes through" properties are pinned by tests).
• /security-review: no high/medium findings. The narrowing is not a cadence bypass (the authoritative gate reply.reply_async() is untouched); allowed-tools is not an escalation (operator-invoked; hook + /dev/tty y/n still fire).

Three red lines preserved: 15 min / 10 per 24h / 3 first-session, single write-path, mandatory y/n.

Linear: ARFD-363

https://claude.ai/code/session_01ALz7j81EUFEZxSA9CA9WPv

---

Generated by Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
twitter-voice-setup-0fb701	Ready	Preview, Comment	May 29, 2026 5:07pm

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 8fbe6703-d040-4cab-a3d3-12171516ee5b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/tender-brown-Q2QTw

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}