@ryuenn3123/agentic-senior-core 2.0.5 → 2.0.7

package/.agent-context/skills/index.json

@@ -1,107 +1,107 @@
-{
-  "defaultTier": "advance",
-  "tiers": [
-    {
-      "name": "standard",
-      "description": "Compatibility fallback only"
-    },
-    {
-      "name": "advance",
-      "description": "Default operating tier"
-    },
-    {
-      "name": "expert",
-      "description": "Complex architecture and integration"
-    },
-    {
-      "name": "above",
-      "description": "Release-critical enterprise governance"
-    }
-  ],
-  "domains": {
-    "frontend": {
-      "name": "frontend",
-      "displayName": "Frontend",
-      "description": "Unified frontend delivery covering UI architecture, motion, accessibility, and conversion clarity.",
-      "defaultTier": "advance",
-      "defaultPackFileName": "frontend.md",
-      "evidence": "Frontend usability audit, accessibility checks, and visual regression output.",
-      "tierToPackFileNames": {
-        "standard": "frontend.md",
-        "advance": "frontend.md",
-        "expert": "frontend.md",
-        "above": "frontend.md"
-      }
-    },
-    "backend": {
-      "name": "backend",
-      "displayName": "Backend",
-      "description": "Backend delivery with strict layer separation, validation, and safe data access.",
-      "defaultTier": "advance",
-      "defaultPackFileName": "backend.md",
-      "evidence": "Unit tests, API contracts, and release gate output.",
-      "tierToPackFileNames": {
-        "standard": "backend.md",
-        "advance": "backend.md",
-        "expert": "backend.md",
-        "above": "backend.md"
-      }
-    },
-    "fullstack": {
-      "name": "fullstack",
-      "displayName": "Fullstack",
-      "description": "Single-path product delivery across frontend and backend boundaries.",
-      "defaultTier": "advance",
-      "defaultPackFileName": "fullstack.md",
-      "evidence": "End-to-end tests, contract validation, and feature parity review.",
-      "tierToPackFileNames": {
-        "standard": "fullstack.md",
-        "advance": "fullstack.md",
-        "expert": "fullstack.md",
-        "above": "fullstack.md"
-      }
-    },
-    "cli": {
-      "name": "cli",
-      "displayName": "CLI",
-      "description": "Smart command-line delivery with safe defaults, machine-readable output, and upgrade flows.",
-      "defaultTier": "advance",
-      "defaultPackFileName": "cli.md",
-      "evidence": "CLI smoke tests, dry-run output, and automation-friendly reports.",
-      "tierToPackFileNames": {
-        "standard": "cli.md",
-        "advance": "cli.md",
-        "expert": "cli.md",
-        "above": "cli.md"
-      }
-    },
-    "distribution": {
-      "name": "distribution",
-      "displayName": "Distribution",
-      "description": "Package safety, rollback, compatibility, and release hygiene.",
-      "defaultTier": "expert",
-      "defaultPackFileName": "distribution.md",
-      "evidence": "Install validation, rollback verification, and publish dry-run logs.",
-      "tierToPackFileNames": {
-        "standard": "distribution.md",
-        "advance": "distribution.md",
-        "expert": "distribution.md",
-        "above": "distribution.md"
-      }
-    },
-    "review-quality": {
-      "name": "review-quality",
-      "displayName": "Review Quality",
-      "description": "Planning, review, benchmark, and security discipline for every change.",
-      "defaultTier": "expert",
-      "defaultPackFileName": "review-quality.md",
-      "evidence": "PR review output, benchmark report, and security audit results.",
-      "tierToPackFileNames": {
-        "standard": "review-quality.md",
-        "advance": "review-quality.md",
-        "expert": "review-quality.md",
-        "above": "review-quality.md"
-      }
-    }
-  }
-}
+{
+  "defaultTier": "advance",
+  "tiers": [
+    {
+      "name": "standard",
+      "description": "Compatibility fallback only"
+    },
+    {
+      "name": "advance",
+      "description": "Default operating tier"
+    },
+    {
+      "name": "expert",
+      "description": "Complex architecture and integration"
+    },
+    {
+      "name": "above",
+      "description": "Release-critical enterprise governance"
+    }
+  ],
+  "domains": {
+    "frontend": {
+      "name": "frontend",
+      "displayName": "Frontend",
+      "description": "Unified frontend delivery covering UI architecture, motion, accessibility, and conversion clarity.",
+      "defaultTier": "advance",
+      "defaultPackFileName": "frontend.md",
+      "evidence": "Frontend usability audit, accessibility checks, and visual regression output.",
+      "tierToPackFileNames": {
+        "standard": "frontend.md",
+        "advance": "frontend.md",
+        "expert": "frontend.md",
+        "above": "frontend.md"
+      }
+    },
+    "backend": {
+      "name": "backend",
+      "displayName": "Backend",
+      "description": "Backend delivery with strict layer separation, validation, and safe data access.",
+      "defaultTier": "advance",
+      "defaultPackFileName": "backend.md",
+      "evidence": "Unit tests, API contracts, and release gate output.",
+      "tierToPackFileNames": {
+        "standard": "backend.md",
+        "advance": "backend.md",
+        "expert": "backend.md",
+        "above": "backend.md"
+      }
+    },
+    "fullstack": {
+      "name": "fullstack",
+      "displayName": "Fullstack",
+      "description": "Single-path product delivery across frontend and backend boundaries.",
+      "defaultTier": "advance",
+      "defaultPackFileName": "fullstack.md",
+      "evidence": "End-to-end tests, contract validation, and feature parity review.",
+      "tierToPackFileNames": {
+        "standard": "fullstack.md",
+        "advance": "fullstack.md",
+        "expert": "fullstack.md",
+        "above": "fullstack.md"
+      }
+    },
+    "cli": {
+      "name": "cli",
+      "displayName": "CLI",
+      "description": "Smart command-line delivery with safe defaults, machine-readable output, and upgrade flows.",
+      "defaultTier": "advance",
+      "defaultPackFileName": "cli.md",
+      "evidence": "CLI smoke tests, dry-run output, and automation-friendly reports.",
+      "tierToPackFileNames": {
+        "standard": "cli.md",
+        "advance": "cli.md",
+        "expert": "cli.md",
+        "above": "cli.md"
+      }
+    },
+    "distribution": {
+      "name": "distribution",
+      "displayName": "Distribution",
+      "description": "Package safety, rollback, compatibility, and release hygiene.",
+      "defaultTier": "expert",
+      "defaultPackFileName": "distribution.md",
+      "evidence": "Install validation, rollback verification, and publish dry-run logs.",
+      "tierToPackFileNames": {
+        "standard": "distribution.md",
+        "advance": "distribution.md",
+        "expert": "distribution.md",
+        "above": "distribution.md"
+      }
+    },
+    "review-quality": {
+      "name": "review-quality",
+      "displayName": "Review Quality",
+      "description": "Planning, review, benchmark, and security discipline for every change.",
+      "defaultTier": "expert",
+      "defaultPackFileName": "review-quality.md",
+      "evidence": "PR review output, benchmark report, and security audit results.",
+      "tierToPackFileNames": {
+        "standard": "review-quality.md",
+        "advance": "review-quality.md",
+        "expert": "review-quality.md",
+        "above": "review-quality.md"
+      }
+    }
+  }
+}

package/.agent-context/skills/review-quality/.evidence/compatibility-manifest.json

@@ -0,0 +1,9 @@
+{
+  "schemaVersion": "compatibility-manifest-v1",
+  "artifactType": "skill-domain-evidence",
+  "domain": "review-quality",
+  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
+  "nodeMin": "18",
+  "platforms": ["windows", "linux", "macos"],
+  "validatedAt": "2026-04-11T12:00:00Z"
+}

package/.agent-context/skills/review-quality/.evidence/sbom-excerpt.json

@@ -0,0 +1,6 @@
+{
+  "format": "cyclonedx",
+  "component": "@agentic-skills/review-quality",
+  "version": "1.0.0",
+  "dependencies": []
+}

package/.agent-context/skills/review-quality/.evidence/test-report.json

@@ -0,0 +1,8 @@
+{
+  "passed": true,
+  "total": 15,
+  "failed": 0,
+  "skipped": 0,
+  "durationMs": 1400,
+  "lastRun": "2026-04-11T12:00:00Z"
+}

package/.agent-context/skills/review-quality/CHANGELOG.md

@@ -0,0 +1,7 @@
+---
+tier: production
+---
+# Changelog
+## 1.0.0
+- Expanded review-quality skill depth with release decisioning guidance.
+- Added evidence bundle metadata for trust-tier verification.

package/.agent-context/skills/review-quality/README.md

@@ -1,19 +1,27 @@
-# Review Quality Skills
-
-Default tier: `expert`
-
-This domain formalizes review quality across planning discipline, security enforcement, and benchmark-driven decision making.
-
-## Topics
-- [Planning](planning.md) - Plan quality, scope control, and change strategy
-- [Security](security.md) - Critical vulnerability policy and boundary safeguards
-- [Benchmarking](benchmark.md) - Regression detection and evidence-based comparison
-
-## Operating Model
-- Use `expert` for standard review workflows.
-- Escalate to `above` for release-critical or governance-sensitive changes.
-
-## Above-Line Additions
-- Security halt protocol for critical findings.
-- Benchmark gate thresholds integrated in CI.
-- Review evidence bundle for auditability.
+# Review Quality Skills
+
+Default tier: `expert`
+
+This domain formalizes review quality across planning discipline, security enforcement, and benchmark-driven decision making.
+
+## Topics
+- [Planning](planning.md) - Plan quality, scope control, and change strategy
+- [Security](security.md) - Critical vulnerability policy and boundary safeguards
+- [Benchmarking](benchmark.md) - Regression detection and evidence-based comparison
+- [Release Decisioning](release-decision.md) - Explicit readiness verdicts, blocker ownership, and escalation logic
+
+## Operating Model
+- Use `expert` for standard review workflows.
+- Escalate to `above` for release-critical or governance-sensitive changes.
+
+## Above-Line Additions
+- Security halt protocol for critical findings.
+- Benchmark gate thresholds integrated in CI.
+- Review evidence bundle for auditability.
+
+## Usage Example
+
+```bash
+node ./scripts/governance-weekly-report.mjs
+node ./scripts/release-gate.mjs
+```

package/.agent-context/skills/review-quality/benchmark.md

@@ -1,30 +1,30 @@
-# Benchmarking
-
-Tier: ADVANCE
-
-Benchmarking should guide release decisions with measurable evidence rather than anecdotal impressions.
-
-## Benchmark Inputs
-
-- Baseline benchmark snapshot.
-- Current candidate benchmark output.
-- Threshold policy for acceptable deltas.
-
-## Evaluation Rules
-
-- Treat regressions above threshold as release blockers.
-- Require owner assignment for all negative deltas.
-- Re-run benchmark after remediation to verify recovery.
-
-## Reporting Standard
-
-- Include benchmark summary in release bundle.
-- Keep machine-readable JSON output for automation.
-- Track trend over time, not only single-run status.
-
-## Review Checklist
-
-- [ ] Baseline and current benchmark are comparable.
-- [ ] Threshold policy is applied consistently.
-- [ ] Regressions have owner and due date.
+# Benchmarking
+
+Tier: ADVANCE
+
+Benchmarking should guide release decisions with measurable evidence rather than anecdotal impressions.
+
+## Benchmark Inputs
+
+- Baseline benchmark snapshot.
+- Current candidate benchmark output.
+- Threshold policy for acceptable deltas.
+
+## Evaluation Rules
+
+- Treat regressions above threshold as release blockers.
+- Require owner assignment for all negative deltas.
+- Re-run benchmark after remediation to verify recovery.
+
+## Reporting Standard
+
+- Include benchmark summary in release bundle.
+- Keep machine-readable JSON output for automation.
+- Track trend over time, not only single-run status.
+
+## Review Checklist
+
+- [ ] Baseline and current benchmark are comparable.
+- [ ] Threshold policy is applied consistently.
+- [ ] Regressions have owner and due date.
 - [ ] Reports are archived for audit trail.

package/.agent-context/skills/review-quality/compatibility-manifest.json

@@ -1,8 +1,8 @@
-{
-  "schemaVersion": "compatibility-manifest-v1",
-  "artifactType": "skill-domain",
-  "domain": "review-quality",
-  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
-  "nodeMin": "18",
-  "platforms": ["windows", "linux", "macos"]
-}
+{
+  "schemaVersion": "compatibility-manifest-v1",
+  "artifactType": "skill-domain",
+  "domain": "review-quality",
+  "ides": ["cursor", "windsurf", "copilot", "gemini", "claude", "codex", "cline"],
+  "nodeMin": "18",
+  "platforms": ["windows", "linux", "macos"]
+}

package/.agent-context/skills/review-quality/package.json

@@ -0,0 +1,5 @@
+{
+  "name": "@agentic-skills/review-quality",
+  "version": "1.0.0",
+  "author": "agentic"
+}

package/.agent-context/skills/review-quality/planning.md

@@ -1,38 +1,38 @@
-# Planning
-
-Tier: EXPERT
-
-Planning quality determines implementation quality. Non-trivial work should start with a scoped, testable plan.
-
-## Planning Standard
-
-- Define objective, scope, and non-goals.
-- Identify architecture boundaries affected.
-- Document risk, rollback, and validation strategy.
-- Break work into reviewable increments.
-
-## Required Plan Artifacts
-
-- Implementation steps with expected output.
-- File impact map.
-- Test strategy and acceptance criteria.
-- Migration notes if behavior changes.
-
-## Scope Control
-
-- Avoid unrelated refactors in feature commits.
-- Split high-risk work into isolated checkpoints.
-- Preserve public API compatibility unless explicitly versioned.
-
-## Evidence Discipline
-
-- Attach command output for validation and test evidence.
-- Keep assumption logs explicit so reviewers can challenge unknowns early.
-- Ensure rollback path is documented before implementation starts.
-
-## Review Checklist
-
-- [ ] Plan includes explicit success criteria.
-- [ ] Risks and mitigations are documented.
-- [ ] Validation commands are defined.
+# Planning
+
+Tier: EXPERT
+
+Planning quality determines implementation quality. Non-trivial work should start with a scoped, testable plan.
+
+## Planning Standard
+
+- Define objective, scope, and non-goals.
+- Identify architecture boundaries affected.
+- Document risk, rollback, and validation strategy.
+- Break work into reviewable increments.
+
+## Required Plan Artifacts
+
+- Implementation steps with expected output.
+- File impact map.
+- Test strategy and acceptance criteria.
+- Migration notes if behavior changes.
+
+## Scope Control
+
+- Avoid unrelated refactors in feature commits.
+- Split high-risk work into isolated checkpoints.
+- Preserve public API compatibility unless explicitly versioned.
+
+## Evidence Discipline
+
+- Attach command output for validation and test evidence.
+- Keep assumption logs explicit so reviewers can challenge unknowns early.
+- Ensure rollback path is documented before implementation starts.
+
+## Review Checklist
+
+- [ ] Plan includes explicit success criteria.
+- [ ] Risks and mitigations are documented.
+- [ ] Validation commands are defined.
 - [ ] Scope remains aligned with original objective.

package/.agent-context/skills/review-quality/release-decision.md

@@ -0,0 +1,49 @@
+# Release Decisioning
+
+Tier: EXPERT
+
+Release decisioning converts technical signals into explicit ship, hold, or rollback recommendations with ownership.
+
+## Decision Inputs
+
+Use a standardized input set for every release review:
+
+- Validation and test status.
+- Release gate and forbidden-content status.
+- Benchmark and quality trend posture.
+- Security and architecture findings.
+- Trust-tier posture for required skill domains.
+
+## Decision Outcomes
+
+Each review must conclude with one outcome:
+
+- Ship: all mandatory gates pass and no unresolved critical findings.
+- Hold: one or more blockers remain unresolved.
+- Rollback: post-release signal confirms unacceptable risk or regression.
+
+## Blocker Policy
+
+A blocker record needs:
+
+- Title and category.
+- Owner and deadline.
+- User impact statement.
+- Mitigation and validation command.
+
+No blocker should remain in implicit or undocumented state.
+
+## Escalation Rules
+
+Escalate to maintainers immediately when:
+
+- Critical security issue is detected.
+- Gate output becomes inconsistent across environments.
+- Rollback readiness cannot be proven.
+
+## Review Checklist
+
+- [ ] Decision outcome is explicit (ship/hold/rollback).
+- [ ] Blockers include owner and due date.
+- [ ] Validation evidence is attached to decision log.
+- [ ] Escalation happened for critical unresolved risks.

package/.agent-context/skills/review-quality/security.md

@@ -1,34 +1,34 @@
-# Security
-
-Tier: EXPERT
-
-Security review is a release gate. Critical vulnerabilities must halt feature rollout until resolved.
-
-## Security Halt Policy
-
-Immediately block release when any of the following are present:
-- Hardcoded credentials or tokens.
-- Injection vulnerabilities (SQL/command/template).
-- Authentication or authorization bypass.
-- Unvalidated external input entering privileged paths.
-
-## Boundary Safeguards
-
-- Validate external input at transport boundary.
-- Enforce parameterized queries.
-- Limit privilege scope for runtime credentials.
-- Keep secrets in approved secret stores.
-
-## Review Expectations
-
-- Threat model relevant attack surfaces.
-- Verify dependency vulnerability posture.
-- Confirm error messages do not leak sensitive internals.
-- Confirm audit logs exist for security-sensitive actions.
-
-## Review Checklist
-
-- [ ] No critical vulnerability remains open.
-- [ ] Input and output boundaries are validated.
-- [ ] Secret handling follows policy.
+# Security
+
+Tier: EXPERT
+
+Security review is a release gate. Critical vulnerabilities must halt feature rollout until resolved.
+
+## Security Halt Policy
+
+Immediately block release when any of the following are present:
+- Hardcoded credentials or tokens.
+- Injection vulnerabilities (SQL/command/template).
+- Authentication or authorization bypass.
+- Unvalidated external input entering privileged paths.
+
+## Boundary Safeguards
+
+- Validate external input at transport boundary.
+- Enforce parameterized queries.
+- Limit privilege scope for runtime credentials.
+- Keep secrets in approved secret stores.
+
+## Review Expectations
+
+- Threat model relevant attack surfaces.
+- Verify dependency vulnerability posture.
+- Confirm error messages do not leak sensitive internals.
+- Confirm audit logs exist for security-sensitive actions.
+
+## Review Checklist
+
+- [ ] No critical vulnerability remains open.
+- [ ] Input and output boundaries are validated.
+- [ ] Secret handling follows policy.
 - [ ] Least-privilege access is enforced.

package/.agent-context/skills/review-quality/tests/.gitkeep

@@ -0,0 +1 @@
+# Review-quality skill test fixtures placeholder

package/.agent-context/skills/review-quality.md

@@ -1,28 +1,31 @@
-# Review Quality Skill Pack
-
-Default tier: `expert`
-
-## Purpose
-Turn code review, planning, and benchmark output into explicit quality decisions.
-
-## In Scope
-- Plan-first workflows
-- Reviewer self-critique
-- Benchmark interpretation
-- Security and architecture audits
-- Evidence-driven approval
-
-## Must-Have Checks
-- Every rejection includes a reason and a fix
-- Every approval includes evidence
-- Benchmark deltas are explicit
-- Security findings stop release when critical
-
-## Evidence
-- PR review report
-- Security audit output
-- Benchmark report
-- Approval or rejection rationale
-
-## Fallback
+# Review Quality Skill Pack
+
+Default tier: `expert`
+
+## Purpose
+Turn code review, planning, and benchmark output into explicit quality decisions.
+
+## In Scope
+- Plan-first workflows
+- Reviewer self-critique
+- Benchmark interpretation
+- Security and architecture audits
+- Evidence-driven approval
+- Explicit release decisions with blocker tracking and ownership
+
+## Must-Have Checks
+- Every rejection includes a reason and a fix
+- Every approval includes evidence
+- Benchmark deltas are explicit
+- Security findings stop release when critical
+- Release readiness verdict includes blockers, owner, and due date
+
+## Evidence
+- PR review report
+- Security audit output
+- Benchmark report
+- Approval or rejection rationale
+- Weekly governance report and release readiness summary
+
+## Fallback
 - Standard mode can be used only for low-risk maintenance and still requires written evidence.