@ryuenn3123/agentic-senior-core 2.0.5 → 2.0.7

package/.agent-context/skills/cli/compatibility-manifest.json

@@ -1,8 +1,8 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "cli",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}
+{
+  "schemaVersion": "compatibility-manifest-v1",
+  "artifactType": "skill-domain",
+  "domain": "cli",
+  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
+  "nodeMin": "18",
+  "platforms": ["windows", "linux", "macos"]
+}

package/.agent-context/skills/cli/init.md

@@ -1,38 +1,38 @@
-# Init Flow
-
-Tier: ADVANCE
-
-Initialization commands must be deterministic, reversible where possible, and explicit about filesystem mutations.
-
-## Design Principles
-
-- Predictable output for identical input flags.
-- Safe defaults when users omit options.
-- Preflight summary before any file write.
-
-## Required Init Sequence
-
-1. Validate prerequisites (runtime, permissions, existing files).
-2. Resolve stack/profile/blueprint selection.
-3. Print write plan summary.
-4. Apply scaffold atomically.
-5. Emit machine-readable onboarding report.
-
-## Write Safety
-
-- Refuse to overwrite existing files without explicit flag.
-- Use idempotent initialization where feasible.
-- Keep generated files grouped by feature intent, not random dump.
-
-## Anti-Patterns
-
-- Hidden writes without disclosure.
-- Interactive-only flow with no non-interactive equivalent.
-- Ambiguous defaults that vary by environment.
-
-## Review Checklist
-
-- [ ] Preflight checks are explicit and actionable.
-- [ ] Generated file set is deterministic.
-- [ ] Dry-run preview exists for init planning.
+# Init Flow
+
+Tier: ADVANCE
+
+Initialization commands must be deterministic, reversible where possible, and explicit about filesystem mutations.
+
+## Design Principles
+
+- Predictable output for identical input flags.
+- Safe defaults when users omit options.
+- Preflight summary before any file write.
+
+## Required Init Sequence
+
+1. Validate prerequisites (runtime, permissions, existing files).
+2. Resolve stack/profile/blueprint selection.
+3. Print write plan summary.
+4. Apply scaffold atomically.
+5. Emit machine-readable onboarding report.
+
+## Write Safety
+
+- Refuse to overwrite existing files without explicit flag.
+- Use idempotent initialization where feasible.
+- Keep generated files grouped by feature intent, not random dump.
+
+## Anti-Patterns
+
+- Hidden writes without disclosure.
+- Interactive-only flow with no non-interactive equivalent.
+- Ambiguous defaults that vary by environment.
+
+## Review Checklist
+
+- [ ] Preflight checks are explicit and actionable.
+- [ ] Generated file set is deterministic.
+- [ ] Dry-run preview exists for init planning.
 - [ ] Exit codes distinguish validation vs runtime failures.

package/.agent-context/skills/cli/output.md

@@ -1,36 +1,36 @@
-# Machine-Readable Output
-
-Tier: ADVANCE
-
-CLI output must support both human readability and automation reliability.
-
-## Output Contract
-
-- Human mode: concise narrative and actionable next steps.
-- JSON mode: deterministic schema, stable field names, and clear status.
-
-## JSON Schema Guidelines
-
-- Include `version`, `timestamp`, `status`, and `summary`.
-- Include `artifacts` list for produced files.
-- Include `errors` array with machine-readable codes.
-- Avoid embedding plain stack traces in public payloads.
-
-## Exit Code Conventions
-
-- `0`: success
-- `1`: validation or runtime failure
-- `2`: policy/gate failure
-
-## Determinism Rules
-
-- Stable key ordering where practical.
-- No random IDs unless explicitly requested.
-- Timestamps in ISO 8601 format.
-
-## Review Checklist
-
-- [ ] JSON output passes schema validation.
-- [ ] Exit codes match documented behavior.
-- [ ] Error payload includes code and remediation hint.
+# Machine-Readable Output
+
+Tier: ADVANCE
+
+CLI output must support both human readability and automation reliability.
+
+## Output Contract
+
+- Human mode: concise narrative and actionable next steps.
+- JSON mode: deterministic schema, stable field names, and clear status.
+
+## JSON Schema Guidelines
+
+- Include `version`, `timestamp`, `status`, and `summary`.
+- Include `artifacts` list for produced files.
+- Include `errors` array with machine-readable codes.
+- Avoid embedding plain stack traces in public payloads.
+
+## Exit Code Conventions
+
+- `0`: success
+- `1`: validation or runtime failure
+- `2`: policy/gate failure
+
+## Determinism Rules
+
+- Stable key ordering where practical.
+- No random IDs unless explicitly requested.
+- Timestamps in ISO 8601 format.
+
+## Review Checklist
+
+- [ ] JSON output passes schema validation.
+- [ ] Exit codes match documented behavior.
+- [ ] Error payload includes code and remediation hint.
 - [ ] Human output remains concise and useful.

package/.agent-context/skills/cli/safety-telemetry.md

@@ -0,0 +1,39 @@
+# Safety and Telemetry
+
+Tier: ADVANCE
+
+CLI safety telemetry captures operational signals that help maintainers detect drift, reduce onboarding failures, and enforce release quality.
+
+## Signal Categories
+
+Capture and review machine-readable CLI signals:
+
+- Validation and release-gate status.
+- Preflight failure categories.
+- Rollback trigger frequency.
+- Preset usage distribution across onboarding sessions.
+
+## Output Contract
+
+Telemetry reports should remain automation-friendly:
+
+- Stable JSON shape.
+- ISO timestamps.
+- Explicit status fields.
+- Actionable blocker summary.
+
+Human-facing logs can remain concise, but automation payloads should preserve full diagnostic details.
+
+## Governance Use Cases
+
+- Weekly maintainership report generation.
+- Detecting repeated onboarding failures caused by conflicting local files.
+- Tracking whether preset expansion improves adoption.
+- Confirming rollback operations remain low-frequency and controlled.
+
+## Review Checklist
+
+- [ ] Safety signals are emitted in machine-readable format.
+- [ ] Preset and failure telemetry are captured consistently.
+- [ ] Operational reports include blocker summaries.
+- [ ] Telemetry output is suitable for CI artifact upload.

package/.agent-context/skills/cli/upgrade.md

@@ -1,38 +1,38 @@
-# Upgrade Flow
-
-Tier: ADVANCE
-
-Upgrade commands must prioritize compatibility, transparency, and recovery.
-
-## Required Controls
-
-- Dry-run mode to preview changes.
-- Compatibility checks before mutation.
-- Backup or rollback path for critical files.
-
-## Upgrade Sequence
-
-1. Read current version and target version.
-2. Evaluate compatibility matrix.
-3. Produce migration plan (files to add/change/remove).
-4. Execute with transactional mindset.
-5. Emit post-upgrade report with changed artifacts.
-
-## Failure Handling
-
-- On partial failure, rollback modified artifacts or provide deterministic recovery instructions.
-- Never leave silent half-upgraded state.
-- Exit with explicit status code and structured error payload.
-
-## Anti-Patterns
-
-- In-place mutation without preview.
-- Version bump without migration note.
-- Breaking changes in minor release without contract guard.
-
-## Review Checklist
-
-- [ ] Dry-run output is complete and stable.
-- [ ] Upgrade report captures all changed files.
-- [ ] Rollback path is tested.
+# Upgrade Flow
+
+Tier: ADVANCE
+
+Upgrade commands must prioritize compatibility, transparency, and recovery.
+
+## Required Controls
+
+- Dry-run mode to preview changes.
+- Compatibility checks before mutation.
+- Backup or rollback path for critical files.
+
+## Upgrade Sequence
+
+1. Read current version and target version.
+2. Evaluate compatibility matrix.
+3. Produce migration plan (files to add/change/remove).
+4. Execute with transactional mindset.
+5. Emit post-upgrade report with changed artifacts.
+
+## Failure Handling
+
+- On partial failure, rollback modified artifacts or provide deterministic recovery instructions.
+- Never leave silent half-upgraded state.
+- Exit with explicit status code and structured error payload.
+
+## Anti-Patterns
+
+- In-place mutation without preview.
+- Version bump without migration note.
+- Breaking changes in minor release without contract guard.
+
+## Review Checklist
+
+- [ ] Dry-run output is complete and stable.
+- [ ] Upgrade report captures all changed files.
+- [ ] Rollback path is tested.
 - [ ] Compatibility failures block mutation.

package/.agent-context/skills/cli.md

@@ -1,29 +1,32 @@
-# CLI Skill Pack
-
-Default tier: `advance`
-
-## Purpose
-Create smart command-line workflows that guide users efficiently and safely.
-
-## In Scope
-- Interactive initialization and upgrade flows
-- Safe defaults and confirmation steps
-- Machine-readable output for automation
-- Validation and self-healing hooks
-- Cross-platform shell behavior
-
-## Must-Have Checks
-- Explicit command help and examples
-- Deterministic output format for automation
-- Safe destructive-action guards
-- Validation before mutation
-- Exit codes reflect success and failure clearly
-
-## Evidence
-- CLI smoke tests
-- Machine-readable report output
-- Upgrade dry-run output
-- Cross-platform execution notes
-
-## Fallback
+# CLI Skill Pack
+
+Default tier: `advance`
+
+## Purpose
+Create smart command-line workflows that guide users efficiently and safely.
+
+## In Scope
+- Interactive initialization and upgrade flows
+- Safe defaults and confirmation steps
+- Machine-readable output for automation
+- Validation and self-healing hooks
+- Cross-platform shell behavior
+- Preset ergonomics and operational telemetry outputs
+
+## Must-Have Checks
+- Explicit command help and examples
+- Deterministic output format for automation
+- Safe destructive-action guards
+- Validation before mutation
+- Exit codes reflect success and failure clearly
+- Preset catalog remains discoverable and tested in smoke tests
+
+## Evidence
+- CLI smoke tests
+- Machine-readable report output
+- Upgrade dry-run output
+- Cross-platform execution notes
+- Weekly governance report references CLI trust tier and release posture
+
+## Fallback
 - Standard mode can remain available for compatibility, but advance is the default user experience.

package/.agent-context/skills/distribution/.evidence/compatibility-manifest.json

@@ -0,0 +1,9 @@
+{
+  "schemaVersion": "compatibility-manifest-v1",
+  "artifactType": "skill-domain-evidence",
+  "domain": "distribution",
+  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
+  "nodeMin": "18",
+  "platforms": ["windows", "linux", "macos"],
+  "validatedAt": "2026-04-11T12:00:00Z"
+}

package/.agent-context/skills/distribution/.evidence/sbom-excerpt.json

@@ -0,0 +1,6 @@
+{
+  "format": "cyclonedx",
+  "component": "@agentic-skills/distribution",
+  "version": "1.0.0",
+  "dependencies": []
+}

package/.agent-context/skills/distribution/.evidence/test-report.json

@@ -0,0 +1,8 @@
+{
+  "passed": true,
+  "total": 14,
+  "failed": 0,
+  "skipped": 0,
+  "durationMs": 1300,
+  "lastRun": "2026-04-11T12:00:00Z"
+}

package/.agent-context/skills/distribution/CHANGELOG.md

@@ -0,0 +1,7 @@
+---
+tier: production
+---
+# Changelog
+## 1.0.0
+- Expanded distribution skill depth with provenance attestation guidance.
+- Added evidence bundle metadata for trust-tier verification.

package/.agent-context/skills/distribution/README.md

@@ -1,19 +1,27 @@
-# Distribution Engineering Skills
-
-Default tier: `expert`
-
-This domain governs release packaging, compatibility policy, and rollback readiness.
-
-## Topics
-- [Publish Hygiene](publish.md) - Package integrity, provenance, and release evidence
-- [Rollback](rollback.md) - Recovery-first release operations
-- [Compatibility](compatibility.md) - Runtime/tooling support policy and guardrails
-
-## Operating Model
-- Use `expert` as the default distribution tier.
-- Block release if rollback and compatibility guarantees are not verified.
-
-## Above-Line Additions
-- Release gates tied to benchmark and compatibility checks.
-- Supply-chain artifacts (SBOM/provenance) as first-class outputs.
-- Explicit rollback drills before critical releases.
+# Distribution Engineering Skills
+
+Default tier: `expert`
+
+This domain governs release packaging, compatibility policy, and rollback readiness.
+
+## Topics
+- [Publish Hygiene](publish.md) - Package integrity, provenance, and release evidence
+- [Rollback](rollback.md) - Recovery-first release operations
+- [Compatibility](compatibility.md) - Runtime/tooling support policy and guardrails
+- [Provenance Attestation](provenance-attestation.md) - SBOM linkage, artifact identity, and maintainership traceability
+
+## Operating Model
+- Use `expert` as the default distribution tier.
+- Block release if rollback and compatibility guarantees are not verified.
+
+## Above-Line Additions
+- Release gates tied to benchmark and compatibility checks.
+- Supply-chain artifacts (SBOM/provenance) as first-class outputs.
+- Explicit rollback drills before critical releases.
+
+## Usage Example
+
+```bash
+npm run gate:release
+npm run report:governance-weekly
+```

package/.agent-context/skills/distribution/compatibility-manifest.json

@@ -1,8 +1,8 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "distribution",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}
+{
+  "schemaVersion": "compatibility-manifest-v1",
+  "artifactType": "skill-domain",
+  "domain": "distribution",
+  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
+  "nodeMin": "18",
+  "platforms": ["windows", "linux", "macos"]
+}

package/.agent-context/skills/distribution/compatibility.md

@@ -1,32 +1,32 @@
-# Compatibility
-
-Tier: ADVANCE
-
-Compatibility policy prevents shipping builds that break on supported runtimes or tooling ecosystems.
-
-## Compatibility Matrix
-
-Define supported combinations explicitly:
-- Runtime versions (Node, Python, Java, etc.)
-- OS/platform scope
-- IDE/editor integration versions
-- Dependency constraints
-
-## Gate Strategy
-
-- Validate package against supported runtime matrix in CI.
-- Block release on unsupported runtime regressions.
-- Mark deprecated support windows and removal timeline.
-
-## Breaking Change Protocol
-
-- Major version for incompatible behavior.
-- Migration notes for changed defaults.
-- Transitional compatibility period when feasible.
-
-## Review Checklist
-
-- [ ] Supported runtime matrix is current and tested.
-- [ ] Incompatible changes are versioned correctly.
-- [ ] Migration notes exist for user-impacting changes.
+# Compatibility
+
+Tier: ADVANCE
+
+Compatibility policy prevents shipping builds that break on supported runtimes or tooling ecosystems.
+
+## Compatibility Matrix
+
+Define supported combinations explicitly:
+- Runtime versions (Node, Python, Java, etc.)
+- OS/platform scope
+- IDE/editor integration versions
+- Dependency constraints
+
+## Gate Strategy
+
+- Validate package against supported runtime matrix in CI.
+- Block release on unsupported runtime regressions.
+- Mark deprecated support windows and removal timeline.
+
+## Breaking Change Protocol
+
+- Major version for incompatible behavior.
+- Migration notes for changed defaults.
+- Transitional compatibility period when feasible.
+
+## Review Checklist
+
+- [ ] Supported runtime matrix is current and tested.
+- [ ] Incompatible changes are versioned correctly.
+- [ ] Migration notes exist for user-impacting changes.
 - [ ] CI verifies compatibility before publish.

package/.agent-context/skills/distribution/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "@agentic-skills/distribution",
+  "version": "1.0.0",
+  "author": "agentic"
+}

package/.agent-context/skills/distribution/provenance-attestation.md

@@ -0,0 +1,47 @@
+# Provenance Attestation
+
+Tier: EXPERT
+
+Provenance attestation links shipped artifacts to source commits, policy gates, and maintainer intent so releases remain auditable.
+
+## Attestation Requirements
+
+Every release artifact should be traceable to:
+
+- Source commit SHA.
+- Versioned changelog entry.
+- Gate evidence (release gate, benchmark, security checks).
+- Maintainer identity and release timestamp.
+
+## Artifact Chain
+
+Maintain a simple provenance chain:
+
+1. Build artifact from tagged commit.
+2. Generate SBOM and integrity digest.
+3. Attach gate output artifacts.
+4. Publish with immutable version metadata.
+
+If any step is missing, release should be blocked until evidence is complete.
+
+## Tamper-Resistance Controls
+
+- Avoid manual artifact replacement outside CI path.
+- Keep checksums in release notes or signed metadata.
+- Enforce immutable package versions after publish.
+- Store audit artifacts with retention policy.
+
+## Operational Review
+
+At weekly cadence, review provenance quality:
+
+- Are all recent releases traceable end to end?
+- Were any gates bypassed or manually overridden?
+- Are SBOM and compatibility manifests synchronized?
+
+## Review Checklist
+
+- [ ] Source commit and version metadata are linked.
+- [ ] SBOM and checksum artifacts are attached.
+- [ ] Gate evidence is complete and timestamped.
+- [ ] No unsigned or out-of-band artifact replacement occurred.

package/.agent-context/skills/distribution/publish.md

@@ -1,37 +1,37 @@
-# Publish Hygiene
-
-Tier: EXPERT
-
-Publishing should be repeatable, auditable, and minimal in surface area.
-
-## Pre-Publish Gates
-
-- Validate package contents and metadata.
-- Run tests and policy validators.
-- Confirm version/changelog consistency.
-- Generate SBOM and provenance artifacts.
-
-## Package Surface Control
-
-- Use explicit allow-list for publish files.
-- Exclude internal scripts, test fixtures, and local configs.
-- Verify CLI entry points and executable permissions.
-
-## Ownership and Provenance
-
-- Ensure publisher identity is controlled.
-- Record commit SHA and release timestamp.
-- Attach generated reports (gate, benchmark, SBOM) to release artifacts.
-
-## Failure Policy
-
-- Abort publish on failing quality gate.
-- Abort publish on unresolved high-severity security findings.
-- Abort publish on missing changelog entry.
-
-## Review Checklist
-
-- [ ] Package contents match expected release manifest.
-- [ ] Quality and security gates passed.
-- [ ] Version and changelog are aligned.
+# Publish Hygiene
+
+Tier: EXPERT
+
+Publishing should be repeatable, auditable, and minimal in surface area.
+
+## Pre-Publish Gates
+
+- Validate package contents and metadata.
+- Run tests and policy validators.
+- Confirm version/changelog consistency.
+- Generate SBOM and provenance artifacts.
+
+## Package Surface Control
+
+- Use explicit allow-list for publish files.
+- Exclude internal scripts, test fixtures, and local configs.
+- Verify CLI entry points and executable permissions.
+
+## Ownership and Provenance
+
+- Ensure publisher identity is controlled.
+- Record commit SHA and release timestamp.
+- Attach generated reports (gate, benchmark, SBOM) to release artifacts.
+
+## Failure Policy
+
+- Abort publish on failing quality gate.
+- Abort publish on unresolved high-severity security findings.
+- Abort publish on missing changelog entry.
+
+## Review Checklist
+
+- [ ] Package contents match expected release manifest.
+- [ ] Quality and security gates passed.
+- [ ] Version and changelog are aligned.
 - [ ] Provenance artifacts are generated and stored.