@minhpnq1807/contextos 0.5.53 → 0.6.0

package/.codex/skills/contextos-community/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: ContextOS Community
+description: Maintain Community Skill Packs, certification docs, launch demos, and distribution-oriented ContextOS assets.
+---
+
+# ContextOS Community
+
+Use this skill for Community Skill Packs, ContextOS Ready certification, launch demos, roadmap docs, and contributor-facing assets.
+
+## Workflow
+
+1. Keep community assets small and PR-friendly.
+2. Prefer docs, examples, and tests over hosted infrastructure.
+3. Ensure every skill pack has triggers, evidence, negative triggers, and workflow.
+4. Validate docs and package inclusion before committing.

package/.codex/skills/contextos-community/skill.yaml

@@ -0,0 +1,20 @@
+id: contextos-community
+name: ContextOS Community
+description: Maintain Community Skill Packs, certification docs, launch demos, and distribution assets.
+positive_triggers:
+  prompts: [community skill packs, contextos ready, certified, badge, roadmap, launch demo, contributor]
+  files: [community-skills/README.md, docs/roadmap.md, docs/launch-demos.md, README.md]
+  dependencies: [vitest]
+evidence:
+  files: [community-skills/README.md, docs/roadmap.md, README.md]
+  dependencies: [vitest]
+negative_triggers:
+  prompts: [runtime scorer, mcp transport, embedding model]
+workflow:
+  - Keep community assets small and PR-friendly.
+  - Prefer docs, examples, and tests over hosted infrastructure.
+  - Ensure every skill pack has triggers, evidence, negative triggers, and workflow.
+  - Validate docs and package inclusion before committing.
+related_skills:
+  - community-management
+  - technical-writing

package/.codex/skills/contextos-release/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: ContextOS Release
+description: Prepare ContextOS npm package releases, changelog updates, plugin validation, tags, and GitHub release safety checks.
+---
+
+# ContextOS Release
+
+Use this skill when bumping versions, preparing changelog entries, validating package contents, or publishing ContextOS.
+
+## Workflow
+
+1. Update README and CHANGELOG before tagging.
+2. Verify package and plugin versions stay aligned.
+3. Run build, plugin validation, MCP smoke, tests, and `npm pack --dry-run`.
+4. Commit, tag, push, and verify the GitHub release/npm publish path.

package/.codex/skills/contextos-release/skill.yaml

@@ -0,0 +1,20 @@
+id: contextos-release
+name: ContextOS Release
+description: Prepare ContextOS npm releases, changelog updates, tags, and package validation.
+positive_triggers:
+  prompts: [release, bump version, changelog, npm publish, tag, package, validate plugin]
+  files: [package.json, plugins/ctx/.codex-plugin/plugin.json, CHANGELOG.md, README.md]
+  dependencies: [vitest]
+evidence:
+  files: [package.json, plugins/ctx/.codex-plugin/plugin.json, CHANGELOG.md]
+  dependencies: [vitest]
+negative_triggers:
+  prompts: [application feature, dashboard UI, backend API]
+workflow:
+  - Update README and CHANGELOG before tagging.
+  - Verify package and plugin versions stay aligned.
+  - Run build, plugin validation, MCP smoke, tests, and npm pack dry-run.
+  - Commit, tag, push, and verify release automation.
+related_skills:
+  - npm-package-release
+  - github-actions-ci-cd

package/.codex/skills/contextos-routing/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: ContextOS Routing
+description: Work on ContextOS rule, file, skill, workflow, and evidence routing without adding broad runtime complexity.
+---
+
+# ContextOS Routing
+
+Use this skill when changing ContextOS routing behavior, prompt hook output, scoring, evidence, or MCP scorer paths.
+
+## Workflow
+
+1. Inspect the existing routing module before changing behavior.
+2. Keep prompt-hook hot paths bounded and fail-open.
+3. Add focused tests for ranking, output, or telemetry behavior.
+4. Run `npm test`, `npm run build`, and `npm run validate:plugin` when the change affects runtime.

package/.codex/skills/contextos-routing/skill.yaml

@@ -0,0 +1,20 @@
+id: contextos-routing
+name: ContextOS Routing
+description: Work on ContextOS rule, file, skill, workflow, and evidence routing.
+positive_triggers:
+  prompts: [contextos routing, prompt hook, skill router, workflow router, evidence, scoring, ctx-mcp]
+  files: [plugins/ctx/lib/score-context.js, plugins/ctx/lib/skill-discoverer.js, plugins/ctx/lib/workflow-discoverer.js, plugins/ctx/lib/prompt-hook.js]
+  dependencies: [@modelcontextprotocol/sdk]
+evidence:
+  files: [plugins/ctx/lib/score-context.js, plugins/ctx/lib/skill-discoverer.js, plugins/ctx/mcp/server.js]
+  dependencies: [@modelcontextprotocol/sdk, @xenova/transformers]
+negative_triggers:
+  prompts: [dashboard, cloud service, hosted marketplace]
+workflow:
+  - Inspect the existing routing module before changing behavior.
+  - Keep prompt-hook hot paths bounded and fail-open.
+  - Add focused tests for ranking, output, or telemetry behavior.
+  - Run npm test plus build and plugin validation for runtime changes.
+related_skills:
+  - mcp-tool-developer
+  - agent-memory-mcp

package/.codex/workflows/primary.md

@@ -0,0 +1,13 @@
+# Primary ContextOS Workflow
+
+Use this workflow for feature implementation, debugging, routing changes, and test fixes in ContextOS.
+
+planner -> researcher -> tester -> code-reviewer -> docs-manager
+
+## Steps
+
+1. Confirm the affected ContextOS surface: CLI, prompt hook, MCP server, router, setup, docs, or tests.
+2. Inspect the existing module and nearby tests before patching.
+3. Keep runtime behavior local-first, bounded, and fail-open.
+4. Add focused tests for the changed behavior.
+5. Run the relevant validation commands before commit.

package/.codex/workflows/release.md

@@ -0,0 +1,12 @@
+# ContextOS Release Workflow
+
+Use this workflow for version bumps, changelog updates, package validation, tags, and release checks.
+
+planner -> tester -> docs-manager -> code-reviewer
+
+## Steps
+
+1. Update package and plugin versions together when releasing.
+2. Update README and CHANGELOG with user-visible behavior.
+3. Run tests, build, plugin validation, MCP smoke, and package dry-run.
+4. Commit, tag, push, and verify the release automation result.

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## 0.6.0
+
+- **Launch demo framing:** Added Agent Hallucination Benchmark messaging, same-prompt/same-model/different-context copy, and `docs/launch-demos.md` with three short demo scripts: hallucination benchmark, AGENTS.md lost-in-the-middle, and repo-aware skills.
+- **Roadmap template expansion:** Extended the launch roadmap issue template with Hallucination Benchmark, Agent Replay, and Community Skill Packs areas.
+- **Roadmap docs:** Added `docs/roadmap.md` covering Hallucination Leaderboard, Agent Replay, Community Skill Packs, and ContextOS Ready certification without committing to dashboard/cloud work.
+- **Community Skill Packs:** Added the initial `community-skills/` seed packs for EAS, Vercel, Prisma, Redis, Google OAuth, and JWT auth with `SKILL.md`, `skill.yaml`, contribution docs, and routing contract tests.
+- **ContextOS Ready:** Added `ctx doctor` to score repository readiness across project rules, skill packs, and workflows, plus README badge/docs and certification tests.
+- **Auto Skill Extraction roadmap:** Documented `ctx skill generate` as a research direction for detecting reusable repository skills and drafting publishable skill packs from project evidence.
+
 ## 0.5.53
 
 - **Optional adapter positioning:** Clarified that ContextOS core works standalone and that `code-review-graph`, `codegraph`, and `agent-memory` are optional adapters. Skill Router scoring now exposes separate `importGraphScore`, `externalGraphScore`, and `memoryScore` fields so missing adapters degrade to zero score instead of becoming install/runtime requirements.

package/README.md

@@ -6,6 +6,7 @@ Rules, files, skills, workflows, and evidence: injected before the agent writes
 
 [![npm version](https://img.shields.io/npm/v/@minhpnq1807/contextos.svg)](https://www.npmjs.com/package/@minhpnq1807/contextos)
 [![CI](https://github.com/khovan123/contextOS/actions/workflows/ci.yml/badge.svg)](https://github.com/khovan123/contextOS/actions/workflows/ci.yml)
+[![ContextOS Ready](https://img.shields.io/badge/ContextOS-Ready_Gold-2ea44f)](#contextos-ready)
 [![license: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
 
 ```text
@@ -29,7 +30,7 @@ Published package: [`@minhpnq1807/contextos`](https://www.npmjs.com/package/@min
 
 ![ContextOS demo: same prompt, different repo, correct skills](docs/demo/contextos-demo.gif)
 
-Same prompt. Different repo. Correct skills.
+Same prompt. Same model. Different context.
 
 ```bash
 ctx skills doctor -- "fix deployed"
@@ -41,6 +42,31 @@ ctx skills doctor -- "fix deployed"
 | `vercel.json`, `next`, GitHub workflow | `vercel-deployment`, `github-actions-ci-cd`, `env-secret-management` |
 | ContextOS repo with no app deploy evidence | no deployment skill selected |
 
+## Agent Hallucination Benchmark
+
+Generic agents often guess deployment tooling from the prompt alone:
+
+```text
+Prompt: Fix deployment
+Raw agent guess: Vercel, Docker, Railway
+```
+
+ContextOS routes from project evidence instead:
+
+```text
+Detected evidence:
+- eas.json
+- expo dependency
+- GitHub workflow
+
+Selected skills:
+- eas
+- mobile-deployment
+- github-actions-ci-cd
+```
+
+That is the core launch demo: same prompt, same model, different repo context, correct skills.
+
 Skill Router internal fixture benchmark:
 
 | Metric | Result |
@@ -126,6 +152,13 @@ Developers put real operating instructions in `AGENTS.md`: use this graph tool b
 
 The problem is not that agents cannot read `AGENTS.md`. The problem is that large context windows bury the important rule in the middle, where attention is weak. ContextOS turns a static rules file into task-aware runtime context.
 
+The next visible demo is not another feature. It is showing the pain in a few seconds:
+
+```text
+Raw agent: guesses from the prompt.
+ContextOS: routes from repo evidence.
+```
+
 ## What ContextOS Does
 
 | Layer | What happens |
@@ -160,12 +193,54 @@ ContextOS is designed to be OSS-friendly and low-friction:
 
 Positioning: ContextOS works standalone and gets smarter when graph or memory adapters are available.
 
+## Roadmap
+
+ContextOS is not heading toward a dashboard-first product. The next work is focused on making the existing local runtime more visible and reusable:
+
+| Next | Why |
+| --- | --- |
+| Hallucination Leaderboard | Compare raw agent guesses vs ContextOS evidence-routed recommendations across the same repos and tasks. |
+| Agent Replay | Turn telemetry into a readable post-task narrative: prompt, selected skills, followed rules, suggested files, touched files, efficiency. |
+| Community Skill Packs | Let contributors PR ContextOS-ready skills with triggers, evidence, negative gates, and workflows before building a larger hub. |
+| ContextOS Ready | Define a repository readiness badge for AGENTS.md, skills, workflows, and evidence quality. |
+| Auto Skill Extraction | Research `ctx skill generate` so ContextOS can detect reusable skills from a repo and propose publishable skill packs. |
+
+See [docs/roadmap.md](docs/roadmap.md) for the current roadmap notes.
+
+## Community Skill Packs
+
+ContextOS starts the community loop with [`community-skills/`](community-skills/) instead of a hosted marketplace. The seed packs are `eas`, `vercel`, `prisma`, `redis`, `oauth-google`, and `jwt-auth`.
+
+Each pack contains a model-visible `SKILL.md` plus `skill.yaml` routing metadata with prompt triggers, project evidence, negative triggers, and a short workflow. Contributors can PR new packs by copying [`community-skills/_template/`](community-skills/_template/).
+
+## ContextOS Ready
+
+`ctx doctor` scores whether a repository is ready for ContextOS-style agent routing:
+
+```bash
+ctx doctor
+```
+
+```text
+Repository Score
+
+Rules: 92
+Skills: 88
+Workflows: 84
+
+Overall:
+ContextOS Ready Gold
+```
+
+The score checks project `AGENTS.md` rules, project skill packs under `.codex/skills/` or `.agents/skills/`, and project workflows under `.codex/workflows/` or `.claude/workflows/`. Use the badge only after `ctx doctor` reports Bronze, Silver, or Gold.
+
 ## Quick Commands
 
 | Command | Use it for |
 | --- | --- |
 | `ctx setup` | Recommended first-run install flow. |
 | `ctx debug -- "Recheck authen flow"` | Preview what ContextOS would inject. |
+| `ctx doctor` | Score repository readiness for the `ContextOS Ready` badge. |
 | `ctx report` | Show the last task's compliance summary. |
 | `ctx evidence` | Show why each rule was marked followed/ignored/unknown. |
 | `ctx stats` | Show workspace-level usage and effectiveness metrics. |
@@ -489,6 +564,7 @@ This warning comes from a transitive dependency in the local embedding/WASM stac
 | `ctx setup --no-skills` | Skips skillshare sync during setup. | You do not want shared skills configured. | Does not run `ctx sync --skills`. |
 | `ctx setup --quiet` | Runs setup in measurement-only mode. | You want reports/stats without visible injected prompt context. | Installs hooks with prompt context injection disabled. |
 | `ctx debug -- "task"` | Runs the scheduler locally for a fake prompt. | You want to see which AGENTS.md rules and files ContextOS would inject before using Codex. | Prints rule scores, scoring reasons, suggested files, and final `additionalContext`. |
+| `ctx doctor` | Scores repository ContextOS readiness. | You want to add or verify a `ContextOS Ready` badge. | Prints Rules, Skills, Workflows, Overall tier, evidence, and next recommendations. |
 | `ctx report` | Shows the last Stop-hook compliance report for the current workspace. | An agent task has finished and you want the summary again. | Prints sectioned tables for summary, rule outcomes, suggested files, and runtime telemetry from `~/.ctx/contextos/workspaces/<workspace-id>/last-report.json`. |
 | `ctx evidence` | Shows detailed evidence behind the last report for the current workspace. | You want to inspect why a rule was marked `followed`, `ignored`, `unknown`, or `unmeasurable`. | Prints a compact evidence table plus per-rule detail tables. |
 | `ctx stats` | Shows aggregate runtime metrics for the current workspace. | You want to know whether ContextOS is active and useful over time. | Prints sectioned tables for prompt/report counts, injection rate, efficiency, rule outcomes, hook events, last prompt, and last report. |

package/bin/ctx.js

@@ -41,6 +41,7 @@ import { checkForUpdate } from "../plugins/ctx/lib/update-notifier.js";
 import { fetchSkillsForAgents, printSkillRecommendations, getAllLibraries, getInstallCommands } from "../plugins/ctx/lib/skill-library.js";
 import { invalidateCtxMcpSocket } from "../plugins/ctx/lib/ctx-mcp-client.js";
 import { runPrefixedCommand } from "../plugins/ctx/lib/shell-runner.js";
+import { formatContextOSReady, inspectContextOSReady } from "../plugins/ctx/lib/certification.js";
 
 /**
  * Run a shell command with all output lines prefixed by │  
@@ -190,6 +191,7 @@ Usage:
   ctx setup --no-skills                             Skip skill sync
   ctx setup --quiet                                 Quiet mode (minimal output)
   ctx debug -- "task"                               Debug a task with ContextOS tracing
+  ctx doctor                                       Score repository ContextOS readiness
   ctx report                                        Show last ContextOS compliance report
   ctx evidence                                      Show evidence from last report
   ctx stats                                         Show workspace statistics
@@ -1001,6 +1003,8 @@ try {
     const task = marker >= 0 ? args.slice(marker + 1).join(" ") : args.slice(1).join(" ");
     if (!task.trim()) throw new Error('Usage: ctx debug -- "task"');
     await debug(task);
+  } else if (command === "doctor") {
+    console.log(formatContextOSReady(inspectContextOSReady({ cwd: process.cwd() })));
   } else if (command === "refresh") {
     await refresh();
   } else if (command === "autowarm") {

package/community-skills/README.md

@@ -0,0 +1,42 @@
+# Community Skill Packs
+
+Community Skill Packs are the first public contribution loop for ContextOS.
+
+This is intentionally smaller than a hosted Hub. Contributors can open a PR that adds one folder with:
+
+```text
+community-skills/<skill-id>/
+  SKILL.md
+  skill.yaml
+```
+
+`SKILL.md` is the model-visible operating guide. `skill.yaml` is the routing contract used by the Skill Router.
+
+## Contract
+
+Every pack should define:
+
+- `name`: Human-readable skill name.
+- `positive_triggers`: Prompt, file, and dependency signals that should select the skill.
+- `evidence`: Project files and dependencies that support high confidence routing.
+- `negative_triggers`: Signals that should reduce confidence or reject the skill.
+- `workflow`: Short execution checklist for the agent.
+
+Use `_template/` when adding a new pack.
+
+## Seed Packs
+
+- `eas`: Expo EAS build, submit, preview, and production deployment.
+- `vercel`: Next.js and Vercel deployment debugging.
+- `prisma`: Prisma schema, migration, generated client, and query debugging.
+- `redis`: Redis cache, TTL, rate limiting, queue, and session work.
+- `oauth-google`: Google OAuth login and callback flows.
+- `jwt-auth`: JWT access token, refresh token, guard, and middleware work.
+
+## Contribution Rules
+
+- Keep triggers specific enough to avoid false positives.
+- Add negative triggers for adjacent but wrong platforms.
+- Prefer project evidence over broad prompt words.
+- Keep workflows compact and action-oriented.
+- Do not require optional graph or memory adapters.

package/community-skills/_template/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Example Skill
+description: Replace this with the specific task capability this skill helps with.
+---
+
+# Example Skill
+
+Use this skill when the prompt and project evidence match `skill.yaml`.
+
+## Workflow
+
+1. Confirm the matching files, dependencies, or config exist.
+2. Inspect the smallest relevant implementation surface.
+3. Apply the change using the project's existing patterns.
+4. Run the narrowest useful verification command.

package/community-skills/_template/skill.yaml

@@ -0,0 +1,20 @@
+id: example-skill
+name: Example Skill
+description: Replace this with a concise skill description.
+positive_triggers:
+  prompts: [example task, example failure]
+  files: [example.config.js]
+  dependencies: [example-package]
+evidence:
+  files: [example.config.js]
+  dependencies: [example-package]
+negative_triggers:
+  prompts: [unrelated task]
+  files: [wrong.config.js]
+  dependencies: [wrong-package]
+workflow:
+  - Confirm project evidence before selecting this skill.
+  - Inspect the smallest relevant files.
+  - Make the targeted change.
+  - Run focused verification.
+related_skills: []

package/community-skills/eas/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Expo EAS Deployment
+description: Fix Expo EAS builds, submit flows, preview builds, production releases, and mobile deployment failures.
+---
+
+# Expo EAS Deployment
+
+Use this skill for Expo or React Native projects with EAS evidence such as `eas.json`, `app.json`, `app.config.ts`, `expo`, or `eas-cli`.
+
+## Workflow
+
+1. Inspect `eas.json`, app config, package scripts, and CI workflow files.
+2. Identify whether the failure is credentials, profile config, native dependency, bundling, or submit configuration.
+3. Patch the smallest config or package boundary that explains the log.
+4. Verify with the relevant EAS, Expo, or package build command.

package/community-skills/eas/skill.yaml

@@ -0,0 +1,23 @@
+id: eas
+name: Expo EAS Deployment
+description: Fix Expo EAS builds, submit, Android and iOS deployment failures.
+positive_triggers:
+  prompts: [eas, expo build, deployed, deploy, android, ios, submit, preview, production, qr, connect]
+  files: [eas.json, app.json, app.config.js, app.config.ts]
+  dependencies: [expo, eas-cli, expo-router, react-native]
+evidence:
+  files: [eas.json, app.json, app.config.js, app.config.ts, .github/workflows/*]
+  dependencies: [expo, eas-cli, expo-router, react-native]
+negative_triggers:
+  dependencies: [next, vite, vercel]
+  files: [vercel.json, next.config.js, next.config.ts]
+workflow:
+  - Inspect EAS profiles, app config, package scripts, and CI workflows.
+  - Classify the failure as credentials, build profile, native dependency, bundling, or submit config.
+  - Patch only the config or package boundary that matches the log.
+  - Verify with the relevant Expo or EAS command.
+related_skills:
+  - mobile-deployment
+  - github-actions-ci-cd
+  - env-secret-management
+  - build-log-debugging

package/community-skills/jwt-auth/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: JWT Auth
+description: Implement and debug JWT login, access tokens, refresh tokens, guards, middleware, and authorization headers.
+---
+
+# JWT Auth
+
+Use this skill when the prompt mentions JWT, access tokens, refresh tokens, bearer auth, guards, or token verification with project evidence such as `jsonwebtoken` or auth middleware.
+
+## Workflow
+
+1. Inspect token signing, verification, expiry, refresh rotation, and guard or middleware wiring.
+2. Confirm how tokens are stored and sent by clients.
+3. Patch the narrow auth boundary without changing unrelated authorization policy.
+4. Verify with focused auth tests and typecheck.

package/community-skills/jwt-auth/skill.yaml

@@ -0,0 +1,22 @@
+id: jwt-auth
+name: JWT Auth
+description: Implement and debug JWT authentication, refresh tokens, access tokens, guards, middleware, and login authorization.
+positive_triggers:
+  prompts: [jwt, auth, token, access token, refresh token, bearer, login, guard, middleware]
+  files: [auth.guard.ts, jwt.strategy.ts, middleware.ts]
+  dependencies: [jsonwebtoken, jose, @nestjs/jwt, passport-jwt]
+evidence:
+  files: [auth.guard.ts, jwt.strategy.ts, middleware.ts, .env.example]
+  dependencies: [jsonwebtoken, jose, @nestjs/jwt, passport-jwt]
+negative_triggers:
+  prompts: [google oauth, social login, saml]
+  dependencies: [next-auth, @auth/core, passport-google-oauth20]
+workflow:
+  - Inspect signing, verification, expiry, refresh rotation, and guard or middleware wiring.
+  - Confirm token storage and client authorization headers.
+  - Patch the narrow auth boundary without changing unrelated authorization policy.
+  - Verify with focused auth tests and typecheck.
+related_skills:
+  - oauth-google
+  - backend-security-coder
+  - api-security-best-practices

package/community-skills/oauth-google/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Google OAuth
+description: Implement and debug Google OAuth login, callback routes, Auth.js or NextAuth providers, scopes, and account linking.
+---
+
+# Google OAuth
+
+Use this skill when the prompt mentions Google sign-in or OAuth and the repo has OAuth evidence such as `next-auth`, `@auth/core`, Passport Google OAuth, or auth callback routes.
+
+## Workflow
+
+1. Inspect provider configuration, callback URL handling, scopes, secrets, and session creation.
+2. Verify that frontend login entrypoints and backend callback routes agree.
+3. Patch the smallest auth boundary and keep existing session/token conventions.
+4. Verify with focused auth tests, typecheck, or a local OAuth callback path when available.

package/community-skills/oauth-google/skill.yaml

@@ -0,0 +1,22 @@
+id: oauth-google
+name: Google OAuth
+description: Implement and debug Google OAuth login, OAuth callback routes, Auth.js, NextAuth, Passport providers, and social sign-in.
+positive_triggers:
+  prompts: [oauth, google login, google sign in, callback, social login, auth provider]
+  files: [auth.config.ts, auth.ts, pages/api/auth/*, app/api/auth/*]
+  dependencies: [next-auth, @auth/core, passport-google-oauth20]
+evidence:
+  files: [auth.config.ts, auth.ts, pages/api/auth/*, app/api/auth/*, .env.example]
+  dependencies: [next-auth, @auth/core, passport, passport-google-oauth20]
+negative_triggers:
+  prompts: [jwt only, password login, refresh token only]
+  dependencies: [jsonwebtoken]
+workflow:
+  - Inspect provider config, callback URLs, scopes, secrets, and session creation.
+  - Verify frontend login entrypoints and backend callback routes agree.
+  - Patch the smallest auth boundary while preserving session conventions.
+  - Verify with focused auth tests, typecheck, or local callback flow.
+related_skills:
+  - jwt-auth
+  - env-secret-management
+  - auth-implementation-patterns

package/community-skills/prisma/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Prisma
+description: Debug Prisma schemas, migrations, generated client issues, relations, transactions, and slow ORM queries.
+---
+
+# Prisma
+
+Use this skill when the repo contains Prisma evidence such as `prisma/schema.prisma`, `@prisma/client`, or `prisma`.
+
+## Workflow
+
+1. Inspect `prisma/schema.prisma`, generated client usage, migrations, and package scripts.
+2. Determine whether the issue is schema shape, migration state, generated types, query logic, or transaction behavior.
+3. Patch the schema or service layer in the smallest compatible step.
+4. Verify with Prisma generate/migrate checks and the relevant test or typecheck.

package/community-skills/prisma/skill.yaml

@@ -0,0 +1,22 @@
+id: prisma
+name: Prisma
+description: Debug Prisma schema, migrations, generated client, relations, and ORM queries.
+positive_triggers:
+  prompts: [prisma, migration, schema, database, query, relation, transaction, generated client]
+  files: [prisma/schema.prisma]
+  dependencies: [prisma, @prisma/client]
+evidence:
+  files: [prisma/schema.prisma, prisma/migrations/*]
+  dependencies: [prisma, @prisma/client]
+negative_triggers:
+  dependencies: [mongoose, mongodb, sequelize, typeorm]
+  files: [drizzle.config.ts]
+workflow:
+  - Inspect schema, migrations, generated client usage, and package scripts.
+  - Classify the issue as schema, migration, generated type, query, or transaction behavior.
+  - Patch the smallest schema or service boundary.
+  - Verify with Prisma generate or migrate checks plus focused tests.
+related_skills:
+  - database
+  - nestjs-module
+  - integration-testing

package/community-skills/redis/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Redis
+description: Add and debug Redis caching, TTLs, sessions, queues, rate limits, and cache invalidation.
+---
+
+# Redis
+
+Use this skill when the repo has Redis evidence such as `redis`, `ioredis`, BullMQ, session stores, or cache modules.
+
+## Workflow
+
+1. Inspect Redis client setup, cache keys, TTL policy, and invalidation paths.
+2. Confirm whether Redis is used for cache, queue, session, rate limit, or pub/sub behavior.
+3. Patch the smallest client/service boundary and preserve existing key conventions.
+4. Verify with focused tests or a local command that exercises the Redis path.

package/community-skills/redis/skill.yaml

@@ -0,0 +1,22 @@
+id: redis
+name: Redis
+description: Add and debug Redis cache, TTL, sessions, rate limits, queues, and pub/sub behavior.
+positive_triggers:
+  prompts: [redis, cache, caching, ttl, session, rate limit, queue, bullmq, invalidation]
+  files: [redis.conf, docker-compose.yml]
+  dependencies: [redis, ioredis, bullmq, cache-manager-redis-store]
+evidence:
+  files: [redis.conf, docker-compose.yml, docker-compose.yaml]
+  dependencies: [redis, ioredis, bullmq, cache-manager, cache-manager-redis-store]
+negative_triggers:
+  prompts: [browser cache, next cache, static cache]
+  dependencies: [swr]
+workflow:
+  - Inspect client setup, cache keys, TTLs, and invalidation paths.
+  - Identify whether Redis backs cache, queue, session, rate limit, or pub/sub behavior.
+  - Patch the smallest service boundary while preserving key conventions.
+  - Verify with focused tests or a command that exercises the Redis path.
+related_skills:
+  - performance-optimization
+  - backend-development
+  - observability

package/community-skills/vercel/SKILL.md

@@ -0,0 +1,15 @@
+---
+name: Vercel Deployment
+description: Fix Next.js and Vercel deployment failures, environment issues, build output problems, and production routing regressions.
+---
+
+# Vercel Deployment
+
+Use this skill when the repo has Vercel or Next.js evidence such as `vercel.json`, `next`, or `next.config.*`.
+
+## Workflow
+
+1. Inspect `vercel.json`, Next config, package scripts, and deployment logs.
+2. Check build command, output directory, environment variables, and route/runtime settings.
+3. Patch the minimal config or code path that explains the deployment failure.
+4. Verify with the project build command and any available Vercel validation.

package/community-skills/vercel/skill.yaml

@@ -0,0 +1,22 @@
+id: vercel
+name: Vercel Deployment
+description: Fix Vercel and Next.js deployment failures.
+positive_triggers:
+  prompts: [vercel, deployed, deploy, production, preview, build failed, environment variable]
+  files: [vercel.json, next.config.js, next.config.ts]
+  dependencies: [next, vercel]
+evidence:
+  files: [vercel.json, next.config.js, next.config.ts, .github/workflows/*]
+  dependencies: [next, vercel, react]
+negative_triggers:
+  dependencies: [expo, react-native, eas-cli]
+  files: [eas.json, app.json]
+workflow:
+  - Inspect Vercel config, Next config, package scripts, and deploy logs.
+  - Check build command, output directory, env vars, runtime, and route config.
+  - Patch the minimal config or code path that explains the failure.
+  - Verify with the project build command.
+related_skills:
+  - github-actions-ci-cd
+  - env-secret-management
+  - build-log-debugging

package/docs/launch-demos.md

@@ -0,0 +1,105 @@
+# Launch Demos
+
+These are demo scripts for explaining ContextOS quickly. They are intentionally small and visual.
+
+## 1. Agent Hallucination Benchmark
+
+Prompt:
+
+```text
+Fix deployment
+```
+
+Raw agent:
+
+```text
+Suggests: Vercel, Docker, Railway
+Reason: guessed from common deployment tools
+```
+
+ContextOS:
+
+```text
+Detected:
+- eas.json
+- expo dependency
+- GitHub workflow
+
+Selected:
+- eas
+- mobile-deployment
+- github-actions-ci-cd
+```
+
+Message:
+
+```text
+Same prompt. Same model. Different context.
+```
+
+## 2. AGENTS.md Lost In The Middle
+
+Setup:
+
+```text
+AGENTS.md
+  rule 1
+  rule 2
+  ...
+  IMPORTANT: Always use code-review-graph before grep.
+  ...
+  rule 40
+```
+
+Raw agent:
+
+```text
+Misses the buried rule.
+```
+
+ContextOS:
+
+```text
+Extracts the relevant rule and injects it before work starts.
+```
+
+Message:
+
+```text
+Important repo rules should not depend on where they appear in a long file.
+```
+
+## 3. Repo-Aware Skills
+
+Prompt:
+
+```text
+fix deployed
+```
+
+Repo A:
+
+```text
+Evidence: expo, eas.json
+Skills: eas, mobile-deployment
+```
+
+Repo B:
+
+```text
+Evidence: next, vercel.json
+Skills: vercel-deployment, github-actions-ci-cd
+```
+
+Repo C:
+
+```text
+Evidence: Dockerfile, docker-compose.yml
+Skills: docker, build-log-debugging
+```
+
+Message:
+
+```text
+Context is not extra text. It changes the correct answer.
+```

package/docs/roadmap.md

@@ -0,0 +1,285 @@
+# Roadmap
+
+ContextOS is past the core routing layer. The next work should make the value visible faster and create a community loop.
+
+## P1: Hallucination Leaderboard
+
+The strongest launch artifact is not another feature. It is a leaderboard that shows raw prompt-only agents making plausible guesses while ContextOS routes from repo evidence.
+
+Layout:
+
+```text
+benchmarks/
+  codex/
+  claude-code/
+  cursor/
+  gemini-cli/
+  contextos/
+```
+
+Protocol:
+
+```text
+same repo
+same task
+same model when possible
+same scoring rubric
+```
+
+Example task:
+
+```text
+Task: Fix deployment
+Repo: Expo app
+```
+
+Example result:
+
+```text
+System             Correct Skill
+Raw Agent          ❌
+ContextOS + Codex  ✅
+```
+
+Target public table:
+
+```text
+Hallucination Benchmark
+
+Claude Code:        61%
+Cursor:             58%
+Raw Codex:          63%
+ContextOS + Codex:  89%
+```
+
+Why it matters:
+
+- It is easy to understand in seconds.
+- It turns ContextOS from infrastructure into a visible correctness story.
+- It creates content for GitHub, Hacker News, Reddit, and X/Twitter.
+
+## P2: Agent Replay
+
+ContextOS already records prompt context, suggested files, suggested skills, rule outcomes, telemetry, and reports. Agent Replay should turn that into a compact post-task narrative.
+
+Planned command:
+
+```bash
+ctx replay
+```
+
+Target output:
+
+```text
+Prompt:
+Fix deployment
+
+Selected skills:
+- eas
+- github-actions-ci-cd
+
+Rules followed:
+✓ Use graph first
+
+Files suggested:
+✓ eas.json
+✓ workflow.yml
+
+Files actually touched:
+✓ eas.json
+✓ workflow.yml
+
+Efficiency:
+94%
+```
+
+Why it matters:
+
+- It proves whether the injected context helped.
+- It turns local telemetry into a readable artifact.
+- It gives maintainers a quick way to debug agent behavior after the fact.
+- It is easier to demo than raw JSON reports.
+
+Likely inputs:
+
+- `last-prompt-context.json`
+- `last-report.json`
+- `prompt-history.jsonl`
+- `report-history.jsonl`
+- `telemetry.jsonl`
+- current git diff/status for touched files
+
+Non-goals for the first version:
+
+- Cloud sync
+- Dashboard
+- Cross-user analytics
+- Long-term hosted memory
+
+## P3: Community Skill Packs
+
+Do not build a full Hub first. Start with the local `community-skills/` folder that accepts PRs.
+
+Initial packs:
+
+```text
+community-skills/
+  eas/
+  vercel/
+  prisma/
+  redis/
+  oauth-google/
+  jwt-auth/
+```
+
+The seed packs now live in [`community-skills/`](../community-skills/). Each pack contains:
+
+```text
+SKILL.md
+skill.yaml
+```
+
+The Skill Router becomes more valuable when skill packs are ContextOS-ready instead of plain markdown folders.
+
+ContextOS-ready skill packs should include:
+
+```yaml
+id: oauth-google
+name: Google OAuth
+positive_triggers:
+  prompts: [oauth, google login, google sign in, callback]
+  files: [app/api/auth/*, auth.config.ts]
+  dependencies: [next-auth, "@auth/core"]
+evidence:
+  files: [app/api/auth/*, auth.config.ts, .env.example]
+  dependencies: [next-auth, "@auth/core"]
+negative_triggers:
+  prompts: [jwt only, password login]
+  dependencies: [jsonwebtoken]
+workflow:
+  - Inspect auth provider config, callback URLs, scopes, secrets, and session creation.
+  - Verify frontend login entrypoints and backend callback routes agree.
+  - Patch the smallest auth boundary while preserving session conventions.
+  - Verify with focused auth tests, typecheck, or local callback flow.
+```
+
+Possible future install flow:
+
+```bash
+ctx skills install oauth-google
+```
+
+or package-based:
+
+```bash
+npm install skill-oauth-google
+ctx sync --skills
+```
+
+Why it matters:
+
+- It creates a network effect around reusable agent capabilities.
+- It gives skill authors a structured contract: triggers, evidence, negative gates, workflow.
+- It lets ContextOS route capabilities by project evidence instead of popularity or keyword overlap.
+
+Non-goals for the first version:
+
+- Full marketplace UI
+- Paid skill hosting
+- Cloud account system
+- Remote vector database
+
+## P4: ContextOS Ready
+
+Certification can help the ecosystem self-organize without a hosted service.
+
+```text
+ContextOS Ready
+```
+
+Repository requirements:
+
+```text
+AGENTS.md
+skills/
+workflows/
+```
+
+Command:
+
+```bash
+ctx doctor
+```
+
+Target output:
+
+```text
+Repository Score
+
+Rules: 92
+Skills: 88
+Workflows: 84
+
+Overall:
+ContextOS Ready Gold
+```
+
+Why it matters:
+
+- It gives projects a concrete target.
+- It creates a badge people can add to README files.
+- It encourages community contributions without requiring a cloud product.
+
+MVP scope:
+
+- Local-only scoring.
+- No hosted account.
+- No external leaderboard dependency.
+- Rules score from project `AGENTS.md`.
+- Skills score from project skill packs with `SKILL.md` and `skill.yaml`.
+- Workflows score from project workflow markdown with agent handoff chains.
+
+## P5: Auto Skill Extraction
+
+Today, humans write `skill.yaml`. The research direction is to let ContextOS propose skill packs from repository evidence.
+
+Possible command:
+
+```bash
+ctx skill generate
+```
+
+Input:
+
+```text
+repo
+```
+
+Output:
+
+```text
+Detected Skill:
+nestjs-module
+```
+
+Target generated pack:
+
+```text
+.codex/skills/nestjs-module/
+  SKILL.md
+  skill.yaml
+```
+
+Research shape:
+
+- Detect repeated project capabilities from dependencies, config files, route/controller names, tests, and recent git activity.
+- Generate `positive_triggers`, `evidence`, `negative_triggers`, and `workflow`.
+- Mark generated packs as drafts until reviewed.
+- Let an agent or maintainer publish a cleaned-up pack into `community-skills/`.
+
+Guardrails:
+
+- Do not auto-publish generated skills.
+- Do not infer high confidence from dependency names alone.
+- Prefer explainable evidence over opaque model output.
+- Keep generated workflows short and editable.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@minhpnq1807/contextos",
-  "version": "0.5.53",
+  "version": "0.6.0",
   "description": "Task-aware AGENTS.md context injection and compliance reporting for Codex, Claude Code, and Antigravity.",
   "type": "module",
   "bin": {
@@ -10,10 +10,13 @@
   "files": [
     "bin/",
     "plugins/",
+    ".codex/skills/",
+    ".codex/workflows/",
     ".agents/",
     "README.md",
     "DEMO.md",
     "LAUNCH.md",
+    "community-skills/",
     "eval/",
     "docs/",
     "LICENSE",

package/plugins/ctx/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "ctx",
-  "version": "0.5.53",
+  "version": "0.6.0",
   "description": "Inject task-relevant AGENTS.md rules into Codex through plugin hooks.",
   "author": {
     "name": "ContextOS"

package/plugins/ctx/lib/certification.js

@@ -0,0 +1,223 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+import { filterActionableRules, parseRules } from "./analyzer.js";
+import { readAgentsChain } from "./reader.js";
+import { scanSkills } from "./skill-discoverer.js";
+import { scanWorkflows } from "./workflow-discoverer.js";
+
+const PROJECT_SKILL_ROOTS = [
+  [".codex", "skills"],
+  [".agents", "skills"],
+  [".claude", "skills"],
+  [".gemini", "skills"],
+  [".gemini", "antigravity", "skills"],
+  [".gemini", "antigravity-cli", "skills"]
+];
+
+const PROJECT_WORKFLOW_ROOTS = [
+  [".claude", "workflows"],
+  [".codex", "workflows"],
+  [".gemini", "workflows"],
+  [".gemini", "antigravity", "workflows"],
+  [".gemini", "antigravity-cli", "workflows"]
+];
+
+export function inspectContextOSReady({ cwd = process.cwd(), home = os.homedir() } = {}) {
+  const root = findProjectRoot(cwd);
+  const rules = inspectRules({ cwd, root, home });
+  const skills = inspectSkills({ root });
+  const workflows = inspectWorkflows({ root });
+  const overall = Math.round((rules.score + skills.score + workflows.score) / 3);
+  const tier = readinessTier(overall, { rules, skills, workflows });
+
+  return {
+    root,
+    rules,
+    skills,
+    workflows,
+    overall,
+    tier,
+    badge: tier === "Not Ready" ? "ContextOS Ready: Not Ready" : `ContextOS Ready ${tier}`
+  };
+}
+
+export function formatContextOSReady(result) {
+  const lines = [
+    "Repository Score",
+    "",
+    `Rules: ${result.rules.score}`,
+    `Skills: ${result.skills.score}`,
+    `Workflows: ${result.workflows.score}`,
+    "",
+    "Overall:",
+    result.badge,
+    "",
+    "Evidence:",
+    `- Rules: ${result.rules.summary}`,
+    `- Skills: ${result.skills.summary}`,
+    `- Workflows: ${result.workflows.summary}`
+  ];
+
+  const next = [
+    ...result.rules.recommendations,
+    ...result.skills.recommendations,
+    ...result.workflows.recommendations
+  ];
+  if (next.length) {
+    lines.push("", "Next:");
+    for (const item of [...new Set(next)].slice(0, 5)) lines.push(`- ${item}`);
+  }
+
+  return lines.join("\n");
+}
+
+function inspectRules({ cwd, root, home }) {
+  const chain = readAgentsChain({ cwd, home });
+  const projectSources = chain.sources.filter((source) => isInsidePath(source, root));
+  const rules = parseRules(chain.content || "");
+  const actionable = filterActionableRules(rules);
+  const imperative = actionable.filter((rule) => /\b(always|never|must|required|use|prefer|avoid|do not|don't)\b/i.test(rule.content));
+  let score = 0;
+  const recommendations = [];
+
+  if (projectSources.length) score += 55;
+  else recommendations.push("Add a project AGENTS.md with repository-specific operating rules.");
+
+  if (actionable.length >= 3) score += 20;
+  else recommendations.push("Add at least three actionable AGENTS.md rules.");
+
+  if (imperative.length) score += 15;
+  else recommendations.push("Use explicit rule language such as always, never, must, use, prefer, or avoid.");
+
+  if (projectSources.length > 1 || fs.existsSync(path.join(root, ".ruler"))) score += 10;
+
+  return {
+    score: Math.min(100, score),
+    sources: projectSources,
+    ruleCount: rules.length,
+    actionableCount: actionable.length,
+    summary: projectSources.length
+      ? `${projectSources.length} AGENTS.md source(s), ${actionable.length} actionable rule(s)`
+      : "missing project AGENTS.md",
+    recommendations
+  };
+}
+
+function inspectSkills({ root }) {
+  const roots = PROJECT_SKILL_ROOTS.map((parts) => path.join(root, ...parts));
+  const skills = scanSkills({ cwd: root, roots, maxSkills: 500 });
+  const metadataFiles = findFiles(roots, (filePath) => /skill\.ya?ml$/i.test(path.basename(filePath)));
+  const richMetadata = metadataFiles.filter((filePath) => {
+    const content = safeRead(filePath);
+    return /^positive_triggers:/m.test(content)
+      && /^evidence:/m.test(content)
+      && /^negative_triggers:/m.test(content)
+      && /^workflow:/m.test(content);
+  });
+  let score = 0;
+  const recommendations = [];
+
+  if (skills.length) score += 50;
+  else recommendations.push("Add project skills under .codex/skills/ or .agents/skills/.");
+
+  if (metadataFiles.length) score += 20;
+  else recommendations.push("Add skill.yaml metadata beside important SKILL.md files.");
+
+  if (richMetadata.length) score += 20;
+  else recommendations.push("Include positive_triggers, negative_triggers, evidence, and workflow in skill.yaml.");
+
+  if (skills.length >= 3) score += 10;
+  else recommendations.push("Provide at least three project-relevant skills for common tasks.");
+
+  return {
+    score: Math.min(100, score),
+    count: skills.length,
+    metadataCount: metadataFiles.length,
+    richMetadataCount: richMetadata.length,
+    summary: skills.length
+      ? `${skills.length} skill(s), ${metadataFiles.length} metadata file(s)`
+      : "missing project skill packs",
+    recommendations
+  };
+}
+
+function inspectWorkflows({ root }) {
+  const roots = PROJECT_WORKFLOW_ROOTS.map((parts) => path.join(root, ...parts));
+  const workflows = scanWorkflows({ cwd: root, roots });
+  const withChain = workflows.filter((workflow) => workflow.chain?.length);
+  let score = 0;
+  const recommendations = [];
+
+  if (workflows.length) score += 60;
+  else recommendations.push("Add project workflows under .codex/workflows/ or .claude/workflows/.");
+
+  if (withChain.length) score += 25;
+  else recommendations.push("Include agent handoff names such as planner, tester, code-reviewer, or docs-manager in workflow files.");
+
+  if (workflows.length >= 2) score += 15;
+  else recommendations.push("Provide more than one workflow when the repo has distinct delivery paths.");
+
+  return {
+    score: Math.min(100, score),
+    count: workflows.length,
+    chainCount: withChain.length,
+    summary: workflows.length
+      ? `${workflows.length} workflow(s), ${withChain.length} with agent chain(s)`
+      : "missing project workflows",
+    recommendations
+  };
+}
+
+function readinessTier(overall, { rules, skills, workflows }) {
+  if (rules.score < 50 || skills.score < 50 || workflows.score < 50) return "Not Ready";
+  if (overall >= 85) return "Gold";
+  if (overall >= 70) return "Silver";
+  if (overall >= 50) return "Bronze";
+  return "Not Ready";
+}
+
+function findProjectRoot(cwd) {
+  let current = path.resolve(cwd);
+  while (true) {
+    if (fs.existsSync(path.join(current, ".git"))) return current;
+    const parent = path.dirname(current);
+    if (parent === current) return path.resolve(cwd);
+    current = parent;
+  }
+}
+
+function findFiles(roots, predicate) {
+  const files = [];
+  for (const root of roots) walk(root, files, predicate, 0);
+  return files;
+}
+
+function walk(directory, files, predicate, depth) {
+  if (depth > 4) return;
+  let entries = [];
+  try {
+    entries = fs.readdirSync(directory, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    const filePath = path.join(directory, entry.name);
+    if (entry.isDirectory()) walk(filePath, files, predicate, depth + 1);
+    else if (entry.isFile() && predicate(filePath)) files.push(filePath);
+  }
+}
+
+function isInsidePath(filePath, root) {
+  const relative = path.relative(path.resolve(root), path.resolve(filePath));
+  return relative && !relative.startsWith("..") && !path.isAbsolute(relative);
+}
+
+function safeRead(filePath) {
+  try {
+    return fs.readFileSync(filePath, "utf8");
+  } catch {
+    return "";
+  }
+}