@ps-neko/nekowork 0.1.0-alpha.0

package/scripts/ci/security-hardening.js

@@ -0,0 +1,270 @@
+#!/usr/bin/env node
+// Security hardening CI gate: workflow permissions/timeouts/action pins, MCP pins,
+// package spec hygiene, package-lock presence, and OIDC cloud-secret checks.
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import YAML from 'yaml';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT = path.resolve(__dirname, '..', '..');
+
+const PACKAGE_FIELDS = [
+  'dependencies',
+  'devDependencies',
+  'optionalDependencies',
+  'peerDependencies',
+];
+
+const FORBIDDEN_VERSION_PREFIXES = [
+  'file:',
+  'git:',
+  'git+',
+  'http:',
+  'https:',
+  'link:',
+  'workspace:',
+];
+
+export function isPinnedActionRef(uses) {
+  if (!uses || typeof uses !== 'string') return false;
+  if (uses.startsWith('./') || uses.startsWith('../')) return true;
+  if (uses.startsWith('docker://')) return /@sha256:[0-9a-f]{64}$/i.test(uses);
+
+  const at = uses.lastIndexOf('@');
+  if (at <= 0 || at === uses.length - 1) return false;
+  const ref = uses.slice(at + 1);
+  if (/^latest$/i.test(ref)) return false;
+  if (/^[0-9a-f]{40}$/i.test(ref)) return true;
+  return /^v\d+(?:\.\d+){0,2}$/.test(ref);
+}
+
+export function isSemverMcpPin(pin) {
+  if (!pin || typeof pin !== 'string') return false;
+  if (/@latest$/i.test(pin)) return false;
+  return /@\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/.test(pin);
+}
+
+export function checkSecurityHardening(root = ROOT) {
+  const errors = [];
+  const warnings = [];
+  const stats = {
+    workflows: 0,
+    jobs: 0,
+    actions: 0,
+    mcpServers: 0,
+    packageSpecs: 0,
+  };
+
+  const manifest = readYaml(root, 'agent.yaml', errors);
+  const security = manifest?.security || {};
+
+  checkDeadManConfig(security, errors);
+  checkWorkflows(root, security, errors, warnings, stats);
+  checkMcpPins(manifest?.mcp?.external_servers || [], security, errors, stats);
+  checkPackageSupplyChain(root, security, errors, stats);
+
+  return { errors, warnings, stats };
+}
+
+function checkDeadManConfig(security, errors) {
+  const cfg = security.dead_man_switch || {};
+  if (cfg.enabled !== true) {
+    errors.push('agent.yaml security.dead_man_switch.enabled must be true');
+  }
+  if (!Number.isFinite(Number(cfg.max_ci_job_minutes)) || Number(cfg.max_ci_job_minutes) <= 0) {
+    errors.push('agent.yaml security.dead_man_switch.max_ci_job_minutes must be a positive number');
+  }
+  if (cfg.require_explicit_live_opt_in !== true) {
+    errors.push('agent.yaml security.dead_man_switch.require_explicit_live_opt_in must be true');
+  }
+}
+
+function checkWorkflows(root, security, errors, warnings, stats) {
+  const workflowsDir = path.join(root, '.github', 'workflows');
+  if (!fs.existsSync(workflowsDir)) {
+    warnings.push('.github/workflows does not exist; workflow hardening checks skipped');
+    return;
+  }
+
+  const maxMinutes = Number(security.dead_man_switch?.max_ci_job_minutes || 0);
+  const secretPatterns = security.oidc?.static_cloud_secret_patterns || [];
+  const workflowFiles = fs.readdirSync(workflowsDir)
+    .filter((name) => /\.ya?ml$/i.test(name))
+    .sort();
+
+  for (const name of workflowFiles) {
+    const rel = path.join('.github', 'workflows', name);
+    const file = path.join(root, rel);
+    const text = fs.readFileSync(file, 'utf8');
+    let doc;
+    try {
+      doc = YAML.parse(text) || {};
+    } catch (e) {
+      errors.push(`${rel}: YAML parse failed: ${e.message}`);
+      continue;
+    }
+
+    stats.workflows += 1;
+
+    if (hasEvent(doc.on, 'pull_request_target')) {
+      errors.push(`${rel}: pull_request_target is forbidden`);
+    }
+
+    if (!doc.permissions) {
+      errors.push(`${rel}: top-level permissions are required`);
+    } else if (doc.permissions === 'write-all') {
+      errors.push(`${rel}: permissions: write-all is forbidden`);
+    }
+
+    const topIdToken = permissionValue(doc.permissions, 'id-token') === 'write';
+    const foundCloudSecrets = findStaticSecretRefs(text, secretPatterns);
+    if (foundCloudSecrets.length && !topIdToken) {
+      errors.push(`${rel}: static cloud credential secret(s) require OIDC id-token: write (${foundCloudSecrets.join(', ')})`);
+    }
+
+    for (const [jobId, job] of Object.entries(doc.jobs || {})) {
+      stats.jobs += 1;
+      const jobName = `${rel} job "${jobId}"`;
+      const timeout = Number(job?.['timeout-minutes']);
+      if (!Number.isFinite(timeout) || timeout <= 0) {
+        errors.push(`${jobName}: timeout-minutes is required`);
+      } else if (maxMinutes > 0 && timeout > maxMinutes) {
+        errors.push(`${jobName}: timeout-minutes ${timeout} exceeds dead-man max ${maxMinutes}`);
+      }
+
+      const jobPermissions = job?.permissions;
+      if (jobPermissions === 'write-all') {
+        errors.push(`${jobName}: permissions: write-all is forbidden`);
+      }
+
+      for (const step of job?.steps || []) {
+        if (!step?.uses) continue;
+        stats.actions += 1;
+        if (!isPinnedActionRef(step.uses)) {
+          errors.push(`${jobName}: action "${step.uses}" must be pinned to a SHA or major version tag`);
+        }
+      }
+    }
+  }
+}
+
+function checkMcpPins(servers, security, errors, stats) {
+  const requirePins = security.mcp_pin_required === true
+    || security.supply_chain?.require_mcp_semver_pin === true;
+
+  for (const server of servers) {
+    stats.mcpServers += 1;
+    const name = server.name || '<unnamed>';
+    if (server.type === 'http' || server.url) {
+      if (!String(server.url || '').startsWith('https://')) {
+        errors.push(`mcp.external_servers.${name}: HTTP MCP URLs must use https://`);
+      }
+      continue;
+    }
+
+    if (requirePins && !isSemverMcpPin(server.pin)) {
+      errors.push(`mcp.external_servers.${name}: stdio MCP server pin must include an exact semver version`);
+    }
+  }
+}
+
+function checkPackageSupplyChain(root, security, errors, stats) {
+  if (security.supply_chain?.package_lock_required !== false) {
+    if (!fs.existsSync(path.join(root, 'package-lock.json'))) {
+      errors.push('package-lock.json is required for npm supply-chain reproducibility');
+    }
+  }
+
+  const pkg = readJson(root, 'package.json', errors);
+  if (!pkg) return;
+
+  for (const field of PACKAGE_FIELDS) {
+    for (const [name, spec] of Object.entries(pkg[field] || {})) {
+      stats.packageSpecs += 1;
+      if (!isSafePackageSpec(spec)) {
+        errors.push(`package.json ${field}.${name}: version "${spec}" is not allowed in hardened mode`);
+      }
+    }
+  }
+}
+
+function isSafePackageSpec(spec) {
+  if (typeof spec !== 'string') return false;
+  const value = spec.trim();
+  if (!value || value === '*' || /^latest$/i.test(value)) return false;
+  return !FORBIDDEN_VERSION_PREFIXES.some((prefix) => value.startsWith(prefix));
+}
+
+function findStaticSecretRefs(text, patterns) {
+  const found = [];
+  for (const pattern of patterns) {
+    const secretRef = new RegExp(`secrets\\.${escapeRegExp(pattern)}\\b`);
+    const plainRef = new RegExp(`\\b${escapeRegExp(pattern)}\\b`);
+    if (secretRef.test(text) || plainRef.test(text)) found.push(pattern);
+  }
+  return [...new Set(found)];
+}
+
+function permissionValue(permissions, key) {
+  if (!permissions || typeof permissions !== 'object') return undefined;
+  return permissions[key];
+}
+
+function hasEvent(on, eventName) {
+  if (!on) return false;
+  if (typeof on === 'string') return on === eventName;
+  if (Array.isArray(on)) return on.includes(eventName);
+  return Object.prototype.hasOwnProperty.call(on, eventName);
+}
+
+function readYaml(root, rel, errors) {
+  try {
+    return YAML.parse(fs.readFileSync(path.join(root, rel), 'utf8'));
+  } catch (e) {
+    errors.push(`${rel}: load failed: ${e.message}`);
+    return null;
+  }
+}
+
+function readJson(root, rel, errors) {
+  try {
+    return JSON.parse(fs.readFileSync(path.join(root, rel), 'utf8'));
+  } catch (e) {
+    errors.push(`${rel}: load failed: ${e.message}`);
+    return null;
+  }
+}
+
+function escapeRegExp(value) {
+  return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+function main() {
+  const report = checkSecurityHardening(ROOT);
+  console.log('HARNESS security-hardening');
+  console.log(`  workflows    : ${report.stats.workflows}`);
+  console.log(`  jobs         : ${report.stats.jobs}`);
+  console.log(`  actions      : ${report.stats.actions}`);
+  console.log(`  mcp servers  : ${report.stats.mcpServers}`);
+  console.log(`  package specs: ${report.stats.packageSpecs}`);
+
+  if (report.warnings.length) {
+    console.log('');
+    console.log(`Warnings (${report.warnings.length}):`);
+    for (const warning of report.warnings) console.log(`  - ${warning}`);
+  }
+
+  if (report.errors.length) {
+    console.log('');
+    console.log(`Errors (${report.errors.length}):`);
+    for (const error of report.errors) console.log(`  - ${error}`);
+    process.exit(1);
+  }
+
+  console.log('  pass');
+}
+
+if (process.argv[1] && path.resolve(process.argv[1]) === fileURLToPath(import.meta.url)) {
+  main();
+}

package/scripts/ci/validate-agents.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+// agents/<name>.md frontmatter 가 schemas/agent.schema.json 을 만족하는지 검증.
+// agent.yaml 의 agents 목록과 실 파일 일치 여부도 체크.
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import YAML from 'yaml';
+import Ajv2020 from 'ajv/dist/2020.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT = path.resolve(__dirname, '..', '..');
+
+const errors = [];
+const warnings = [];
+
+function read(rel) { return fs.readFileSync(path.join(ROOT, rel), 'utf8'); }
+
+const schema = JSON.parse(read('schemas/agent.schema.json'));
+const manifest = YAML.parse(read('agent.yaml'));
+
+const ajv = new Ajv2020({ allErrors: true, strict: false });
+const validate = ajv.compile(schema);
+
+const declared = new Set(manifest.agents || []);
+const found = new Set();
+
+const agentsDir = path.join(ROOT, 'agents');
+if (!fs.existsSync(agentsDir)) {
+  errors.push('agents/ 디렉터리 없음');
+} else {
+  for (const f of fs.readdirSync(agentsDir)) {
+    if (!f.endsWith('.md')) continue;
+    const stem = f.replace(/\.md$/, '');
+    found.add(stem);
+
+    const content = read(`agents/${f}`);
+    const fmMatch = content.match(/^---\s*\n([\s\S]*?)\n---/);
+    if (!fmMatch) {
+      errors.push(`agents/${f}: frontmatter 없음`);
+      continue;
+    }
+
+    let fm;
+    try {
+      fm = YAML.parse(fmMatch[1]);
+    } catch (e) {
+      errors.push(`agents/${f}: frontmatter YAML 파싱 실패 — ${e.message}`);
+      continue;
+    }
+
+    if (!validate(fm)) {
+      for (const err of validate.errors || []) {
+        errors.push(`agents/${f}: ${err.instancePath || '/'} ${err.message}`);
+      }
+      continue;
+    }
+
+    if (fm.name !== stem) {
+      errors.push(`agents/${f}: name "${fm.name}" 가 파일명 "${stem}" 와 다름`);
+    }
+  }
+}
+
+for (const a of declared) {
+  if (!found.has(a)) errors.push(`agent.yaml 에 선언된 "${a}" 의 파일 없음 (agents/${a}.md)`);
+}
+for (const a of found) {
+  if (!declared.has(a)) warnings.push(`agents/${a}.md 가 agent.yaml 에 선언 안 됨`);
+}
+
+console.log(`HARNESS validate-agents`);
+console.log(`  declared : ${declared.size}, found : ${found.size}`);
+
+if (warnings.length) {
+  console.log('');
+  console.log(`경고 (${warnings.length}):`);
+  for (const w of warnings) console.log('  - ' + w);
+}
+
+if (errors.length) {
+  console.log('');
+  console.log(`오류 (${errors.length}):`);
+  for (const e of errors) console.log('  - ' + e);
+  process.exit(1);
+}
+
+console.log('  통과');

package/scripts/ci/validate-hooks.js

@@ -0,0 +1,99 @@
+#!/usr/bin/env node
+// hooks/hooks.json 이 schemas/hooks.schema.json 을 만족하고
+// 참조하는 스크립트 파일이 실제 존재하는지 검증.
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import YAML from 'yaml';
+import Ajv2020 from 'ajv/dist/2020.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT = path.resolve(__dirname, '..', '..');
+
+const errors = [];
+const warnings = [];
+
+function read(rel) { return fs.readFileSync(path.join(ROOT, rel), 'utf8'); }
+
+const schema = JSON.parse(read('schemas/hooks.schema.json'));
+const manifest = YAML.parse(read('agent.yaml'));
+
+const hooksFile = manifest.hooks?.file || 'hooks/hooks.json';
+const hooksPath = path.join(ROOT, hooksFile);
+if (!fs.existsSync(hooksPath)) {
+  console.log(`HARNESS validate-hooks`);
+  console.log(`  오류: ${hooksFile} 없음`);
+  process.exit(1);
+}
+
+let hooksDef;
+try {
+  hooksDef = JSON.parse(read(hooksFile));
+} catch (e) {
+  console.log(`HARNESS validate-hooks`);
+  console.log(`  오류: ${hooksFile} JSON 파싱 실패 — ${e.message}`);
+  process.exit(1);
+}
+
+const ajv = new Ajv2020({ allErrors: true, strict: false });
+const validate = ajv.compile(schema);
+
+if (!validate(hooksDef)) {
+  for (const err of validate.errors || []) {
+    errors.push(`${hooksFile}: ${err.instancePath || '/'} ${err.message}`);
+  }
+}
+
+// 활성 훅 매니페스트와 실 정의 비교
+const activeDeclared = new Set(manifest.hooks?.active || []);
+const activeFound = new Set();
+const events = ['PreToolUse', 'PostToolUse', 'PreCompact', 'Stop', 'SessionStart', 'SessionEnd', 'UserPromptSubmit', 'PostToolUseFailure'];
+
+let entryCount = 0;
+for (const ev of events) {
+  for (const e of hooksDef[ev] || []) {
+    entryCount++;
+    // 스크립트 파일 존재?
+    const scriptRel = e.hook;
+    const scriptPath = path.join(ROOT, 'hooks', scriptRel);
+    if (!fs.existsSync(scriptPath)) {
+      errors.push(`${hooksFile}: ${ev} 의 ${scriptRel} 가 hooks/ 안에 없음`);
+    }
+    // env_toggle 에서 활성 이름 추출 (HARNESS_HOOK_<NAME>)
+    if (e.env_toggle) {
+      const name = e.env_toggle.replace(/^HARNESS_HOOK_/, '').toLowerCase().replace(/_/g, '-');
+      activeFound.add(name);
+    }
+  }
+}
+
+for (const a of activeDeclared) {
+  // 매니페스트의 active 는 약식 이름이라 dash 차이를 허용하기 위해 양쪽 모두 정규화 후 비교
+  const aNorm = a.replace(/-/g, '');
+  const found = [...activeFound].some(f => {
+    const fNorm = f.replace(/-/g, '');
+    return fNorm.includes(aNorm) || aNorm.includes(fNorm);
+  });
+  if (!found) warnings.push(`agent.yaml hooks.active 의 "${a}" 가 hooks.json 에 매핑되는 env_toggle 미발견`);
+}
+
+console.log(`HARNESS validate-hooks`);
+console.log(`  file     : ${hooksFile}`);
+console.log(`  entries  : ${entryCount}`);
+console.log(`  declared active: ${activeDeclared.size}`);
+
+if (warnings.length) {
+  console.log('');
+  console.log(`경고 (${warnings.length}):`);
+  for (const w of warnings) console.log('  - ' + w);
+}
+
+if (errors.length) {
+  console.log('');
+  console.log(`오류 (${errors.length}):`);
+  for (const e of errors) console.log('  - ' + e);
+  process.exit(1);
+}
+
+console.log('  통과');

package/scripts/ci/validate-manifests.js

@@ -0,0 +1,128 @@
+#!/usr/bin/env node
+// agent.yaml + manifests/install-{profiles,modules,components}.json 검증.
+// 1) 각 파일 schema 통과
+// 2) 프로파일 → 모듈 → 컴포넌트 그래프의 참조 무결성
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import YAML from 'yaml';
+import Ajv2020 from 'ajv/dist/2020.js';
+import addFormats from 'ajv-formats';
+import { validateProfileSafety } from '../lib/profile-safety.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT = path.resolve(__dirname, '..', '..');
+
+const errors = [];
+const warnings = [];
+
+function readJson(rel) { return JSON.parse(fs.readFileSync(path.join(ROOT, rel), 'utf8')); }
+function readYaml(rel) { return YAML.parse(fs.readFileSync(path.join(ROOT, rel), 'utf8')); }
+
+const ajv = new Ajv2020({ allErrors: true, strict: false });
+addFormats(ajv);
+
+const checks = [
+  { name: 'agent.yaml',                     schema: 'schemas/agent-yaml.schema.json',          load: () => readYaml('agent.yaml') },
+  { name: 'manifests/install-profiles.json',schema: 'schemas/install-profiles.schema.json',    load: () => readJson('manifests/install-profiles.json') },
+  { name: 'manifests/install-modules.json', schema: 'schemas/install-modules.schema.json',     load: () => readJson('manifests/install-modules.json') },
+  { name: 'manifests/install-components.json', schema: 'schemas/install-components.schema.json',load: () => readJson('manifests/install-components.json') },
+];
+
+const loaded = {};
+for (const c of checks) {
+  let data;
+  try {
+    data = c.load();
+  } catch (e) {
+    errors.push(`${c.name}: 로드 실패 — ${e.message}`);
+    continue;
+  }
+  loaded[c.name] = data;
+
+  let schema;
+  try {
+    schema = readJson(c.schema);
+  } catch (e) {
+    errors.push(`${c.schema}: 로드 실패 — ${e.message}`);
+    continue;
+  }
+  const validate = ajv.compile(schema);
+  if (!validate(data)) {
+    for (const err of validate.errors || []) {
+      errors.push(`${c.name}: ${err.instancePath || '/'} ${err.message}`);
+    }
+  }
+}
+
+// 참조 무결성
+const profilesDoc = loaded['manifests/install-profiles.json'];
+const modulesDoc = loaded['manifests/install-modules.json'];
+const componentsDoc = loaded['manifests/install-components.json'];
+const manifest = loaded['agent.yaml'];
+
+if (profilesDoc && modulesDoc) {
+  for (const [pid, p] of Object.entries(profilesDoc.profiles || {})) {
+    for (const mid of p.modules || []) {
+      if (!modulesDoc.modules?.[mid]) {
+        errors.push(`profile "${pid}" → 미정의 모듈 "${mid}"`);
+      }
+    }
+  }
+}
+
+if (modulesDoc && componentsDoc) {
+  for (const [mid, m] of Object.entries(modulesDoc.modules || {})) {
+    for (const cid of m.components || []) {
+      if (!componentsDoc.components?.[cid]) {
+        errors.push(`module "${mid}" → 미정의 컴포넌트 "${cid}"`);
+      }
+    }
+    for (const dep of m.depends_on || []) {
+      if (!modulesDoc.modules?.[dep]) {
+        errors.push(`module "${mid}" → 미정의 의존 모듈 "${dep}"`);
+      }
+    }
+  }
+}
+
+if (manifest && modulesDoc) {
+  for (const m of manifest.modules || []) {
+    if (!modulesDoc.modules?.[m]) {
+      errors.push(`agent.yaml modules 에 미정의 "${m}" 선언`);
+    }
+  }
+  // default profile 존재?
+  const def = manifest.profiles?.default;
+  if (def && !profilesDoc?.profiles?.[def]) {
+    errors.push(`agent.yaml profiles.default "${def}" 가 install-profiles.json 에 없음`);
+  }
+}
+
+if (profilesDoc) {
+  const safety = validateProfileSafety(profilesDoc);
+  errors.push(...safety.errors);
+  warnings.push(...safety.warnings);
+}
+
+console.log(`HARNESS validate-manifests`);
+console.log(`  agent.yaml + 3 manifest schemas`);
+if (profilesDoc) console.log(`  profiles  : ${Object.keys(profilesDoc.profiles || {}).length}`);
+if (modulesDoc) console.log(`  modules   : ${Object.keys(modulesDoc.modules || {}).length}`);
+if (componentsDoc) console.log(`  components: ${Object.keys(componentsDoc.components || {}).length}`);
+
+if (warnings.length) {
+  console.log('');
+  console.log(`경고 (${warnings.length}):`);
+  for (const w of warnings) console.log('  - ' + w);
+}
+
+if (errors.length) {
+  console.log('');
+  console.log(`오류 (${errors.length}):`);
+  for (const e of errors) console.log('  - ' + e);
+  process.exit(1);
+}
+
+console.log('  통과');

package/scripts/ci/validate-skills.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+// skills/<name>/SKILL.md frontmatter 가 schemas/skill.schema.json 을 만족하는지 검증.
+// agent.yaml 의 skills 목록과 실 디렉터리 일치 여부도 체크.
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import YAML from 'yaml';
+import Ajv2020 from 'ajv/dist/2020.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT = path.resolve(__dirname, '..', '..');
+
+const errors = [];
+const warnings = [];
+
+function read(rel) { return fs.readFileSync(path.join(ROOT, rel), 'utf8'); }
+
+const schema = JSON.parse(read('schemas/skill.schema.json'));
+const manifest = YAML.parse(read('agent.yaml'));
+
+const ajv = new Ajv2020({ allErrors: true, strict: false });
+const validate = ajv.compile(schema);
+
+const declared = new Set(manifest.skills || []);
+const found = new Set();
+
+const skillsDir = path.join(ROOT, 'skills');
+if (!fs.existsSync(skillsDir)) {
+  errors.push('skills/ 디렉터리 없음');
+} else {
+  for (const e of fs.readdirSync(skillsDir, { withFileTypes: true })) {
+    if (!e.isDirectory()) continue;
+    found.add(e.name);
+
+    const file = path.join(skillsDir, e.name, 'SKILL.md');
+    if (!fs.existsSync(file)) {
+      errors.push(`skills/${e.name}/SKILL.md 없음`);
+      continue;
+    }
+
+    const content = fs.readFileSync(file, 'utf8');
+    const fmMatch = content.match(/^---\s*\n([\s\S]*?)\n---/);
+    if (!fmMatch) {
+      errors.push(`skills/${e.name}/SKILL.md: frontmatter 없음`);
+      continue;
+    }
+
+    let fm;
+    try {
+      fm = YAML.parse(fmMatch[1]);
+    } catch (err) {
+      errors.push(`skills/${e.name}/SKILL.md: frontmatter YAML 파싱 실패 — ${err.message}`);
+      continue;
+    }
+
+    if (!validate(fm)) {
+      for (const err of validate.errors || []) {
+        errors.push(`skills/${e.name}/SKILL.md: ${err.instancePath || '/'} ${err.message}`);
+      }
+      continue;
+    }
+
+    if (fm.name !== e.name) {
+      errors.push(`skills/${e.name}/SKILL.md: name "${fm.name}" 가 디렉터리명 "${e.name}" 와 다름`);
+    }
+  }
+}
+
+for (const s of declared) {
+  if (!found.has(s)) errors.push(`agent.yaml 에 선언된 "${s}" 의 디렉터리 없음 (skills/${s}/)`);
+}
+for (const s of found) {
+  if (!declared.has(s)) warnings.push(`skills/${s}/ 가 agent.yaml 에 선언 안 됨`);
+}
+
+console.log(`HARNESS validate-skills`);
+console.log(`  declared : ${declared.size}, found : ${found.size}`);
+
+if (warnings.length) {
+  console.log('');
+  console.log(`경고 (${warnings.length}):`);
+  for (const w of warnings) console.log('  - ' + w);
+}
+
+if (errors.length) {
+  console.log('');
+  console.log(`오류 (${errors.length}):`);
+  for (const e of errors) console.log('  - ' + e);
+  process.exit(1);
+}
+
+console.log('  통과');