bmad-module-skill-forge 0.10.0 → 1.0.0-rc.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (269) hide show
  1. package/.claude-plugin/marketplace.json +56 -0
  2. package/.gitattributes +16 -0
  3. package/README.md +105 -38
  4. package/docs/404.md +13 -10
  5. package/docs/RELEASING.md +616 -0
  6. package/docs/STABILITY.md +123 -0
  7. package/docs/_data/pinned.yaml +98 -0
  8. package/docs/agents.md +16 -11
  9. package/docs/architecture.md +221 -0
  10. package/docs/bmad-synergy.md +11 -13
  11. package/docs/concepts.md +18 -108
  12. package/docs/examples.md +121 -80
  13. package/docs/getting-started.md +85 -147
  14. package/docs/how-it-works.md +25 -536
  15. package/docs/index.md +44 -27
  16. package/docs/skill-model.md +328 -0
  17. package/docs/troubleshooting.md +39 -0
  18. package/docs/verifying-a-skill.md +232 -0
  19. package/docs/why-skf.md +93 -0
  20. package/docs/workflows.md +119 -13
  21. package/package.json +30 -9
  22. package/release-audits/v1.0.0-launch-audit.md +207 -0
  23. package/src/README.md +23 -25
  24. package/src/forger/forge-tier.yaml +4 -2
  25. package/src/forger/preferences.yaml +7 -1
  26. package/src/knowledge/agentskills-spec.md +1 -1
  27. package/src/knowledge/architecture-verification.md +1 -1
  28. package/src/knowledge/ccc-bridge.md +16 -15
  29. package/src/knowledge/overview.md +11 -11
  30. package/src/knowledge/progressive-capability.md +3 -3
  31. package/src/knowledge/provenance-tracking.md +9 -3
  32. package/src/knowledge/qmd-registry.md +8 -8
  33. package/src/knowledge/skf-knowledge-index.csv +2 -2
  34. package/src/knowledge/skill-lifecycle.md +16 -1
  35. package/src/knowledge/split-body-strategy.md +1 -1
  36. package/src/knowledge/version-paths.md +17 -12
  37. package/src/module-help.csv +18 -17
  38. package/src/shared/health-check.md +372 -0
  39. package/src/shared/references/feasibility-report-schema.md +86 -0
  40. package/src/shared/references/headless-gate-convention.md +62 -0
  41. package/src/shared/references/output-contract-schema.md +35 -0
  42. package/src/shared/references/pipeline-contracts.md +102 -0
  43. package/src/shared/scripts/skf-atomic-write.py +370 -0
  44. package/src/shared/scripts/skf-manifest-ops.py +236 -0
  45. package/src/shared/scripts/skf-preflight.py +164 -0
  46. package/src/shared/scripts/skf-rebuild-managed-sections.py +201 -0
  47. package/src/shared/scripts/skf-severity-classify.py +163 -0
  48. package/src/shared/scripts/skf-skill-inventory.py +210 -0
  49. package/src/shared/scripts/skf-structural-diff.py +257 -0
  50. package/src/shared/scripts/skf-validate-frontmatter.py +318 -0
  51. package/src/shared/scripts/skf-validate-output.py +247 -0
  52. package/src/skf-analyze-source/SKILL.md +57 -0
  53. package/src/skf-analyze-source/assets/skill-brief-schema.md +125 -0
  54. package/src/skf-analyze-source/references/unit-detection-heuristics.md +124 -0
  55. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-01-init.md +6 -66
  56. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-01b-continue.md +4 -59
  57. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-02-scan-project.md +7 -68
  58. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-03-identify-units.md +6 -66
  59. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-04-map-and-detect.md +7 -68
  60. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-05-recommend.md +6 -66
  61. package/src/{workflows/analyze-source → skf-analyze-source}/steps-c/step-06-generate-briefs.md +14 -71
  62. package/src/skf-analyze-source/steps-c/step-07-health-check.md +22 -0
  63. package/src/skf-audit-skill/SKILL.md +59 -0
  64. package/src/{workflows/audit-skill/data → skf-audit-skill/assets}/drift-report-template.md +7 -7
  65. package/src/{workflows/audit-skill/data → skf-audit-skill/references}/severity-rules.md +11 -11
  66. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-01-init.md +24 -68
  67. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-02-re-index.md +36 -71
  68. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-03-structural-diff.md +21 -63
  69. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-04-semantic-diff.md +6 -65
  70. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-05-severity-classify.md +5 -63
  71. package/src/{workflows/audit-skill → skf-audit-skill}/steps-c/step-06-report.md +10 -64
  72. package/src/skf-audit-skill/steps-c/step-07-health-check.md +22 -0
  73. package/src/skf-brief-skill/SKILL.md +53 -0
  74. package/src/{workflows/brief-skill/data → skf-brief-skill/assets}/scope-templates.md +23 -0
  75. package/src/skf-brief-skill/assets/skill-brief-schema.md +206 -0
  76. package/src/{workflows/brief-skill → skf-brief-skill}/steps-c/step-01-gather-intent.md +6 -67
  77. package/src/{workflows/brief-skill → skf-brief-skill}/steps-c/step-02-analyze-target.md +6 -66
  78. package/src/{workflows/brief-skill → skf-brief-skill}/steps-c/step-03-scope-definition.md +12 -68
  79. package/src/{workflows/brief-skill → skf-brief-skill}/steps-c/step-04-confirm-brief.md +5 -63
  80. package/src/{workflows/brief-skill → skf-brief-skill}/steps-c/step-05-write-brief.md +10 -70
  81. package/src/skf-brief-skill/steps-c/step-06-health-check.md +22 -0
  82. package/src/skf-create-skill/SKILL.md +63 -0
  83. package/src/{workflows/create-skill/data → skf-create-skill/assets}/compile-assembly-rules.md +60 -0
  84. package/src/{workflows/create-skill/data → skf-create-skill/assets}/skill-sections.md +92 -23
  85. package/src/skf-create-skill/assets/tessl-dismissal-rules.md +102 -0
  86. package/src/{workflows/create-skill/data → skf-create-skill/references}/extraction-patterns-tracing.md +13 -13
  87. package/src/{workflows/create-skill/data → skf-create-skill/references}/extraction-patterns.md +8 -3
  88. package/src/skf-create-skill/references/source-resolution-protocols.md +239 -0
  89. package/src/{workflows/create-skill/data → skf-create-skill/references}/tier-degradation-rules.md +8 -7
  90. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-01-load-brief.md +25 -63
  91. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-02-ecosystem-check.md +8 -64
  92. package/src/skf-create-skill/steps-c/step-03-extract.md +379 -0
  93. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-03d-component-extraction.md +18 -35
  94. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-04-enrich.md +12 -69
  95. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-05-compile.md +71 -75
  96. package/src/skf-create-skill/steps-c/step-06-validate.md +267 -0
  97. package/src/{workflows/create-skill → skf-create-skill}/steps-c/step-07-generate-artifacts.md +30 -74
  98. package/src/skf-create-skill/steps-c/step-08-report.md +145 -0
  99. package/src/skf-create-skill/steps-c/step-09-health-check.md +23 -0
  100. package/src/{workflows/create-skill/steps-c → skf-create-skill/steps-c/sub}/step-02b-ccc-discover.md +8 -66
  101. package/src/skf-create-skill/steps-c/sub/step-03b-fetch-temporal.md +229 -0
  102. package/src/{workflows/create-skill/steps-c → skf-create-skill/steps-c/sub}/step-03c-fetch-docs.md +18 -42
  103. package/src/skf-create-stack-skill/SKILL.md +64 -0
  104. package/src/{workflows/create-stack-skill/data → skf-create-stack-skill/assets}/stack-skill-template.md +2 -1
  105. package/src/{workflows/create-stack-skill/data → skf-create-stack-skill/references}/compose-mode-rules.md +19 -5
  106. package/src/{workflows/create-stack-skill/data → skf-create-stack-skill/references}/integration-patterns.md +1 -1
  107. package/src/{workflows/create-stack-skill/data → skf-create-stack-skill/references}/manifest-patterns.md +10 -10
  108. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-01-init.md +14 -55
  109. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-02-detect-manifests.md +29 -63
  110. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-03-rank-and-confirm.md +9 -59
  111. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-04-parallel-extract.md +29 -64
  112. package/src/skf-create-stack-skill/steps-c/step-05-detect-integrations.md +164 -0
  113. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-06-compile-stack.md +7 -60
  114. package/src/skf-create-stack-skill/steps-c/step-07-generate-output.md +328 -0
  115. package/src/{workflows/create-stack-skill → skf-create-stack-skill}/steps-c/step-08-validate.md +17 -63
  116. package/src/skf-create-stack-skill/steps-c/step-09-report.md +128 -0
  117. package/src/skf-create-stack-skill/steps-c/step-10-health-check.md +22 -0
  118. package/src/skf-drop-skill/SKILL.md +57 -0
  119. package/src/{workflows/drop-skill → skf-drop-skill}/steps-c/step-01-select.md +9 -69
  120. package/src/{workflows/drop-skill → skf-drop-skill}/steps-c/step-02-execute.md +30 -106
  121. package/src/skf-drop-skill/steps-c/step-03-report.md +83 -0
  122. package/src/skf-drop-skill/steps-c/step-04-health-check.md +22 -0
  123. package/src/skf-export-skill/SKILL.md +57 -0
  124. package/src/skf-export-skill/assets/managed-section-format.md +138 -0
  125. package/src/{workflows/export-skill/data → skf-export-skill/assets}/snippet-format.md +8 -12
  126. package/src/skf-export-skill/steps-c/step-01-load-skill.md +247 -0
  127. package/src/{workflows/export-skill → skf-export-skill}/steps-c/step-02-package.md +5 -58
  128. package/src/{workflows/export-skill → skf-export-skill}/steps-c/step-03-generate-snippet.md +15 -77
  129. package/src/{workflows/export-skill → skf-export-skill}/steps-c/step-04-update-context.md +59 -133
  130. package/src/{workflows/export-skill → skf-export-skill}/steps-c/step-05-token-report.md +4 -58
  131. package/src/{workflows/export-skill → skf-export-skill}/steps-c/step-06-summary.md +16 -68
  132. package/src/skf-export-skill/steps-c/step-07-health-check.md +22 -0
  133. package/src/skf-forger/SKILL.md +110 -0
  134. package/src/skf-forger/bmad-skill-manifest.yaml +11 -0
  135. package/src/skf-quick-skill/SKILL.md +56 -0
  136. package/src/{workflows/quick-skill/data → skf-quick-skill/references}/registry-resolution.md +6 -6
  137. package/src/{workflows/quick-skill → skf-quick-skill}/steps-c/step-01-resolve-target.md +9 -62
  138. package/src/{workflows/quick-skill → skf-quick-skill}/steps-c/step-02-ecosystem-check.md +5 -59
  139. package/src/{workflows/quick-skill → skf-quick-skill}/steps-c/step-03-quick-extract.md +18 -61
  140. package/src/{workflows/quick-skill → skf-quick-skill}/steps-c/step-04-compile.md +6 -60
  141. package/src/{workflows/quick-skill → skf-quick-skill}/steps-c/step-05-validate.md +58 -78
  142. package/src/skf-quick-skill/steps-c/step-06-write.md +73 -0
  143. package/src/skf-quick-skill/steps-c/step-07-health-check.md +22 -0
  144. package/src/skf-refine-architecture/SKILL.md +57 -0
  145. package/src/{workflows/refine-architecture/data → skf-refine-architecture/references}/refinement-rules.md +16 -16
  146. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-01-init.md +6 -63
  147. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-02-gap-analysis.md +29 -71
  148. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-03-issue-detection.md +5 -65
  149. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-04-improvements.md +5 -64
  150. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-05-compile.md +5 -56
  151. package/src/{workflows/refine-architecture → skf-refine-architecture}/steps-c/step-06-report.md +11 -64
  152. package/src/skf-refine-architecture/steps-c/step-07-health-check.md +22 -0
  153. package/src/skf-rename-skill/SKILL.md +58 -0
  154. package/src/{workflows/rename-skill → skf-rename-skill}/steps-c/step-01-select.md +12 -73
  155. package/src/{workflows/rename-skill → skf-rename-skill}/steps-c/step-02-execute.md +32 -113
  156. package/src/skf-rename-skill/steps-c/step-03-report.md +83 -0
  157. package/src/skf-rename-skill/steps-c/step-04-health-check.md +22 -0
  158. package/src/skf-setup/SKILL.md +55 -0
  159. package/src/{workflows/setup-forge → skf-setup}/steps-c/step-01-detect-and-tier.md +6 -62
  160. package/src/{workflows/setup-forge → skf-setup}/steps-c/step-01b-ccc-index.md +9 -65
  161. package/src/{workflows/setup-forge → skf-setup}/steps-c/step-02-write-config.md +15 -60
  162. package/src/{workflows/setup-forge → skf-setup}/steps-c/step-03-auto-index.md +7 -66
  163. package/src/skf-setup/steps-c/step-04-report.md +92 -0
  164. package/src/skf-setup/steps-c/step-05-health-check.md +22 -0
  165. package/src/skf-test-skill/SKILL.md +59 -0
  166. package/src/skf-test-skill/references/migration-section-rules.md +114 -0
  167. package/src/skf-test-skill/references/scoring-rules.md +207 -0
  168. package/src/skf-test-skill/references/source-access-protocol.md +109 -0
  169. package/src/skf-test-skill/scripts/compute-score.py +310 -0
  170. package/src/skf-test-skill/steps-c/step-01-init.md +238 -0
  171. package/src/{workflows/test-skill → skf-test-skill}/steps-c/step-02-detect-mode.md +4 -62
  172. package/src/skf-test-skill/steps-c/step-03-coverage-check.md +347 -0
  173. package/src/skf-test-skill/steps-c/step-04-coherence-check.md +239 -0
  174. package/src/{workflows/test-skill → skf-test-skill}/steps-c/step-04b-external-validators.md +42 -77
  175. package/src/skf-test-skill/steps-c/step-05-score.md +266 -0
  176. package/src/skf-test-skill/steps-c/step-06-report.md +290 -0
  177. package/src/skf-test-skill/steps-c/step-07-health-check.md +25 -0
  178. package/src/skf-test-skill/templates/test-report-template.md +58 -0
  179. package/src/skf-update-skill/SKILL.md +58 -0
  180. package/src/{workflows/update-skill/data → skf-update-skill/references}/manual-section-rules.md +6 -6
  181. package/src/{workflows/update-skill/data → skf-update-skill/references}/merge-conflict-rules.md +5 -5
  182. package/src/skf-update-skill/references/remote-source-resolution.md +94 -0
  183. package/src/{workflows/update-skill → skf-update-skill}/steps-c/step-01-init.md +22 -69
  184. package/src/skf-update-skill/steps-c/step-02-detect-changes.md +255 -0
  185. package/src/skf-update-skill/steps-c/step-03-re-extract.md +336 -0
  186. package/src/{workflows/update-skill → skf-update-skill}/steps-c/step-04-merge.md +60 -72
  187. package/src/{workflows/update-skill → skf-update-skill}/steps-c/step-05-validate.md +5 -62
  188. package/src/skf-update-skill/steps-c/step-06-write.md +278 -0
  189. package/src/{workflows/update-skill → skf-update-skill}/steps-c/step-07-report.md +11 -69
  190. package/src/skf-update-skill/steps-c/step-08-health-check.md +22 -0
  191. package/src/skf-verify-stack/SKILL.md +60 -0
  192. package/src/skf-verify-stack/assets/feasibility-report-template.md +76 -0
  193. package/src/{workflows/verify-stack/data → skf-verify-stack/references}/coverage-patterns.md +12 -4
  194. package/src/skf-verify-stack/references/integration-verification-rules.md +78 -0
  195. package/src/skf-verify-stack/steps-c/step-01-init.md +178 -0
  196. package/src/{workflows/verify-stack → skf-verify-stack}/steps-c/step-02-coverage.md +27 -72
  197. package/src/skf-verify-stack/steps-c/step-03-integrations.md +179 -0
  198. package/src/{workflows/verify-stack → skf-verify-stack}/steps-c/step-04-requirements.md +14 -67
  199. package/src/skf-verify-stack/steps-c/step-05-synthesize.md +147 -0
  200. package/src/skf-verify-stack/steps-c/step-06-report.md +156 -0
  201. package/src/skf-verify-stack/steps-c/step-07-health-check.md +25 -0
  202. package/tools/cli/commands/install.js +4 -1
  203. package/tools/cli/commands/status.js +21 -23
  204. package/tools/cli/commands/uninstall.js +11 -19
  205. package/tools/cli/commands/update.js +6 -4
  206. package/tools/cli/lib/ide-skills.js +216 -0
  207. package/tools/cli/lib/installer.js +29 -52
  208. package/tools/cli/lib/manifest.js +11 -5
  209. package/tools/cli/lib/platform-codes.yaml +223 -0
  210. package/tools/cli/lib/ui.js +76 -47
  211. package/tools/validate-docs-drift.js +193 -0
  212. package/src/agents/forger.agent.yaml +0 -114
  213. package/src/workflows/README.md +0 -174
  214. package/src/workflows/analyze-source/data/skill-brief-schema.md +0 -125
  215. package/src/workflows/analyze-source/data/unit-detection-heuristics.md +0 -124
  216. package/src/workflows/analyze-source/workflow.md +0 -61
  217. package/src/workflows/audit-skill/workflow.md +0 -64
  218. package/src/workflows/brief-skill/data/skill-brief-schema.md +0 -159
  219. package/src/workflows/brief-skill/workflow.md +0 -58
  220. package/src/workflows/create-skill/data/source-resolution-protocols.md +0 -200
  221. package/src/workflows/create-skill/steps-c/step-03-extract.md +0 -301
  222. package/src/workflows/create-skill/steps-c/step-03b-fetch-temporal.md +0 -253
  223. package/src/workflows/create-skill/steps-c/step-06-validate.md +0 -254
  224. package/src/workflows/create-skill/steps-c/step-08-report.md +0 -179
  225. package/src/workflows/create-skill/workflow.md +0 -53
  226. package/src/workflows/create-stack-skill/steps-c/step-05-detect-integrations.md +0 -196
  227. package/src/workflows/create-stack-skill/steps-c/step-07-generate-output.md +0 -270
  228. package/src/workflows/create-stack-skill/steps-c/step-09-report.md +0 -150
  229. package/src/workflows/create-stack-skill/workflow.md +0 -59
  230. package/src/workflows/drop-skill/steps-c/step-03-report.md +0 -136
  231. package/src/workflows/drop-skill/workflow.md +0 -63
  232. package/src/workflows/export-skill/data/managed-section-format.md +0 -103
  233. package/src/workflows/export-skill/steps-c/step-01-load-skill.md +0 -237
  234. package/src/workflows/export-skill/workflow.md +0 -58
  235. package/src/workflows/quick-skill/steps-c/step-06-write.md +0 -178
  236. package/src/workflows/quick-skill/workflow.md +0 -58
  237. package/src/workflows/refine-architecture/workflow.md +0 -61
  238. package/src/workflows/rename-skill/steps-c/step-03-report.md +0 -133
  239. package/src/workflows/rename-skill/workflow.md +0 -64
  240. package/src/workflows/setup-forge/steps-c/step-04-report.md +0 -159
  241. package/src/workflows/setup-forge/workflow.md +0 -51
  242. package/src/workflows/shared/health-check.md +0 -231
  243. package/src/workflows/test-skill/data/scoring-rules.md +0 -123
  244. package/src/workflows/test-skill/data/source-access-protocol.md +0 -51
  245. package/src/workflows/test-skill/steps-c/step-01-init.md +0 -217
  246. package/src/workflows/test-skill/steps-c/step-03-coverage-check.md +0 -280
  247. package/src/workflows/test-skill/steps-c/step-04-coherence-check.md +0 -271
  248. package/src/workflows/test-skill/steps-c/step-05-score.md +0 -222
  249. package/src/workflows/test-skill/steps-c/step-06-report.md +0 -208
  250. package/src/workflows/test-skill/templates/test-report-template.md +0 -28
  251. package/src/workflows/test-skill/workflow.md +0 -57
  252. package/src/workflows/update-skill/data/remote-source-resolution.md +0 -57
  253. package/src/workflows/update-skill/steps-c/step-02-detect-changes.md +0 -221
  254. package/src/workflows/update-skill/steps-c/step-03-re-extract.md +0 -256
  255. package/src/workflows/update-skill/steps-c/step-06-write.md +0 -265
  256. package/src/workflows/update-skill/workflow.md +0 -56
  257. package/src/workflows/verify-stack/data/feasibility-report-template.md +0 -63
  258. package/src/workflows/verify-stack/data/integration-verification-rules.md +0 -73
  259. package/src/workflows/verify-stack/steps-c/step-01-init.md +0 -179
  260. package/src/workflows/verify-stack/steps-c/step-03-integrations.md +0 -195
  261. package/src/workflows/verify-stack/steps-c/step-05-synthesize.md +0 -191
  262. package/src/workflows/verify-stack/steps-c/step-06-report.md +0 -200
  263. package/src/workflows/verify-stack/workflow.md +0 -61
  264. package/tools/cli/lib/compiler.js +0 -306
  265. package/tools/cli/lib/ide-commands.js +0 -244
  266. /package/src/{workflows/analyze-source → skf-analyze-source}/templates/analysis-report-template.md +0 -0
  267. /package/src/{workflows/quick-skill/data → skf-quick-skill/assets}/skill-template.md +0 -0
  268. /package/src/{workflows/setup-forge/data → skf-setup/references}/tier-rules.md +0 -0
  269. /package/src/{workflows/test-skill/data → skf-test-skill/assets}/output-section-formats.md +0 -0
@@ -0,0 +1,207 @@
1
+ ---
2
+ title: v1.0.0 Launch Audit
3
+ description: Pre-flight gate audit of every must-have launch-checklist item, with known pre-flight gap dispositions, before the v1.0.0-rc.1 cut.
4
+ ---
5
+
6
+ ## Metadata
7
+
8
+ - **Date:** 2026-04-23
9
+ - **Responder:** Armel (@armelhbobdad) — Claude Opus 4.7 (1M context)
10
+ - **Baseline SHA:** [`5e407a2`](https://github.com/armelhbobdad/bmad-module-skill-forge/commit/5e407a2e69765849108fe6feeef8644542564f7a) — PR #195 merge closing Epic 4 (Stories 4.1 + 4.2 + code-review patches)
11
+ - **Working branch:** `feat/v1-readiness-audit` (fresh branch from `origin/main` at baseline SHA)
12
+ - **Scope:** 10 must-have launch-checklist bullets × 10 pre-flight backlog items (H1–H10) × 8 rollback playbook hardening items (R1–R8)
13
+ - **Epic 4 precondition verification:** `git log main --grep='Story 4' --oneline` returns four commits: `41ccf35` (Story 4.2 patches), `84affc3` (Story 4.2), `e597825` (Story 4.1 patches), `4d0c618` (Story 4.1) — all present on `main` per Epic 4 retro Commitment 1.
14
+
15
+ ## Epic 5.1 AC Verification Matrix
16
+
17
+ | # | Bullet | AC reference | Expected artifact | Status | Evidence |
18
+ | --- | ------------------------------------------------------------------------------- | ---------------------- | -------------------------------------------------------------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
19
+ | 1 | `docs/STABILITY.md` exists defining v1.0.0 public API contract | Story 5.1 AC 4 | `docs/STABILITY.md` with `## Covered Surfaces` + 4 sibling H2s; STABLE banner | ✓ | `grep -c '^## Covered Surfaces' docs/STABILITY.md` → `1`; `## Covered Surfaces` H2 at `docs/STABILITY.md:10`; banner at `docs/STABILITY.md:6` flipped to `STABLE` per AC 14 (this story, Task 7) |
20
+ | 2 | `CHANGELOG.md` has a hand-curated v1.0.0 entry added at the top | Story 5.1 AC 5 + AC 13 | `## [1.0.0] - TBD` between `[Unreleased]` and `[0.10.0]` | ✓ | Insertion in `CHANGELOG.md` at lines 7–67 per AC 13 (this story, Task 6) |
21
+ | 3 | `README.md` install instructions verified via `npm pack` + clean-dir smoke test | Story 5.1 AC 6 | `npx <tarball> --version` + piped `install` both succeed | ✓ | See § Install Smoke Test Transcript below (Task 10) |
22
+ | 4 | `package.json` `repository` field populated | Story 5.1 AC 7 | `{"type":"git","url":"git+https://github.com/armelhbobdad/bmad-module-skill-forge.git"}` | ✓ | `jq .repository package.json` at `package.json:24-27` returns the above object |
23
+ | 5 | All advertised CLI flags documented in `--help` output and `docs/` | Story 5.1 AC 8 | Zero per-subcommand flags; STABILITY contract matches code | ✓ | `grep -n 'options: \[\]' tools/cli/commands/*.js` → 4 hits (install/update/status/uninstall); zero `--headless\|--batch\|--purge\|--allow-workspace-drift` hits in `tools/cli/`; matches `docs/STABILITY.md:18-21` contract |
24
+ | 6 | `release.yaml` on `main` + alpha cut history | Story 5.1 AC 9 | Active workflow; `v0.10.1-alpha.0` tag and tarball on npm | ✓ | `gh api .../actions/workflows` returns `{"name":"Release","path":".github/workflows/release.yaml","state":"active"}`; `git tag -l 'v0.10.1-alpha.*'` → `v0.10.1-alpha.0`; alpha cut SHA `2a57dcbd` (Story 3.2, 2026-04-21) |
25
+ | 7 | npm Trusted Publisher registered for this repo | Story 5.1 AC 9 | OIDC publish works; registered via org/repo/workflow/environment 4-tuple | ✓ | `npm view bmad-module-skill-forge dist-tags --json` → `{"latest":"0.10.0","alpha":"0.10.1-alpha.0"}`; alpha SLSA L2 provenance present; `release.yaml` workflow state `active` — combination proves OIDC-through-TP path |
26
+ | 8 | `release` GitHub Environment with required reviewer | Story 5.1 AC 9 | `protection_rules` includes `required_reviewers` | ✓ | `gh api .../environments/release` returns `protection_rules: [{type: "required_reviewers", reviewers: [{type: "User", name: "armelhbobdad"}]}, {type: "branch_policy", reviewers: []}]` |
27
+ | 9 | Branch protection on `main` active with required status checks | Story 5.1 AC 9 | Ruleset `Default` is `active`, targets `branch`, has non-empty `required_status_checks` list | ✓ | Ruleset id `13855503` (name-based lookup `name=="Default"`) is `enforcement: "active"`, `target: "branch"`; 7 required contexts: `prettier`, `eslint`, `markdownlint`, `validate (ubuntu-latest)`, `validate (windows-latest)`, `python (ubuntu-latest)`, `python (windows-latest)` |
28
+ | 10 | `docs/RELEASING.md` rollback playbook exists | Story 5.1 AC 9 | `## Rollback Playbook` + 7 `### Scenario [A-G]` H3s | ✓ | `grep -c '^## Rollback Playbook$' docs/RELEASING.md` → `1`; `grep -c '^### Scenario [A-G] —' docs/RELEASING.md` → `7`; H3s at lines 196 / 228 / 255 / 279 / 311 / 368 / 429 (post-R4/R5/R6 inserts) |
29
+
30
+ ## Pre-Flight Backlog Dispositions (H1–H10)
31
+
32
+ | Item | One-line title | Label | Rationale | Link |
33
+ | ---- | --------------------------------------------------------------------------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
34
+ | H1 | `tools/cli/commands/install.js:23-26` silent-exit-0 on `{success: false}` | FIXED-IN-THIS-STORY | Added explicit `else { console.error(...); process.exit(1); }` per Story 5.1 AC 10 + Task 4 — falsy `result.success` now exits 1 with a stderr-routed diagnostic | [deferred-work.md → Deferred from: code review of 2-3](../_bmad-output/implementation-artifacts/deferred-work.md) |
35
+ | H2 | `package.json.main` side-effectful entrypoint | ACCEPTED-AS-INTERNAL | `docs/STABILITY.md:24-28` (Path B) documents this as `@internal`; no programmatic export surface in the v1.0.0 contract, so the side-effect at `require('bmad-module-skill-forge')` is not a public promise and not subject to SemVer | [`docs/STABILITY.md:24-28`](./STABILITY.md) |
36
+ | H3 | `.github/workflows/release.yaml:115` unanchored `sed` on `marketplace.json` | FIXED-IN-THIS-STORY | Replaced with `jq --arg v "$VERSION" '.plugins[0].version = $v'` + temp-file + atomic rename + sanity check, per Story 5.1 AC 11 + Task 5 | [deferred-work.md → Deferred from: code review of 3-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
37
+ | H4 | Starlight sidebar does not surface `STABILITY.md` / `RELEASING.md` | FIXED-IN-THIS-STORY | Appended `{ label: 'Stability', slug: 'stability' }` + `{ label: 'Releasing', slug: 'releasing' }` to `website/astro.config.mjs` Reference bucket per Story 5.1 AC 12 + Task 9 | [deferred-work.md → Deferred from: code review of 1-2 / 2-3](../_bmad-output/implementation-artifacts/deferred-work.md) |
38
+ | H5 | `CHANGELOG.md` missing hand-curated `## [1.0.0]` entry | FIXED-IN-THIS-STORY | Inserted `## [1.0.0] - TBD` section with `v1-0-0-changelog-draft.md` body between lines 5 and 7, and added `(pre-v0.3.0 tag, never published)` parenthetical to the dangling `Revert "0.2.0"` line, per Story 5.1 AC 5 / AC 13 + Task 6 | [deferred-work.md → 2-2](../_bmad-output/implementation-artifacts/deferred-work.md) |
39
+ | H6 | `docs/STABILITY.md:6` DRAFT banner | FIXED-IN-THIS-STORY | Replaced DRAFT banner with `STABLE — locked at v1.0.0. Amendments follow the "Changes to This Contract" section below.` per Story 5.1 AC 14 + Task 7 | [`docs/STABILITY.md:6`](./STABILITY.md) |
40
+ | H7 | `0.10.1-alpha.0` CHANGELOG `closes [#11]` / `[#12]` pollution | NOT-APPLICABLE | The pollution lived in the immutable `v0.10.1-alpha.0` tarball and in the orphaned commit `2a57dcbd`; current `main`'s `CHANGELOG.md` does NOT contain those refs (`grep -c 'closes \[#1[12]\]' CHANGELOG.md` → `0`). Alpha tarball is historical / immutable; no repo edit | [Epic 3 retro](../_bmad-output/implementation-artifacts/epic-3-retro-2026-04-21.md) |
41
+ | H8 | `docs/RELEASING.md` missing `### Cutting v1.0.0-rc.1` hand-bump procedure | FIXED-IN-THIS-STORY | Authored new H3 section under `## Rollback Playbook` umbrella (last H3, after `### Baseline snapshots`) with the same five-element shape (Trigger / CLI / Outcome / Constraints / Verification) as Scenarios A–G, per Story 5.1 AC 15 + Task 8 | [`docs/RELEASING.md` § Cutting v1.0.0-rc.1](./RELEASING.md) |
42
+ | H9 | `prevent_self_review: false` on `release` env + admin ruleset bypass | DEFERRED-POST-V1 | Solo-maintainer repo today; both flips happen together at second-maintainer onboarding. Standing flag with no fire date | [Epic 3 retro standing flag + `deferred-work.md` 1-2](../_bmad-output/implementation-artifacts/deferred-work.md) |
43
+ | H10 | `CONTRIBUTING.md` → `docs/` anchor validator coverage | DEFERRED-POST-V1 | Pre-existing tooling gap; not introduced by any Epic 1–4 story; captured as a CI-as-enforced-gate candidate for a dedicated post-v1.0.0 tooling story | [Epic 4 retro + `deferred-work.md`](../_bmad-output/implementation-artifacts/deferred-work.md) |
44
+
45
+ ## Rollback Playbook Hardening Dispositions (R1–R8)
46
+
47
+ | Item | One-line title | Label | Rationale | Link |
48
+ | ---- | --------------------------------------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
49
+ | R1 | Baseline `jq` filter GET-vs-PUT shape | DEFERRED-POST-V1 | Requires a round-trip restore drill to validate against the live ruleset; not suitable for a story authoring pass | [`deferred-work.md` → code review of 4-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
50
+ | R2 | Scenario G ghost workflows detection | DEFERRED-POST-V1 | Requires augmenting detection with `git ls-tree` check; bundled into a post-v1.0.0 ops story | [`deferred-work.md` → code review of 4-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
51
+ | R3 | Scenario G `gh workflow enable` admin permission | DEFERRED-POST-V1 | Couples with H9 (second-maintainer onboarding); dormant today | [`deferred-work.md` → code review of 4-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
52
+ | R4 | Scenario A npm-`dist-tags` CDN cache lag caveat | BUNDLED-IN-THIS-STORY | Added as a blockquote callout in `docs/RELEASING.md` Scenario A (near the `npm view … dist-tags` command) per Story 5.1 AC 16 + Task 8 | [`docs/RELEASING.md` Scenario A](./RELEASING.md) |
53
+ | R5 | Scenario C npm-clock-vs-local-clock caveat for 72h window | BUNDLED-IN-THIS-STORY | Added as inline sentence in Scenario C (72h-window paragraph) directing responders to compute the boundary from `time.modified` per Story 5.1 AC 16 + Task 8 | [`docs/RELEASING.md` Scenario C](./RELEASING.md) |
54
+ | R6 | Scenario C "zero downloads" stats-lag caveat | BUNDLED-IN-THIS-STORY | Added as blockquote callout on the "zero downloads, zero dependents" criterion directing responders to treat C as B in the first 24–48h per Story 5.1 AC 16 + Task 8 | [`docs/RELEASING.md` Scenario C](./RELEASING.md) |
55
+ | R7 | Scenario D tag-protection hardening | DEFERRED-POST-V1 | Speculative; no tag-protection rule exists today | [`deferred-work.md` → code review of 4-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
56
+ | R8 | Scenario F 2FA-degraded account-recovery variant | DEFERRED-POST-V1 | Incident-response design; belongs with Scenario F hardening post-v1.0.0 | [`deferred-work.md` → code review of 4-1](../_bmad-output/implementation-artifacts/deferred-work.md) |
57
+
58
+ ## External Verification Transcripts
59
+
60
+ Live outputs collected during Task 2 of Story 5.1 dev (2026-04-23).
61
+
62
+ ### `release.yaml` on `main` — workflow state
63
+
64
+ ```console
65
+ $ gh api repos/armelhbobdad/bmad-module-skill-forge/actions/workflows \
66
+ --jq '.workflows[] | select(.path==".github/workflows/release.yaml") | {name, state, path}'
67
+ {"name":"Release","path":".github/workflows/release.yaml","state":"active"}
68
+ ```
69
+
70
+ ### `release` GitHub Environment protection rules
71
+
72
+ ```console
73
+ $ gh api repos/armelhbobdad/bmad-module-skill-forge/environments/release \
74
+ --jq '{name, protection_rules: [.protection_rules[] | {type, reviewers: ([.reviewers // [] | .[] | {type, name: .reviewer.login // .reviewer.name}])}]}'
75
+ {"name":"release","protection_rules":[{"reviewers":[{"name":"armelhbobdad","type":"User"}],"type":"required_reviewers"},{"reviewers":[],"type":"branch_policy"}]}
76
+ ```
77
+
78
+ ### Branch protection ruleset for `main` — enforcement + required status checks
79
+
80
+ ```console
81
+ $ RULESET_ID=$(gh api repos/armelhbobdad/bmad-module-skill-forge/rulesets \
82
+ --jq '.[] | select(.name=="Default") | .id')
83
+ $ echo "$RULESET_ID"
84
+ 13855503
85
+
86
+ $ gh api "repos/armelhbobdad/bmad-module-skill-forge/rulesets/$RULESET_ID" \
87
+ --jq '{id: .id, target, enforcement, rule_types: [.rules[].type]}'
88
+ {"enforcement":"active","id":13855503,"rule_types":["deletion","non_fast_forward","pull_request","code_quality","required_status_checks"],"target":"branch"}
89
+
90
+ $ gh api "repos/armelhbobdad/bmad-module-skill-forge/rulesets/$RULESET_ID" \
91
+ --jq '[.rules[] | select(.type=="required_status_checks") | .parameters.required_status_checks[].context]'
92
+ ["prettier","eslint","markdownlint","validate (ubuntu-latest)","validate (windows-latest)","python (ubuntu-latest)","python (windows-latest)"]
93
+ ```
94
+
95
+ ### npm dist-tags + alpha attestation
96
+
97
+ ```console
98
+ $ npm view bmad-module-skill-forge dist-tags --json
99
+ {
100
+ "latest": "0.10.0",
101
+ "alpha": "0.10.1-alpha.0"
102
+ }
103
+
104
+ $ npm view bmad-module-skill-forge@0.10.1-alpha.0 --json | jq '.dist.attestations // "absent"'
105
+ {
106
+ "url": "https://registry.npmjs.org/-/npm/v1/attestations/bmad-module-skill-forge@0.10.1-alpha.0",
107
+ "provenance": {
108
+ "predicateType": "https://slsa.dev/provenance/v1"
109
+ }
110
+ }
111
+
112
+ $ git tag -l 'v0.10.1-alpha.*'
113
+ v0.10.1-alpha.0
114
+ ```
115
+
116
+ The alpha SLSA L2 provenance confirms that Story 3.2's alpha cut (`2a57dcbd`, 2026-04-21) published through the registered OIDC Trusted Publisher path. The canonical four-field TP match (org / repo / workflow filename / environment) is not visible via public API — a successful attested publish IS the live proof of registration.
117
+
118
+ ### Story 4.2 `[DEPRECATED]`-on-stderr divergence — audit decision
119
+
120
+ Current `package.json:48` script body (verbatim):
121
+
122
+ ```text
123
+ echo '[DEPRECATED] Use .github/workflows/release.yaml via GitHub Actions. See docs/RELEASING.md.' >&2 && exit 1 ; npm run release:patch
124
+ ```
125
+
126
+ Story 4.2 AC 5 specified `echo '[DEPRECATED] …' && exit 1` (stdout-routed) as the literal form. The applied patch `41ccf35` routes the `echo` to `>&2` (stderr) — a divergence from AC 5's literal shape. Story 4.2's Review Findings Decision→Patch and the Epic 4 retro Commitment 4 both recommend keeping stderr routing.
127
+
128
+ **Decision (audit time):** KEEP stderr routing. **Rationale:** diagnostic notices are stderr by convention across the repo (`tools/cli/commands/install.js` routes `Installation failed.` to `console.error` per the Story 5.1 H1 fix — same principle); Story 6.2's eventual delete-the-script removal is unaffected by the routing choice. **Scope:** no re-edit of `package.json` in Story 5.1 per the seven-file envelope (AC 1).
129
+
130
+ ## Install Smoke Test Transcript
131
+
132
+ Procedure per Story 5.1 AC 6 + Task 10: `npm pack` in repo root, then run `--version` and a piped `install` in a clean scratch directory.
133
+
134
+ ### Tarball and install invocation
135
+
136
+ On the audit host (`node v24.12.0`, `npm 11.6.2`), the `npx --yes <tarball>` invocation from AC 6 step (c) failed under this npm version with `Permission denied` (npm 11.6.2 treats a `.tgz` argument to `npx` as a local executable rather than an installable package). The equivalent install-then-run form confirms the bin wrapper + commander dispatch resolve cleanly, which is the actual pass criterion for AC 6.
137
+
138
+ ```console
139
+ $ npm pack
140
+ [...truncated notices...]
141
+ npm notice name: bmad-module-skill-forge
142
+ npm notice version: 0.10.0
143
+ npm notice filename: bmad-module-skill-forge-0.10.0.tgz
144
+ npm notice package size: 534.2 kB
145
+ npm notice unpacked size: 1.7 MB
146
+ npm notice total files: 228
147
+ bmad-module-skill-forge-0.10.0.tgz
148
+
149
+ $ mkdir -p /tmp/skf-install-smoke && cd /tmp/skf-install-smoke
150
+ $ npm install /path/to/bmad-module-skill-forge-0.10.0.tgz --no-save
151
+ added 21 packages in 7s
152
+
153
+ $ ./node_modules/.bin/bmad-module-skill-forge --version
154
+ 0.10.0
155
+ ```
156
+
157
+ **Pass:** `--version` resolves through the `bin` wrapper (`tools/skf-npx-wrapper.js`) → commander setup (`tools/cli/skf-cli.js`) → prints the declared version `0.10.0` with exit `0`.
158
+
159
+ ### `echo | bmad-module-skill-forge install` (piped, first ~40 lines)
160
+
161
+ ```console
162
+ $ cd /tmp/skf-install-smoke
163
+ $ echo -e '\n\n\n\n\n' | ./node_modules/.bin/bmad-module-skill-forge install 2>&1 | head -40
164
+ ╔════════════════════════════════════════════════════════════════════════╗
165
+ ║ ║
166
+ ║ ███████╗██╗ ██╗███████╗ ║
167
+ ║ ██╔════╝██║ ██╔╝██╔════╝ ║
168
+ ║ ███████╗█████╔╝ █████╗ ║
169
+ ║ ╚════██║██╔═██╗ ██╔══╝ ║
170
+ ║ ███████║██║ ██╗██║ ║
171
+ ║ ╚══════╝╚═╝ ╚═╝╚═╝ ║
172
+ ║ ║
173
+ ╟────────────────────────────────────────────────────────────────────────╢
174
+ ║ Skill Forge ⚒ Agent Skill Compiler ║
175
+ ║ Turn code and docs into instructions AI agents can actually follow. ║
176
+ ║ v0.10.0 · MIT License · Open Source ║
177
+ ╚════════════════════════════════════════════════════════════════════════╝
178
+ ...
179
+ ┌ Skill Forge Installer
180
+
181
+ ● Target: /tmp/skf-install-smoke
182
+
183
+ ● Skills will be installed in _bmad/skf/
184
+ ◆ Project name:
185
+ │ skf-install-smoke
186
+
187
+ ```
188
+
189
+ **Pass:** no `command not found`, no `ERR!`, no immediate non-zero exit. The `install` subcommand dispatch reaches the `ui.promptInstall()` interactive path, renders the banner, and blocks on the `Project name:` prompt (expected — `npx-wrapper` → `commander` → `commands/install.js` action → `UI.promptInstall()` resolves correctly). Completing the interactive flow end-to-end is out of scope for this smoke test (it is Story 5.2 / 5.4 territory); the pass criterion here is that the install code path is reachable with no structural error.
190
+
191
+ **Clean-up:** the tarball (`bmad-module-skill-forge-0.10.0.tgz`) and the scratch directory (`/tmp/skf-install-smoke`) were deleted after the transcript was captured. `git status --short` at commit time confirms no tarball in the working tree (see § Post-commit footer).
192
+
193
+ ## Blockers
194
+
195
+ <!-- Populated at Task 11 / Task 12 after all other tasks land. -->
196
+
197
+ None — audit passes clean; Story 5.2 unblocked.
198
+
199
+ ## Sign-off
200
+
201
+ TBD — signed by Armel at Story 5.2 dispatch time.
202
+
203
+ ## Post-commit footer
204
+
205
+ - **Audit-completion commit SHA:** [`540fdda`](https://github.com/armelhbobdad/bmad-module-skill-forge/commit/540fdda419fc7e71bfdc571dab279b5de1b42578) — seven-file envelope (`docs(release): pre-v1.0.0 readiness audit (Story 5.1)`)
206
+ - **Back-fill commit SHA:** this commit (the one that made this footer sentence self-referential)
207
+ - **`git status --short` after commit:** clean working tree (verified per Story 5.1 AC 1 seven-file envelope)
package/src/README.md CHANGED
@@ -8,40 +8,38 @@ For user-facing documentation (what SKF does, how to install it, how to use it),
8
8
 
9
9
  ```
10
10
  src/
11
- ├── module.yaml # Module config: code, name, install prompts
12
- ├── module-help.csv # Help registry one row per agent command
13
- ├── agents/
14
- │ └── forger.agent.yaml # Ferris the single agent persona
15
- ├── workflows/ # 14 workflows (see workflows/README.md)
16
- ├── setup-forge/
17
- ├── analyze-source/
18
- │ ├── brief-skill/
19
- │ ├── create-skill/
20
- │ ├── quick-skill/
21
- │ ├── create-stack-skill/
22
- ├── verify-stack/
23
- ├── refine-architecture/
24
- │ ├── update-skill/
25
- │ ├── audit-skill/
26
- │ ├── test-skill/
27
- │ ├── export-skill/
28
- │ ├── rename-skill/
29
- │ └── drop-skill/
30
- ├── knowledge/ # Cross-cutting knowledge fragments (JiT loaded)
11
+ ├── skf-forger/ # Agent skill Ferris persona
12
+ ├── SKILL.md # Agent identity, principles, menu of triggers
13
+ │ └── bmad-skill-manifest.yaml
14
+ ├── skf-setup/ # Setup skill (forge initialization)
15
+ ├── SKILL.md
16
+ └── ...
17
+ ├── skf-{name}/ # 13 workflow skills (one directory each)
18
+ │ ├── SKILL.md # Skill entry point (overview, stages, invocation contract)
19
+ │ ├── steps-c/ # Sequential step files
20
+ │ ├── references/ # Rules, patterns, protocols (decision-making)
21
+ │ ├── assets/ # Schemas, output formats
22
+ └── templates/ # Output skeletons (used by some skills)
23
+ ├── knowledge/ # Cross-cutting knowledge fragments (JiT loaded)
31
24
  │ └── skf-knowledge-index.csv
32
- └── forger/ # Sidecar seed files (preferences, forge tier)
25
+ ├── forger/ # Sidecar seed files (preferences, forge tier)
26
+ ├── shared/ # Cross-workflow resources
27
+ ├── module.yaml # Module metadata (code, name, config vars)
28
+ └── module-help.csv # Skill menu for bmad-help integration
33
29
  ```
34
30
 
31
+ **Workflow skills:** setup, analyze-source, brief-skill, create-skill, quick-skill, create-stack-skill, verify-stack, refine-architecture, update-skill, audit-skill, test-skill, export-skill, rename-skill, drop-skill.
32
+
35
33
  ## Components
36
34
 
37
- - **Agent:** [Ferris](agents/forger.agent.yaml) — single-persona module operating in four modes (Architect / Surgeon / Audit / Delivery)
38
- - **Workflows:** see [workflows/README.md](workflows/README.md) for the full index, typical flows, and the knowledge-vs-data distinction
35
+ - **Agent:** [Ferris](skf-forger/SKILL.md) — single-persona module operating in five modes (Architect / Surgeon / Audit / Delivery / Management)
36
+ - **Workflow skills:** 14 `skf-{name}/` directories, each containing a SKILL.md, steps, references, and assets
39
37
  - **Knowledge fragments:** cross-cutting principles Ferris consults via `knowledge/skf-knowledge-index.csv`
40
38
 
41
39
  ## Editing this module
42
40
 
43
- - Agent edits — `agents/forger.agent.yaml`; validate with `bmad:bmb:agents:agent-validate`
44
- - Workflow edits — each workflow in `workflows/{name}/`; validate with `bmad:bmb:workflows:workflow-validate`
41
+ - Agent edits — `skf-forger/SKILL.md`; validate with `bmad:bmb:agents:agent-validate`
42
+ - Workflow edits — each workflow skill in `skf-{name}/`; validate with `bmad:bmb:workflows:workflow-validate`
45
43
  - Module-level edits — `module.yaml` and `module-help.csv`; validate with `bmad:bmb:modules:validate-module`
46
44
 
47
45
  See [CONTRIBUTING.md](../CONTRIBUTING.md) for the contribution workflow.
@@ -1,5 +1,5 @@
1
1
  # Ferris Sidecar: Forge Tier State
2
- # Written by setup-forge workflow on first run
2
+ # Written by setup workflow on first run
3
3
 
4
4
  # Tool availability (detected during [SF] Setup Forge)
5
5
  tools:
@@ -15,12 +15,14 @@ tools:
15
15
  tier: ~
16
16
  tier_detected_at: ~
17
17
 
18
- # CCC semantic index state (managed by setup-forge and extraction workflows)
18
+ # CCC semantic index state (managed by setup and extraction workflows)
19
19
  ccc_index:
20
20
  indexed_path: ~
21
21
  last_indexed: ~
22
22
  status: "none"
23
23
  staleness_threshold_hours: 24
24
+ file_count: ~
25
+ exclude_patterns: []
24
26
 
25
27
  # CCC index registry (tracks which source paths have been indexed for skill workflows)
26
28
  ccc_index_registry: []
@@ -1,5 +1,5 @@
1
1
  # Ferris Sidecar: User Preferences
2
- # Created by setup-forge workflow on first run
2
+ # Created by setup workflow on first run
3
3
  # Edit this file to customize Ferris behavior
4
4
 
5
5
  # Override detected tier (set to Quick, Forge, Forge+, or Deep to force a tier)
@@ -8,6 +8,12 @@ tier_override: ~
8
8
  # Passive context injection (set to false to skip snippet generation and CLAUDE.md updates during export)
9
9
  passive_context: true
10
10
 
11
+ # Headless mode (set to true to skip confirmation gates in all workflows)
12
+ headless_mode: false
13
+
14
+ # Compact greeting (set to true to skip the full capabilities table on session start)
15
+ compact_greeting: false
16
+
11
17
  # Reserved for future use — these fields are not yet consumed by any workflow step
12
18
  # output_language: ~
13
19
  # skill_format_version: ~
@@ -40,7 +40,7 @@ description: >
40
40
  - `description`: 1-1024 characters, trigger-optimized for agent matching
41
41
  - **MUST use third-person voice.** The description is injected into the system prompt; inconsistent point-of-view causes discovery problems. Write "Processes Excel files and generates reports" — never "I can help you process Excel files" or "You can use this to process Excel files."
42
42
 
43
- **Body:** Free-form markdown — no structural restrictions, but Skill Forge follows a consistent section order (see skill-sections.md in create-skill/data/).
43
+ **Body:** Free-form markdown — no structural restrictions, but Skill Forge follows a consistent section order (see skill-sections.md in create-skill/assets/).
44
44
 
45
45
  ### Optional: Supporting Directories
46
46
 
@@ -99,4 +99,4 @@ VS and RA are pre-code workflows. SS compose-mode synthesizes the implementation
99
99
  - [skill-lifecycle.md](skill-lifecycle.md) — end-to-end pipeline and workflow connections
100
100
  - [progressive-capability.md](progressive-capability.md) — tier philosophy for skill generation
101
101
 
102
- _Source: synthesized from verify-stack/workflow.md, refine-architecture/workflow.md, and create-stack-skill compose-mode-rules.md_
102
+ _Source: synthesized from skf-verify-stack/SKILL.md, skf-refine-architecture/SKILL.md, and skf-create-stack-skill/references/compose-mode-rules.md_
@@ -24,7 +24,7 @@ ccc is **required** at the Forge+ tier (it defines Forge+) and **optionally avai
24
24
  ## Availability
25
25
 
26
26
  ccc_bridge operations are available when:
27
- - `tools.ccc: true` in forge-tier.yaml (verified by `ccc --help` + `ccc doctor` in setup-forge)
27
+ - `tools.ccc: true` in forge-tier.yaml (verified by `ccc --help` + `ccc doctor` in setup)
28
28
  - `ccc_index.status` is `"fresh"` or `"stale"` in forge-tier.yaml (an index exists for the project)
29
29
 
30
30
  When either condition is false, calling steps skip ccc discovery silently and proceed with direct ast-grep or source reading. This is standard Forge tier behavior — not a degradation.
@@ -43,7 +43,7 @@ Returns: list of `{file, score, snippet}` entries ranked by semantic relevance t
43
43
 
44
44
  **Resolves to:** Check `ccc_index.status` in forge-tier.yaml. If `"none"` or the indexed_path does not match, run `cd {path} && ccc init` then `ccc index` and update forge-tier.yaml. Note: `ccc init` takes no positional arguments — it initializes the index for the current working directory.
45
45
 
46
- **Usage context:** Called by setup-forge step-01b to ensure the project root is indexed. Called lazily by extraction steps when `ccc_index.status` is `"none"` but ccc is available.
46
+ **Usage context:** Called by setup step-01b to ensure the project root is indexed. Called lazily by extraction steps when `ccc_index.status` is `"none"` but ccc is available.
47
47
 
48
48
  ### `ccc_bridge.status()`
49
49
 
@@ -51,7 +51,7 @@ Returns: list of `{file, score, snippet}` entries ranked by semantic relevance t
51
51
  1. `ccc --help` — confirms binary exists (exit 0)
52
52
  2. `ccc doctor` — confirms daemon is running, extracts version string, validates embedding model
53
53
 
54
- **Usage context:** Called exclusively by setup-forge step-01 during tool detection. Downstream workflows read the result from forge-tier.yaml — they do not re-verify.
54
+ **Usage context:** Called exclusively by setup step-01 during tool detection. Downstream workflows read the result from forge-tier.yaml — they do not re-verify.
55
55
 
56
56
  ## Confidence
57
57
 
@@ -67,7 +67,7 @@ The ccc search is invisible in the output artifact. A Forge+ skill's citations a
67
67
 
68
68
  ### When Indexing Happens
69
69
 
70
- 1. **setup-forge step-01b:** Indexes the project root when setup-forge runs. This is the primary indexing point.
70
+ 1. **setup step-01b:** Indexes the project root when setup runs. This is the primary indexing point.
71
71
  2. **Workflow discovery steps:** If `ccc_index.status` is `"stale"` or `"none"`, discovery steps trigger a re-index and warn the user. They do not block.
72
72
  3. **ccc daemon:** Incremental indexing means re-indexing unchanged files is a near-no-op.
73
73
 
@@ -75,13 +75,13 @@ The ccc search is invisible in the output artifact. A Forge+ skill's citations a
75
75
 
76
76
  - Staleness threshold: 24 hours (configurable via `ccc_index.staleness_threshold_hours` in forge-tier.yaml)
77
77
  - A stale index still produces useful results — the workflow proceeds with the stale index and notes the staleness
78
- - setup-forge is the designated refresh authority
78
+ - setup is the designated refresh authority
79
79
 
80
80
  ### Exclusion Patterns
81
81
 
82
82
  CCC stores its configuration at `{project-root}/.cocoindex_code/settings.yml`. This file contains `exclude_patterns` and `include_patterns` arrays in glob format. `ccc init` creates the file with sensible defaults (excludes `node_modules`, `__pycache__`, hidden dirs, etc.).
83
83
 
84
- **SKF infrastructure exclusions:** setup-forge step-01b appends SKF-specific exclusion patterns after `ccc init` creates the default config. These patterns prevent indexing of framework and output directories that have zero value for source extraction:
84
+ **SKF infrastructure exclusions:** setup step-01b appends SKF-specific exclusion patterns after `ccc init` creates the default config. These patterns prevent indexing of framework and output directories that have zero value for source extraction:
85
85
 
86
86
  | Pattern | Purpose |
87
87
  |---------|---------|
@@ -92,20 +92,21 @@ CCC stores its configuration at `{project-root}/.cocoindex_code/settings.yml`. T
92
92
  | `**/{skills_output_folder}` | Generated skill files (from manifest, default: `skills`) |
93
93
  | `**/{forge_data_folder}` | Compilation workspace (from manifest, default: `forge-data`) |
94
94
 
95
- The `skills_output_folder` and `forge_data_folder` values are read from `_bmad/_config/skf-manifest.yaml` when available, falling back to the defaults `skills` and `forge-data`. Patterns are appended only if not already present — user customizations to `settings.yml` are preserved.
95
+ The `skills_output_folder` and `forge_data_folder` values are resolved from the workflow activation context (sourced from `_bmad/skf/config.yaml`), falling back to the defaults `skills` and `forge-data`. Patterns are appended only if not already present — user customizations to `settings.yml` are preserved.
96
96
 
97
97
  The configured exclusion patterns are stored in `ccc_index.exclude_patterns` in forge-tier.yaml for reference.
98
98
 
99
99
  ### Deferred Discovery (Remote Sources)
100
100
 
101
- For remote repository sources (GitHub URLs), CCC cannot operate during step-02b because no local code exists yet. The ephemeral clone happens in step-03. To provide CCC pre-ranking for remote sources:
101
+ For remote repository sources (GitHub URLs), CCC cannot operate during step-02b because no local code exists yet. The workspace clone or ephemeral clone happens in step-03. To provide CCC pre-ranking for remote sources:
102
102
 
103
103
  1. **step-02b:** Detects remote source, sets `{ccc_discovery: []}`, displays deferred message
104
- 2. **step-03:** After ephemeral clone succeeds, detects the deferred scenario (`tools.ccc == true AND {ccc_discovery} is empty AND ephemeral_clone_active == true AND tier is Forge+/Deep`)
105
- 3. **step-03:** Runs `cd {temp_path} && ccc init` on the ephemeral clone, then applies brief `exclude_patterns` (if present) to `{temp_path}/.cocoindex_code/settings.yml` before running `ccc index` (extended timeout or background mode, verified via `ccc status`). This prevents CCC from indexing files the brief explicitly excludes, keeping search results focused on in-scope source code and reducing indexing time for large repositories.
106
- 4. **step-03:** Executes CCC search and populates `{ccc_discovery}` before AST extraction begins
104
+ 2. **step-03:** After source resolution succeeds, detects the deferred scenario (`tools.ccc == true AND {ccc_discovery} is empty AND remote_clone_path is set AND tier is Forge+/Deep`)
105
+ 3. **step-03 (workspace fast path):** If `{remote_clone_path}/.cocoindex_code/` already exists (persisted workspace index), skips init/index and uses `ccc search --refresh` CCC daemon re-indexes only if files changed since last index. This is near-instant for unchanged repos.
106
+ 4. **step-03 (first-time path):** If no existing CCC index, runs `cd {remote_clone_path} && ccc init`, applies standard build/dependency exclusions (node_modules, dist, .git, vendor, etc.) to `settings.yml`, then runs `ccc index`. Brief-specific `include_patterns`/`exclude_patterns` are NOT written to `settings.yml` — the CCC index is general-purpose. Filtering happens at search result time.
107
+ 5. **step-03:** Executes CCC search and populates `{ccc_discovery}` before AST extraction begins
107
108
 
108
- The ephemeral clone index is not registered in `ccc_index_registry` — the clone is deleted after extraction and the CCC daemon's own GC handles orphaned indexes.
109
+ For workspace repos, the CCC index persists at `{workspace_repo_path}/.cocoindex_code/` and is reused across forges, projects, and sessions. For ephemeral fallback clones, the index is not registered in `ccc_index_registry` — the clone is deleted after extraction.
109
110
 
110
111
  ### Relationship to QMD Registry
111
112
 
@@ -113,7 +114,7 @@ ccc_index and qmd_collections are **orthogonal**:
113
114
  - `ccc_index` in forge-tier.yaml tracks the persistent source code index (one per project)
114
115
  - `qmd_collections[]` in forge-tier.yaml tracks per-skill workflow artifact collections
115
116
  - ccc indexes source code for semantic search; QMD indexes curated artifacts for temporal/knowledge search
116
- - The janitor role for QMD (setup-forge step-03) operates independently of ccc_index
117
+ - The janitor role for QMD (setup step-03) operates independently of ccc_index
117
118
 
118
119
  ## Query Volume Bounds
119
120
 
@@ -130,8 +131,8 @@ To prevent excessive daemon calls, workflow steps cap ccc queries:
130
131
  - Running ccc_bridge.ensure_index() without checking ccc_index.status first — unnecessary re-indexing
131
132
  - Passing ccc results directly to the extraction inventory — they are candidates, not extractions
132
133
  - Listing ccc as "unavailable" in reports for Quick/Forge tiers — ccc is a Forge+ capability, not something Quick/Forge tiers are missing
133
- - Indexing without configuring SKF exclusions — framework and output directories pollute search results
134
- - Indexing an ephemeral clone without applying brief `exclude_patterns` — excluded files pollute CCC search results and waste indexing time on large repositories
134
+ - Indexing without configuring exclusions — for project root indexes, apply SKF exclusions (framework/output directories); for workspace repo indexes, apply standard build artifact exclusions (node_modules, dist, .git, etc.)
135
+ - Writing brief-specific `exclude_patterns` to a workspace repo's `settings.yml` — workspace indexes are general-purpose and serve multiple briefs. Apply brief patterns at search result time, not index time. (Exception: ephemeral fallback clones are single-use, so brief exclusions may be applied to their `settings.yml` to reduce indexing time.)
135
136
  - Skipping CCC discovery for remote sources without deferring to step-03 — remote repos deserve the same pre-ranking as local sources
136
137
 
137
138
  ## Related Fragments
@@ -2,11 +2,11 @@
2
2
 
3
3
  ## Principle
4
4
 
5
- Agent-level knowledge files capture cross-cutting principles and patterns that Ferris applies across multiple workflows. They are distinct from workflow `data/` files, which contain step-specific operational artifacts. Knowledge is loaded just-in-time when a workflow step directs — never preloaded into context.
5
+ Agent-level knowledge files capture cross-cutting principles and patterns that Ferris applies across multiple workflows. They are distinct from workflow `references/` and `assets/` files, which contain step-specific operational artifacts. Knowledge is loaded just-in-time when a workflow step directs — never preloaded into context.
6
6
 
7
7
  ## Rationale
8
8
 
9
- The SKF module has 12 workflows containing numerous operational `data/` files embedded in step directories. These data files define schemas, templates, scoring formulas, and extraction rules tightly coupled to individual steps. But several principles — zero hallucination, confidence tiers, provenance — cut across multiple workflows and need a single authoritative source rather than fragmented repetition.
9
+ The SKF module has 14 workflows containing operational `references/` and `assets/` files within each skill directory. References contain rules, patterns, and protocols for decision-making; assets contain templates, schemas, and output formats. Both are tightly coupled to individual steps. But several principles — zero hallucination, confidence tiers, provenance — cut across multiple workflows and need a single authoritative source rather than fragmented repetition.
10
10
 
11
11
  Without a knowledge folder:
12
12
  - Cross-cutting principles get duplicated across workflow steps
@@ -26,7 +26,7 @@ With knowledge files:
26
26
  | [confidence-tiers.md](confidence-tiers.md) | T1/T1-low/T2/T3 trust model and citation formats | AN, BS, CS, QS, SS, US, AS, TS, EX, RA, VS |
27
27
  | [progressive-capability.md](progressive-capability.md) | Quick/Forge/Forge+/Deep tier philosophy and behavior adaptation | SF, AN, BS, CS, QS, SS, US, AS, TS, EX, VS, RA |
28
28
  | [agentskills-spec.md](agentskills-spec.md) | agentskills.io output format principles and compliance | CS, QS, SS, US, TS, EX |
29
- | [skill-lifecycle.md](skill-lifecycle.md) | End-to-end pipeline, artifact flow, workflow selection | All 12 |
29
+ | [skill-lifecycle.md](skill-lifecycle.md) | End-to-end pipeline — workflow connections, artifact flow, decision rules for workflow selection, pipeline invocation syntax and aliases | All 14 |
30
30
  | [provenance-tracking.md](provenance-tracking.md) | Provenance-map.json entries and file_entries, evidence reports, claim traceability | CS, QS, SS, US, AS, TS |
31
31
  | [manual-section-integrity.md](manual-section-integrity.md) | \[MANUAL\] marker preservation and merge algorithm | CS, US, AS, TS, EX |
32
32
  | [qmd-registry.md](qmd-registry.md) | Progressive QMD collection registry and collection gate principle | SF, BS, CS, US, AS |
@@ -43,17 +43,17 @@ With knowledge files:
43
43
  1. Ferris receives a task or workflow activation
44
44
  2. Consult `skf-knowledge-index.csv` to identify relevant knowledge fragments by tags or description. The `tier` column classifies fragments as `core` (always relevant when the domain applies) or `extended` (load only when the specific scenario is active — e.g., `doc-fetcher.md` only when `doc_urls` are present in the brief)
45
45
  3. Load only the files needed for the current task — never bulk-load all knowledge
46
- 4. Apply knowledge principles during workflow execution alongside step-specific `data/` files
46
+ 4. Apply knowledge principles during workflow execution alongside step-specific `references/` and `assets/` files
47
47
 
48
48
  ## Knowledge vs. Data
49
49
 
50
- | Aspect | Knowledge Files (`knowledge/`) | Data Files (`data/`) |
51
- |-----------|--------------------------------------|-----------------------------------------|
52
- | Scope | Cross-cutting, multi-workflow | Single workflow, single step |
53
- | Content | Principles, patterns, judgment rules | Schemas, templates, scoring formulas |
54
- | Loading | JiT via index lookup | JiT via step instruction |
55
- | Examples | Zero hallucination, confidence tiers | skill-brief-schema.md, scoring-rules.md |
56
- | Stability | Rarely changes | Changes with workflow evolution |
50
+ | Aspect | Knowledge Files (`knowledge/`) | References (`references/`) | Assets (`assets/`) |
51
+ |-----------|--------------------------------------|-----------------------------------------|-----------------------------------------|
52
+ | Scope | Cross-cutting, multi-workflow | Single workflow, single step | Single workflow, single step |
53
+ | Content | Principles, patterns, judgment rules | Rules, patterns, protocols, heuristics | Templates, schemas, output formats |
54
+ | Loading | JiT via index lookup | JiT via step instruction | JiT via step instruction |
55
+ | Examples | Zero hallucination, confidence tiers | scoring-rules.md, extraction-patterns.md | skill-brief-schema.md, skill-template.md |
56
+ | Stability | Rarely changes | Changes with workflow evolution | Changes with workflow evolution |
57
57
 
58
58
  ## Related Fragments
59
59
 
@@ -31,7 +31,7 @@ With progressive capability:
31
31
 
32
32
  ### Example 1: Tool Detection and Tier Assignment
33
33
 
34
- **Context:** The setup-forge workflow detects available tools and assigns a tier.
34
+ **Context:** The setup workflow detects available tools and assigns a tier.
35
35
 
36
36
  **Implementation:** Each tool is verified by executing its version command — presence in PATH is insufficient. The tier is the highest level where all required tools pass verification:
37
37
 
@@ -125,7 +125,7 @@ When source is remote (GitHub URL) and tier is Forge, Forge+, or Deep:
125
125
  ## Anti-Patterns
126
126
 
127
127
  - Describing Quick tier as "basic" or "limited" — it is fast and legitimate
128
- - Requiring ast-grep for workflows that work fine without it (setup-forge, brief-skill)
128
+ - Requiring ast-grep for workflows that work fine without it (setup, brief-skill)
129
129
  - Mixing tier capabilities in a single extraction (e.g., T1 citations when only source reading was used)
130
130
  - Failing a workflow because the tier is "too low" — adapt behavior instead
131
131
  - Silent degradation when source is remote at Forge/Deep tier — always warn with actionable guidance
@@ -136,4 +136,4 @@ When source is remote (GitHub URL) and tier is Forge, Forge+, or Deep:
136
136
  - [skill-lifecycle.md](skill-lifecycle.md) — how tier affects workflow selection and artifact flow
137
137
  - [zero-hallucination.md](zero-hallucination.md) — Quick tier has lower confidence but the same integrity standard
138
138
 
139
- _Source: distilled from forge-tier.yaml, tier-rules.md, and setup-forge workflow_
139
+ _Source: distilled from forge-tier.yaml, tier-rules.md, and setup workflow_
@@ -36,7 +36,9 @@ With provenance tracking:
36
36
  **Implementation:**
37
37
  ```json
38
38
  {
39
+ "provenance_version": "2.0",
39
40
  "skill_name": "express-skill",
41
+ "skill_type": "single",
40
42
  "source_repo": "https://github.com/expressjs/express",
41
43
  "source_commit": "abc1234",
42
44
  "source_ref": "v0.5.0",
@@ -45,24 +47,28 @@ With provenance tracking:
45
47
  {
46
48
  "export_name": "createServer",
47
49
  "export_type": "function",
50
+ "source_library": "express",
48
51
  "params": ["options: ServerOptions"],
49
52
  "return_type": "Server",
50
53
  "source_file": "src/server.ts",
51
54
  "source_line": 23,
52
55
  "confidence": "T1",
53
56
  "extraction_method": "ast-grep",
54
- "ast_node_type": "export_statement > function_declaration"
57
+ "ast_node_type": "export_statement > function_declaration",
58
+ "signature_source": "T1"
55
59
  },
56
60
  {
57
61
  "export_name": "parseConfig",
58
62
  "export_type": "function",
63
+ "source_library": "express",
59
64
  "params": ["input"],
60
65
  "return_type": null,
61
66
  "source_file": "src/config.ts",
62
67
  "source_line": 45,
63
68
  "confidence": "T1-low",
64
69
  "extraction_method": "source-read",
65
- "ast_node_type": null
70
+ "ast_node_type": null,
71
+ "signature_source": "T1-low"
66
72
  }
67
73
  ]
68
74
  }
@@ -125,7 +131,7 @@ With provenance tracking:
125
131
 
126
132
  **Key Points:**
127
133
  - Provenance enables precise diffing — compare specific claims, not entire files
128
- - Severity classification uses the rules from audit-skill/data/severity-rules.md
134
+ - Severity classification uses the rules from audit-skill/references/severity-rules.md
129
135
  - The drift report feeds into the update-skill workflow as re-extraction targets
130
136
 
131
137
  ### Example 4: Provenance Preservation During Updates