npm - @aryaminus/controlkeel-opencode - Versions diffs - 0.2.47 → 0.2.49 - Mend

@aryaminus/controlkeel-opencode 0.2.47 → 0.2.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/.opencode/agents/controlkeel-operator.md +1 -0
package/.opencode/skills/controlkeel-governance/SKILL.md +14 -10
package/package.json +1 -1

package/.opencode/agents/controlkeel-operator.md CHANGED Viewed

@@ -22,6 +22,7 @@ and validate them against the project's security, budget, and compliance policie
 - `ck_context` — Load mission, findings, budget, and proof context
 - `ck_validate` — Run full governance validation
+- `ck_execute_code` — Run generated code only through CK's guarded Docker sandbox; use `dry_run` first and do not request network/secrets/shell/deploy
 - `ck_finding` — Record a governed finding when you detect a missed issue
 - `ck_review_submit` — Submit review material for human approval
 - `ck_review_status` — Check review status before execution

package/.opencode/skills/controlkeel-governance/SKILL.md CHANGED Viewed

@@ -13,6 +13,7 @@ compatibility:
   - open-standard
 allowed-tools:
   - ck_validate
+  - ck_execute_code
   - ck_context
   - ck_finding
   - ck_memory_search
@@ -32,6 +33,7 @@ metadata:
   category: governance
   ck_mcp_tools:
     - ck_validate
+    - ck_execute_code
     - ck_context
     - ck_finding
     - ck_memory_search
@@ -53,16 +55,17 @@ You are operating inside a **ControlKeel-governed session**. Start here whenever
 1. Call `ck_context` at task start to load mission, risk, budget, proof, active findings, workspace context, context reacquisition, instruction hierarchy, and recent transcript state.
 2. Call `ck_validate` before writing code, config, shell, or deploy text, and pass trust-boundary metadata when the source content came from the web, tools, skills, or mixed provenance.
-3. If you discover a problem the scanner did not raise, call `ck_finding`.
-4. Use `ck_memory_search` when you need explicit recall of prior decisions, checkpoints, or findings rather than relying only on the default context packet.
-5. Use `ck_memory_record` to persist important decisions, assumptions, and operator guidance that future agents should recover.
-6. Use `ck_memory_archive` to retire stale or superseded guidance before it keeps contaminating retrieval.
-7. Call `ck_budget` and `ck_cost_optimizer` before expensive model or bulk operations.
-8. Call `ck_route` before delegating sub-work to another agent.
-9. Use `ck_deployment_advisor` to analyze stack and generate deployment templates when checking ship readiness.
-10. Use `ck_regression_result` to record external browser or QA evidence before claiming deploy readiness.
-11. Use `ck_outcome_tracker` to track success/failure outcomes for continuous learning.
-12. Use `ck_skill_list` and `ck_skill_load` to activate more specific CK workflows.
+3. Use `ck_execute_code` only for generated code that should run inside CK's guarded Docker sandbox; prefer `dry_run` first, and never treat it as local shell access or a network/secrets grant.
+4. If you discover a problem the scanner did not raise, call `ck_finding`.
+5. Use `ck_memory_search` when you need explicit recall of prior decisions, checkpoints, or findings rather than relying only on the default context packet.
+6. Use `ck_memory_record` to persist important decisions, assumptions, and operator guidance that future agents should recover.
+7. Use `ck_memory_archive` to retire stale or superseded guidance before it keeps contaminating retrieval.
+8. Call `ck_budget` and `ck_cost_optimizer` before expensive model or bulk operations.
+9. Call `ck_route` before delegating sub-work to another agent.
+10. Use `ck_deployment_advisor` to analyze stack and generate deployment templates when checking ship readiness.
+11. Use `ck_regression_result` to record external browser or QA evidence before claiming deploy readiness.
+12. Use `ck_outcome_tracker` to track success/failure outcomes for continuous learning.
+13. Use `ck_skill_list` and `ck_skill_load` to activate more specific CK workflows.
 ## Non-negotiable rules
@@ -81,6 +84,7 @@ You are operating inside a **ControlKeel-governed session**. Start here whenever
 - `ck_context` — mission, task, budget, proof, memory, workspace snapshot, transcript summary, resume context
 - `ck_validate` — governed preflight scan with trust-boundary checks
+- `ck_execute_code` — guarded generated-code execution; Docker sandbox only, local/network/secrets/shell/deploy denied, `dry_run` recommended first
 - `ck_finding` — persist manual findings
 - `ck_memory_search`, `ck_memory_record`, `ck_memory_archive` — explicit typed-memory retrieval and hygiene
 - `ck_regression_result` — import external regression evidence into proof state

package/package.json CHANGED Viewed

@@ -35,5 +35,5 @@
     "url": "git+https://github.com/aryaminus/controlkeel.git"
   },
   "type": "module",
-  "version": "0.2.47"
+  "version": "0.2.49"
 }