@hongmaple0820/scale-engine 0.25.0 → 0.27.0

package/docs/RUNTIME_EVIDENCE.md

@@ -1,101 +1,101 @@
-# Runtime Evidence
-
-Runtime Evidence 是 SCALE 用来记录 Agent 实际做过什么的运行时证据层。它的目标很直接：没有真实命令、工具、浏览器、skill 或人工验证证据时，Agent 不能声称任务已经完成。
-
-它和现有证据层的关系：
-
-- Gate evidence：回答 build、lint、test、security、review 等门禁是否通过。
-- Tool evidence：回答必需的 skill、MCP、浏览器、桌面自动化或 CLI 工具是否执行过。
-- Runtime evidence：回答当前会话是否具备可信的最终交付证据。
-
-## 存储位置
-
-Runtime 数据写入 SCALE 已忽略的本地运行时目录：
-
-```text
-.scale/
-├── events/
-│   ├── current-session.json
-│   └── sessions/<session-id>.jsonl
-└── evidence/
-    └── runtime/<evidence-id>.json
-```
-
-这些文件默认是本地运行时产物，不应该提交到 Git。需要长期保留时，应把摘要沉淀到任务 summary、ADR、README 或模块文档中，而不是直接提交原始日志。
-
-## 基本流程
-
-启动会话：
-
-```bash
-scale runtime start \
-  --session-id 2026-05-18-runtime-evidence \
-  --task-id 2026-05-18-runtime-evidence \
-  --level M \
-  --agent codex
-```
-
-在真实命令、门禁、浏览器验证、skill 执行、MCP 调用或人工检查之后记录证据：
-
-```bash
-scale runtime record \
-  --title "build" \
-  --kind command \
-  --status passed \
-  --command "npm run build" \
-  --exit-code 0 \
-  --summary "TypeScript build passed"
-```
-
-检查是否允许最终交付：
-
-```bash
-scale runtime final-check \
-  --task-id 2026-05-18-runtime-evidence \
-  --session-id 2026-05-18-runtime-evidence \
-  --level M
-```
-
-检查运行时健康状态：
-
-```bash
-scale runtime doctor --level M
-scale doctor
-```
-
-## 完成规则
-
-M、L、CRITICAL 任务在最终交付前必须满足：
-
-- 当前 task/session 范围内至少有一条 `passed` runtime evidence。
-- 当前 task/session 范围内不能存在 `failed` runtime evidence。
-
-S 级任务可以保持轻量，但一旦存在失败证据，仍然不能声称完成。
-
-## 脱敏规则
-
-Runtime evidence 复用 tool evidence 的脱敏模型。写入 JSON 前会处理命令、摘要、artifact 路径和 metadata 中的敏感字段：
-
-- password
-- token
-- secret
-- authorization
-- cookie
-- credential
-- api key
-- private key
-
-这样可以保留有用证据，同时避免把 token、cookie、密钥等内容写进运行时文件。
-
-## 推荐使用场景
-
-适合记录 runtime evidence 的场景：
-
-- 最终交付检查。
-- 长会话或多阶段任务。
-- 跨 Agent 或外部 CLI review。
-- 浏览器、桌面自动化、MCP、skill 验证。
-- 发版前 preflight。
-- 需要进入后续学习闭环的失败、修复和重试记录。
-
-不要用 runtime evidence 替代长期维护文档。Runtime evidence 是“操作证明”，PRD、ADR、架构文档、README、模块文档才是长期项目契约。
+# Runtime Evidence
+
+Runtime Evidence 是 SCALE 用来记录 Agent 实际做过什么的运行时证据层。它的目标很直接：没有真实命令、工具、浏览器、skill 或人工验证证据时，Agent 不能声称任务已经完成。
+
+它和现有证据层的关系：
+
+- Gate evidence：回答 build、lint、test、security、review 等门禁是否通过。
+- Tool evidence：回答必需的 skill、MCP、浏览器、桌面自动化或 CLI 工具是否执行过。
+- Runtime evidence：回答当前会话是否具备可信的最终交付证据。
+
+## 存储位置
+
+Runtime 数据写入 SCALE 已忽略的本地运行时目录：
+
+```text
+.scale/
+├── events/
+│   ├── current-session.json
+│   └── sessions/<session-id>.jsonl
+└── evidence/
+    └── runtime/<evidence-id>.json
+```
+
+这些文件默认是本地运行时产物，不应该提交到 Git。需要长期保留时，应把摘要沉淀到任务 summary、ADR、README 或模块文档中，而不是直接提交原始日志。
+
+## 基本流程
+
+启动会话：
+
+```bash
+scale runtime start \
+  --session-id 2026-05-18-runtime-evidence \
+  --task-id 2026-05-18-runtime-evidence \
+  --level M \
+  --agent codex
+```
+
+在真实命令、门禁、浏览器验证、skill 执行、MCP 调用或人工检查之后记录证据：
+
+```bash
+scale runtime record \
+  --title "build" \
+  --kind command \
+  --status passed \
+  --command "npm run build" \
+  --exit-code 0 \
+  --summary "TypeScript build passed"
+```
+
+检查是否允许最终交付：
+
+```bash
+scale runtime final-check \
+  --task-id 2026-05-18-runtime-evidence \
+  --session-id 2026-05-18-runtime-evidence \
+  --level M
+```
+
+检查运行时健康状态：
+
+```bash
+scale runtime doctor --level M
+scale doctor
+```
+
+## 完成规则
+
+M、L、CRITICAL 任务在最终交付前必须满足：
+
+- 当前 task/session 范围内至少有一条 `passed` runtime evidence。
+- 当前 task/session 范围内不能存在 `failed` runtime evidence。
+
+S 级任务可以保持轻量，但一旦存在失败证据，仍然不能声称完成。
+
+## 脱敏规则
+
+Runtime evidence 复用 tool evidence 的脱敏模型。写入 JSON 前会处理命令、摘要、artifact 路径和 metadata 中的敏感字段：
+
+- password
+- token
+- secret
+- authorization
+- cookie
+- credential
+- api key
+- private key
+
+这样可以保留有用证据，同时避免把 token、cookie、密钥等内容写进运行时文件。
+
+## 推荐使用场景
+
+适合记录 runtime evidence 的场景：
+
+- 最终交付检查。
+- 长会话或多阶段任务。
+- 跨 Agent 或外部 CLI review。
+- 浏览器、桌面自动化、MCP、skill 验证。
+- 发版前 preflight。
+- 需要进入后续学习闭环的失败、修复和重试记录。
+
+不要用 runtime evidence 替代长期维护文档。Runtime evidence 是“操作证明”，PRD、ADR、架构文档、README、模块文档才是长期项目契约。

package/docs/SKILL-REPOSITORY.md

@@ -1,57 +1,57 @@
-# SCALE Skill 仓库
-
-这个仓库视图用于让 Agent 按任务渐进式发现、激活和编排 skills/MCP/CLI，而不是一次性把所有能力塞进上下文。
-
-## 渐进式披露
-
-1. 启动时只读取 Skill 元数据和一句话描述。
-2. 任务命中时才读取完整 SKILL.md。
-3. scripts、references、assets 只在明确需要时懒加载。
-
-## 安全安装
-
-- 安装前必须执行安全扫描，阻断 `curl | bash`、`Invoke-Expression`、危险删除和非 HTTPS 来源。
-- npm/npx 来源必须补充 `npm audit signatures`、来源仓库、许可证和版本/commit 固定检查。
-- 任何第三方 Skill 都先进入隔离审查，再写入项目或全局 skills 目录。
-
-## 供应链防护清单
-
-- review-skill-frontmatter
-- inspect-scripts-directory
-- verify-license-and-source
-- verify-attribution-and-notice
-- pin-source-revision
-- npm-audit-signatures
-
-## Skill 目录
-
-| ID | 类别 | 信任 | 主要用途 | 组合建议 |
-| --- | --- | --- | --- | --- |
-| `planning-with-files` | planning | community | Use persistent planning files, progress logs, findings, active-plan selection, and plan attestation for long-running agent work. | memory-brain, web-access, code-reviewer |
-| `agentmemory` | memory | community | Use as an optional external memory provider via REST or MCP when teams want cross-agent persistent memory beyond SCALE local Memory Brain. | memory-brain, mcp-chrome-devtools, codex-cli |
-| `gbrain` | memory | community | Use as an optional graph-backed memory provider for long-running project knowledge, entity relationships, and background memory maintenance. | memory-brain, agentmemory, codegraph |
-| `frontend-design` | ui | official | UI 视觉方向、布局、组件状态和前端实现约束。 | awesome-design-md, ui-ux-pro-max, webapp-testing |
-| `awesome-design-md` | ui | ecosystem | 建立产品级设计规范和视觉语言。 | ui-ux-pro-max, frontend-design |
-| `ui-ux-pro-max` | ui | ecosystem | 补齐体验策略、交互状态和 UI 验收维度。 | awesome-design-md, webapp-testing |
-| `webapp-testing` | testing | official | 验证页面点击、表单、控制台、截图和端到端行为。 | agent-browser, mcp-chrome-devtools |
-| `web-access` | browser | ecosystem | 获取一手资料、动态页面内容、网页证据和来源引用。 | agent-browser, mcp-chrome-devtools |
-| `agent-browser` | browser | ecosystem | 与 Web 页面真实交互，补齐手工验收证据。 | web-access, webapp-testing, mcp-chrome-devtools |
-| `mcp-chrome-devtools` | browser | ecosystem | 调试控制台错误、网络请求、页面状态和性能问题。 | agent-browser, webapp-testing |
-| `cua` | desktop | ecosystem | 操作桌面应用并收集端侧截图、状态和副作用边界证据。 | web-access, agent-browser |
-| `code-reviewer` | review | official | 合并前分级审查缺陷、安全、可维护性和测试风险。 | security-and-hardening, update-docs |
-| `fix` | review | official | 提交前清理格式和 lint 问题。 | code-reviewer |
-| `pr-creator` | review | official | 生成标准 PR 描述和合并前说明。 | code-reviewer, update-docs |
-| `update-docs` | docs | official | 发现并更新受代码变更影响的长期文档。 | documentation-and-adrs |
-| `find-skills` | discovery | ecosystem | 按任务意图搜索合适 Skill，再进入安全扫描。 | web-access |
-| `codex-cli` | agent-cli | official | 外部 CLI 审查和命令级证据。 | gemini-cli, opencode-cli |
-| `gemini-cli` | agent-cli | official | 外部 CLI 审查和命令级证据。 | codex-cli, opencode-cli |
-| `opencode-cli` | agent-cli | ecosystem | 外部 CLI 审查和命令级证据。 | codex-cli, gemini-cli |
-| `agency-agents-zh` | role-library | community | 提供 CEO、CTO、工程、设计、产品等角色预设参考。 | skill-safety-scan |
-
-## Third-Party Attribution
-
-| ID | License | Usage | Notice |
-| --- | --- | --- | --- |
-| `planning-with-files` | MIT | adapted-concept | Inspired by and compatible with OthmanAdi/planning-with-files. SCALE should not copy upstream files unless the MIT license text and attribution are included. |
-| `agentmemory` | Apache-2.0 | external-reference | Optional external integration only. Do not vendor agentmemory code into SCALE without preserving Apache-2.0 license text, modification notices, and any upstream NOTICE obligations. |
-| `gbrain` | MIT | external-reference | Optional external provider only. Do not vendor GBrain code into SCALE without preserving MIT license text, source revision, and modification notices. |
+# SCALE Skill 仓库
+
+这个仓库视图用于让 Agent 按任务渐进式发现、激活和编排 skills/MCP/CLI，而不是一次性把所有能力塞进上下文。
+
+## 渐进式披露
+
+1. 启动时只读取 Skill 元数据和一句话描述。
+2. 任务命中时才读取完整 SKILL.md。
+3. scripts、references、assets 只在明确需要时懒加载。
+
+## 安全安装
+
+- 安装前必须执行安全扫描，阻断 `curl | bash`、`Invoke-Expression`、危险删除和非 HTTPS 来源。
+- npm/npx 来源必须补充 `npm audit signatures`、来源仓库、许可证和版本/commit 固定检查。
+- 任何第三方 Skill 都先进入隔离审查，再写入项目或全局 skills 目录。
+
+## 供应链防护清单
+
+- review-skill-frontmatter
+- inspect-scripts-directory
+- verify-license-and-source
+- verify-attribution-and-notice
+- pin-source-revision
+- npm-audit-signatures
+
+## Skill 目录
+
+| ID | 类别 | 信任 | 主要用途 | 组合建议 |
+| --- | --- | --- | --- | --- |
+| `planning-with-files` | planning | community | Use persistent planning files, progress logs, findings, active-plan selection, and plan attestation for long-running agent work. | memory-brain, web-access, code-reviewer |
+| `agentmemory` | memory | community | Use as an optional external memory provider via REST or MCP when teams want cross-agent persistent memory beyond SCALE local Memory Brain. | memory-brain, mcp-chrome-devtools, codex-cli |
+| `gbrain` | memory | community | Use as an optional graph-backed memory provider for long-running project knowledge, entity relationships, and background memory maintenance. | memory-brain, agentmemory, codegraph |
+| `frontend-design` | ui | official | UI 视觉方向、布局、组件状态和前端实现约束。 | awesome-design-md, ui-ux-pro-max, webapp-testing |
+| `awesome-design-md` | ui | ecosystem | 建立产品级设计规范和视觉语言。 | ui-ux-pro-max, frontend-design |
+| `ui-ux-pro-max` | ui | ecosystem | 补齐体验策略、交互状态和 UI 验收维度。 | awesome-design-md, webapp-testing |
+| `webapp-testing` | testing | official | 验证页面点击、表单、控制台、截图和端到端行为。 | agent-browser, mcp-chrome-devtools |
+| `web-access` | browser | ecosystem | 获取一手资料、动态页面内容、网页证据和来源引用。 | agent-browser, mcp-chrome-devtools |
+| `agent-browser` | browser | ecosystem | 与 Web 页面真实交互，补齐手工验收证据。 | web-access, webapp-testing, mcp-chrome-devtools |
+| `mcp-chrome-devtools` | browser | ecosystem | 调试控制台错误、网络请求、页面状态和性能问题。 | agent-browser, webapp-testing |
+| `cua` | desktop | ecosystem | 操作桌面应用并收集端侧截图、状态和副作用边界证据。 | web-access, agent-browser |
+| `code-reviewer` | review | official | 合并前分级审查缺陷、安全、可维护性和测试风险。 | security-and-hardening, update-docs |
+| `fix` | review | official | 提交前清理格式和 lint 问题。 | code-reviewer |
+| `pr-creator` | review | official | 生成标准 PR 描述和合并前说明。 | code-reviewer, update-docs |
+| `update-docs` | docs | official | 发现并更新受代码变更影响的长期文档。 | documentation-and-adrs |
+| `find-skills` | discovery | ecosystem | 按任务意图搜索合适 Skill，再进入安全扫描。 | web-access |
+| `codex-cli` | agent-cli | official | 外部 CLI 审查和命令级证据。 | gemini-cli, opencode-cli |
+| `gemini-cli` | agent-cli | official | 外部 CLI 审查和命令级证据。 | codex-cli, opencode-cli |
+| `opencode-cli` | agent-cli | ecosystem | 外部 CLI 审查和命令级证据。 | codex-cli, gemini-cli |
+| `agency-agents-zh` | role-library | community | 提供 CEO、CTO、工程、设计、产品等角色预设参考。 | skill-safety-scan |
+
+## Third-Party Attribution
+
+| ID | License | Usage | Notice |
+| --- | --- | --- | --- |
+| `planning-with-files` | MIT | adapted-concept | Inspired by and compatible with OthmanAdi/planning-with-files. SCALE should not copy upstream files unless the MIT license text and attribution are included. |
+| `agentmemory` | Apache-2.0 | external-reference | Optional external integration only. Do not vendor agentmemory code into SCALE without preserving Apache-2.0 license text, modification notices, and any upstream NOTICE obligations. |
+| `gbrain` | MIT | external-reference | Optional external provider only. Do not vendor GBrain code into SCALE without preserving MIT license text, source revision, and modification notices. |

package/docs/SKILL_RADAR.md

@@ -1,122 +1,135 @@
-# Skill Radar
-
-Skill Radar is the active capability selection layer for SCALE. It does not auto-install or blindly run skills. It scores relevant skills, MCP servers, browser tools, desktop automation, and external CLIs against the current task, then returns:
-
-- why the capability matches
-- confidence score
-- safety level
-- required evidence
-- fallback path
-- supply-chain checks before installation or promotion
-
-The goal is to make agents actively use useful tools without turning the project into an unsafe prompt or tool bundle.
-
-## Commands
-
-```bash
-scale skill radar --task "Design upload UI and run browser E2E checks" --files src/pages/upload.tsx
-scale skill radar --task "Automate WPS desktop workflow with CUA" --json
-scale skill radar --task "Review release PR" --phase review --level L --output docs/worklog/tasks/release/skill-radar.md
-scale skill doctor --supply-chain
-scale skill doctor --supply-chain --json
-```
-
-## Safety Levels
-
-| Level | Meaning | Default action |
-| --- | --- | --- |
-| `trusted` | Official or low-risk capability with policy enabled | May be recommended when confidence is high |
-| `review-required` | Third-party or ecosystem capability | Require source, license, scripts, and revision review |
-| `restricted` | Browser, desktop, or external execution boundary | Require explicit evidence and side-effect boundaries |
-| `blocked` | Disabled by policy or failed safety review | Do not run; use fallback |
-
-## Confidence
-
-Skill Radar combines:
-
-- task keywords and workflow phase
-- changed file patterns
-- local skill installation
-- tool availability
-- trust level
-- policy status
-- frontend/package evidence
-- safety penalties
-
-The score is not a promise that the tool will work. It is a routing signal. Any recommendation still needs real evidence before the agent can claim success.
-
-## Default Domains
-
-| Domain | Typical triggers | Recommended capability types |
-| --- | --- | --- |
-| `ui` | UI, UX, frontend, component, visual, layout | design skills, visual review, screenshot evidence |
-| `browserAutomation` | browser, E2E, Playwright, Chrome, DevTools | web access, browser automation, DevTools evidence |
-| `desktopAutomation` | desktop, GUI, WPS, WeChat, CUA | disabled by default; manual operator fallback |
-| `externalCli` | Codex, Gemini, OpenCode, external agent CLI | disabled by default; dry-run and output evidence |
-| `review` | PR, merge, release, code review | reviewer skills, severity findings |
-| `docs` | docs, README, ADR, governance asset | doc impact and source-of-truth evidence |
-| `planning` | plans, task_plan, findings, progress, long-running work | file-backed planning, progress logs, plan attestation |
-| `memory` | memory, recall, knowledge, persistent memory, agentmemory, gbrain | provider-routed memory through agentmemory, gbrain, or scale-local fallback |
-| `discovery` | skill, MCP, tool, capability discovery | find-skills plus safety review |
-
-## Evidence Contract
-
-Each recommendation carries required evidence. Examples:
-
-- UI work: `ui-spec`, `design-rationale`, `screenshot`, `visual-review`
-- Browser work: `browser-evidence`, `console-summary`, `network-summary`, `scenario-result`
-- Desktop work: `operator-boundary`, `desktop-screenshot`, `affected-app`
-- External CLI work: `cli-version-check`, `command`, `exit-code`, `output-summary`
-- Review work: `review-report`, `finding-list`, `severity`
-- Planning work: `task-plan`, `findings-log`, `progress-log`, `plan-attestation`
-- Memory work: `memory-provider-health`, `privacy-boundary`, `data-retention-policy`, `query-result`
-
-If evidence is missing, the final delivery should list the capability as unverified rather than claiming it was used successfully.
-
-## Supply-Chain Doctor
-
-`scale skill doctor --supply-chain` reviews known skill sources and install commands for:
-
-- HTTPS source requirement
-- `curl | bash`, `wget | sh`, `Invoke-Expression`, and `iex` blocking
-- destructive install patterns
-- npm/npx lifecycle script review
-- required source, license, and revision checks
-- third-party attribution and NOTICE checks
-
-This is intentionally conservative. Third-party skills should start in review-required mode and be promoted only after inspection.
-
-External skill references and acknowledgements are tracked in [Third-Party Skills and External References](THIRD_PARTY_SKILLS.md) and the full [External Reference Inventory](EXTERNAL_REFERENCES.md). SCALE should not vendor community skill code unless the license text, source revision, copyright notice, and modification notes are preserved.
-
-## Policy Integration
-
-Skill Radar reads `.scale/tools.json` through the Tool Policy layer. Defaults:
-
-- UI and browser capabilities are enabled but evidence-required.
-- Desktop CUA is disabled by default.
-- External agent CLIs are disabled by default.
-- Browser tools require captured evidence and should stay in approved domains.
-
-Use Tool Policy to enable a restricted capability deliberately rather than relying on an agent's assumption.
-
-## Fallback Rule
-
-Every recommendation must include a fallback. This prevents tool theater:
-
-```text
-If the capability is missing, unsafe, low-confidence, or policy-blocked,
-the agent must use the fallback and record why the capability was not used.
-```
-
-## Artifact Lifecycle
-
-Skill Radar reports can be written into task artifacts:
-
-```bash
-scale skill radar \
-  --task "Refactor upload page and verify browser flow" \
-  --files src/pages/upload.tsx \
-  --output docs/worklog/tasks/2026-05-19-upload-refactor/skill-radar.md
-```
-
-Keep the report when it is evidence for an M/L/CRITICAL task. Do not commit transient local detection output unless it is part of the reviewed task artifact set.
+# Skill Radar
+
+Skill Radar is the active capability selection layer for SCALE. It does not auto-install or blindly run skills. It scores relevant skills, MCP servers, browser tools, desktop automation, and external CLIs against the current task, then returns:
+
+- why the capability matches
+- confidence score
+- safety level
+- required evidence
+- fallback path
+- supply-chain checks before installation or promotion
+
+The goal is to make agents actively use useful tools without turning the project into an unsafe prompt or tool bundle.
+
+## Commands
+
+```bash
+scale skill radar --task "Design upload UI and run browser E2E checks" --files src/pages/upload.tsx
+scale skill radar --task "Automate WPS desktop workflow with CUA" --json
+scale skill radar --task "Review release PR" --phase review --level L --output docs/worklog/tasks/release/skill-radar.md
+scale skill doctor --supply-chain
+scale skill doctor --supply-chain --json
+scale ai-os plan --task "Design upload UI and run browser E2E checks" --files src/pages/upload.tsx --json
+```
+
+## Safety Levels
+
+| Level | Meaning | Default action |
+| --- | --- | --- |
+| `trusted` | Official or low-risk capability with policy enabled | May be recommended when confidence is high |
+| `review-required` | Third-party or ecosystem capability | Require source, license, scripts, and revision review |
+| `restricted` | Browser, desktop, or external execution boundary | Require explicit evidence and side-effect boundaries |
+| `blocked` | Disabled by policy or failed safety review | Do not run; use fallback |
+
+## Confidence
+
+Skill Radar combines:
+
+- task keywords and workflow phase
+- changed file patterns
+- local skill installation
+- tool availability
+- trust level
+- policy status
+- frontend/package evidence
+- safety penalties
+
+The score is not a promise that the tool will work. It is a routing signal. Any recommendation still needs real evidence before the agent can claim success.
+
+## Default Domains
+
+| Domain | Typical triggers | Recommended capability types |
+| --- | --- | --- |
+| `ui` | UI, UX, frontend, component, visual, layout | design skills, visual review, screenshot evidence |
+| `browserAutomation` | browser, E2E, Playwright, Chrome, DevTools | web access, browser automation, DevTools evidence |
+| `desktopAutomation` | desktop, GUI, WPS, WeChat, CUA | disabled by default; manual operator fallback |
+| `externalCli` | Codex, Gemini, OpenCode, external agent CLI | disabled by default; dry-run and output evidence |
+| `review` | PR, merge, release, code review | reviewer skills, severity findings |
+| `docs` | docs, README, ADR, governance asset | doc impact and source-of-truth evidence |
+| `planning` | plans, task_plan, findings, progress, long-running work | file-backed planning, progress logs, plan attestation |
+| `memory` | memory, recall, knowledge, persistent memory, agentmemory, gbrain | provider-routed memory through agentmemory, gbrain, or scale-local fallback |
+| `discovery` | skill, MCP, tool, capability discovery | find-skills plus safety review |
+
+## Evidence Contract
+
+Each recommendation carries required evidence. Examples:
+
+- UI work: `ui-spec`, `design-rationale`, `screenshot`, `visual-review`
+- Browser work: `browser-evidence`, `console-summary`, `network-summary`, `scenario-result`
+- Desktop work: `operator-boundary`, `desktop-screenshot`, `affected-app`
+- External CLI work: `cli-version-check`, `command`, `exit-code`, `output-summary`
+- Review work: `review-report`, `finding-list`, `severity`
+- Planning work: `task-plan`, `findings-log`, `progress-log`, `plan-attestation`
+- Memory work: `memory-provider-health`, `privacy-boundary`, `data-retention-policy`, `query-result`
+
+If evidence is missing, the final delivery should list the capability as unverified rather than claiming it was used successfully.
+
+## Skill Execution Plan
+
+In v0.27.0, `createSkillPlan` and `scale ai-os plan` return an `executionPlan`:
+
+- `strategy`: currently `intent-evidence-graph-v1`
+- `steps`: ordered skill, artifact, and verification actions
+- `reason`: why the step was selected from task intents
+- `evidenceRequired`: what proof must be recorded
+- `fallback`: what to do when the skill, MCP, CLI, or verification path is unavailable
+
+This turns skill routing from a recommendation list into an auditable execution graph. Required steps still need concrete evidence or an explicit skipped/fallback record; recommended steps may be skipped with a reason.
+
+## Supply-Chain Doctor
+
+`scale skill doctor --supply-chain` reviews known skill sources and install commands for:
+
+- HTTPS source requirement
+- `curl | bash`, `wget | sh`, `Invoke-Expression`, and `iex` blocking
+- destructive install patterns
+- npm/npx lifecycle script review
+- required source, license, and revision checks
+- third-party attribution and NOTICE checks
+
+This is intentionally conservative. Third-party skills should start in review-required mode and be promoted only after inspection.
+
+External skill references and acknowledgements are tracked in [Third-Party Skills and External References](THIRD_PARTY_SKILLS.md) and the full [External Reference Inventory](EXTERNAL_REFERENCES.md). SCALE should not vendor community skill code unless the license text, source revision, copyright notice, and modification notes are preserved.
+
+## Policy Integration
+
+Skill Radar reads `.scale/tools.json` through the Tool Policy layer. Defaults:
+
+- UI and browser capabilities are enabled but evidence-required.
+- Desktop CUA is disabled by default.
+- External agent CLIs are disabled by default.
+- Browser tools require captured evidence and should stay in approved domains.
+
+Use Tool Policy to enable a restricted capability deliberately rather than relying on an agent's assumption.
+
+## Fallback Rule
+
+Every recommendation must include a fallback. This prevents tool theater:
+
+```text
+If the capability is missing, unsafe, low-confidence, or policy-blocked,
+the agent must use the fallback and record why the capability was not used.
+```
+
+## Artifact Lifecycle
+
+Skill Radar reports can be written into task artifacts:
+
+```bash
+scale skill radar \
+  --task "Refactor upload page and verify browser flow" \
+  --files src/pages/upload.tsx \
+  --output docs/worklog/tasks/2026-05-19-upload-refactor/skill-radar.md
+```
+
+Keep the report when it is evidence for an M/L/CRITICAL task. Do not commit transient local detection output unless it is part of the reviewed task artifact set.