@ryuenn3123/agentic-senior-core 2.0.4 → 2.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/.agent-context/blueprints/mobile-app.md +82 -12
  2. package/.agent-context/skills/cli/README.md +6 -0
  3. package/.agent-context/skills/cli/safety-telemetry.md +39 -0
  4. package/.agent-context/skills/cli.md +3 -0
  5. package/.agent-context/skills/distribution/.evidence/compatibility-manifest.json +9 -0
  6. package/.agent-context/skills/distribution/.evidence/sbom-excerpt.json +6 -0
  7. package/.agent-context/skills/distribution/.evidence/test-report.json +8 -0
  8. package/.agent-context/skills/distribution/CHANGELOG.md +7 -0
  9. package/.agent-context/skills/distribution/README.md +9 -1
  10. package/.agent-context/skills/distribution/package.json +5 -0
  11. package/.agent-context/skills/distribution/provenance-attestation.md +47 -0
  12. package/.agent-context/skills/distribution/tests/.gitkeep +1 -0
  13. package/.agent-context/skills/distribution.md +3 -0
  14. package/.agent-context/skills/frontend/.evidence/compatibility-manifest.json +9 -0
  15. package/.agent-context/skills/frontend/.evidence/sbom-excerpt.json +6 -0
  16. package/.agent-context/skills/frontend/.evidence/test-report.json +8 -0
  17. package/.agent-context/skills/frontend/CHANGELOG.md +7 -0
  18. package/.agent-context/skills/frontend/README.md +14 -1
  19. package/.agent-context/skills/frontend/conversion-clarity.md +51 -0
  20. package/.agent-context/skills/frontend/package.json +5 -0
  21. package/.agent-context/skills/frontend/responsive-delivery.md +41 -0
  22. package/.agent-context/skills/frontend/tests/.gitkeep +1 -0
  23. package/.agent-context/skills/frontend.md +6 -0
  24. package/.agent-context/skills/fullstack/.evidence/compatibility-manifest.json +9 -0
  25. package/.agent-context/skills/fullstack/.evidence/sbom-excerpt.json +6 -0
  26. package/.agent-context/skills/fullstack/.evidence/test-report.json +8 -0
  27. package/.agent-context/skills/fullstack/CHANGELOG.md +7 -0
  28. package/.agent-context/skills/fullstack/README.md +9 -1
  29. package/.agent-context/skills/fullstack/package.json +5 -0
  30. package/.agent-context/skills/fullstack/release-coordination.md +51 -0
  31. package/.agent-context/skills/fullstack/tests/.gitkeep +1 -0
  32. package/.agent-context/skills/fullstack.md +3 -0
  33. package/.agent-context/skills/review-quality/.evidence/compatibility-manifest.json +9 -0
  34. package/.agent-context/skills/review-quality/.evidence/sbom-excerpt.json +6 -0
  35. package/.agent-context/skills/review-quality/.evidence/test-report.json +8 -0
  36. package/.agent-context/skills/review-quality/CHANGELOG.md +7 -0
  37. package/.agent-context/skills/review-quality/README.md +9 -1
  38. package/.agent-context/skills/review-quality/package.json +5 -0
  39. package/.agent-context/skills/review-quality/release-decision.md +49 -0
  40. package/.agent-context/skills/review-quality/tests/.gitkeep +1 -0
  41. package/.agent-context/skills/review-quality.md +3 -0
  42. package/.agent-context/state/quality-trend-report.json +89 -0
  43. package/.agent-context/state/weekly-governance-report.json +126 -0
  44. package/.cursorrules +1 -1
  45. package/.gemini/instructions.md +15 -91
  46. package/.github/copilot-instructions.md +15 -160
  47. package/.github/workflows/governance-weekly-report.yml +43 -0
  48. package/.windsurfrules +1 -1
  49. package/AGENTS.md +21 -174
  50. package/README.md +15 -0
  51. package/lib/cli/constants.mjs +35 -0
  52. package/lib/cli/utils.mjs +4 -1
  53. package/package.json +3 -1
  54. package/scripts/governance-weekly-report.mjs +293 -0
  55. package/scripts/quality-trend-report.mjs +289 -0
  56. package/scripts/release-gate.mjs +57 -0
  57. package/scripts/validate.mjs +85 -22
package/scripts/validate.mjs CHANGED
@@ -16,12 +16,14 @@
16
16
  import { readdir, readFile, stat } from 'node:fs/promises';
17
17
  import { dirname, join, relative, resolve } from 'node:path';
18
18
  import { fileURLToPath } from 'node:url';
19
+ import { createHash } from 'node:crypto';
19
20
  import { validateSkillTopicContent } from './skill-tier-policy.mjs';
20
21
  import { calculateTrustScore } from './trust-scorer.mjs';
21
22
 
22
23
  const SCRIPT_FILE_PATH = fileURLToPath(import.meta.url);
23
24
  const ROOT_DIR = resolve(dirname(SCRIPT_FILE_PATH), '..');
24
25
  const AGENT_CONTEXT_DIR = join(ROOT_DIR, '.agent-context');
26
+ const CANONICAL_INSTRUCTION_PATH = join(ROOT_DIR, '.instructions.md');
25
27
  const PACKAGE_JSON_PATH = join(ROOT_DIR, 'package.json');
26
28
  const CHANGELOG_PATH = join(ROOT_DIR, 'CHANGELOG.md');
27
29
  const README_PATH = join(ROOT_DIR, 'README.md');
@@ -32,6 +34,11 @@ const GENERATED_RULE_FILES = ['.cursorrules', '.windsurfrules'];
32
34
  const ALLOWED_SEVERITIES = new Set(['critical', 'high', 'medium', 'low']);
33
35
  const OVERRIDE_WARNING_WINDOW_DAYS = 30;
34
36
  const SUPPORTED_COMPATIBILITY_PLATFORMS = new Set(['windows', 'linux', 'macos']);
37
+ const THIN_ADAPTER_PATHS = [
38
+ 'AGENTS.md',
39
+ '.github/copilot-instructions.md',
40
+ '.gemini/instructions.md',
41
+ ];
35
42
 
36
43
  const validationResult = {
37
44
  passed: 0,
@@ -102,6 +109,10 @@ function warn(message) {
102
109
  console.log(` WARN ${message}`);
103
110
  }
104
111
 
112
+ function normalizeLineEndings(content) {
113
+ return content.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
114
+ }
115
+
105
116
  async function validateRequiredFiles() {
106
117
  console.log('\nChecking required files...');
107
118
 
@@ -112,6 +123,7 @@ async function validateRequiredFiles() {
112
123
  'scripts/detection-benchmark.mjs',
113
124
  'scripts/benchmark-gate.mjs',
114
125
  'scripts/benchmark-intelligence.mjs',
126
+ 'scripts/governance-weekly-report.mjs',
115
127
  'scripts/frontend-usability-audit.mjs',
116
128
  'scripts/release-gate.mjs',
117
129
  'scripts/generate-sbom.mjs',
@@ -139,6 +151,7 @@ async function validateRequiredFiles() {
139
151
  '.github/workflows/release-gate.yml',
140
152
  '.github/workflows/sbom-compliance.yml',
141
153
  '.github/workflows/benchmark-intelligence.yml',
154
+ '.github/workflows/governance-weekly-report.yml',
142
155
  'tests/cli-smoke.test.mjs',
143
156
  'tests/llm-judge.test.mjs',
144
157
  'tests/enterprise-ops.test.mjs',
@@ -674,6 +687,52 @@ async function validateMcpConfiguration() {
674
687
  }
675
688
  }
676
689
 
690
+ async function validateInstructionAdapters() {
691
+ console.log('\nChecking instruction adapter consolidation...');
692
+
693
+ const canonicalInstructionContent = normalizeLineEndings(await readTextFile(CANONICAL_INSTRUCTION_PATH));
694
+ const canonicalSnapshotHash = createHash('sha256').update(canonicalInstructionContent).digest('hex');
695
+
696
+ for (const thinAdapterPath of THIN_ADAPTER_PATHS) {
697
+ const absoluteAdapterPath = join(ROOT_DIR, thinAdapterPath);
698
+
699
+ if (!(await fileExists(absoluteAdapterPath))) {
700
+ fail(`Missing thin adapter file: ${thinAdapterPath}`);
701
+ continue;
702
+ }
703
+
704
+ const thinAdapterContent = await readTextFile(absoluteAdapterPath);
705
+
706
+ if (
707
+ thinAdapterContent.includes('Adapter Mode: thin')
708
+ && thinAdapterContent.includes('Adapter Source: .instructions.md')
709
+ ) {
710
+ pass(`${thinAdapterPath} declares thin adapter metadata`);
711
+ } else {
712
+ fail(`${thinAdapterPath} must declare Adapter Mode: thin and Adapter Source: .instructions.md`);
713
+ }
714
+
715
+ const hashMatch = thinAdapterContent.match(/Canonical Snapshot SHA256:\s*([a-f0-9]{64})/);
716
+ if (!hashMatch) {
717
+ fail(`${thinAdapterPath} must declare Canonical Snapshot SHA256`);
718
+ continue;
719
+ }
720
+
721
+ if (hashMatch[1] === canonicalSnapshotHash) {
722
+ pass(`${thinAdapterPath} canonical hash matches .instructions.md`);
723
+ } else {
724
+ fail(`${thinAdapterPath} canonical hash drift detected (expected ${canonicalSnapshotHash})`);
725
+ }
726
+
727
+ const thinAdapterLineCount = thinAdapterContent.split(/\r?\n/u).length;
728
+ if (thinAdapterLineCount <= 80) {
729
+ pass(`${thinAdapterPath} remains thin (${thinAdapterLineCount} lines)`);
730
+ } else {
731
+ fail(`${thinAdapterPath} is too large for thin-adapter mode (${thinAdapterLineCount} lines)`);
732
+ }
733
+ }
734
+ }
735
+
677
736
  async function validateTrustTierSchema() {
678
737
  console.log('\nChecking marketplace trust tier schema...');
679
738
 
@@ -741,29 +800,32 @@ async function validateEvidenceBundles() {
741
800
  .filter(dirent => dirent.isDirectory())
742
801
  .map(dirent => dirent.name);
743
802
 
744
- // We only DEMAND evidence from official skills if they want to be considered "Verified".
745
- // Let's at least enforce they don't throw errors when scored.
746
- // And specifically, 'cli' has a mocked evidence bundle, so it should score Verified.
803
+ const requiredVerifiedSkillNames = new Set([
804
+ 'cli',
805
+ 'frontend',
806
+ 'fullstack',
807
+ 'distribution',
808
+ 'review-quality',
809
+ ]);
810
+
747
811
  for (const skillName of skillDirs) {
748
- if (skillName === 'cli') {
749
- try {
750
- const result = await calculateTrustScore(join(skillsDir, skillName));
751
- if (result.tier === 'verified') {
752
- pass(`Skill "${skillName}" achieved Verified trust tier (Score: ${result.score})`);
753
- } else {
754
- fail(`Skill "${skillName}" failed to reach Verified tier. Got ${result.tier} (Score: ${result.score})`);
755
- console.log(result.dimensions);
756
- }
757
- } catch (err) {
758
- fail(`Skill "${skillName}" scorer crashed: ${err.message}`);
759
- }
760
- } else {
761
- try {
762
- const result = await calculateTrustScore(join(skillsDir, skillName));
763
- pass(`Skill "${skillName}" parses successfully as ${result.tier} tier`);
764
- } catch (err) {
765
- fail(`Skill "${skillName}" scorer crashed: ${err.message}`);
766
- }
812
+ try {
813
+ const result = await calculateTrustScore(join(skillsDir, skillName));
814
+
815
+ if (requiredVerifiedSkillNames.has(skillName)) {
816
+ if (result.tier === 'verified') {
817
+ pass(`Skill "${skillName}" achieved Verified trust tier (Score: ${result.score})`);
818
+ } else {
819
+ fail(`Skill "${skillName}" failed to reach Verified tier. Got ${result.tier} (Score: ${result.score})`);
820
+ continue;
821
+ }
822
+
823
+ continue;
824
+ }
825
+
826
+ pass(`Skill "${skillName}" parses successfully as ${result.tier} tier`);
827
+ } catch (err) {
828
+ fail(`Skill "${skillName}" scorer crashed: ${err.message}`);
767
829
  }
768
830
  }
769
831
  }
@@ -786,6 +848,7 @@ async function main() {
786
848
  await validateVersionConsistency();
787
849
  await validateDocumentationFlow();
788
850
  await validateMcpConfiguration();
851
+ await validateInstructionAdapters();
789
852
  await validateTrustTierSchema();
790
853
  await validateEvidenceBundles();
791
854