bmad-module-skill-forge 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/README.md +88 -44
  2. package/docs/agents.md +1 -1
  3. package/docs/architecture.md +49 -20
  4. package/docs/examples.md +13 -2
  5. package/docs/getting-started.md +15 -13
  6. package/docs/index.md +3 -1
  7. package/docs/workflows.md +2 -2
  8. package/package.json +5 -3
  9. package/src/forger/forge-tier.yaml +1 -1
  10. package/src/forger/preferences.yaml +8 -1
  11. package/src/knowledge/doc-fetcher.md +55 -0
  12. package/src/knowledge/overview.md +17 -16
  13. package/src/knowledge/progressive-capability.md +9 -1
  14. package/src/knowledge/provenance-tracking.md +31 -23
  15. package/src/knowledge/qmd-registry.md +132 -0
  16. package/src/knowledge/skf-knowledge-index.csv +2 -0
  17. package/src/workflows/analyze-source/data/skill-brief-schema.md +24 -4
  18. package/src/workflows/analyze-source/steps-c/step-01-init.md +19 -9
  19. package/src/workflows/analyze-source/steps-c/step-01b-continue.md +2 -2
  20. package/src/workflows/analyze-source/steps-c/step-02-scan-project.md +10 -2
  21. package/src/workflows/analyze-source/steps-c/step-04-map-and-detect.md +17 -2
  22. package/src/workflows/analyze-source/steps-c/step-05-recommend.md +2 -1
  23. package/src/workflows/analyze-source/steps-c/step-06-generate-briefs.md +3 -3
  24. package/src/workflows/analyze-source/templates/analysis-report-template.md +1 -1
  25. package/src/workflows/analyze-source/validation-report.md +1 -1
  26. package/src/workflows/analyze-source/workflow-plan-analyze-source.md +1 -1
  27. package/src/workflows/analyze-source/workflow.md +1 -1
  28. package/src/workflows/audit-skill/steps-c/step-01-init.md +8 -5
  29. package/src/workflows/audit-skill/steps-c/step-02-re-index.md +12 -2
  30. package/src/workflows/audit-skill/validation-report.md +2 -2
  31. package/src/workflows/audit-skill/workflow-plan-audit-skill.md +1 -1
  32. package/src/workflows/brief-skill/data/scope-templates.md +60 -0
  33. package/src/workflows/brief-skill/data/skill-brief-schema.md +38 -3
  34. package/src/workflows/brief-skill/steps-c/step-01-gather-intent.md +20 -4
  35. package/src/workflows/brief-skill/steps-c/step-03-scope-definition.md +20 -64
  36. package/src/workflows/brief-skill/steps-c/step-04-confirm-brief.md +1 -1
  37. package/src/workflows/brief-skill/steps-c/step-05-write-brief.md +60 -5
  38. package/src/workflows/brief-skill/workflow.md +2 -1
  39. package/src/workflows/create-skill/data/compile-assembly-rules.md +110 -0
  40. package/src/workflows/create-skill/data/extraction-patterns.md +248 -0
  41. package/src/workflows/create-skill/data/skill-sections.md +79 -25
  42. package/src/workflows/create-skill/data/source-resolution-protocols.md +130 -0
  43. package/src/workflows/create-skill/steps-c/step-01-load-brief.md +7 -4
  44. package/src/workflows/create-skill/steps-c/step-02-ecosystem-check.md +10 -7
  45. package/src/workflows/create-skill/steps-c/step-03-extract.md +49 -9
  46. package/src/workflows/create-skill/steps-c/step-03b-fetch-temporal.md +238 -0
  47. package/src/workflows/create-skill/steps-c/step-03c-fetch-docs.md +220 -0
  48. package/src/workflows/create-skill/steps-c/step-04-enrich.md +40 -10
  49. package/src/workflows/create-skill/steps-c/step-05-compile.md +48 -81
  50. package/src/workflows/create-skill/steps-c/step-06-validate.md +149 -63
  51. package/src/workflows/create-skill/steps-c/step-07-generate-artifacts.md +53 -3
  52. package/src/workflows/create-skill/steps-c/step-08-report.md +1 -1
  53. package/src/workflows/create-skill/workflow-plan-create-skill.md +42 -10
  54. package/src/workflows/create-skill/workflow.md +3 -2
  55. package/src/workflows/create-stack-skill/data/stack-skill-template.md +20 -7
  56. package/src/workflows/create-stack-skill/steps-c/step-01-init.md +2 -2
  57. package/src/workflows/create-stack-skill/steps-c/step-04-parallel-extract.md +14 -0
  58. package/src/workflows/create-stack-skill/steps-c/step-06-compile-stack.md +28 -7
  59. package/src/workflows/create-stack-skill/steps-c/step-07-generate-output.md +10 -7
  60. package/src/workflows/create-stack-skill/steps-c/step-08-validate.md +66 -68
  61. package/src/workflows/create-stack-skill/validation-report.md +1 -1
  62. package/src/workflows/create-stack-skill/workflow-plan-create-stack-skill.md +4 -4
  63. package/src/workflows/export-skill/data/managed-section-format.md +1 -0
  64. package/src/workflows/export-skill/data/snippet-format.md +33 -14
  65. package/src/workflows/export-skill/steps-c/step-01-load-skill.md +16 -2
  66. package/src/workflows/export-skill/steps-c/step-03-generate-snippet.md +29 -22
  67. package/src/workflows/export-skill/steps-c/step-04-update-context.md +1 -1
  68. package/src/workflows/export-skill/steps-c/step-05-token-report.md +1 -1
  69. package/src/workflows/export-skill/validation-report.md +1 -1
  70. package/src/workflows/export-skill/workflow-plan-export-skill.md +8 -8
  71. package/src/workflows/quick-skill/data/skill-template.md +27 -7
  72. package/src/workflows/quick-skill/steps-c/step-04-compile.md +44 -13
  73. package/src/workflows/quick-skill/steps-c/step-05-validate.md +79 -16
  74. package/src/workflows/quick-skill/validation-report.md +4 -4
  75. package/src/workflows/quick-skill/workflow-plan-quick-skill.md +4 -4
  76. package/src/workflows/quick-skill/workflow.md +2 -0
  77. package/src/workflows/setup-forge/steps-c/step-01-detect-and-tier.md +12 -3
  78. package/src/workflows/setup-forge/steps-c/step-02-write-config.md +10 -2
  79. package/src/workflows/setup-forge/steps-c/step-03-auto-index.md +111 -40
  80. package/src/workflows/setup-forge/steps-c/step-04-report.md +13 -0
  81. package/src/workflows/setup-forge/workflow.md +1 -0
  82. package/src/workflows/test-skill/data/scoring-rules.md +14 -6
  83. package/src/workflows/test-skill/data/source-access-protocol.md +37 -0
  84. package/src/workflows/test-skill/steps-c/step-01-init.md +38 -13
  85. package/src/workflows/test-skill/steps-c/step-02-detect-mode.md +2 -3
  86. package/src/workflows/test-skill/steps-c/step-03-coverage-check.md +25 -5
  87. package/src/workflows/test-skill/steps-c/step-04-coherence-check.md +18 -43
  88. package/src/workflows/test-skill/steps-c/step-04b-external-validators.md +213 -0
  89. package/src/workflows/test-skill/steps-c/step-05-score.md +24 -27
  90. package/src/workflows/test-skill/steps-c/step-06-report.md +9 -4
  91. package/src/workflows/test-skill/templates/test-report-template.md +2 -1
  92. package/src/workflows/test-skill/validation-report.md +1 -1
  93. package/src/workflows/test-skill/workflow-plan-test-skill.md +7 -3
  94. package/src/workflows/test-skill/workflow.md +1 -1
  95. package/src/workflows/update-skill/data/remote-source-resolution.md +43 -0
  96. package/src/workflows/update-skill/steps-c/step-01-init.md +13 -7
  97. package/src/workflows/update-skill/steps-c/step-02-detect-changes.md +26 -0
  98. package/src/workflows/update-skill/steps-c/step-03-re-extract.md +37 -9
  99. package/src/workflows/update-skill/steps-c/step-04-merge.md +3 -3
  100. package/src/workflows/update-skill/steps-c/step-05-validate.md +63 -67
  101. package/src/workflows/update-skill/steps-c/step-06-write.md +37 -14
  102. package/src/workflows/update-skill/steps-c/step-07-report.md +1 -1
  103. package/src/workflows/update-skill/validation-report.md +4 -4
  104. package/src/workflows/update-skill/workflow-plan-update-skill.md +4 -4
  105. package/src/workflows/update-skill/workflow.md +1 -1
  106. package/tools/cli/commands/status.js +4 -4
  107. package/tools/cli/commands/uninstall.js +1 -1
  108. package/tools/cli/commands/update.js +2 -2
  109. package/tools/cli/lib/ui.js +60 -16
  110. package/tools/cli/lib/version-check.js +2 -2
package/README.md CHANGED
@@ -1,8 +1,27 @@
1
+ <div align="center">
2
+
3
+ <img src="website/public/img/skf-logo.svg" alt="Skill Forge Logo" width="120" />
4
+
1
5
  # Skill Forge (SKF)
2
6
 
3
- SKF (Skill Forge) is a standalone BMAD module that transforms code repositories, documentation websites, and developer discourse into agentskills.io-compliant, version-pinned, provenance-backed agent skills. It provides a single expert agent (Ferris, Skill Architect & Integrity Guardian) and ten workflows spanning source analysis, skill briefing, AST-backed compilation, integrity testing, and ecosystem-ready export across progressive capability tiers (Quick/Forge/Deep).
7
+ **Agent Skill Compiler AST-verified, version-pinned, zero hallucination**
8
+
9
+ [![Quality & Validation](https://github.com/armelhbobdad/bmad-module-skill-forge/actions/workflows/quality.yaml/badge.svg)](https://github.com/armelhbobdad/bmad-module-skill-forge/actions/workflows/quality.yaml)
10
+ [![npm](https://img.shields.io/npm/v/bmad-module-skill-forge)](https://www.npmjs.com/package/bmad-module-skill-forge)
11
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
12
+ [![BMad Module](https://img.shields.io/badge/BMad-module-blue)](https://github.com/bmad-code-org/BMAD-METHOD)
13
+ [![Docs](https://img.shields.io/badge/docs-online-green)](https://armelhbobdad.github.io/bmad-module-skill-forge/)
14
+ [![GitHub stars](https://img.shields.io/github/stars/armelhbobdad/bmad-module-skill-forge?style=social)](https://github.com/armelhbobdad/bmad-module-skill-forge/stargazers)
15
+
16
+ *Transforms code repositories, documentation, and developer discourse into [agentskills.io](https://agentskills.io)-compliant agent skills with AST-backed provenance.*
17
+
18
+ **If SKF helps your agent stop hallucinating, give it a ⭐ — it helps others find this tool.**
4
19
 
5
- Docs: <https://armelhbobdad.github.io/bmad-module-skill-forge/>
20
+ </div>
21
+
22
+ ---
23
+
24
+ SKF is a standalone BMAD module that provides a single expert agent (Ferris, Skill Architect & Integrity Guardian) and ten workflows spanning source analysis, skill briefing, AST-backed compilation, integrity testing, and ecosystem-ready export across progressive capability tiers (Quick/Forge/Deep).
6
25
 
7
26
  ## Why SKF
8
27
 
@@ -28,15 +47,15 @@ BMad is a small **agent + workflow engine**. There is no external orchestrator
28
47
 
29
48
  Each workflow directory contains these files, and each has a specific job:
30
49
 
31
- | File | What it does | When it loads |
32
- | --- | --- | --- |
33
- | `forger.agent.yaml` | Expert persona — identity, principles, critical actions, menu of triggers | First — always in context |
34
- | `workflow.md` | Human-readable entry point — goals, mode menu (Create/Edit/Validate), routes to first step | Second — presents mode choice |
35
- | `steps-c/*.md` | **Create** steps — primary execution, 4-9 sequential files | One at a time (just-in-time) |
36
- | `data/*.md` | Workflow-specific reference data — schemas, heuristics, rules, patterns | Read by steps on demand |
37
- | `templates/*.md` | Output skeletons with placeholder vars — steps fill these in to produce the final artifact | Read by steps when generating output |
38
- | `skf-knowledge-index.csv` | Knowledge fragment index — id, name, tags, tier, file path | Read by steps to decide which fragments to load |
39
- | `knowledge/*.md` | 8 reusable fragments — cross-cutting principles and patterns (e.g., `zero-hallucination.md`, `confidence-tiers.md`) | Selectively read into context when a step directs |
50
+ | File | What it does | When it loads |
51
+ |---------------------------|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------|
52
+ | `forger.agent.yaml` | Expert persona — identity, principles, critical actions, menu of triggers | First — always in context |
53
+ | `workflow.md` | Human-readable entry point — goals, mode menu (Create/Edit/Validate), routes to first step | Second — presents mode choice |
54
+ | `steps-c/*.md` | **Create** steps — primary execution, 4-9 sequential files | One at a time (just-in-time) |
55
+ | `data/*.md` | Workflow-specific reference data — schemas, heuristics, rules, patterns | Read by steps on demand |
56
+ | `templates/*.md` | Output skeletons with placeholder vars — steps fill these in to produce the final artifact | Read by steps when generating output |
57
+ | `skf-knowledge-index.csv` | Knowledge fragment index — id, name, tags, tier, file path | Read by steps to decide which fragments to load |
58
+ | `knowledge/*.md` | 10 reusable fragments — cross-cutting principles and patterns (e.g., `zero-hallucination.md`, `confidence-tiers.md`) | Selectively read into context when a step directs |
40
59
 
41
60
  ```mermaid
42
61
  flowchart LR
@@ -63,25 +82,25 @@ flowchart LR
63
82
 
64
83
  Ferris operates in four workflow-driven modes (mode is determined by which workflow is running, not conversation state):
65
84
 
66
- | Mode | Workflows | Behavior |
67
- | --- | --- | --- |
68
- | **Architect** | AN, BS, SF | Exploratory, assembling — discovers structure and scope |
69
- | **Surgeon** | CS, QS, SS, US | Precise, preserving — extracts and compiles with provenance |
70
- | **Audit** | AS, TS | Judgmental, scoring — evaluates quality and detects drift |
71
- | **Delivery** | EX | Packaging, ecosystem-ready — bundles for distribution |
85
+ | Mode | Workflows | Behavior |
86
+ |---------------|--------------------|-------------------------------------------------------------|
87
+ | **Architect** | SF, AN, BS, CS, QS, SS | Exploratory, assembling — discovers structure and scope |
88
+ | **Surgeon** | US | Precise, preserving — extracts and compiles with provenance |
89
+ | **Audit** | AS, TS | Judgmental, scoring — evaluates quality and detects drift |
90
+ | **Delivery** | EX | Packaging, ecosystem-ready — bundles for distribution |
72
91
 
73
92
  ## Install
74
93
 
94
+ Requires [Node.js](https://nodejs.org/) >= 22.
95
+
75
96
  There are three ways to install SKF, depending on your setup.
76
97
 
77
98
  ### Method 1: Standalone (recommended for trying SKF)
78
99
 
79
100
  ```bash
80
- npx skill-forge install
101
+ npx bmad-module-skill-forge install
81
102
  ```
82
103
 
83
- Or equivalently: `npx bmad-module-skill-forge install`
84
-
85
104
  Installs SKF on its own. You'll be prompted for project name, output folders, and which IDEs to configure. The installer generates IDE-specific command files (e.g. `.claude/commands/`, `.cursor/commands/`) so workflows appear in your IDE's command palette.
86
105
 
87
106
  ### Method 2: As a custom module during BMad Method installation
@@ -103,7 +122,7 @@ This installs BMad core + SKF together with full IDE integration, manifests, and
103
122
  If you already have BMad installed, you can add SKF afterward by running the standalone installer in the same directory:
104
123
 
105
124
  ```bash
106
- npx skill-forge install
125
+ npx bmad-module-skill-forge install
107
126
  ```
108
127
 
109
128
  The installer detects the existing `_bmad/` directory and installs SKF alongside your current modules. IDE command files are generated for SKF workflows.
@@ -135,12 +154,27 @@ The installer detects the existing `_bmad/` directory and installs SKF alongside
135
154
 
136
155
  | Tier | Tools | Capability |
137
156
  | --- | --- | --- |
138
- | **Quick** | gh + skills_ref | Source reading + spec validation |
157
+ | **Quick** | gh + skill-check + tessl | Source reading + spec validation + content quality review |
139
158
  | **Forge** | + ast-grep | Structural truth, T1 confidence |
140
159
  | **Deep** | + QMD | Knowledge search, temporal provenance |
141
160
 
142
161
  The `setup-forge` workflow detects available tools and writes the tier to `forge-tier.yaml`. All subsequent workflows adapt their behavior to the detected tier.
143
162
 
163
+ > **Recommended:** If your IDE supports MCP servers, install the [ast-grep MCP server](https://github.com/ast-grep/ast-grep-mcp) alongside the CLI. SKF's extraction protocol prefers the MCP tool for compact, memory-efficient AST queries and falls back to CLI streaming for large codebases.
164
+
165
+ ### Security Scanning (Optional)
166
+
167
+ `skill-check` includes security scanning via [Snyk Agent Scan](https://github.com/snyk/agent-scan) to check for prompt injection risks, sensitive data exposure, and unsafe tool permissions. To enable:
168
+
169
+ 1. You need a Snyk account with API access — the Snyk API requires an **Enterprise plan** (see [Snyk API authentication docs](https://docs.snyk.io/snyk-api/authentication-for-api))
170
+ 2. Copy your API token from Account Settings
171
+ 3. Add to your environment: `export SNYK_TOKEN=your-token`
172
+ 4. Re-run `@Ferris SF` to detect the token
173
+
174
+ > **Note:** The Snyk API is not available on free or Team plans. If you don't have an Enterprise account, security scanning will be skipped gracefully — it does not affect your tier level or block skill compilation.
175
+
176
+ Security scanning runs automatically during validation. Use `--no-security-scan` to skip.
177
+
144
178
  ## Knowledge Base
145
179
 
146
180
  SKF relies on a curated skill compilation knowledge base:
@@ -154,10 +188,11 @@ Workflows load only the fragments required for the current task to stay focused
154
188
 
155
189
  SKF variables are defined in `src/module.yaml` and prompted during install:
156
190
 
157
- | Variable | Purpose | Default |
158
- | --- | --- | --- |
159
- | `skills_output_folder` | Where generated skills are saved | `{project-root}/skills` |
160
- | `forge_data_folder` | Where workspace artifacts are stored | `{project-root}/forge-data` |
191
+ | Variable | Purpose | Default |
192
+ |------------------------|------------------------------------------------------------------------------------------------------|-----------------------------|
193
+ | `skills_output_folder` | Where generated skills are saved | `{project-root}/skills` |
194
+ | `forge_data_folder` | Where workspace artifacts are stored | `{project-root}/forge-data` |
195
+ | `tier_override` | Force a specific tier for comparison or testing (in `_bmad/_memory/forger-sidecar/preferences.yaml`) | `~` (auto-detect) |
161
196
 
162
197
  Runtime configuration (tool detection, tier, parallel settings) is managed by the `setup-forge` workflow in `forge-tier.yaml`.
163
198
 
@@ -167,12 +202,6 @@ Runtime configuration (tool detection, tier, parallel settings) is managed by th
167
202
  src/
168
203
  ├── module.yaml
169
204
  ├── module-help.csv
170
- ├── README.md
171
- ├── docs/
172
- │ ├── getting-started.md
173
- │ ├── agents.md
174
- │ ├── workflows.md
175
- │ └── examples.md
176
205
  ├── agents/
177
206
  │ └── forger.agent.yaml
178
207
  ├── forger/
@@ -181,21 +210,36 @@ src/
181
210
  │ └── README.md
182
211
  ├── knowledge/
183
212
  │ ├── skf-knowledge-index.csv
184
- │ └── *.md (8 fragments)
213
+ │ └── *.md (10 fragments)
185
214
  └── workflows/
186
- └── skillforge/
187
- ├── setup-forge/
188
- ├── analyze-source/
189
- ├── brief-skill/
190
- ├── create-skill/
191
- ├── quick-skill/
192
- ├── create-stack-skill/
193
- ├── update-skill/
194
- ├── audit-skill/
195
- ├── test-skill/
196
- └── export-skill/
215
+ ├── setup-forge/
216
+ ├── analyze-source/
217
+ ├── brief-skill/
218
+ ├── create-skill/
219
+ ├── quick-skill/
220
+ ├── create-stack-skill/
221
+ ├── update-skill/
222
+ ├── audit-skill/
223
+ ├── test-skill/
224
+ └── export-skill/
197
225
  ```
198
226
 
227
+ ## Acknowledgements
228
+
229
+ SKF builds on these excellent open-source tools:
230
+
231
+ | Tool | Role in SKF |
232
+ |--------------------------------------------------------------|--------------------------------------------------------------------|
233
+ | [agentskills.io](https://github.com/agentskills/agentskills) | Skill specification and ecosystem standard |
234
+ | [GitHub CLI](https://cli.github.com/) | Source code access and repository intelligence (all tiers) |
235
+ | [ast-grep](https://github.com/ast-grep/ast-grep) | AST-based structural code extraction (Forge/Deep tiers) |
236
+ | [ast-grep MCP](https://github.com/ast-grep/ast-grep-mcp) | MCP server for memory-efficient AST queries (recommended) |
237
+ | [QMD](https://github.com/tobi/qmd) | Local hybrid search engine for knowledge indexing (Deep tier) |
238
+ | [skill-check](https://github.com/thedaviddias/skill-check) | Skill validation, auto-fix, quality scoring, and security scanning |
239
+ | [Snyk Agent Scan](https://github.com/snyk/agent-scan) | Security scanning for prompt injection and data exposure (optional) |
240
+ | [tessl](https://tessl.io) | Content quality review, actionability scoring, and AI judge evaluation |
241
+ | [BMad Method](https://github.com/bmad-code-org/BMAD-METHOD) | Agent-workflow framework that SKF extends as a module |
242
+
199
243
  ## Contributing
200
244
 
201
245
  See [CONTRIBUTORS.md](CONTRIBUTORS.md) for guidelines.
package/docs/agents.md CHANGED
@@ -31,7 +31,7 @@ Ferris handles all SKF workflows. You always interact with Ferris — he switche
31
31
 
32
32
  | Mode | Behavior | Workflows |
33
33
  |------|----------|-----------|
34
- | **Architect** | Exploratory, structural, assembling | BS, CS, QS, SS, AN |
34
+ | **Architect** | Exploratory, structural, assembling | SF, AN, BS, CS, QS, SS |
35
35
  | **Surgeon** | Precise, semantic diffing, preserves [MANUAL] | US |
36
36
  | **Audit** | Judgmental, drift reports, completeness scoring | AS, TS |
37
37
  | **Delivery** | Packaging, platform-aware, ecosystem-ready | EX |
@@ -32,7 +32,7 @@ SKF uses an additive tier model. Each tier is the previous tier plus one tool. Y
32
32
 
33
33
  | Tier | Tools | What You Get |
34
34
  |------|-------|-------------|
35
- | **Quick** | `gh_bridge` + `skills_ref` | Source reading + spec validation. Best-effort skills in under a minute. |
35
+ | **Quick** | `gh_bridge` + `skill-check` + `tessl` | Source reading + spec validation + content quality review. Best-effort skills in under a minute. |
36
36
  | **Forge** | + `ast_bridge` | Structural truth. AST-verified signatures. Co-import detection. T1 confidence. |
37
37
  | **Deep** | + `qmd_bridge` | Knowledge search. Temporal provenance. Drift detection. Full intelligence. |
38
38
 
@@ -48,6 +48,29 @@ Forge initialized. Tools: gh, ast-grep, QMD. Tier: Deep. Ready.
48
48
 
49
49
  Don't have ast-grep or QMD yet? No problem — Quick mode works with just the GitHub CLI. Install tools later; your tier upgrades automatically.
50
50
 
51
+ ### Tier Override — Comparing Output Across Tiers
52
+
53
+ You can force a specific tier by setting `tier_override` in your preferences file (`_bmad/_memory/forger-sidecar/preferences.yaml`):
54
+
55
+ ```yaml
56
+ # Force Forge tier regardless of detected tools
57
+ tier_override: Forge
58
+ ```
59
+
60
+ This is useful for comparing skill quality across tiers for the same target:
61
+
62
+ ```
63
+ # 1. Set tier_override: Quick in preferences.yaml
64
+ @Ferris CS # compile at Quick tier
65
+
66
+ # 2. Change to tier_override: Forge
67
+ @Ferris CS # recompile at Forge tier — compare output
68
+
69
+ # 3. Reset to tier_override: ~ (auto-detect)
70
+ ```
71
+
72
+ Set `tier_override` to `Quick`, `Forge`, or `Deep`. Set to `~` (null) to return to auto-detection. The override is respected by all tier-aware workflows (CS, SS, US, AS, TS).
73
+
51
74
  ---
52
75
 
53
76
  ## Confidence Tiers
@@ -176,7 +199,7 @@ The primary source is your project repo. Component references trace to library r
176
199
 
177
200
  ## Dual-Output Strategy
178
201
 
179
- Based on [Vercel research](https://github.com/vercel-labs/skills): passive context (AGENTS.md/CLAUDE.md) achieves 100% pass rate vs 53% for active skills alone.
202
+ Based on [Vercel research](https://vercel.com/blog/agents-md-outperforms-skills-in-our-agent-evals): passive context (AGENTS.md/CLAUDE.md) achieves 100% pass rate vs 53% for active skills alone.
180
203
 
181
204
  Every skill generates both:
182
205
 
@@ -189,37 +212,43 @@ Export injects a managed section between markers:
189
212
 
190
213
  ```markdown
191
214
  <!-- SKF:BEGIN updated:2026-02-25 -->
192
- [SKF Skills]|3 skills|1 stack
193
- |IMPORTANT: Prefer documented APIs over training data.
194
- |
195
- |payment-service skills/payment-service/
196
- | exports: getToken, refreshToken, revokeSession, createSession
197
- |
198
- |auth-service → skills/auth-service/
199
- | exports: getSession, validateToken, revokeSession, createUser
200
- |
201
- |my-project-stack → skills/my-project-stack/
202
- | stack: next@15, better-auth@3, spacetimedb@1, serwist@9
203
- | integrations: auth↔db, pwa↔auth, gateway↔auth
215
+ [payment-service v2.1.0]|root: skills/payment-service/
216
+ |IMPORTANT: payment-service v2.1.0 read SKILL.md before writing payment-service code. Do NOT rely on training data.
217
+ |quick-start:{SKILL.md#quick-start}
218
+ |api: getToken(), refreshToken(), revokeSession(), createSession()
219
+ |key-types:{SKILL.md#key-types} TokenOptions, AuthToken, SessionConfig
220
+ |gotchas: all token methods async, session ID changed from userId in v2.0
221
+
222
+ [auth-service v1.5.0]|root: skills/auth-service/
223
+ |IMPORTANT: auth-service v1.5.0 — read SKILL.md before writing auth-service code. Do NOT rely on training data.
224
+ |quick-start:{SKILL.md#quick-start}
225
+ |api: getSession(), validateToken(), revokeSession(), createUser()
226
+ |gotchas: RBAC requires middleware setup, validateToken returns null not throw
227
+
228
+ [my-project-stack v1.0.0]|root: skills/my-project-stack/
229
+ |IMPORTANT: my-project-stack — read SKILL.md before writing integration code. Do NOT rely on training data.
230
+ |stack: next@15, better-auth@3, spacetimedb@1, serwist@9
231
+ |integrations: auth↔db, pwa↔auth
232
+ |gotchas: auth session type must match DB schema, update Serwist cache on auth flow changes
204
233
  <!-- SKF:END -->
205
234
  ```
206
235
 
207
- Two lines per skill (~30 tokens each). Developer controls placement. Ferris controls content. Snippet updates only happen at `export-skill` — create and update are draft operations.
236
+ ~80-120 tokens per skill (version-pinned, retrieval instruction, section anchors, inline gotchas). Aligned with [Vercel's research](https://vercel.com/blog/agents-md-outperforms-skills-in-our-agent-evals) finding that indexed format with explicit retrieval instructions dramatically improves agent performance. Developer controls placement. Ferris controls content. Snippet updates only happen at `export-skill` — create and update are draft operations.
208
237
 
209
238
  ---
210
239
 
211
240
  ## Tool Ecosystem
212
241
 
213
- ### 4 MCP Tools
242
+ ### 6 Tools
214
243
 
215
244
  | Tool | Wraps | Purpose |
216
245
  |------|-------|---------|
217
246
  | **`gh_bridge`** | GitHub CLI (`gh`) | Source code access, issue mining, release tracking, PR intelligence |
218
- | **`skills_ref`** | agentskills.io spec | Schema validation, frontmatter checks, ecosystem search |
247
+ | **`skill-check`** | [thedaviddias/skill-check](https://github.com/thedaviddias/skill-check) | Validation + auto-fix (`check --fix`), quality scoring (0-100), security scan, split-body, diff comparison |
248
+ | **`tessl`** | [tessl](https://tessl.io) | Content quality review, actionability scoring, progressive disclosure evaluation, AI judge with suggestions |
219
249
  | **`ast_bridge`** | ast-grep CLI | Structural extraction, custom AST queries, co-import detection |
220
250
  | **`qmd_bridge`** | QMD (local search) | BM25 keyword search, vector semantic search, collection indexing |
221
-
222
- Optional addon: **`doc_fetcher`** for remote documentation (Firecrawl/Jina.ai). Output quarantined as T3.
251
+ | **`doc_fetcher`** | Environment web tools | Remote documentation fetching for T3-confidence content. Tool-agnostic — uses whatever web fetching is available (Firecrawl, WebFetch, curl, etc.). Output quarantined as T3. |
223
252
 
224
253
  ### Conflict Resolution
225
254
 
@@ -288,7 +317,7 @@ Provenance maps enable verification: an `official` skill's provenance must trace
288
317
  - Input sanitization: allowlist characters for repo names, file paths, patterns
289
318
  - File paths validated against project root (no directory traversal)
290
319
  - **Source code never leaves the machine.** All processing is local (AST, QMD, validation).
291
- - `doc_fetcher` warns before transmitting URLs to external services
320
+ - `doc_fetcher` informs users which URLs will be fetched externally before processing
292
321
 
293
322
  ---
294
323
 
package/docs/examples.md CHANGED
@@ -93,7 +93,17 @@ Checks ecosystem first. If no official skill exists: generates from source. `sou
93
93
 
94
94
  No source code available — only documentation.
95
95
 
96
- Generate from docs + QMD-indexed content. T2/T3 confidence only. `source_authority: community`.
96
+ ```
97
+ @Ferris BS
98
+ # When asked for target, provide documentation URLs:
99
+ # https://docs.cognee.ai/
100
+ # Ferris sets source_type: "docs-only" and collects doc_urls
101
+ @Ferris CS
102
+ # step-03 skips (no source), step-03c fetches docs via doc_fetcher
103
+ # All content is T3 [EXT:url] confidence. source_authority: community
104
+ ```
105
+
106
+ The brief's `doc_urls` field drives the doc_fetcher step. The agent uses whatever web fetching tool is available in its environment (Firecrawl, WebFetch, curl, etc.) to retrieve documentation as markdown and extract API information with T3 citations.
97
107
 
98
108
  ---
99
109
 
@@ -139,6 +149,7 @@ Quick mode reads source without AST analysis. Install ast-grep to upgrade to For
139
149
 
140
150
  - Run `/bmad-help` — analyzes your current state and suggests what to do next
141
151
  (e.g. `/bmad-help my batch creation failed halfway, how do I resume?`)
152
+ *Provided by the [BMad Method](https://github.com/bmad-code-org/BMAD-METHOD) — not available in standalone SKF installations.*
142
153
  - Run `@Ferris SF` to check your current tier and tool availability
143
- - Review `forge-config.yaml` for runtime configuration
154
+ - Review `forge-tier.yaml` in your forger sidecar for runtime configuration
144
155
  - Check module configuration in your BMAD settings
@@ -22,11 +22,9 @@ There are three ways to install SKF, depending on your setup.
22
22
  ### Standalone (recommended for trying SKF)
23
23
 
24
24
  ```bash
25
- npx skill-forge install
25
+ npx bmad-module-skill-forge install
26
26
  ```
27
27
 
28
- Or equivalently: `npx bmad-module-skill-forge install`
29
-
30
28
  Installs SKF on its own. You'll be prompted for project name, output folders, and which IDEs to configure. The installer generates IDE-specific command files (e.g. `.claude/commands/`, `.cursor/commands/`) so workflows appear in your IDE's command palette.
31
29
 
32
30
  ### As a custom module during BMad Method installation
@@ -48,7 +46,7 @@ This installs BMad core + SKF together with full IDE integration, manifests, and
48
46
  If you already have BMad installed, you can add SKF afterward by running the standalone installer in the same directory:
49
47
 
50
48
  ```bash
51
- npx skill-forge install
49
+ npx bmad-module-skill-forge install
52
50
  ```
53
51
 
54
52
  The installer detects the existing `_bmad/` directory and installs SKF alongside your current modules.
@@ -57,13 +55,16 @@ The installer detects the existing `_bmad/` directory and installs SKF alongside
57
55
 
58
56
  ## Prerequisites
59
57
 
60
- | Tool | Required For | Install |
61
- |------------------------------------------------------------------------|--------------------|-----------------------------|
62
- | `gh` (GitHub CLI) | All modes | <https://cli.github.com> |
63
- | `ast-grep` (CLI tool for code structural search, lint, and rewriting) | Forge + Deep modes | <https://ast-grep.github.io> |
64
- | `qmd` (local hybrid search engine for markdown) | Deep mode | <https://github.com/tobi/qmd> |
58
+ | Tool | Required For | Install |
59
+ |------------------------------------------------------------------------|----------------------------|--------------------------------------------------------|
60
+ | [Node.js](https://nodejs.org/) >= 22 | Installation, npx commands | <https://nodejs.org> |
61
+ | `gh` (GitHub CLI) | All modes | <https://cli.github.com> |
62
+ | `ast-grep` (CLI tool for code structural search, lint, and rewriting) | Forge + Deep modes | <https://ast-grep.github.io> |
63
+ | `ast-grep` MCP server (recommended alongside CLI) | Forge + Deep modes | <https://github.com/ast-grep/ast-grep-mcp> |
64
+ | `qmd` (local hybrid search engine for project files) | Deep mode | <https://github.com/tobi/qmd> |
65
+ | `SNYK_TOKEN` (Snyk API token — **Enterprise plan required**) | Optional security scan | <https://docs.snyk.io/snyk-api/authentication-for-api> |
65
66
 
66
- Don't worry if you don't have all tools — SKF detects what's available and sets your tier automatically.
67
+ Don't worry if you don't have all tools — SKF detects what's available and sets your tier automatically. Security scanning via Snyk is optional and requires an Enterprise plan; it does not affect your tier level.
67
68
 
68
69
  ---
69
70
 
@@ -148,13 +149,13 @@ Analyze Source scans the project, identifies skillable units, maps exports, and
148
149
 
149
150
  ### I want the highest accuracy possible
150
151
 
151
- Quick mode reads source files. Forge mode adds AST parsing for structural truth. Deep mode goes further — QMD indexes your project's markdown (docs, changelogs, issues, migration guides) into searchable collections, then uses BM25 keyword search, vector semantic search, and LLM-powered re-ranking to surface context no other tool can find.
152
+ Quick mode reads source files. Forge mode adds AST parsing for structural truth. Deep mode goes further — as skills are compiled, SKF indexes curated extraction artifacts and skill briefs into QMD collections, then uses BM25 keyword search, vector semantic search, and LLM-powered re-ranking to surface context no other tool can find.
152
153
 
153
154
  ```
154
155
  @Ferris SF # Setup detects your tools and sets tier automatically
155
156
  ```
156
157
 
157
- If `ast-grep` and `qmd` are available, Ferris activates Deep mode. Every skill gets AST-verified signatures (T1) enriched with deep knowledge search (T2) — deprecation warnings, breaking change history, common pitfalls surfaced by hybrid search across your indexed documentation.
158
+ If `ast-grep` and `qmd` are available, Ferris activates Deep mode. Every skill gets AST-verified signatures (T1) enriched with deep knowledge search (T2) — deprecation warnings, breaking change history, common pitfalls surfaced by searching across your indexed skill artifacts.
158
159
 
159
160
  ### I maintain an OSS library and want official skills
160
161
 
@@ -194,5 +195,6 @@ Your existing skill is now out of date. Audit detects the drift, Update regenera
194
195
  If you run into issues:
195
196
  1. Run `/bmad-help` — analyzes your current state and suggests what to do next
196
197
  (e.g. `/bmad-help my quick skill has low confidence scores, how do I improve them?`)
198
+ *Provided by the [BMad Method](https://github.com/bmad-code-org/BMAD-METHOD) — not available in standalone SKF installations.*
197
199
  2. Run `@Ferris SF` to check your tool availability and tier
198
- 3. Check `forge-config.yaml` for your current configuration
200
+ 3. Check `forge-tier.yaml` in your forger sidecar for your current configuration
package/docs/index.md CHANGED
@@ -26,10 +26,12 @@ Skill Forge is an automated skill compiler for the AI agent ecosystem. It transf
26
26
 
27
27
  ## Quick Install
28
28
 
29
+ Requires [Node.js](https://nodejs.org/) >= 22.
30
+
29
31
  **Standalone:**
30
32
 
31
33
  ```bash
32
- npx skill-forge install
34
+ npx bmad-module-skill-forge install
33
35
  ```
34
36
 
35
37
  **Or as a custom module with BMad Method** (for the full development workflow):
package/docs/workflows.md CHANGED
@@ -15,11 +15,11 @@ SKF includes 10 workflows organized by purpose:
15
15
 
16
16
  **Command:** `@Ferris SF`
17
17
 
18
- **Purpose:** Initialize forge environment, detect tools, set capability tier, auto-index project.
18
+ **Purpose:** Initialize forge environment, detect tools, set capability tier, verify QMD collection health.
19
19
 
20
20
  **When to Use:** First time using SKF in a project. Run once per project.
21
21
 
22
- **Key Steps:** Detect tools → Determine tier → Create forge-config.yaml → Auto-index (Deep)
22
+ **Key Steps:** Detect tools → Determine tier → Write forge-tier.yaml → QMD hygiene (Deep)
23
23
 
24
24
  **Agent:** Ferris (Architect mode)
25
25
 
package/package.json CHANGED
@@ -1,14 +1,17 @@
1
1
  {
2
2
  "$schema": "https://json.schemastore.org/package.json",
3
3
  "name": "bmad-module-skill-forge",
4
- "version": "0.2.0",
4
+ "version": "0.3.0",
5
5
  "description": "BMAD module — AST-verified, provenance-backed agent skills compiler with progressive capability tiers (Quick/Forge/Deep)",
6
6
  "keywords": [
7
7
  "bmad",
8
+ "bmad-method",
9
+ "bmad-module",
8
10
  "agent-skills",
9
11
  "agentskills",
10
12
  "skill-forge",
11
13
  "ast-grep",
14
+ "qmd",
12
15
  "provenance",
13
16
  "code-analysis"
14
17
  ],
@@ -20,8 +23,7 @@
20
23
  "author": "armelhbobdad",
21
24
  "main": "tools/cli/skf-cli.js",
22
25
  "bin": {
23
- "bmad-module-skill-forge": "tools/skf-npx-wrapper.js",
24
- "skill-forge": "tools/skf-npx-wrapper.js"
26
+ "bmad-module-skill-forge": "tools/skf-npx-wrapper.js"
25
27
  },
26
28
  "scripts": {
27
29
  "docs:build": "node tools/build-docs.js",
@@ -8,6 +8,6 @@ tools:
8
8
  qmd: ~
9
9
 
10
10
  # Capability tier (derived from tool availability)
11
- # Quick = no tools | Forge = ast-grep | Deep = ast-grep + gh + qmd
11
+ # Quick = no tools required | Forge = + ast-grep | Deep = + ast-grep + gh + QMD
12
12
  tier: ~
13
13
  tier_detected_at: ~
@@ -1,5 +1,12 @@
1
1
  # Ferris Sidecar: User Preferences
2
- # Written by setup-forge workflow on first run
2
+ # Created by setup-forge workflow on first run
3
+ # Edit this file to customize Ferris behavior
4
+
5
+ # Override detected tier (set to Quick, Forge, or Deep to force a tier)
6
+ tier_override: ~
7
+
8
+ # Passive context injection (set to false to skip snippet generation and CLAUDE.md updates during export)
9
+ passive_context: true
3
10
 
4
11
  # Language defaults
5
12
  output_language: ~
@@ -0,0 +1,55 @@
1
+ # Doc Fetcher
2
+
3
+ ## Purpose
4
+
5
+ T3 external documentation fetching retrieves content from URLs specified in the extraction brief. It serves as the primary extraction source in Scenario D (docs-only, SaaS, closed-source) where no source code is available, and as a supplemental source when a brief includes `doc_urls` alongside a source repository.
6
+
7
+ ## Tool-Agnostic Principle
8
+
9
+ `doc_fetcher` is not a wrapper around any specific CLI tool. The LLM agent uses whatever web fetching capability is available in its environment — Firecrawl MCP, WebFetch, curl, browser automation tools, or any other URL retrieval mechanism. The extraction workflow never assumes a particular fetching tool exists; it discovers available capabilities at runtime and uses the best option present.
10
+
11
+ ## T3 Quarantine Rules
12
+
13
+ All content obtained through doc fetching is classified as **external, untrusted** and subject to quarantine constraints:
14
+
15
+ 1. **Citation format** — every doc-fetched claim uses `[EXT:{url}]` citation format
16
+ 2. **Conflict resolution priority** — T3 has the lowest priority: `T1 > T2 > source reading > T3`
17
+ 3. **Source authority cap** — T3 content forces `source_authority: community` in metadata; it never qualifies as `official`
18
+ 4. **No structural claims** — T3 cannot assert verified signatures or line-level precision
19
+
20
+ ## When to Use
21
+
22
+ | Scenario | Role | Example |
23
+ | --- | --- | --- |
24
+ | Scenario D — docs-only / SaaS / closed-source | **Primary source** | Stripe API, Twilio SDK docs |
25
+ | Brief includes `doc_urls` alongside source repo | **Supplemental enrichment** | README links, hosted API reference |
26
+
27
+ When used as supplemental enrichment, T3 content adds context but never overrides T1 or T1-low claims extracted from the actual source code.
28
+
29
+ ## Security Considerations
30
+
31
+ - URLs specified in the brief are transmitted to external services for content extraction — the agent must inform the user which URLs will be fetched before initiating retrieval
32
+ - Fetched content should not be trusted as authoritative; it may be outdated, modified, or incorrect
33
+ - The agent should not follow redirects to unexpected domains without user confirmation
34
+
35
+ ## Interaction with Other Tiers
36
+
37
+ - **T3 never replaces T1 (AST) or T2 (QMD)** content for the same export — quarantine rules enforce this
38
+ - **Deep tier**: T3 content can be enriched by QMD (T2 annotations layered onto a T3 base), producing richer output while preserving the T3 confidence label on the base claim
39
+ - **Forge tier**: T3 content exists alongside T1 AST content; T1 takes precedence for any overlapping claims
40
+ - **Quick tier**: T3 may be the only external enrichment available, but T1-low source-read claims still outrank it
41
+
42
+ ## Anti-Patterns
43
+
44
+ - Citing doc-fetched content with `[AST:...]` or `[SRC:...]` format — always use `[EXT:{url}]`
45
+ - Promoting T3 claims to `source_authority: official` regardless of the documentation source
46
+ - Fetching URLs without informing the user which external services will be contacted
47
+ - Using T3 content to override a contradicting T1 or T1-low extraction
48
+
49
+ ## Related Fragments
50
+
51
+ - [confidence-tiers.md](confidence-tiers.md) — tier definitions, citation formats, and precedence rules
52
+ - [progressive-capability.md](progressive-capability.md) — how capability tiers determine available extraction methods
53
+ - [zero-hallucination.md](zero-hallucination.md) — the foundational principle that T3 quarantine enforces
54
+
55
+ _Source: consolidated from extraction brief schema, create-skill Scenario D handling, and confidence tier conflict resolution rules_
@@ -20,15 +20,16 @@ With knowledge files:
20
20
 
21
21
  ## Knowledge Map
22
22
 
23
- | File | Purpose | Key Workflows |
24
- | --- | --- | --- |
25
- | [zero-hallucination.md](zero-hallucination.md) | Every claim traces to source; uncitable content excluded | AN, BS, CS, QS, SS, US, AS, TS |
26
- | [confidence-tiers.md](confidence-tiers.md) | T1/T1-low/T2/T3 trust model and citation formats | AN, BS, CS, QS, SS, US, AS, TS, EX |
27
- | [progressive-capability.md](progressive-capability.md) | Quick/Forge/Deep tier philosophy and behavior adaptation | All 10 |
28
- | [agentskills-spec.md](agentskills-spec.md) | agentskills.io output format principles and compliance | CS, QS, SS, US, TS, EX |
29
- | [skill-lifecycle.md](skill-lifecycle.md) | End-to-end pipeline, artifact flow, workflow selection | All 10 |
30
- | [provenance-tracking.md](provenance-tracking.md) | Provenance-map.json, evidence reports, claim traceability | CS, QS, SS, US, AS, TS |
31
- | [manual-section-integrity.md](manual-section-integrity.md) | \[MANUAL\] marker preservation and merge algorithm | CS, US, AS, TS, EX |
23
+ | File | Purpose | Key Workflows |
24
+ |------------------------------------------------------------|-------------------------------------------------------------------|------------------------------------|
25
+ | [zero-hallucination.md](zero-hallucination.md) | Every claim traces to source; uncitable content excluded | AN, BS, CS, QS, SS, US, AS, TS |
26
+ | [confidence-tiers.md](confidence-tiers.md) | T1/T1-low/T2/T3 trust model and citation formats | AN, BS, CS, QS, SS, US, AS, TS, EX |
27
+ | [progressive-capability.md](progressive-capability.md) | Quick/Forge/Deep tier philosophy and behavior adaptation | All 10 |
28
+ | [agentskills-spec.md](agentskills-spec.md) | agentskills.io output format principles and compliance | CS, QS, SS, US, TS, EX |
29
+ | [skill-lifecycle.md](skill-lifecycle.md) | End-to-end pipeline, artifact flow, workflow selection | All 10 |
30
+ | [provenance-tracking.md](provenance-tracking.md) | Provenance-map.json, evidence reports, claim traceability | CS, QS, SS, US, AS, TS |
31
+ | [manual-section-integrity.md](manual-section-integrity.md) | \[MANUAL\] marker preservation and merge algorithm | CS, US, AS, TS, EX |
32
+ | [qmd-registry.md](qmd-registry.md) | Progressive QMD collection registry and collection gate principle | SF, BS, CS, US, AS |
32
33
 
33
34
  ## JiT Loading Protocol
34
35
 
@@ -39,13 +40,13 @@ With knowledge files:
39
40
 
40
41
  ## Knowledge vs. Data
41
42
 
42
- | Aspect | Knowledge Files (`knowledge/`) | Data Files (`data/`) |
43
- | --- | --- | --- |
44
- | Scope | Cross-cutting, multi-workflow | Single workflow, single step |
45
- | Content | Principles, patterns, judgment rules | Schemas, templates, scoring formulas |
46
- | Loading | JiT via index lookup | JiT via step instruction |
47
- | Examples | Zero hallucination, confidence tiers | skill-brief-schema.md, scoring-rules.md |
48
- | Stability | Rarely changes | Changes with workflow evolution |
43
+ | Aspect | Knowledge Files (`knowledge/`) | Data Files (`data/`) |
44
+ |-----------|--------------------------------------|-----------------------------------------|
45
+ | Scope | Cross-cutting, multi-workflow | Single workflow, single step |
46
+ | Content | Principles, patterns, judgment rules | Schemas, templates, scoring formulas |
47
+ | Loading | JiT via index lookup | JiT via step instruction |
48
+ | Examples | Zero hallucination, confidence tiers | skill-brief-schema.md, scoring-rules.md |
49
+ | Stability | Rarely changes | Changes with workflow evolution |
49
50
 
50
51
  ## Related Fragments
51
52