@agentkitforge/core 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to AgentKitForge Core will be documented in this file.
+
+This project follows Semantic Versioning. Before `0.0.0`, minor versions may include breaking changes.
+
+## Unreleased
+
+- Added open-source governance, security, contribution, versioning, release, spec, and CLI documentation.
+
+## 1.0.0 (2026-05-29)
+
+
+### Features
+
+* prepare initial public preview ([61e8d7d](https://github.com/AgentKitProject/agentkitforge-core/commit/61e8d7d9c9a1efac31c6dc62b4ed9c42d97bf729))
+
+
+### Bug Fixes
+
+* set initial release baseline ([29fc113](https://github.com/AgentKitProject/agentkitforge-core/commit/29fc11376ce64175dfb9564b5fa625dc24eb63d2))
+
+## v0.1.0 Public Preview
+
+- Initial public preview target.
+- Core Agent Kit manifest validation.
+- Validation profiles: `local-valid`, `publishable`, `trusted`, and `verified`.
+- Agent Kit scaffolding templates.
+- Draft rendering and draft request helpers.
+- Prepared Prompt schema, validation, and rendering.
+- Context Builder.
+- One-file Markdown export.
+- `.agentkit.zip` packaging.
+- Codex and Claude Code target exports.
+- CLI workflows for validation, packaging, export, prompt rendering, context building, and inspection.

package/CLI.md

@@ -0,0 +1,177 @@
+# AgentKitForge CLI
+
+Build first:
+
+```bash
+npm run build
+```
+
+Then run commands through:
+
+```bash
+node dist/cli/index.js <command>
+```
+
+After global install or linking, use `agentkitforge <command>`.
+
+## validate
+
+Validate an Agent Kit.
+
+```bash
+agentkitforge validate ./my-kit --profile local-valid
+agentkitforge validate ./my-kit --profile publishable
+agentkitforge validate ./my-kit --profile trusted
+agentkitforge validate ./my-kit --profile verified
+```
+
+## inspect
+
+Inspect whether a folder looks like an Agent Kit candidate.
+
+```bash
+agentkitforge inspect ./repo-or-folder
+```
+
+## summarize
+
+Return a display-friendly Agent Kit summary without full raw file contents.
+
+```bash
+agentkitforge summarize ./my-kit
+```
+
+## init
+
+Create a new kit from a built-in template.
+
+```bash
+agentkitforge init ./my-kit \
+  --template blank \
+  --id my-kit \
+  --name "My Kit" \
+  --description "A starter Agent Kit."
+```
+
+Financial review starter:
+
+```bash
+agentkitforge init ./financial-review \
+  --template financial-review \
+  --id financial-review \
+  --name "Financial Review" \
+  --description "Review financial workbooks."
+```
+
+Use `--force` to clean and recreate the target directory safely.
+
+## package
+
+Create a `.agentkit.zip` package.
+
+```bash
+agentkitforge package ./my-kit --out ./my-kit.agentkit.zip
+```
+
+## export-onefile
+
+Create a one-file Markdown bundle.
+
+```bash
+agentkitforge export-onefile ./my-kit --out ./my-kit.onefile.md
+```
+
+## Prepared Prompts
+
+List prepared prompts:
+
+```bash
+agentkitforge list-prompts ./my-kit
+```
+
+Render a prepared prompt:
+
+```bash
+agentkitforge render-prompt ./my-kit financial-review --inputs inputs.json --out rendered-prompt.md
+```
+
+Validate prepared prompt inputs:
+
+```bash
+agentkitforge validate-prompt-inputs ./my-kit financial-review --inputs inputs.json
+```
+
+## build-context
+
+Build AI-ready context without calling an AI provider.
+
+```bash
+agentkitforge build-context ./my-kit \
+  --task "Audit formulas in this workbook." \
+  --mode triggered \
+  --target generic \
+  --out context.json
+```
+
+Modes:
+
+- `all`: include all skills.
+- `triggered`: include matching skills by deterministic trigger/description matching, with fallback to all skills.
+
+Targets:
+
+- `openai`
+- `chatgpt`
+- `claude`
+- `generic`
+
+## Draft Workflows
+
+Create a provider-neutral draft request:
+
+```bash
+agentkitforge draft-request \
+  --request "Build a financial review kit." \
+  --level trusted \
+  --out draft-request.json
+```
+
+Render a draft:
+
+```bash
+agentkitforge render-draft draft.json ./my-kit --force
+```
+
+Create a revision request:
+
+```bash
+agentkitforge draft-revision-request draft.json \
+  --change "Add a prepared prompt for monthly review." \
+  --out draft-revision-request.json
+```
+
+Load an existing kit as a draft:
+
+```bash
+agentkitforge load-as-draft ./my-kit --out draft.json
+```
+
+## export-codex
+
+Export manifest skills into a Codex-compatible skills directory.
+
+```bash
+agentkitforge export-codex ./financial-review --dest ~/.codex/skills --force
+```
+
+This creates namespaced skill folders and a generated index skill. It does not call Codex.
+
+## export-claude-code
+
+Export an Agent Kit into an initial Claude Code plugin-style folder.
+
+```bash
+agentkitforge export-claude-code ./financial-review --dest ./claude-code-plugins --force
+```
+
+This creates `<kit-id>-claude-code-plugin/` with `.claude-plugin/plugin.json`, skills, and supporting kit files. Verify loading behavior with your Claude Code version.

package/LICENSE

@@ -0,0 +1,69 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or ownership of fifty percent (50%) or more of the outstanding shares, or beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on or derived from the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link or bind by name to the interfaces of, the Work.
+
+"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable, except as stated in this section, patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to patent claims licensable by such Contributor that are necessarily infringed by their Contribution alone or by combination of their Contribution with the Work to which such Contribution was submitted.
+
+If You institute patent litigation against any entity, including a cross-claim or counterclaim in a lawsuit, alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or within a display generated by the Derivative Works, if and wherever such third-party notices normally appear.
+
+You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in AgentKitForge by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions.
+
+6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work and each Contributor provides its Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+8. Limitation of Liability. In no event and under no legal theory, whether in tort, including negligence, contract, or otherwise, unless required by applicable law, such as deliberate and grossly negligent acts, or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work, even if such Contributor has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works, You may choose to offer support, warranty, indemnity, or other liability obligations. In accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets replaced with your own identifying information. The text should be enclosed in the appropriate comment syntax for the file format.
+
+Copyright 2026 AgentKitForge contributors
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

package/README.md

@@ -0,0 +1,326 @@
+# AgentKitForge Core
+
+AgentKitForge Core is the initial TypeScript engine for validating, exporting, and packaging portable Agent Kits. This package intentionally contains only core package/spec/validation/export logic. It does not include a desktop app, AWS infrastructure, or Agent Kit Market integration.
+
+## Install
+
+```bash
+npm install @agentkitforge/core
+```
+
+## Npm Package
+
+AgentKitForge Core is published as the public scoped npm package `@agentkitforge/core`. Apps should depend on it using SemVer:
+
+```json
+"@agentkitforge/core": "^0.1.0"
+```
+
+The published package includes built `dist/` output. The repository does not commit generated `dist/`; `npm pack` and `npm publish` run the build first. Package entrypoints point at:
+
+- `main`: `dist/index.js`
+- `types`: `dist/index.d.ts`
+- `bin`: `dist/cli/index.js`
+
+## Build
+
+```bash
+npm run build
+```
+
+## Test
+
+```bash
+npm test
+```
+
+## Smoke Test
+
+```bash
+npm run build
+npm run smoke
+```
+
+The smoke test exercises the built CLI across init, validation, packaging, one-file export, prepared prompts, context building, target exports, inspection, summary, and load-as-draft workflows.
+
+## Security Checks
+
+GitHub Actions runs security scanning on pushes, pull requests, and manual dispatch. Blocking checks currently include `npm audit --audit-level=critical`. A non-blocking high vulnerability audit is reported in logs.
+
+See [SECURITY_CI_POLICY.md](SECURITY_CI_POLICY.md) for the v0.1 failure policy.
+
+## Project Documents
+
+- [SPEC.md](SPEC.md): Agent Kit public preview package specification.
+- [CLI.md](CLI.md): CLI command reference.
+- [CONTRIBUTING.md](CONTRIBUTING.md): Local setup, contribution scope, and PR expectations.
+- [SECURITY.md](SECURITY.md): Vulnerability reporting and supported versions.
+- [VERSIONING.md](VERSIONING.md): SemVer and schema compatibility policy.
+- [RELEASE_PROCESS.md](RELEASE_PROCESS.md): Release checklist and tagging flow.
+- [CHANGELOG.md](CHANGELOG.md): Release notes.
+- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md): Contributor conduct expectations.
+
+## Agent Kit Input Safety
+
+Agent Kit folders are treated as untrusted input. Manifest-controlled paths must be safe relative paths that stay inside the kit root, and IDs used for package/export folder names must be path-safe kebab-case identifiers. Core reports validation errors for unsafe manifest paths or IDs instead of reading, copying, packaging, or exporting them.
+
+Core never executes files from `scripts/`; it only validates whether script files are declared. Packaging, context building, and target exports reject symbolic links, skip generated or dependency-heavy folders such as `exports/`, `.git`, `node_modules`, `dist`, and `build`, and apply conservative file-count and byte limits to avoid unexpectedly large or malicious kits.
+
+## CLI
+
+Create a blank Agent Kit:
+
+```bash
+npm run build
+node dist/cli/index.js init ./my-agentkit \
+  --template blank \
+  --id my-agentkit \
+  --name "My Agent Kit" \
+  --description "A starter Agent Kit."
+```
+
+Create a trusted financial review starter kit:
+
+```bash
+node dist/cli/index.js init ./financial-review-kit \
+  --template financial-review \
+  --id financial-review-kit \
+  --name "Financial Review Kit" \
+  --description "Review financial workbooks for structure, formulas, and follow-up risks."
+```
+
+Use `--force` to initialize into a non-empty directory and overwrite generated template files.
+
+Render an Agent Kit draft JSON file:
+
+```bash
+node dist/cli/index.js render-draft ./draft.json ./rendered-agentkit --force
+```
+
+Draft rendering validates the JSON structure before writing files. Rendered kits include the standard manifest, entrypoint Markdown files, README, LICENSE, CHANGELOG, skills, and any draft policies, examples, or templates.
+
+List prepared prompts in a kit:
+
+```bash
+node dist/cli/index.js list-prompts ./path/to/agentkit
+```
+
+Render a prepared prompt with input values:
+
+```bash
+node dist/cli/index.js render-prompt ./path/to/agentkit financial-review --inputs inputs.json --out rendered-prompt.md
+```
+
+Validate prepared prompt inputs:
+
+```bash
+node dist/cli/index.js validate-prompt-inputs ./path/to/agentkit financial-review --inputs inputs.json
+```
+
+Inspect, summarize, or load an existing kit as a draft:
+
+```bash
+node dist/cli/index.js inspect ./path/to/repo-or-kit
+node dist/cli/index.js summarize ./path/to/agentkit
+node dist/cli/index.js load-as-draft ./path/to/agentkit --out draft.json
+```
+
+Prepare a provider-neutral AI draft request:
+
+```bash
+node dist/cli/index.js draft-request \
+  --request "Build a financial review kit for monthly workbook review." \
+  --level trusted \
+  --domain Finance \
+  --target-user analyst \
+  --out draft-request.json
+```
+
+The command writes deterministic instructions, prompt text, and the expected `AgentKitDraft` JSON schema. It does not call OpenAI or any other provider. A future app can send `draft-request.json` to an AI provider, validate the returned `AgentKitDraft` JSON, then render it:
+
+```bash
+node dist/cli/index.js render-draft draft.json ./my-kit --force
+```
+
+Prepare a revision request for an existing draft:
+
+```bash
+node dist/cli/index.js draft-revision-request ./draft.json \
+  --change "Add a reusable prepared prompt for monthly workbook review." \
+  --level trusted \
+  --out draft-revision-request.json
+```
+
+Build with AI is designed as an iterative flow:
+
+1. Create a draft request from the user's initial request.
+2. A future app sends that request to an AI provider.
+3. Validate the returned `AgentKitDraft`.
+4. Create an AI Draft Session and store revision v1.
+5. For user changes, create a draft revision request from the current draft.
+6. Validate the returned full updated draft and add a new revision.
+7. Render the current revision into an Agent Kit folder.
+
+Core only builds request/session data. The app performs provider calls.
+
+Validate an Agent Kit:
+
+```bash
+node dist/cli/index.js validate ./path/to/agentkit --profile local-valid
+```
+
+Supported validation profiles:
+
+- `local-valid`
+- `publishable`
+- `trusted`
+- `verified`
+
+Export a one-file Markdown bundle:
+
+```bash
+node dist/cli/index.js export-onefile ./path/to/agentkit --out ./bundle.md
+```
+
+Create a `.agentkit.zip` package:
+
+```bash
+node dist/cli/index.js package ./path/to/agentkit --out ./agentkit.agentkit.zip
+```
+
+Build AI-ready context from an Agent Kit:
+
+```bash
+node dist/cli/index.js build-context ./path/to/agentkit \
+  --task "Audit formulas in this workbook." \
+  --mode triggered \
+  --target generic \
+  --out context.json
+```
+
+The context builder does not call OpenAI or any other provider. It creates a JSON payload with:
+
+- `systemContext`: Agent Kit instructions, selected skills, and requested supporting files.
+- `userContext`: the user task, ready to pair with the system context.
+- `includedFiles`: normalized package paths included in the context.
+- `includedSkills`: skill ids included in the context.
+- `warnings`: deterministic fallback or selection warnings.
+
+Use `--mode all` to include every manifest skill. Use `--mode triggered` to match the user task against skill triggers and descriptions. If no skill matches, the builder includes all skills and records a warning.
+
+Policies, templates, and workflows are included by default in the CLI. Use `--no-policies`, `--no-templates`, or `--no-workflows` to exclude them. References are excluded by default; pass `--include-references` when the target workflow needs them.
+
+Export Agent Kit skills to a Codex-compatible skills directory:
+
+```bash
+node dist/cli/index.js export-codex ./financial-review --dest ~/.codex/skills --force
+```
+
+This is the first target adapter. It copies each manifest skill into a namespaced Codex skill folder like `<kit-id>-<skill-id>`, creates an index skill for the kit, and writes AgentKitForge markers so `--force` only replaces folders generated by this adapter. It does not call Codex and does not assume your actual Codex skills path.
+
+Export an Agent Kit to an initial Claude Code plugin-style folder:
+
+```bash
+node dist/cli/index.js export-claude-code ./financial-review --dest ./claude-code-plugins --force
+```
+
+This adapter creates `<kit-id>-claude-code-plugin/`, writes `.claude-plugin/plugin.json`, copies manifest skills into `skills/<skill-id>/`, and includes root Agent Kit instructions plus supporting `policies/`, `templates/`, `workflows/`, and `references/` when present. The plugin manifest is intentionally conservative because Claude Code plugin loading behavior may evolve; verify loading with your Claude Code version.
+
+After this package is installed globally or linked, the same commands are available through `agentkitforge`.
+
+## AI Provider Metadata
+
+AgentKitForge Core defines shared provider and model metadata only. It does not call OpenAI, Anthropic, Gemini, Ollama, OpenAI-compatible servers, or any other provider. It does not store API keys.
+
+The exported provider helpers cover:
+
+- provider types: `openai`, `anthropic`, `gemini`, `ollama`, `openai-compatible`
+- starter known-model suggestions
+- default model suggestions
+- API key and base URL requirements
+- structured JSON capability hints for AgentKitDraft generation
+
+Known models are suggestions, not constraints. Apps and CLIs that consume this package must always allow custom model IDs, especially for Ollama and OpenAI-compatible providers.
+
+## Prepared Prompts
+
+Prepared Prompts are reusable prompt templates stored under `prompts/<prompt-id>.yaml`. They let a kit define exact prompts that can be rendered later in Use mode after an app collects required inputs.
+
+Canonical variable syntax is `{{variable_name}}`. A simpler `{variable_name}` form is tolerated for compatibility. Whitespace is allowed inside braces, such as `{{ company_name }}`. Inputs are defined by the prepared prompt, and AgentKitForge validates/rendered prompts so unresolved variables are blocked before an app sends the prompt to an AI provider.
+
+Prompt input types:
+
+- `short-text`
+- `long-text`
+- `choice`
+- `multi-choice`
+- `date`
+- `number`
+- `boolean`
+
+Prepared prompt paths can be referenced from `agentkit.yaml`:
+
+```yaml
+prompts:
+  - id: financial-review
+    path: prompts/financial-review.yaml
+    description: Review a financial workbook and produce a summary.
+```
+
+One-file export renders prepared prompts in a readable Markdown section instead of dumping raw YAML.
+
+Default artifact naming helpers return predictable names such as:
+
+- `<kit-id>-<version>.onefile.md`
+- `<kit-id>-<version>.agentkit.zip`
+- `<kit-id>-output-<timestamp>.md`
+
+## Domains
+
+Core includes a known domain catalog for guided builders and filtering. Domains are suggestions, not constraints. Consumers should always allow custom domains.
+
+## App-Support Helpers
+
+Core includes reusable helpers for app workflows:
+
+- `inspectAgentKitCandidate(path)` for import-friendly diagnostics.
+- `getAgentKitSummary(path)` for details, export, and install target screens.
+- `loadAgentKitAsDraft(path)` for Edit with AI and guided editing.
+- `requestedSections` and `excludedSections` on draft request builders for AI section control.
+- Example input document metadata helpers for `.txt`, `.md`, `.csv`, `.xlsx`, and `.xls`.
+- Artifact naming helpers for one-file exports, packages, and generated outputs.
+
+Example input documents are app-provided metadata. Core does not upload files, call AI providers, or perform heavy spreadsheet parsing. Apps can use them to help AI infer formatting, terminology, expected outputs, required inputs, skill procedures, and prepared prompt variables.
+
+## Agent Kit Structure
+
+```text
+agentkit.yaml
+AGENTKIT.md
+START_HERE.md
+README.md
+LICENSE
+CHANGELOG.md
+skills/<skill-id>/SKILL.md
+prompts/<prompt-id>.yaml
+workflows/
+policies/
+references/
+templates/
+examples/
+evals/
+adapters/
+scripts/
+assets/
+exports/
+```
+
+## Validation Profiles
+
+`local-valid` requires `agentkit.yaml`, `AGENTKIT.md`, `START_HERE.md`, `skills/`, and at least one `skills/<skill-id>/SKILL.md`.
+
+`publishable` adds `README.md` and `LICENSE`.
+
+`trusted` adds `CHANGELOG.md`, `policies/`, and `examples/`.
+
+`verified` adds `evals/`.

package/SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy
+
+AgentKitForge Core treats Agent Kit folders, manifests, packages, prepared prompts, and target exports as untrusted input.
+
+## Reporting Vulnerabilities
+
+Please do not report security vulnerabilities in public GitHub issues.
+
+Use GitHub private vulnerability reporting if it is enabled for this repository. If private reporting is not available, contact:
+
+`security@agentkitforge.com`
+
+TODO: Confirm this address is active before public release.
+
+## Supported Versions
+
+| Version | Supported |
+| --- | --- |
+| v0.1.x Public Preview | Supported after release |
+
+## Security Scope
+
+Security-sensitive areas include:
+
+- Path traversal and unsafe file reads/writes
+- Package import, export, and cleanup behavior
+- ZIP packaging behavior
+- Target exports for Codex and Claude Code
+- Prepared Prompt rendering and unresolved variables
+- Handling of `scripts/`
+- Handling of symlinks and large/untrusted package trees
+
+Core does not execute Agent Kit scripts and does not store provider API keys.