@jterrats/open-orchestra 0.1.0 → 0.3.0

package/docs/skill-loading-strategy.md

@@ -0,0 +1,114 @@
+# Skill Loading Strategy
+
+Open Orchestra should keep primary agent instruction files small. AGENTS.md, CLAUDE.md, Cursor rules, and ORCHESTRA.md should act as an entry point, not as the full operating manual for every capability.
+
+## Goal
+
+Load detailed capability instructions only when the current task needs them, while keeping core governance rules always available.
+
+## Core Pattern
+
+Use a two-layer model:
+
+- **Core instructions:** short, always-loaded rules for safety, user alignment, engineering standards, gates, and how to select skills.
+- **Skills:** focused sub-files with task-specific procedures, examples, scripts, templates, and evidence rules.
+
+The main files should include a compact Skill Index instead of embedding every procedure inline.
+
+## Skill Manifest
+
+Each skill should expose metadata that allows a parent agent or middleware to decide whether to load it.
+
+```json
+{
+  "id": "static-analysis",
+  "name": "Static Analysis",
+  "summary": "Run and interpret local quality, type, dependency, secret, and security checks.",
+  "triggers": ["lint", "typecheck", "secret", "sast", "precommit", "dependency"],
+  "roles": ["developer", "tech_lead", "qa", "sdet", "security", "devops"],
+  "capabilities": ["quality-gate", "security-review", "commit-readiness"],
+  "riskAreas": ["security", "release", "maintainability"],
+  "entry": "skills/static-analysis/SKILL.md",
+  "assets": ["skills/static-analysis/checklist.md"],
+  "evidence": ["command", "report"],
+  "sourceGroups": ["codebase", "quality-security", "agent-memory"],
+  "loadBudget": "normal"
+}
+```
+
+## Source Selection
+
+Before loading full skill instructions, the parent agent should select authoritative source groups for the task. The source catalog lives in `.agent-workflow/source-of-truth.json` and is documented in [source-of-truth-and-agent-learning.md](source-of-truth-and-agent-learning.md).
+
+Skill manifests should be able to declare `sourceGroups` so the orchestrator can load the right local files, docs, official vendor references, and prior lessons without pulling unrelated context.
+
+## Loading Flow
+
+1. Parse the task brief into goal, touched paths, impacted systems, requested outputs, risk areas, and likely roles.
+2. Activate roles from the role catalog.
+3. Match task signals against skill manifests by triggers, paths, roles, capabilities, and risk areas.
+4. Load only the selected skill summaries first.
+5. Load the full `SKILL.md` only when the skill is needed for execution or review.
+6. Load matching source-of-truth entries and recent relevant lessons for the selected skills.
+7. Load skill assets, templates, scripts, or examples only at the point of use.
+8. Record selected skills and source groups in task context, handoffs, evidence, and final summary.
+
+## Built-in Skill Candidates
+
+- `prompt-registry`: read and update `.generated-prompts/` registers for substantial AI-generated artifacts.
+- `diagram-export`: generate, validate, and export architecture or workflow diagrams.
+- `static-analysis`: run local quality, typing, SAST, dependency, and secret checks.
+- `pr-review`: produce review findings, PR summary, risks, rollout notes, and missing-test gaps.
+- `playwright-evidence`: plan browser automation and attach screenshots, traces, videos, and reports.
+- `backlog-sync`: keep GitHub issues, local stories, and workflow tasks aligned.
+- `release-readiness`: validate gates, rollback, observability, support, and customer-impact evidence.
+- `model-evaluation`: run prompt/model/provider-routing evaluations and compare outputs.
+- `source-of-truth`: select authoritative project, vendor, and workflow sources before acting.
+- `agent-learning`: record reusable failure lessons and promote repeated lessons into skills or rules.
+
+## Fallback for LLMs Without Native Skills
+
+If an LLM platform cannot load skills dynamically, Open Orchestra should provide middleware behavior:
+
+- A parent orchestrator reads the manifest and selects skills.
+- The orchestrator injects only the selected skill text into the child agent prompt.
+- The orchestrator keeps full skill content out of the base system prompt.
+- The loaded skill IDs are written to `.agent-workflow/` events and handoff artifacts.
+
+This keeps the project portable across Cursor, Claude, Codex, VS Code, GitHub Actions, and future web clients.
+
+## Main File Budget
+
+Primary MD files should stay bounded:
+
+- Keep role and skill catalogs as indexes with links.
+- Move long procedures into skills or docs.
+- Prefer activation criteria over exhaustive instructions.
+- Keep examples inside the skill that owns them.
+- Review file size when a main MD crosses a practical context threshold.
+
+## Implemented CLI Surface
+
+- `orchestra skills list` lists the canonical built-in skill catalog.
+- `orchestra skills plan --task <id>` selects skills from task text, owner role, paths, risks, and source groups.
+- `orchestra skills render --target generic|claude|cursor|codex|vscode --task <id>` renders selected skills for a runtime or IDE.
+- `orchestra skills render --target <target> --skills <csv>` renders explicit skills when no task exists.
+- `orchestra skills validate` validates canonical skills against portable `manifest.json` and `SKILL.md` files.
+- `orchestra sources list` exposes the source-of-truth catalog.
+- `orchestra lessons list/add/promote` manages local agent learning and promotes repeated lessons into reviewable artifacts.
+
+The CLI render path is the universal fallback for environments without native skill support.
+
+## Generated Markdown Update Policy
+
+Generated `.md`, `.mdc`, and agent instruction files should be managed through explicit ownership rules instead of blind rewrites.
+
+- Use generated block markers such as `<!-- open-orchestra:start skill-index -->` and `<!-- open-orchestra:end skill-index -->` for sections the CLI owns.
+- Keep user-authored sections outside managed blocks and never overwrite them during generation.
+- Store generator metadata: generator name, version, source manifest, target file, managed block id, and last rendered hash.
+- Default to idempotent updates: rerunning the generator without source changes should produce no diff.
+- Provide `--dry-run` and `--check` modes before writing generated docs.
+- If a generated section was manually edited, detect drift and require explicit `--force` or emit a conflict.
+- Promote stable runtime lessons or prompts into versioned docs/rules/skills only through reviewed generated blocks.
+
+This keeps Claude, Cursor, Codex, VS Code, and generic CLI outputs synchronized without turning primary instruction files into unbounded generated blobs.

package/docs/source-of-truth-and-agent-learning.md

@@ -0,0 +1,83 @@
+# Source of Truth and Agent Learning
+
+Open Orchestra should make context provenance explicit. Agents and subagents should know where to look before acting, and they should record repeatable failure lessons after an action fails.
+
+## Source of Truth Catalog
+
+The source catalog answers: which document, file, or external reference is authoritative for a decision?
+
+Default source groups:
+
+- `project-instructions`: `AGENTS.md`, `ORCHESTRA.md`, `CLAUDE.md`, Cursor rules, and local agent rules.
+- `product-backlog`: GitHub issues, local backlog docs, acceptance criteria, user stories, and task graph state.
+- `architecture`: ADRs, architecture docs, service boundaries, diagrams, domain models, and integration contracts.
+- `codebase`: source files, tests, package manifests, config, generated types, and local command contracts.
+- `quality-security`: static analysis config, pre-commit hooks, SAST reports, dependency scans, secret scans, QA plans, and Playwright evidence.
+- `devops-runtime`: CI/CD workflows, deployment docs, IaC, observability, rollback, incident, and release artifacts.
+- `vendor-docs`: official provider, framework, package, cloud, and browser documentation.
+- `agent-memory`: decisions, handoffs, evidence, prompt registry entries, and lessons learned.
+
+Rules:
+
+- Prefer local project sources before generic external guidance.
+- Prefer primary vendor documentation over blogs, examples, or generated answers.
+- For current or fast-changing APIs, verify against official docs before implementation.
+- Record which source group justified a material decision in decisions, handoffs, evidence, or final summaries.
+- If sources conflict, stop and record the conflict instead of silently choosing one.
+
+## Versioning Policy
+
+- Track the schema, documentation, examples, and promoted rules or skills.
+- Do not track the live `.agent-workflow/agent-lessons.jsonl` file by default; it is local runtime state and can contain machine-specific commands, timestamps, paths, or sensitive context.
+- Do not track the live `.generated-prompts/` directory by default; prompt registers are generated local runtime memory unless a project explicitly promotes selected entries into versioned docs, rules, or skills.
+- Track `source-of-truth.json` only when a project intentionally wants shared authoritative sources. Otherwise regenerate it through `orchestra init` and project config.
+- Promote repeated lessons into versioned skills or rules after review.
+
+## Agent Lessons Log
+
+The lessons log captures operational mistakes that an agent can avoid next time. It is not a blame log; it is a repeat-prevention mechanism.
+
+Store lessons as JSONL in `.agent-workflow/agent-lessons.jsonl`.
+
+Example entry:
+
+```json
+{
+  "timestamp": "2026-05-03T00:00:00.000Z",
+  "taskId": "SKILL-001",
+  "actor": "parent",
+  "operation": "edit-doc-with-node-script",
+  "failedAction": "embedded Markdown fences inside a JavaScript template literal",
+  "errorSignature": "SyntaxError: Unexpected identifier",
+  "rootCause": "unescaped backticks in generated script content",
+  "fix": "build long Markdown content as an array of lines or escape fences explicitly",
+  "prevention": "before running generated edit scripts, scan for nested template literals and Markdown fences",
+  "appliesTo": ["node", "markdown", "code-generation"],
+  "verifiedBy": ["reran edit script successfully"]
+}
+```
+
+Record a lesson when:
+
+- The same class of failure is likely to happen again.
+- A command failed because of quoting, escaping, shell behavior, permissions, cwd, missing dependency, or stale assumption.
+- A test failure revealed a reusable project convention.
+- A provider, tool, or runtime behaved differently than expected.
+
+Do not record a lesson for:
+
+- One-off typos with no reusable prevention value.
+- Secrets, raw credentials, private customer data, or sensitive prompt/response content.
+- Failures already covered by a current lesson unless the prevention changed.
+
+## Learning Flow
+
+1. Before acting, select relevant source groups and load only the necessary files or docs.
+2. Before repeating a risky operation, search `.agent-workflow/agent-lessons.jsonl` for matching operation, error signature, or tool.
+3. After a failure, classify whether it is reusable knowledge.
+4. If reusable, append one JSONL entry with root cause, fix, prevention, and verification.
+5. If the same lesson appears repeatedly, promote it into the relevant skill or project rule.
+
+## Relationship to Skills
+
+Skills should declare which source groups they use and which lessons are relevant. The orchestrator should load lessons only for the selected skills and current operation, not the full historical log.

package/package.json

@@ -1,20 +1,21 @@
 {
   "name": "@jterrats/open-orchestra",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "type": "module",
   "bin": {
     "orchestra": "bin/orchestra.js"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && npm run build:web",
     "typecheck": "tsc --noEmit",
     "test": "npm run build && node --test test/**/*.js extensions/**/*.test.cjs",
-    "lint": "eslint . && prettier --check \"{bin,scripts,test}/**/*.js\" \"extensions/**/*.{cjs,json,md}\" \"src/**/*.ts\" \"*.json\"",
-    "format": "prettier --write \"{bin,scripts,test}/**/*.js\" \"extensions/**/*.{cjs,json,md}\" \"src/**/*.ts\" \"*.json\"",
+    "lint": "eslint . && prettier --check \"{bin,scripts,test,src}/**/*.js\" \"extensions/**/*.{cjs,json,md}\" \"src/**/*.ts\" \"*.json\"",
+    "format": "prettier --write \"{bin,scripts,test,src}/**/*.js\" \"extensions/**/*.{cjs,json,md}\" \"src/**/*.ts\" \"*.json\"",
     "secret-scan": "node scripts/secret-scan.js",
     "validate:workflow": "sh -c 'test ! -d .agent-workflow || (npm run build && node bin/orchestra.js validate)'",
     "precommit": "npm run lint && npm run typecheck && npm run secret-scan && npm test && npm run validate:workflow",
-    "hooks:install": "git config core.hooksPath .githooks"
+    "hooks:install": "git config core.hooksPath .githooks",
+    "build:web": "esbuild src/web-console-client.js --bundle --format=esm --platform=browser --target=es2022 --outfile=dist/assets/web-console.js"
   },
   "engines": {
     "node": ">=22"
@@ -22,6 +23,7 @@
   "devDependencies": {
     "@eslint/js": "^10.0.1",
     "@types/node": "^25.6.0",
+    "esbuild": "^0.28.0",
     "eslint": "^10.2.1",
     "prettier": "^3.8.3",
     "typescript": "^6.0.3",
@@ -45,8 +47,10 @@
     "dist/",
     "rules/",
     "docs/",
+    "skills/",
     "AGENTS.md",
     "CLAUDE.md",
+    "CHANGELOG.md",
     "README.md",
     "package.json"
   ],

package/rules/agent-roles.mdc

@@ -39,16 +39,41 @@ Use roles to force complete thinking, not to create silos. A single agent may co
 - Does not start coding until acceptance criteria and technical boundaries are clear enough.
 - Confirms the agreed implementation approach before editing files, except for trivial mechanical changes.
 
+## Frontend Specialist
+- Owns browser behavior, component architecture, responsive UI, accessibility implementation, client performance, and visual regression risk.
+- Reviews user-facing web changes against mobile-first flows, WCAG-oriented checks, and Playwright-visible behavior.
+- Blocks frontend changes that cannot be verified in target browsers or viewports.
+
+## Backend Specialist
+- Owns service boundaries, API contracts, domain services, persistence integration, concurrency, and failure modes.
+- Reviews backend changes for secure coding, observability, idempotency, retries, data integrity, and server-side tests.
+- Blocks backend changes with unclear contracts, untested failure modes, or unsafe data handling.
+
+## Mobile Specialist
+- Owns mobile UX, device compatibility, offline behavior, permissions, native or hybrid runtime constraints, and store readiness.
+- Reviews mobile changes with device evidence instead of relying only on desktop responsive checks.
+- Blocks mobile releases without device matrix, runtime constraints, or store readiness evidence when applicable.
+
 ## QA
 - Owns verification strategy, test coverage, regression risk, and release confidence.
 - Defines happy paths, failure paths, boundary cases, and non-functional checks.
 - Challenges work that has implementation but no credible test plan.
 
+## SDET / Test Automation Engineer
+- Owns automated test architecture, Playwright fixtures, page objects, resilient locators, and CI test reliability.
+- Converts QA plans and acceptance criteria into repeatable smoke, regression, and evidence-producing tests.
+- Blocks automation-heavy releases when tests are brittle, unisolated, or missing traceable evidence.
+
 ## DevOps
 - Owns deployment, CI/CD, observability, runtime configuration, rollback, and operational readiness.
 - Verifies environment segregation, infrastructure as code, migrations, secrets, and runbooks.
 - Blocks releases that cannot be deployed, monitored, rolled back, or supported.
 
+## Platform Engineer
+- Owns internal developer platforms, golden paths, reusable templates, self-service workflows, and platform guardrails.
+- Treats developer experience as a product while preserving security, compliance, cost visibility, and operational control.
+- Blocks cross-repo platform changes without template validation, adoption notes, or self-service smoke evidence.
+
 ## Security
 - Owns threat modeling, abuse cases, data classification, identity, secrets, and dependency risk.
 - Reviews authentication, authorization, input handling, logging, encryption, and third-party exposure.
@@ -89,6 +114,11 @@ Use roles to force complete thinking, not to create silos. A single agent may co
 - Reviews user-facing changes for diagnosability, help text, recovery paths, and support escalation needs.
 - Feeds production incidents, tickets, and user pain back into Product Owner and QA workflows.
 
+## AI Evaluation / Prompt Quality Engineer
+- Owns eval objectives, datasets, rubrics, prompt regression checks, model comparisons, and LLM behavior evidence.
+- Treats prompt, model routing, and provider fallback changes as testable product behavior.
+- Blocks AI behavior changes that rely on subjective review without eval cases, scoring rationale, or accepted residual risk.
+
 ## Compliance / Privacy
 - Owns regulatory requirements, privacy obligations, retention, consent, auditability, and data processing risk.
 - Reviews PII, restricted data, data residency, retention policies, access logs, consent, and third-party processors.

package/rules/ai-assisted-development.mdc

@@ -29,3 +29,25 @@ AI-generated work must meet the same engineering bar as human-written work. Spee
 - Discuss the approach with the user before non-trivial AI-assisted implementation.
 - Explain trade-offs clearly and identify risks introduced by generated code.
 - If generated code reveals a better or riskier path than agreed, pause and realign before continuing.
+
+## Prompt Registry
+
+- Use `.generated-prompts/` as the durable prompt register for generated or substantially changed artifacts.
+- Before creating or substantially changing an artifact, read the relevant register file to preserve conventions, constraints, decisions, and known risks.
+- After substantial changes, add or update one entry for the artifact with task, active role, key decisions, evidence, and the final prompt or a concise prompt summary.
+- Keep only the latest prompt in each entry; rely on git history for prior versions. Do not update entries for typos, formatting-only edits, or single-line mechanical fixes.
+
+## Skill Loading
+
+- Keep primary agent instruction files as short indexes plus non-negotiable rules.
+- Load detailed skills only when task signals, active roles, touched paths, or risk areas require them.
+- Prefer skill summaries first; load full skill instructions, assets, scripts, and examples only at execution time.
+- Record selected skills in task context, handoffs, evidence, and final summaries when they materially shaped the work.
+
+## Source of Truth and Learning
+
+- Select authoritative source groups before acting: project instructions, backlog, architecture, codebase, quality/security, DevOps/runtime, vendor docs, and agent memory.
+- Prefer local project sources first and official vendor documentation for current APIs, frameworks, cloud services, providers, and tools.
+- When an action fails in a reusable way, record the lesson in `.agent-workflow/agent-lessons.jsonl` with operation, error signature, root cause, fix, prevention, and verification.
+- Before repeating risky operations, search prior lessons for matching tool, command, error signature, or operation.
+- Promote repeated lessons into the relevant skill or rule instead of letting agents rediscover the same failure.

package/skills/agent-learning/SKILL.md

@@ -0,0 +1,24 @@
+# Agent Learning
+
+Record reusable failure lessons and promote repeated lessons into skills or rules.
+
+## When To Load
+
+- Trigger: `failure`
+- Trigger: `failed`
+- Trigger: `error`
+- Trigger: `syntax`
+- Trigger: `escaping`
+- Trigger: `permission`
+- Trigger: `lesson`
+- Trigger: `learn`
+
+## Procedure
+
+- Search relevant lessons before repeating risky operations.
+- After reusable failures, record operation, error signature, root cause, fix, prevention, and verification.
+- Promote repeated lessons into versioned skills or rules after review.
+
+## Evidence
+
+- `file`

package/skills/agent-learning/manifest.json

@@ -0,0 +1,40 @@
+{
+  "id": "agent-learning",
+  "name": "Agent Learning",
+  "summary": "Record reusable failure lessons and promote repeated lessons into skills or rules.",
+  "triggers": [
+    "failure",
+    "failed",
+    "error",
+    "syntax",
+    "escaping",
+    "permission",
+    "lesson",
+    "learn"
+  ],
+  "roles": [
+    "parent",
+    "context_curator",
+    "toolsmith",
+    "developer",
+    "qa"
+  ],
+  "capabilities": [
+    "failure-learning",
+    "memory-hygiene",
+    "repeat-prevention"
+  ],
+  "riskAreas": [
+    "maintainability",
+    "governance"
+  ],
+  "sourceGroups": [
+    "agent-memory",
+    "codebase"
+  ],
+  "evidence": [
+    "file"
+  ],
+  "loadBudget": "small",
+  "entry": "skills/agent-learning/SKILL.md"
+}

package/skills/backlog-sync/SKILL.md

@@ -0,0 +1,24 @@
+# Backlog Sync
+
+Keep GitHub issues, local stories, and workflow tasks aligned.
+
+## When To Load
+
+- Trigger: `backlog`
+- Trigger: `issue`
+- Trigger: `story`
+- Trigger: `epic`
+- Trigger: `github`
+- Trigger: `acceptance criteria`
+- Trigger: `refine`
+
+## Procedure
+
+- Confirm backlog IDs and acceptance criteria before implementation.
+- Keep local tasks, docs, and GitHub issues aligned when one changes.
+- Surface missing refinement as a blocker instead of guessing scope.
+
+## Evidence
+
+- `file`
+- `report`

package/skills/backlog-sync/manifest.json

@@ -0,0 +1,41 @@
+{
+  "id": "backlog-sync",
+  "name": "Backlog Sync",
+  "summary": "Keep GitHub issues, local stories, and workflow tasks aligned.",
+  "triggers": [
+    "backlog",
+    "issue",
+    "story",
+    "epic",
+    "github",
+    "acceptance criteria",
+    "refine"
+  ],
+  "roles": [
+    "product_manager",
+    "product_owner",
+    "business_analyst",
+    "planner",
+    "parent"
+  ],
+  "capabilities": [
+    "backlog-management",
+    "story-refinement",
+    "scope-control"
+  ],
+  "riskAreas": [
+    "governance",
+    "scope"
+  ],
+  "sourceGroups": [
+    "product-backlog",
+    "project-instructions",
+    "agent-memory"
+  ],
+  "evidence": [
+    "file",
+    "report"
+  ],
+  "loadBudget": "small",
+  "entry": "skills/backlog-sync/SKILL.md"
+}

package/skills/diagram-export/SKILL.md

@@ -0,0 +1,35 @@
+# Diagram Export
+
+Create, validate, and export architecture, workflow, and sequence diagrams.
+
+## When To Load
+
+- Trigger: `diagram`
+- Trigger: `mermaid`
+- Trigger: `architecture`
+- Trigger: `flow`
+- Trigger: `sequence`
+- Trigger: `draw.io`
+- Trigger: `lucid`
+
+## Procedure
+
+- Identify the diagram purpose and authoritative architecture sources before drawing.
+- Choose the diagram style from the decision matrix before drafting.
+- Prefer text-native diagrams such as Mermaid unless the project requires another format.
+- Run `orchestra diagrams lint --file <diagram.mmd>` for lint-only validation before sharing Mermaid diagrams.
+- Attach evidence with `orchestra diagrams lint --file <diagram.mmd> --task <task-id>` when the diagram supports workflow delivery.
+- If `mmdc` is missing, report the install guidance instead of pretending validation passed.
+
+## Decision Matrix
+
+- Architecture boundary or component ownership: C4/container or component diagram.
+- User, business, or agent workflow: flowchart or state diagram.
+- Service/API/message exchange: sequence diagram.
+- Data ownership or relationships: entity relationship diagram.
+- Runtime topology, infrastructure, or deployment: deployment or infrastructure diagram.
+
+## Evidence
+
+- `file`
+- `report`

package/skills/diagram-export/manifest.json

@@ -0,0 +1,40 @@
+{
+  "id": "diagram-export",
+  "name": "Diagram Export",
+  "summary": "Create, validate, and export architecture, workflow, and sequence diagrams.",
+  "triggers": [
+    "diagram",
+    "mermaid",
+    "architecture",
+    "flow",
+    "sequence",
+    "draw.io",
+    "lucid"
+  ],
+  "roles": [
+    "architect",
+    "business_analyst",
+    "product_manager",
+    "tech_lead",
+    "technical_writer"
+  ],
+  "capabilities": [
+    "diagramming",
+    "architecture-communication"
+  ],
+  "riskAreas": [
+    "architecture",
+    "documentation"
+  ],
+  "sourceGroups": [
+    "architecture",
+    "product-backlog",
+    "agent-memory"
+  ],
+  "evidence": [
+    "file",
+    "report"
+  ],
+  "loadBudget": "normal",
+  "entry": "skills/diagram-export/SKILL.md"
+}

package/skills/model-evaluation/SKILL.md

@@ -0,0 +1,25 @@
+# Model Evaluation
+
+Run prompt, model, provider-routing, fallback, and rubric evaluations.
+
+## When To Load
+
+- Trigger: `model`
+- Trigger: `llm`
+- Trigger: `prompt`
+- Trigger: `provider`
+- Trigger: `fallback`
+- Trigger: `eval`
+- Trigger: `rubric`
+- Trigger: `routing`
+
+## Procedure
+
+- Define eval objectives, cases, rubric, and expected behavior before changing prompts or routing.
+- Compare model/provider behavior for material changes and record disagreements.
+- Avoid storing raw sensitive prompts or responses in provenance artifacts.
+
+## Evidence
+
+- `report`
+- `file`

package/skills/model-evaluation/manifest.json

@@ -0,0 +1,41 @@
+{
+  "id": "model-evaluation",
+  "name": "Model Evaluation",
+  "summary": "Run prompt, model, provider-routing, fallback, and rubric evaluations.",
+  "triggers": [
+    "model",
+    "llm",
+    "prompt",
+    "provider",
+    "fallback",
+    "eval",
+    "rubric",
+    "routing"
+  ],
+  "roles": [
+    "ai_evaluation_engineer",
+    "toolsmith",
+    "architect",
+    "parent"
+  ],
+  "capabilities": [
+    "llm-evaluation",
+    "provider-routing",
+    "prompt-quality"
+  ],
+  "riskAreas": [
+    "governance",
+    "quality"
+  ],
+  "sourceGroups": [
+    "vendor-docs",
+    "agent-memory",
+    "quality-security"
+  ],
+  "evidence": [
+    "report",
+    "file"
+  ],
+  "loadBudget": "normal",
+  "entry": "skills/model-evaluation/SKILL.md"
+}

package/skills/playwright-evidence/SKILL.md

@@ -0,0 +1,28 @@
+# Playwright Evidence
+
+Plan browser automation and attach screenshots, traces, videos, and reports.
+
+## When To Load
+
+- Trigger: `playwright`
+- Trigger: `browser`
+- Trigger: `e2e`
+- Trigger: `screenshot`
+- Trigger: `trace`
+- Trigger: `video`
+- Trigger: `responsive`
+- Trigger: `web`
+- Trigger: `ui`
+
+## Procedure
+
+- Plan user-value scenarios from acceptance criteria before writing tests.
+- Use resilient locators and page objects for repeated flows.
+- Attach screenshots, traces, videos, or reports as evidence for release decisions.
+
+## Evidence
+
+- `screenshot`
+- `trace`
+- `video`
+- `report`