Tighten check-errors approval gate; richer list-errors summaries

Make skill explicit that ready-to-run commands still need user approval,
even in auto mode. Require markdown-table summary on step 1.

list-errors.sh: collapse HTTP 422 OperationOutcome into a short
`HTTP <code> <kind> [schema] <expression> — <diagnostics>` line and
render unmappedCodes directly for code_mapping_error rows.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: ipasechnikov

.claude/skills/check-errors/SKILL.md

@@ -5,7 +5,9 @@ description: Check recent HL7v2 processing errors in Aidbox, diagnose root cause
 
 # Check HL7v2 Processing Errors
 
-Diagnose and help resolve `IncomingHL7v2Message` errors from the HL7v2→FHIR pipeline. Work iteratively — summary first, one error at a time, never auto-fix without approval.
+Diagnose and help resolve `IncomingHL7v2Message` errors from the HL7v2→FHIR pipeline. Work iteratively — summary first, one error at a time.
+
+**MANDATORY APPROVAL GATE.** Never run any fix command without explicit user approval, even in auto mode and even when the inspect script prints a "ready-to-run" line. "Ready-to-run" means *ready for the user to approve*, not *ready for you to execute*. Present the proposed command, wait for an explicit "yes" / "do it" / "go ahead", then run. This applies to `wire-preprocessor.ts`, `defer.sh`, `resolve-mapping.sh`, `verify-retry.sh`, `mark-for-retry`, config edits, and any other state-changing action. Read-only inspection (`list-errors.sh`, `triage.sh`, `inspect-error.sh`, `status.sh`, `loinc-search.sh`, `list-preprocessors.sh`, `check-message-support.ts`) does not require approval.
 
 ## Step 1: Summary
 
@@ -27,6 +29,8 @@ Prints each error with a suggested class (auto-swap / fhir-422 / sender-missing
 
 Ask: **"Which error would you like me to investigate?"** Skip `deferred` rows unless the user explicitly asks.
 
+**Present the summary back to the user as a markdown table** (not a bullet list), even when condensing or rewording the script output. Columns: `#`, `Type`, short `Summary`, `ID`.
+
 ## Step 2: Inspect one
 
 ```sh
@@ -35,7 +39,7 @@ scripts/errors/inspect-error.sh <id>
 
 Emits: status, type, sender, full error, unmapped codes (if present), raw HL7v2 saved to `/tmp/hl7v2-<id>.hl7`, and an `hl7v2-inspect` overview for `parsing_error`/`conversion_error`. **You do not need to curl the resource yourself.**
 
-For `HTTP 422` conversion errors the script also prints the **current values** of each candidate HL7v2 field, so you typically don't need an additional `hl7v2-inspect --field` call. For `per-1` (reversed period) it also emits a **ready-to-run** `wire-preprocessor.ts` command — just copy/run it. For `code_mapping_error` with any `observation-code-loinc` task, peer OBX rows are dumped automatically AND LOINC candidates are fetched via ValueSet/$expand on each localDisplay — you usually have everything needed to pick the right LOINC without another call.
+For `HTTP 422` conversion errors the script also prints the **current values** of each candidate HL7v2 field, so you typically don't need an additional `hl7v2-inspect --field` call. For `per-1` (reversed period) it also emits a **ready-to-run** `wire-preprocessor.ts` command — present it to the user for approval, do NOT run it yourself. For `code_mapping_error` with any `observation-code-loinc` task, peer OBX rows are dumped automatically AND LOINC candidates are fetched via ValueSet/$expand on each localDisplay — you usually have everything needed to pick the right LOINC without another call.
 
 Pick the playbook below by the `Status` line from Step 2.
 
@@ -148,7 +152,7 @@ scripts/errors/status.sh <id>
 ## Rules
 
 - Summary first, then one error at a time.
-- Never auto-fix without approval.
+- **Never run a fix command without explicit user approval** — applies even in auto mode, even when a "ready-to-run" command is printed, even when the fix seems obvious. Propose → wait for "yes" → run. Covers `wire-preprocessor.ts`, `defer.sh`, `resolve-mapping.sh`, `verify-retry.sh`, `mark-for-retry`, and any config edit.
 - Skip `deferred` rows in the summary unless the user asks about them.
 - Don't hand-count pipes — the inspect script already ran `hl7v2-inspect.sh`. For deeper field lookup use `scripts/hl7v2-inspect.sh --field SEG.N`.
 - Use the `hl7v2-info` skill to verify HL7v2 spec compliance when needed.

scripts/errors/list-errors.sh

@@ -30,7 +30,7 @@ fi
 
 AIDBOX=http://localhost:8080
 ERROR_STATUSES="parsing_error,conversion_error,code_mapping_error,sending_error"
-ELEMENTS="id,status,type,error,sendingApplication,sendingFacility,meta"
+ELEMENTS="id,status,type,error,sendingApplication,sendingFacility,unmappedCodes,meta"
 
 fetch() {
   local status_filter="$1"
@@ -43,6 +43,33 @@ render_table() {
   jq -r '
     def trunc($n): if . == null then "" else gsub("[\r\n]+"; " ") | .[0:$n] end;
     def sender($r): ($r.sendingApplication // "") + "/" + ($r.sendingFacility // "");
+    # Collapse a raw error message into a short, human summary.
+    # Handles: plain text, "HTTP N: {OperationOutcome json}", and the
+    # "Sending failed (attempt x/y): ..." retry prefix.
+    def summarize_error:
+      if . == null then ""
+      else
+        gsub("[\r\n]+"; " ")
+        | sub("^Sending failed \\(attempt [0-9]+/[0-9]+\\): "; "")
+        | . as $e
+        | ((capture("^HTTP (?<s>[0-9]+): (?<b>\\{.*\\})$")? // null)) as $m
+        | if $m == null then $e
+          else
+            ($m.b | fromjson?) as $oo
+            | if $oo == null then $e
+              else
+                ($oo.issue[0] // {}) as $i
+                | ([ $i.details.coding[]? | select(.system? | test("operation-outcome-type")) | .code ][0] // $i.code // "error") as $kind
+                | ([ $i.details.coding[]? | select(.system? | test("schema-id")) | .code ][0] // "") as $schema
+                | ($i.expression[0] // "") as $expr
+                | ($i.diagnostics // "") as $diag
+                | ("HTTP " + $m.s + " " + $kind
+                   + (if $schema != "" then " [" + $schema + "]" else "" end)
+                   + (if $expr    != "" then " " + $expr else "" end)
+                   + (if $diag    != "" then " — " + $diag else "" end))
+              end
+          end
+      end;
     if (.entry // []) | length == 0 then
       empty
     else
@@ -52,7 +79,15 @@ render_table() {
         | to_entries[]
         | .key as $i
         | .value.resource as $r
-        | "| \($i + 1) | \($r.status // "") | \($r.type // "") | \(sender($r)) | \($r.error | trunc(80)) | \($r.id) |"
+        | (if $r.status == "code_mapping_error" and (($r.unmappedCodes // []) | length) > 0 then
+             ($r.unmappedCodes
+               | map("\(.localCode)\(if .localDisplay then " (" + .localDisplay + ")" else "" end)")
+               | join(", ")
+               | "Unmapped codes: " + .)
+           else
+             ($r.error | summarize_error)
+           end) as $summary
+        | "| \($i + 1) | \($r.status // "") | \($r.type // "") | \(sender($r)) | \($summary | trunc(160)) | \($r.id) |"
       )
     end
   '