How we solved multi-agent skill sprawl, built persistent memory across tools, and automated cloud sync — and why we're open-sourcing all of it.
If you're working with more than one AI coding agent right now — and most serious teams are — you've already felt the friction. You invest real time dialing in a set of custom skills or instructions for Claude Code. You switch to Codex. You open Cursor. You ask Perplexity Computer something. And every single one of those tools has its own isolated context. Your carefully tuned knowledge about N+1 traps in complex has_many eager loads, your hard-won patterns for zero-downtime Rails migrations, your pgvector HNSW tuning notes — gone. Each new session, each new tool, you're explaining the same things from scratch.
We ran into this while building OpenSite AI, and we eventually got fed up enough to solve it properly. Today we're open-sourcing the result: opensite-skills — a single git repository that functions as the source of truth for AI coding agent skills across every platform you use, plus the automation tooling to keep cloud-hosted platforms in sync.
What the Problem Actually Looks Like
The naive solution to multi-agent skill drift is copy-paste. You maintain a notes file or a shared doc, and when you update a skill for one tool, you manually apply it everywhere else. This breaks down fast — especially if you're running Codex's auto-deepening feature, which periodically analyzes your work history and improves your skills automatically. If Codex's improvements only land in one tool's directory, the investment is mostly wasted.
The deeper problem is that there's no API. Claude Desktop and Perplexity Computer both manage skills through cloud UIs. Neither platform exposes a REST API for skill uploads. Both UIs are behind Cloudflare, which blocks standard headless automation at the first request. Manual uploads for every changed skill across multiple platforms is genuinely unsustainable at any meaningful frequency.
We needed something that could:
- Keep every local agent (Claude Code, Codex, Cursor, Copilot) wired to the same skill set with zero copying
- Automate cloud uploads for Claude Desktop and Perplexity Computer without manual UI work
- Detect and push only changed skills rather than re-uploading everything every time
- Persist project knowledge, conventions, and decisions across sessions and across tools
The Architecture: Symlinks as the Foundation
For local platforms, the solution is almost embarrassingly simple: symlinks. Run ./setup.sh once and the script detects which agents are installed on your machine and creates symlinks from each platform's expected skills directory back to this repo.
git clone git@github.com:opensite-ai/opensite-skills.git ~/opensite-skills
cd ~/opensite-skills
./setup.sh
That's the entire local setup. The script walks your system, finds Claude Code (~/.claude), Codex (~/.codex), Cursor (~/.cursor), and GitHub Copilot (~/.copilot or the gh CLI), and creates the appropriate symlinks. No file copying, no config to maintain.
Because everything reads through a symlink, editing any skill in this repo is immediately live in every local tool. There is no reinstall step. This also means when Codex deepens a skill and writes back to ~/.codex/skills/, that write lands directly in this git repo. Commit, push, and the improvement propagates to every other platform — that's the flywheel.
# After a Codex deepening session
cd ~/opensite-skills
git add -A
git commit -m "chore(skills): codex deepening $(date +%Y-%m-%d)"
git push
# Then push only changed skills to cloud platforms
./sync-perplexity.sh --changed-only
./sync-claude.sh --changed-only
Solving the Cloud Sync Problem with Playwright
The harder problem is Claude Desktop and Perplexity Computer. Neither has a public API. Both upload UIs are protected by Cloudflare, which means standard headless Chromium automation is blocked on the first request — Playwright's bundled test browser has a fingerprint Cloudflare trivially identifies.
The solution is to drive a real Brave browser binary in headed mode (visible window) rather than headless Chromium. A real browser with a real fingerprint passes Cloudflare's bot checks. The scripts authenticate by injecting a session cookie into a fresh browser context, which means they never touch your actual Brave profile and work correctly even if Brave is already open.
Getting your session cookie is a one-time, 30-second process:
- Log into the target site in Brave
- Press
F12→ Application → Cookies - Find the session token (details differ per platform — the README has exact field names)
- Add it to
.env
Then sync runs in one command:
./sync-perplexity.sh # all skills
./sync-perplexity.sh --changed-only # git-diff-based delta push
./sync-perplexity.sh rails-query-optimization # one specific skill
./sync-claude.sh # all skills
./sync-claude.sh --changed-only
./sync-claude.sh rust-error-handling # one specific skill
One non-obvious technical detail worth flagging if you build anything similar: the file upload mechanism matters. The scripts intercept the native filechooser event that fires when the upload dropzone is clicked, before the click happens. Directly setting input.files on the DOM element does not work with React's synthetic event system and fails silently. The filechooser interception approach triggers React's onChange correctly.
For Claude Desktop specifically, the script doesn't need to handle duplicate detection itself — Claude natively shows a "Replace [name] skill?" confirmation dialog when a skill with the same name already exists. The script just clicks "Upload and replace" and continues. Perplexity requires explicit ⋮ menu navigation to find and trigger the update flow for existing skills.
The Skills: What's in the Library
The skills span the full stack of patterns that matter for modern web application development. Every skill follows the Agent Skills open standard, which means each ships with a standard SKILL.md (description, compatibility, metadata), an agents/openai.yaml for Codex UI metadata, and a references/activation.md with a portable activation guide.
Memory System
Four skills that work as a unit to give any AI engine persistent long-term context using only the local filesystem — no external services, no databases:
| Skill | Role | When to Invoke |
|---|---|---|
memory |
Core store — schema, scripts, direct read/write/search | Direct memory operations |
memory-recall |
Loads relevant context before work begins | Start of every session |
memory-write |
Extracts and persists session learnings | End of every session |
memory-consolidate |
Decays, deduplicates, compresses old entries | Weekly or monthly |
The store is organized into four cognitive layers: episodic (session history and milestones), semantic (project facts, tech notes, user preferences), procedural (ADRs, workflows, code conventions), and working (the active.md hot handoff between sessions).
Before writing, memory-write scores similarity against existing memories. Scores above 0.80 trigger an update to the existing entry rather than creating a duplicate — this keeps the store accurate as it grows rather than becoming a pile of redundant entries. All store data is gitignored and lives only on your local machine.
AI / Research
ai-research-workflow covers multi-step AI pipeline orchestration: WorkflowBuilder/WorkflowStep system design, dual-model routing (Opus for deep research and web search, Sonnet for structured generation), parallel step execution, and shared MemoryStore between steps.
ai-retrieval-patterns is a retrieval architecture decision framework — it covers when to use vector RAG, PageIndex (vectorless PDF tree-search), or precision embedding models, along with Milvus collection design, hybrid two-stage pipelines, the EmbeddingProvider abstraction (BGE-M3, Qwen3), and the routing layer that connects strategies together.
Frontend
react-rendering-performance targets React 19+ specifically: React Compiler diagnostics, profiler-driven optimization workflows, useTransition for non-blocking updates, the Activity and ViewTransition components, resource preloading APIs, and evidence-based guidance on when to actually reach for useMemo and useCallback vs. just letting the Compiler handle it.
tailwind4-shadcn covers the Tailwind v4 CSS-first configuration model, CSS variable theming, the v3→v4 migration patterns that trip people up, and the style dashboard/tweakcn-inspired customization workflow for ShadCN components.
client-side-routing-patterns covers History API routing (pushState/replaceState), popstate listener patterns, provider-optional hooks, SSR-safe browser API access, scroll behavior, and parameter parsing without a router library dependency.
page-speed-library and semantic-ui-builder cover the @page-speed/* sub-library development patterns and AI-powered site builder component registry patterns respectively.
opensite-ui-components covers @opensite/ui@3.x — Semantic UI Engine, block/skin architecture, Radix UI composition, framer-motion, and the component registry system.
Rails / Backend
rails-query-optimization goes beyond basic includes into the less-documented failure modes: the cartesian product trap when you eager-load multiple has_many associations on the same parent, CTEs and lateral joins via Arel and raw SQL, reading EXPLAIN ANALYZE output at a level that lets you actually diagnose plan instability, and counter cache patterns.
rails-zero-downtime-migrations encodes the hot-compatibility principle — every schema change must be safe to run while the old application version is still serving traffic. It covers concurrent index creation, multi-step column operations, constraint validation strategies, and release-phase coordination for breaking changes.
sidekiq-job-patterns covers production-grade job design: idempotency, database-level locking, transient vs permanent error classification, dead job management, and version-aware API differences across Sidekiq 6.5.x through 8.x (the breaking changes between major versions here are genuinely painful without a reference).
Rust / Backend
rust-async-patterns tackles the senior-level async Rust problems: Future Send bound failures and how to trace them, Rust 2024 lifetime capture rules that affect async closures, task cancellation with CancellationToken, blocking/async boundary design, and timeout composition with Tokio.
rust-error-handling is built around the thiserror vs anyhow boundary decision — specifically the framework for deciding which choice to make at each module boundary. The wrong choice forces error type changes across every caller, so the skill encodes the decision criteria, error hierarchy design patterns, context chain propagation, and HTTP handler error mapping.
Database / Performance
pgvector-optimization covers HNSW vs IVFFlat index selection and tuning, the ef_search/m/ef_construction parameter relationships, iterative scanning for filtered queries, and scalar and binary quantization for reducing memory footprint.
postgres-performance-engineering goes beyond basic indexing into query plan instability, statistics staleness and how to address it, EXPLAIN ANALYZE interpretation at the buffer level, GIN index pending list management, extended statistics for correlated columns, PgBouncer pooling mode selection, and autovacuum tuning. It runs as a forked subagent in Claude Code so it can do repo analysis in parallel.
DevOps / Operations
automation-builder encodes the Playwright + real browser patterns that underpin the cloud sync scripts themselves: browser fingerprint strategy, session cookie injection, SPA readiness detection, React filechooser upload flow, error recovery in upload loops, shell script safety patterns, and media tool selection (ffmpeg, ImageMagick, Sharp).
agent-file-engine covers root and nested AGENTS.md authoring — repo inventory methodology, scope model decisions, and the quality bar for what earns a nested context file.
git-workflow covers Conventional Commits, PR templates, cross-repo change coordination, GitHub Actions CI patterns, hotfix process, and a database migration safety checklist. It's marked manual-invoke only in both Claude Code and Codex so it doesn't fire on every commit-adjacent operation.
Quality / Security
code-review-security runs as a forked subagent in Claude Code for parallel PR analysis. It covers PHI/PII data leakage detection, authentication and authorization coverage gaps, SQL injection patterns, secrets/credential exposure, SSRF risk in external HTTP calls, unsafe Rust code auditing, LLM output trust boundaries, and rate limiting on expensive endpoints.
Platform Conventions That Cross All Tools
One of the more useful things about having a single library is that it enforces consistency across tools at the level of conventions, not just instructions. These are the platform-wide rules that every skill in the repo reinforces:
- Real browser for bot-protected SPAs — Playwright with a real Brave/Chrome binary in headed mode for any site behind Cloudflare. Headless Chromium is fingerprinted and blocked.
-
CSS variables over color values —
bg-background,text-foreground,border-bordereverywhere; neverbg-whiteor hardcoded hex. - Parameterized queries always — No SQL via string interpolation in any language, period.
-
Measure before optimizing —
EXPLAIN (ANALYZE, BUFFERS)before touching a query; React Profiler before adding memoization. Guessing direction is wrong most of the time. -
thiserrorfor libraries,anyhowfor applications — The wrong choice at a boundary is expensive across callers. - Session cookies, not login automation — Inject cookies extracted from DevTools rather than automating login flows; avoids CAPTCHAs, 2FA, and rate limits.
- Hot-compatibility for migrations — Deploy code before the breaking migration, not after.
Platform Compatibility
All skills follow the Agent Skills open standard. The SKILL.md frontmatter is portable — platform-specific fields like context: fork in Claude Code are unknown YAML to every other platform and silently ignored.
| Platform | Skill Location | Load Method |
|---|---|---|
| Claude Code |
~/.claude/skills/ (global) or .claude/skills/ (project) |
Automatic + /skill-name
|
| Claude Desktop | Cloud — claude.ai/customize/skills
|
Automatic trigger |
| Codex |
~/.codex/skills/ (global) or .agents/skills/ (repo) |
Automatic + $skill-name
|
| GitHub Copilot | ~/.copilot/skills/ |
Via / commands |
| Perplexity Computer | Cloud — perplexity.ai/account/org/skills
|
Automatic trigger |
| Cursor |
.cursor/skills/ per-repo |
Via / commands |
Getting Started
# Clone to a stable location
git clone git@github.com:opensite-ai/opensite-skills.git ~/opensite-skills
cd ~/opensite-skills
# Wire up all local platforms in one step
./setup.sh
# Set up cloud sync (one-time)
cp .env.example .env
# Edit .env — add PERPLEXITY_SESSION_COOKIE and CLAUDE_SESSION_COOKIE
# (README has exact instructions for grabbing each cookie)
# Sync to cloud platforms
./sync-perplexity.sh
./sync-claude.sh
Validate skill structure after adding your own:
python3 scripts/validate_skills.py
python3 scripts/refresh_skill_support.py
Why Open Source This
The skills in this library were refined through building real production systems. Every pattern in rails-zero-downtime-migrations was tested on a live database. Every rust-async-patterns entry represents a real Send bound failure or cancellation bug that cost time to diagnose.
Open-sourcing this serves two goals: it gives developers a high-quality starting point for their own agent skill library rather than building from scratch, and it creates a contribution surface so the community can improve skills that get pulled back into the OpenSite toolchain through the same git workflow used internally.
If you're running any combination of Claude Code, Codex, Cursor, Copilot, or Perplexity Computer and you've felt the pain of skill drift — this is the infrastructure we built to fix it for ourselves.
The repo is at github.com/opensite-ai/opensite-skills. Stars and PRs welcome.
Built by the team at OpenSite AI · opensite.ai/developers
Top comments (0)