npm - @raishin/vanguard-frontier-agentic - Versions diffs - 1.3.0 → 1.4.0 - Mend

@raishin/vanguard-frontier-agentic 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/package.json CHANGED Viewed

@@ -1,8 +1,16 @@
 {
   "name": "@raishin/vanguard-frontier-agentic",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Cloud and zero-trust agentic workflow marketplace for skills, agents, rules, MCP references, and compliance-aware architecture.",
   "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Raishin/vanguard-frontier-agentic.git"
+  },
+  "homepage": "https://github.com/Raishin/vanguard-frontier-agentic#readme",
+  "bugs": {
+    "url": "https://github.com/Raishin/vanguard-frontier-agentic/issues"
+  },
   "type": "commonjs",
   "bin": {
     "vfa-export-agents": "./scripts/export-marketplace-agents.mjs"
@@ -28,7 +36,17 @@
     "validate:aws": "python3 tests/validate-aws-skill-quality.py && python3 tests/validate-aws-progressive-disclosure.py",
     "validate:catalog": "python3 tests/validate-catalog.py",
     "validate:links": "python3 tests/validate-links.py --offline",
-    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:links"
+    "validate:allowed-tools": "python3 tests/validate-skill-allowed-tools.py",
+    "validate:skill-schema": "python3 tests/validate-skill-frontmatter-schema.py",
+    "validate:agent-schema": "python3 tests/validate-agent-frontmatter-schema.py",
+    "test:copilot-bundling": "python3 tests/test-copilot-skill-bundling.py",
+    "test:gemini-bundling": "python3 tests/test-gemini-skill-bundling.py",
+    "test:cursor-kiro-notices": "node tests/export-cursor-kiro-skill-notice.test.mjs",
+    "validate": "npm run validate:catalog && npm run validate:aws && npm run manifest:check && npm run validate:allowed-tools && npm run validate:skill-schema && npm run validate:agent-schema && npm run validate:links",
+    "release:sbom": "command -v syft >/dev/null 2>&1 && syft scan dir:. -o spdx-json=sbom.spdx.json || echo 'syft not installed; SBOM is generated in CI by anchore/sbom-action'",
+    "lint:md": "npx --yes markdownlint-cli2 \"**/*.md\" \"#node_modules\" \"#.git\" \"#.code-review-graph\" \"#CHANGELOG.md\"",
+    "lint:spell": "codespell",
+    "lint:docs": "npm run lint:md && npm run lint:spell"
   },
   "devDependencies": {
     "semantic-release": "25.0.3",
@@ -38,10 +56,11 @@
     "@semantic-release/github": "12.0.6",
     "@semantic-release/commit-analyzer": "13.0.1",
     "@semantic-release/release-notes-generator": "14.1.0",
-    "conventional-changelog-conventionalcommits": "8.0.0"
+    "conventional-changelog-conventionalcommits": "9.3.1"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "keywords": [
     "agentic",

package/schemas/AGENTS.md CHANGED Viewed

@@ -9,3 +9,17 @@
 - Update `docs/release-versioning.md` if schema compatibility policy changes.
 - Run `npm run validate` after schema edits.
+## Schemas
+- `skill.frontmatter.schema.json` — required SKILL.md frontmatter contract;
+  enforced by `tests/validate-skill-frontmatter-schema.py` (`validate:skill-schema`).
+- `agent.schema.json` — agent `metadata.json` contract (id, provider, harnesses,
+  source_type, official_docs, security_notes, last_verified, companion_skills).
+- `agent.frontmatter.schema.json` — required AGENT.md frontmatter contract.
+  Empirically derived from the 141-file corpus: only `metadata.author` and
+  `metadata.version` are required. Optional fields (`name`, `description`,
+  `model`, `allowed-tools`, `tools`, `color`) are typed when present, and
+  `additionalProperties: true` keeps harness-specific extensions non-breaking.
+  Enforced by `tests/validate-agent-frontmatter-schema.py`
+  (`validate:agent-schema`).

package/schemas/agent.frontmatter.schema.json ADDED Viewed

@@ -0,0 +1,89 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://github.com/Raishin/vanguard-frontier-agentic/schemas/agent.frontmatter.schema.json",
+  "title": "AGENT.md Frontmatter",
+  "description": "JSON Schema for the YAML frontmatter block in every AGENT.md file. Required fields are derived empirically from the existing corpus (141 files), which uniformly carries only a metadata block. additionalProperties is true so future harness-specific fields (e.g., name, description, allowed-tools, model, color) can be added without breaking existing files. Authoritative agent identity, provider, harness, and security metadata live in the adjacent metadata.json (see schemas/agent.schema.json).",
+  "type": "object",
+  "required": [
+    "metadata"
+  ],
+  "properties": {
+    "metadata": {
+      "type": "object",
+      "description": "Authorship and versioning block. Mirrors the metadata block in SKILL.md frontmatter.",
+      "required": [
+        "author",
+        "version"
+      ],
+      "properties": {
+        "author": {
+          "type": "string",
+          "description": "Author identifier (e.g. 'github: handle').",
+          "minLength": 1
+        },
+        "version": {
+          "type": "string",
+          "description": "Semantic version of the AGENT.md asset.",
+          "pattern": "^\\d+\\.\\d+\\.\\d+(-[\\w.-]+)?$"
+        }
+      },
+      "additionalProperties": true
+    },
+    "name": {
+      "type": "string",
+      "description": "Optional kebab-case identifier. Reserved for future harness-specific use; canonical id lives in metadata.json.",
+      "pattern": "^[a-z0-9][a-z0-9-]*$"
+    },
+    "description": {
+      "type": "string",
+      "description": "Optional human-readable purpose statement.",
+      "minLength": 20,
+      "maxLength": 4000
+    },
+    "model": {
+      "type": "string",
+      "description": "Optional model preference hint (e.g. 'sonnet', 'opus').",
+      "minLength": 1
+    },
+    "allowed-tools": {
+      "description": "Optional pre-approval list of tools. Space-separated string or YAML sequence.",
+      "oneOf": [
+        {
+          "type": "string",
+          "minLength": 1
+        },
+        {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "string",
+            "minLength": 1
+          }
+        }
+      ]
+    },
+    "tools": {
+      "description": "Optional alias/alternative for allowed-tools used by some harnesses.",
+      "oneOf": [
+        {
+          "type": "string",
+          "minLength": 1
+        },
+        {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "string",
+            "minLength": 1
+          }
+        }
+      ]
+    },
+    "color": {
+      "type": "string",
+      "description": "Optional UI color hint used by some harnesses.",
+      "minLength": 1
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/agent.schema.json CHANGED Viewed

@@ -90,6 +90,14 @@
     "path": {
       "type": "string",
       "minLength": 1
+    },
+    "companion_skills": {
+      "type": "array",
+      "description": "Explicit list of skill ids that pair with this agent. Overrides name-stripping convention. Set to [] to declare intentional no-pair.",
+      "items": {
+        "type": "string",
+        "pattern": "^[a-z0-9][a-z0-9-]*$"
+      }
     }
   },
   "additionalProperties": true

package/schemas/skill.frontmatter.schema.json ADDED Viewed

@@ -0,0 +1,95 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://github.com/Raishin/vanguard-frontier-agentic/schemas/skill.frontmatter.schema.json",
+  "title": "SKILL.md Frontmatter",
+  "description": "JSON Schema for the YAML frontmatter block in every SKILL.md file.",
+  "type": "object",
+  "required": [
+    "name",
+    "description",
+    "allowed-tools",
+    "metadata"
+  ],
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Kebab-case identifier for the skill. Must start with a lowercase letter or digit.",
+      "pattern": "^[a-z0-9][a-z0-9-]*$"
+    },
+    "description": {
+      "type": "string",
+      "description": "Human-readable purpose statement. 50–1500 characters.",
+      "minLength": 50,
+      "maxLength": 1500
+    },
+    "allowed-tools": {
+      "description": "Explicit pre-approval list of tools this skill may invoke. May be a space-separated string or a YAML sequence of strings.",
+      "oneOf": [
+        {
+          "type": "string",
+          "minLength": 1
+        },
+        {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "string",
+            "minLength": 1
+          }
+        }
+      ]
+    },
+    "metadata": {
+      "type": "object",
+      "description": "Authorship and versioning block.",
+      "required": [
+        "author",
+        "version"
+      ],
+      "properties": {
+        "author": {
+          "type": "string",
+          "description": "Author identifier (e.g. 'github: handle').",
+          "minLength": 1
+        },
+        "version": {
+          "type": "string",
+          "description": "Semantic version of the skill.",
+          "pattern": "^\\d+\\.\\d+\\.\\d+(-[\\w.-]+)?$"
+        },
+        "updated": {
+          "type": "string",
+          "description": "ISO 8601 date (YYYY-MM-DD) of the last meaningful change to the skill. Optional but validated when present.",
+          "pattern": "^\\d{4}-\\d{2}-\\d{2}$"
+        },
+        "category": {
+          "type": "string",
+          "description": "Coarse marketplace taxonomy bucket. See docs/taxonomy.md for definitions.",
+          "enum": [
+            "security",
+            "platform",
+            "data",
+            "finops",
+            "ai",
+            "delivery",
+            "observability",
+            "compliance",
+            "resilience",
+            "networking"
+          ]
+        },
+        "lifecycle": {
+          "type": "string",
+          "description": "Stability stage. Optional; defaults to 'stable' when absent.",
+          "enum": ["experimental", "beta", "stable", "deprecated"]
+        }
+      },
+      "additionalProperties": true
+    },
+    "disable-model-invocation": {
+      "type": "boolean",
+      "description": "Optional. When true, the skill suppresses direct model invocation and relies entirely on tool calls."
+    }
+  },
+  "additionalProperties": true
+}

package/scripts/apply-skill-allowed-tools.py ADDED Viewed

@@ -0,0 +1,142 @@
+#!/usr/bin/env python3
+"""Apply least-privilege `allowed-tools` to every SKILL.md frontmatter.
+Taxonomy (matched against skill id, first match wins):
+  maestro                  -> Agent Skill Read Grep Glob
+  *-patch-executor,
+  *-fix-operator,
+  *-corrector,
+  *-deployment-hotfix-*,
+  *-remediation-operator,
+  *-rollout-corrector,
+  *-pipeline-fix-operator  -> Read Edit Write MultiEdit Grep Glob
+  *-developer,
+  *-agentcore,
+  aws-generative-ai-developer,
+  *-application-developer  -> Read Edit Write MultiEdit Grep Glob Bash
+  *-live-*-guard,
+  velero-backup-restore-guard
+                           -> Read Grep Glob WebFetch
+  *-investigator,
+  *-responder,
+  *-advisor,
+  *-coordinator,
+  *-watch-coordinator,
+  *-analyst,
+  *-planner,
+  finops-cloud-price-advisor
+                           -> Read Grep Glob WebFetch
+  default (review/governor/
+  auditor/mapper/architect/
+  reviewer/steward/selector
+  /skill-designer)         -> Read Grep Glob
+Skip if `allowed-tools` is already declared (idempotent).
+"""
+from __future__ import annotations
+import sys
+from pathlib import Path
+ROOT = Path(__file__).resolve().parents[1]
+SKILLS_DIR = ROOT / "skills"
+PATCHERS = (
+    "-patch-executor", "-fix-operator", "-corrector",
+    "-deployment-hotfix-operator", "-remediation-operator",
+    "-rollout-corrector", "-pipeline-fix-operator",
+)
+DEVELOPERS = (
+    "-developer", "-application-developer",
+)
+LIVE_GUARDS = ("-live-",)
+INVESTIGATORS = (
+    "-investigator", "-responder", "-advisor", "-coordinator",
+    "-analyst", "-planner",
+)
+def classify(skill_id: str) -> str:
+    if skill_id.endswith("-maestro") or skill_id == "kubernetes-maestro" or skill_id == "terraform-maestro":
+        return "Agent Skill Read Grep Glob"
+    for s in PATCHERS:
+        if skill_id.endswith(s):
+            return "Read Edit Write MultiEdit Grep Glob"
+    if skill_id == "aws-agentcore" or skill_id == "aws-generative-ai-developer":
+        return "Read Edit Write MultiEdit Grep Glob Bash"
+    for s in DEVELOPERS:
+        if skill_id.endswith(s):
+            return "Read Edit Write MultiEdit Grep Glob Bash"
+    for s in LIVE_GUARDS:
+        if s in skill_id and skill_id.endswith("-guard"):
+            return "Read Grep Glob WebFetch"
+    if skill_id == "velero-backup-restore-guard":
+        return "Read Grep Glob WebFetch"
+    for s in INVESTIGATORS:
+        if skill_id.endswith(s):
+            return "Read Grep Glob WebFetch"
+    if skill_id == "finops-cloud-price-advisor":
+        return "Read Grep Glob WebFetch"
+    return "Read Grep Glob"
+def apply(skill_md: Path) -> tuple[bool, str]:
+    text = skill_md.read_text(encoding="utf-8")
+    if not text.startswith("---\n"):
+        return False, "no frontmatter"
+    end = text.find("\n---", 4)
+    if end == -1:
+        return False, "unterminated frontmatter"
+    fm_block = text[4:end]
+    if "\nallowed-tools:" in "\n" + fm_block:
+        return False, "already has allowed-tools"
+    skill_id = skill_md.parent.name
+    tools = classify(skill_id)
+    # Insert allowed-tools immediately after the description block,
+    # before the metadata: block (if any) or before the closing ---.
+    lines = fm_block.split("\n")
+    insert_at = None
+    for i, line in enumerate(lines):
+        if line.startswith("metadata:"):
+            insert_at = i
+            break
+    if insert_at is None:
+        insert_at = len(lines)
+    lines.insert(insert_at, f"allowed-tools: {tools}")
+    new_fm = "\n".join(lines)
+    new_text = "---\n" + new_fm + text[end:]
+    skill_md.write_text(new_text, encoding="utf-8")
+    return True, tools
+def main() -> int:
+    files = sorted(SKILLS_DIR.glob("*/*/SKILL.md"))
+    summary: dict[str, int] = {}
+    skipped = 0
+    for f in files:
+        ok, info = apply(f)
+        if ok:
+            summary[info] = summary.get(info, 0) + 1
+        else:
+            skipped += 1
+            if info != "already has allowed-tools":
+                print(f"WARN: {f.relative_to(ROOT)}: {info}", file=sys.stderr)
+    total = sum(summary.values())
+    print(f"Applied allowed-tools to {total} skills (skipped {skipped})")
+    for tools, count in sorted(summary.items(), key=lambda x: -x[1]):
+        print(f"  {count:3d}  {tools}")
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())