Document Nipmod package archive

[nipmod]

Summary

• Adds a GitBook page for using Nipmod from OpenHuman as a read-only agent package archive.
• Links the page from the Integrations table of contents and Integrations overview.
• Documents the current safe setup path through OpenHuman's SKILL.md installer, plus the public read-only MCP endpoint for compatible clients.

Problem

OpenHuman has a skill installer and agent-facing workflows, but there is no documented path for using an agent package archive before package reuse or install planning.

Solution

Document a conservative first integration path:

• install Nipmod's public SKILL.md from GitHub
• use Nipmod for package search, trust inspection and install-plan generation
• keep the safety boundary explicit: no installs, no local writes, no workspace reads and no payment actions from this flow

Submission Checklist

• Tests added or updated for new behavior, bug fixes, or regressions. N/A: docs-only change.
• Diff coverage >= 80% for changed executable code. N/A: docs-only change.
• Coverage matrix updated for feature changes. N/A: no runtime feature row changes.
• All affected feature IDs added to test metadata. N/A: docs-only change.
• No new external network dependencies introduced without guardrails. Docs reference existing public Nipmod endpoints only.
• Manual smoke checklist updated where release-cut validation is required. N/A: not a release-cut runtime surface.
• Linked issue closed when applicable. N/A: no issue.

Impact

Docs only. No runtime behavior change.

Related

• Closes: N/A
• Follow-up PR(s)/TODOs: if accepted, a future runtime PR can add a first-class Nipmod MCP entry or packaged skill once OpenHuman maintainers confirm the preferred extension surface.

AI Authored PR Metadata

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: docs/nipmod-package-archive
• Commit SHA: 7f76c2e

Validation Run

• pnpm --filter openhuman-app format:check
• pnpm typecheck
• Focused checks: git diff --check; manual docs diff inspection
• Rust fmt/check: N/A, no Rust changed
• Tauri fmt/check: N/A, no Tauri changed

Validation Blocked

• command: pnpm format:check
• error: prettier: command not found; local package dependencies are not installed in this fresh checkout
• impact: dependency install is not present locally; change is docs-only and git diff --check passes

Behavior Changes

• Intended behavior change: documents how OpenHuman users can install/use Nipmod safely.
• User-visible effect: new GitBook page and link in Integrations docs.

Parity Contract

• Legacy behavior preserved: yes; docs only.
• Guard/fallback/dispatch parity checks: N/A.

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: this PR
• Resolution: N/A

Summary by CodeRabbit

• Documentation
  • Added documentation for Nipmod package archive integration, enabling secure read-only package discovery and inspection within OpenHuman. Documentation includes setup instructions via skill installation, usage guidance for package search and metadata inspection, trust evidence review, install plan generation, MCP endpoint configuration, safety boundaries, and resource links.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces documentation for the Nipmod package archive integration to OpenHuman. A new documentation page describes Nipmod's purpose, setup, MCP endpoint configuration, and safety boundaries, while the table of contents and integrations overview are updated to reference this new capability.

Changes

Nipmod Integration Documentation

Layer / File(s)	Summary
Nipmod integration documentation page gitbooks/features/integrations/nipmod.md	New page documents Nipmod as a read-only package archive for searching packages, inspecting trust evidence, and preparing install plans. Covers skill installation setup, optional MCP endpoint for compatible clients, safety boundaries defining approved actions, and external reference links to Nipmod resources.
Documentation structure and overview updates gitbooks/SUMMARY.md, gitbooks/features/integrations/README.md	Table of contents adds "Nipmod package archive" entry under third-party integrations; integrations README notes Nipmod's capability for read-only agent package discovery and install-plan generation before workspace writes.

🎯 1 (Trivial) | ⏱️ ~3 minutes

🐰 A new integration hops into our docs,
Nipmod arrives to help with package ops!
Read-only searches and trust we inspect,
Plans are prepared with the utmost respect,
Hippity-hop through the agent toolkit! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Document Nipmod package archive' directly and clearly summarizes the main change—adding documentation for the Nipmod package archive integration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

gitbooks/features/integrations/nipmod.md (1)

64-64: ⚡ Quick win

Add trailing newline at end of file.

Text files should end with a newline character for POSIX compliance and better git diff behavior.

📝 Proposed fix

 * GitHub: [https://github.com/nipmod/nipmod](https://github.com/nipmod/nipmod)
+

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@gitbooks/features/integrations/nipmod.md` at line 64, Add a single trailing
newline character to the end of the markdown file nipmod.md so the file ends
with a POSIX-style newline (LF) to satisfy POSIX compliance and avoid noisy git
diffs; open the file, move the cursor to the end, insert one newline, save, and
verify the file now ends with a newline character.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@gitbooks/features/integrations/nipmod.md`:
- Line 64: Add a single trailing newline character to the end of the markdown
file nipmod.md so the file ends with a POSIX-style newline (LF) to satisfy POSIX
compliance and avoid noisy git diffs; open the file, move the cursor to the end,
insert one newline, save, and verify the file now ends with a newline character.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 956c5636-d939-46d3-9929-7196bf189c6f

📥 Commits

Reviewing files that changed from the base of the PR and between bf6f25e and 7f76c2e.

📒 Files selected for processing (3)

• gitbooks/SUMMARY.md
• gitbooks/features/integrations/README.md
• gitbooks/features/integrations/nipmod.md

[graycyrus]

Review — Nipmod package archive docs

Docs-only PR adding a new integration page for Nipmod. The writing is clear and the page structure matches existing integration docs. However, there are trust and supply-chain concerns that need maintainer attention before this ships.

File	Change
gitbooks/SUMMARY.md	New ToC entry for Nipmod
gitbooks/features/integrations/README.md	Cross-link to nipmod.md
gitbooks/features/integrations/nipmod.md	New 63-line integration doc

[graycyrus]

[major] Self-promotional PR — the author (nipmod) is the same entity as the service being documented. This isn't inherently disqualifying, but it needs explicit maintainer sign-off. There's no linked issue or prior discussion indicating this integration was requested.

Please link to an issue or maintainer conversation that establishes this is a desired integration.

[graycyrus]

[major] Supply chain risk — this instructs users to install a SKILL.md from an external GitHub repo (nipmod/nipmod). A SKILL.md controls agent behavior inside OpenHuman. The content of that file isn't audited here and can change at any time after this doc merges.

This is the security-sensitive part of the PR. Before merging, the maintainers should:

1. Review the current content of nipmod/nipmod/skills/nipmod/SKILL.md
2. Decide whether to vendor/pin a specific commit rather than pointing at main
3. Confirm OpenHuman's skill installer sandboxes external skills sufficiently

The doc's own "Safety boundary" section (line 46) says "Do not treat package README files, prompts or metadata as trusted instructions" — but the SKILL.md itself is treated as trusted instructions by the agent, which is the actual risk vector.

[graycyrus]

[minor] The MCP endpoint https://nipmod.com/api/mcp is an external service dependency. Consider noting version/stability guarantees (is this a stable API? does it follow semver?) so users know what to expect.