bmad-module-skill-forge 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/README.md +3 -2
  2. package/docs/agents.md +3 -0
  3. package/docs/concepts.md +24 -6
  4. package/docs/examples.md +31 -2
  5. package/docs/getting-started.md +11 -0
  6. package/docs/{architecture.md → how-it-works.md} +49 -25
  7. package/docs/index.md +2 -2
  8. package/docs/workflows.md +6 -6
  9. package/package.json +2 -2
  10. package/src/agents/forger.agent.yaml +1 -1
  11. package/src/forger/forge-tier.yaml +17 -1
  12. package/src/forger/preferences.yaml +1 -1
  13. package/src/knowledge/agentskills-spec.md +25 -0
  14. package/src/knowledge/ccc-bridge.md +110 -0
  15. package/src/knowledge/confidence-tiers.md +3 -3
  16. package/src/knowledge/manual-section-integrity.md +8 -0
  17. package/src/knowledge/overview.md +4 -2
  18. package/src/knowledge/progressive-capability.md +12 -4
  19. package/src/knowledge/provenance-tracking.md +13 -0
  20. package/src/knowledge/qmd-registry.md +14 -0
  21. package/src/knowledge/skf-knowledge-index.csv +5 -3
  22. package/src/knowledge/skill-lifecycle.md +2 -2
  23. package/src/knowledge/split-body-strategy.md +41 -0
  24. package/src/module-help.csv +1 -1
  25. package/src/module.yaml +1 -1
  26. package/src/workflows/README.md +1 -1
  27. package/src/workflows/analyze-source/data/skill-brief-schema.md +3 -1
  28. package/src/workflows/analyze-source/data/unit-detection-heuristics.md +27 -0
  29. package/src/workflows/analyze-source/steps-c/step-01-init.md +2 -2
  30. package/src/workflows/analyze-source/steps-c/step-02-scan-project.md +1 -1
  31. package/src/workflows/analyze-source/steps-c/step-03-identify-units.md +1 -1
  32. package/src/workflows/analyze-source/steps-c/step-04-map-and-detect.md +9 -4
  33. package/src/workflows/analyze-source/steps-c/step-05-recommend.md +1 -1
  34. package/src/workflows/analyze-source/steps-c/step-06-generate-briefs.md +1 -1
  35. package/src/workflows/analyze-source/validation-report.md +2 -2
  36. package/src/workflows/analyze-source/workflow-plan-analyze-source.md +1 -1
  37. package/src/workflows/audit-skill/data/drift-report-template.md +6 -6
  38. package/src/workflows/audit-skill/steps-c/step-01-init.md +4 -2
  39. package/src/workflows/audit-skill/steps-c/step-02-re-index.md +18 -1
  40. package/src/workflows/audit-skill/steps-c/step-03-structural-diff.md +14 -0
  41. package/src/workflows/audit-skill/steps-c/step-04-semantic-diff.md +5 -5
  42. package/src/workflows/audit-skill/validation-report.md +3 -3
  43. package/src/workflows/audit-skill/workflow-plan-audit-skill.md +2 -2
  44. package/src/workflows/audit-skill/workflow.md +1 -1
  45. package/src/workflows/brief-skill/data/scope-templates.md +4 -0
  46. package/src/workflows/brief-skill/data/skill-brief-schema.md +7 -3
  47. package/src/workflows/brief-skill/steps-c/step-01-gather-intent.md +3 -3
  48. package/src/workflows/brief-skill/steps-c/step-02-analyze-target.md +15 -0
  49. package/src/workflows/brief-skill/steps-c/step-03-scope-definition.md +12 -0
  50. package/src/workflows/create-skill/data/compile-assembly-rules.md +43 -2
  51. package/src/workflows/create-skill/data/extraction-patterns-tracing.md +110 -0
  52. package/src/workflows/create-skill/data/extraction-patterns.md +41 -39
  53. package/src/workflows/create-skill/data/skill-sections.md +31 -5
  54. package/src/workflows/create-skill/steps-c/step-01-load-brief.md +5 -3
  55. package/src/workflows/create-skill/steps-c/step-02-ecosystem-check.md +2 -2
  56. package/src/workflows/create-skill/steps-c/step-02b-ccc-discover.md +157 -0
  57. package/src/workflows/create-skill/steps-c/step-03-extract.md +32 -2
  58. package/src/workflows/create-skill/steps-c/step-03b-fetch-temporal.md +5 -5
  59. package/src/workflows/create-skill/steps-c/step-04-enrich.md +8 -8
  60. package/src/workflows/create-skill/steps-c/step-05-compile.md +6 -2
  61. package/src/workflows/create-skill/steps-c/step-06-validate.md +8 -9
  62. package/src/workflows/create-skill/steps-c/step-07-generate-artifacts.md +46 -1
  63. package/src/workflows/create-skill/steps-c/step-08-report.md +1 -0
  64. package/src/workflows/create-skill/validation-report.md +1 -1
  65. package/src/workflows/create-skill/workflow-plan-create-skill.md +4 -2
  66. package/src/workflows/create-skill/workflow.md +1 -1
  67. package/src/workflows/create-stack-skill/data/stack-skill-template.md +1 -1
  68. package/src/workflows/create-stack-skill/steps-c/step-01-init.md +3 -2
  69. package/src/workflows/create-stack-skill/steps-c/step-05-detect-integrations.md +10 -0
  70. package/src/workflows/create-stack-skill/steps-c/step-06-compile-stack.md +2 -2
  71. package/src/workflows/create-stack-skill/steps-c/step-08-validate.md +1 -1
  72. package/src/workflows/create-stack-skill/validation-report.md +1 -1
  73. package/src/workflows/create-stack-skill/workflow-plan-create-stack-skill.md +2 -2
  74. package/src/workflows/create-stack-skill/workflow.md +1 -1
  75. package/src/workflows/export-skill/data/snippet-format.md +1 -1
  76. package/src/workflows/export-skill/steps-c/step-01-load-skill.md +1 -1
  77. package/src/workflows/export-skill/steps-c/step-02-package.md +8 -4
  78. package/src/workflows/export-skill/steps-c/step-03-generate-snippet.md +3 -1
  79. package/src/workflows/export-skill/workflow-plan-export-skill.md +1 -1
  80. package/src/workflows/quick-skill/data/skill-template.md +8 -0
  81. package/src/workflows/quick-skill/steps-c/step-02-ecosystem-check.md +1 -3
  82. package/src/workflows/quick-skill/steps-c/step-04-compile.md +3 -2
  83. package/src/workflows/setup-forge/data/tier-rules.md +16 -6
  84. package/src/workflows/setup-forge/steps-c/step-01-detect-and-tier.md +32 -15
  85. package/src/workflows/setup-forge/steps-c/step-01b-ccc-index.md +148 -0
  86. package/src/workflows/setup-forge/steps-c/step-02-write-config.md +24 -6
  87. package/src/workflows/setup-forge/steps-c/step-03-auto-index.md +29 -6
  88. package/src/workflows/setup-forge/steps-c/step-04-report.md +14 -2
  89. package/src/workflows/setup-forge/validation-report.md +1 -1
  90. package/src/workflows/setup-forge/workflow-plan-setup-forge.md +11 -9
  91. package/src/workflows/setup-forge/workflow.md +1 -1
  92. package/src/workflows/test-skill/data/scoring-rules.md +14 -0
  93. package/src/workflows/test-skill/steps-c/step-01-init.md +2 -2
  94. package/src/workflows/test-skill/steps-c/step-03-coverage-check.md +3 -1
  95. package/src/workflows/test-skill/steps-c/step-04-coherence-check.md +4 -1
  96. package/src/workflows/test-skill/steps-c/step-04b-external-validators.md +7 -3
  97. package/src/workflows/test-skill/steps-c/step-05-score.md +1 -1
  98. package/src/workflows/test-skill/steps-c/step-06-report.md +27 -0
  99. package/src/workflows/test-skill/templates/test-report-template.md +3 -0
  100. package/src/workflows/test-skill/validation-report.md +2 -2
  101. package/src/workflows/test-skill/workflow-plan-test-skill.md +2 -2
  102. package/src/workflows/update-skill/steps-c/step-01-init.md +3 -2
  103. package/src/workflows/update-skill/steps-c/step-02-detect-changes.md +11 -0
  104. package/src/workflows/update-skill/steps-c/step-03-re-extract.md +19 -2
  105. package/src/workflows/update-skill/steps-c/step-04-merge.md +8 -0
  106. package/src/workflows/update-skill/steps-c/step-05-validate.md +1 -1
  107. package/src/workflows/update-skill/steps-c/step-06-write.md +7 -2
  108. package/src/workflows/update-skill/validation-report.md +1 -1
  109. package/src/workflows/update-skill/workflow-plan-update-skill.md +1 -1
  110. package/tools/cli/commands/status.js +2 -1
package/README.md CHANGED
@@ -89,7 +89,7 @@ See the [workflows docs](https://armelhbobdad.github.io/bmad-module-skill-forge/
89
89
 
90
90
  - **[Getting Started](https://armelhbobdad.github.io/bmad-module-skill-forge/getting-started/)** — Installation, prerequisites, and your first skill
91
91
  - **[Concepts](https://armelhbobdad.github.io/bmad-module-skill-forge/concepts/)** — Plain-English definitions of all key terms
92
- - **[How It Works](https://armelhbobdad.github.io/bmad-module-skill-forge/architecture/)** — Architecture, capability tiers, output format, and design decisions
92
+ - **[How It Works](https://armelhbobdad.github.io/bmad-module-skill-forge/how-it-works/)** — Architecture, capability tiers, output format, and design decisions
93
93
  - **[Workflows](https://armelhbobdad.github.io/bmad-module-skill-forge/workflows/)** — All 10 workflows with commands and connection diagrams
94
94
  - **[Agents](https://armelhbobdad.github.io/bmad-module-skill-forge/agents/)** — Ferris: the AI agent that runs all SKF workflows
95
95
  - **[Examples](https://armelhbobdad.github.io/bmad-module-skill-forge/examples/)** — Real-world scenarios, tips, and troubleshooting
@@ -102,8 +102,9 @@ SKF builds on these excellent open-source tools:
102
102
  |--------------------------------------------------------------|--------------------------------------------------------------------|
103
103
  | [agentskills.io](https://github.com/agentskills/agentskills) | Skill specification and ecosystem standard |
104
104
  | [GitHub CLI](https://cli.github.com/) | Source code access and repository intelligence (all tiers) |
105
- | [ast-grep](https://github.com/ast-grep/ast-grep) | AST-based structural code extraction (Forge/Deep tiers) |
105
+ | [ast-grep](https://github.com/ast-grep/ast-grep) | AST-based structural code extraction (Forge/Forge+/Deep tiers) |
106
106
  | [ast-grep MCP](https://github.com/ast-grep/ast-grep-mcp) | MCP server for memory-efficient AST queries (recommended) |
107
+ | [cocoindex-code](https://github.com/cocoindex-io/cocoindex-code) | Semantic code search and file discovery pre-ranking (Forge+ tier) |
107
108
  | [QMD](https://github.com/tobi/qmd) | Local hybrid search engine for knowledge indexing (Deep tier) |
108
109
  | [skill-check](https://github.com/thedaviddias/skill-check) | Skill validation, auto-fix, quality scoring, and security scanning |
109
110
  | [Snyk Agent Scan](https://github.com/snyk/agent-scan) | Security scanning for prompt injection and data exposure (optional) |
package/docs/agents.md CHANGED
@@ -22,10 +22,13 @@ Ferris handles all SKF workflows. You always interact with Ferris — he switche
22
22
 
23
23
  **Key Capabilities:**
24
24
  - AST analysis via ast-grep for structural truth
25
+ - Semantic code discovery via cocoindex-code for intelligent file pre-ranking
25
26
  - QMD knowledge search for temporal context and evidence
26
27
  - agentskills.io specification compliance and validation
27
28
  - GitHub source navigation and package-to-repo resolution
28
29
  - Cross-knowledge synthesis for stack skills and integration patterns
30
+ - Skill authoring best practices enforcement (third-person voice, consistent terminology, discovery optimization)
31
+ - Source-derived scripts and assets extraction with provenance tracking
29
32
 
30
33
  **Workflow-Driven Modes:**
31
34
 
package/docs/concepts.md CHANGED
@@ -31,27 +31,29 @@ Provenance means every instruction in a skill traces back to where it came from.
31
31
 
32
32
  ---
33
33
 
34
- ## Confidence Tiers (T1/T2/T3)
34
+ ## Confidence Tiers (T1/T1-low/T2/T3)
35
35
 
36
36
  Each piece of information in a skill carries a confidence level based on where it came from:
37
37
 
38
38
  - **T1 — AST extraction:** Pulled directly from source code via AST parsing. This is structural truth — the function signature actually exists in the code right now.
39
+ - **T1-low — Source reading:** Found by reading source files directly without AST parsing. The location is correct but the type signature may be inferred. Produced by Quick tier and by Forge/Deep when ast-grep cannot parse a specific file.
39
40
  - **T2 — Evidence:** Found in issues, PRs, changelogs, or documentation within the repository. Reliable context, but not as definitive as code.
40
41
  - **T3 — External:** Pulled from external documentation or websites. Treated with caution and clearly marked.
41
42
 
42
- **Example:** A function signature is T1. A deprecation warning from a closed GitHub issue is T2. A usage example from a blog post is T3.
43
+ **Example:** A function signature is T1. A source-read export without AST verification is T1-low. A deprecation warning from a closed GitHub issue is T2. A usage example from a blog post is T3.
43
44
 
44
45
  ---
45
46
 
46
- ## Capability Tiers (Quick/Forge/Deep)
47
+ ## Capability Tiers (Quick/Forge/Forge+/Deep)
47
48
 
48
49
  Your capability tier depends on which tools you have installed. Each tier builds on the previous one:
49
50
 
50
- - **Quick** — GitHub CLI only. SKF reads source files and builds best-effort skills. Works in under a minute.
51
+ - **Quick** — No tools required. SKF reads source files and builds best-effort skills. Works in under a minute. GitHub CLI used when available.
51
52
  - **Forge** — Adds [ast-grep](https://ast-grep.github.io). SKF uses AST parsing for structural truth. Instructions are verified against the actual code structure.
52
- - **Deep** — Adds [QMD](https://github.com/tobi/qmd). SKF indexes knowledge for semantic search. Skills get enriched with historical context, deprecation warnings, and cross-reference intelligence.
53
+ - **Forge+** — Adds [cocoindex-code](https://github.com/cocoindex-io/cocoindex-code). SKF uses semantic code search to discover relevant source regions before AST extraction, improving coverage on large codebases.
54
+ - **Deep** — Adds [GitHub CLI](https://cli.github.com) + [QMD](https://github.com/tobi/qmd). Requires ast-grep, gh, and QMD. SKF indexes knowledge for semantic search and performs GitHub repository exploration. Skills get enriched with historical context, deprecation warnings, and cross-reference intelligence.
53
55
 
54
- You don't need all tools to start. SKF detects what you have and sets your tier automatically. See [How It Works](../architecture.md) for the full technical treatment.
56
+ You don't need all tools to start. SKF detects what you have and sets your tier automatically. See [How It Works](../how-it-works.md) for the full technical treatment.
55
57
 
56
58
  ---
57
59
 
@@ -94,3 +96,19 @@ Ferris switches between four modes depending on which workflow is active: Archit
94
96
  SKF's core principle: if an instruction can't be traced back to actual source code, it doesn't get included in the skill. This is the opposite of how most AI tools work — they generate plausible-sounding content from training data. SKF only includes what it can verify.
95
97
 
96
98
  This doesn't mean skills are perfect. Quick-tier skills read source files without AST verification, so they rely on best-effort extraction. But even Quick skills cite their sources, and no tier includes invented information.
99
+
100
+ ---
101
+
102
+ ## Scripts & Assets
103
+
104
+ Skills can include executable scripts and static assets alongside the main SKILL.md instructions. Scripts handle deterministic operations (validation, setup, data processing) while assets provide templates, schemas, and configuration examples. Both are extracted from the source repository with provenance tracking — SKF copies them, it doesn't fabricate them.
105
+
106
+ **Example:** A database library skill might include `scripts/migrate.sh` (copied from the library's `bin/` directory) and `assets/config-schema.json` (copied from the library's `schemas/` directory). Each file carries a `[SRC:file:L1]` citation and SHA-256 hash for drift detection.
107
+
108
+ ---
109
+
110
+ ## Best Practices
111
+
112
+ SKF integrates skill authoring best practices from the Claude platform and community guidelines. Generated skills use third-person descriptions for reliable agent discovery, consistent terminology throughout, and appropriate degrees of freedom (prescriptive for fragile operations like database migrations, flexible for creative tasks like code reviews). These practices are enforced during compilation and verified during testing.
113
+
114
+ **Example:** A skill description reads "Processes payments via REST API with token-based auth. NOT for: billing dashboards" — third-person voice, specific keywords, and negative triggers help agents select the right skill.
package/docs/examples.md CHANGED
@@ -44,7 +44,25 @@ Provenance tags trace each instruction to its source:
44
44
  - `[EXT:url]` — sourced from external documentation
45
45
  - `[QMD:collection:doc]` — surfaced from indexed developer discourse (issues, PRs, changelogs)
46
46
 
47
- See [How It Works](../architecture.md) for the full output structure.
47
+ See [How It Works](../how-it-works.md) for the full output structure.
48
+
49
+ **Full skill directory structure:**
50
+
51
+ ```
52
+ skills/cognee/
53
+ ├── SKILL.md # What your agent reads
54
+ ├── context-snippet.md # Compressed index for CLAUDE.md
55
+ ├── metadata.json # Machine-readable provenance
56
+ ├── references/ # Progressive disclosure detail
57
+ │ ├── api-core.md
58
+ │ └── graph-types.md
59
+ ├── scripts/ # Executable utilities (when detected)
60
+ │ └── setup-graphdb.sh
61
+ └── assets/ # Templates and schemas (when detected)
62
+ └── config-schema.json
63
+ ```
64
+
65
+ The `scripts/` and `assets/` directories appear only when the source repository contains them. Each file traces back to its source with provenance citations and SHA-256 hashes.
48
66
 
49
67
  ---
50
68
 
@@ -150,7 +168,7 @@ The brief's `doc_urls` field drives the doc_fetcher step. The agent uses whateve
150
168
 
151
169
  ### Progressive Capability
152
170
 
153
- Start with Quick mode (no setup required), upgrade to Forge (install ast-grep), then Deep (install QMD). Each tier builds on the previous — you never lose capability.
171
+ Start with Quick mode (no setup required), upgrade to Forge (install ast-grep), then Forge+ (install cocoindex-code for semantic discovery), then Deep (install QMD). Each tier builds on the previous — you never lose capability.
154
172
 
155
173
  ### Batch Operations
156
174
 
@@ -164,6 +182,14 @@ Stack skills focus on integration patterns. Individual skills focus on API surfa
164
182
 
165
183
  After each sprint's refactor, run `@Ferris US` to regenerate changed components. Export updates CLAUDE.md automatically. Skill generation becomes routine — like running tests.
166
184
 
185
+ ### Best Practices Built In
186
+
187
+ Generated skills automatically follow authoring best practices: third-person descriptions for reliable agent discovery, consistent terminology, degrees-of-freedom matching (prescriptive for fragile operations, flexible for creative tasks), and table-of-contents headers in large reference files. Discovery testing recommendations are included in test reports.
188
+
189
+ ### Scripts & Assets
190
+
191
+ If your source repo includes executable scripts (`scripts/`, `bin/`) or static assets (`templates/`, `schemas/`), SKF detects and packages them automatically with provenance tracking. Custom scripts you add to `scripts/[MANUAL]/` are preserved during updates — just like `<!-- [MANUAL] -->` markers in SKILL.md.
192
+
167
193
  ---
168
194
 
169
195
  ## Troubleshooting
@@ -182,6 +208,9 @@ An official skill already exists for this package. Consider installing it with `
182
208
  **Quick mode skills have lower confidence**
183
209
  Quick mode reads source without AST analysis. Install ast-grep to upgrade to Forge mode for structural truth (T1 confidence).
184
210
 
211
+ **Want semantic discovery for large codebases?**
212
+ Install [cocoindex-code](https://github.com/cocoindex-io/cocoindex-code) to unlock Forge+ mode. CCC indexes your codebase and pre-ranks files by semantic relevance before AST extraction, improving coverage on projects with 500+ files.
213
+
185
214
  ---
186
215
 
187
216
  ## Getting More Help
@@ -194,6 +194,17 @@ Your existing skill is now out of date. Audit detects the drift, Update regenera
194
194
  @Ferris TS # Verify the update
195
195
  ```
196
196
 
197
+ ### I want scripts and assets included in my skills
198
+
199
+ Your source repo has CLI tools, setup scripts, or config templates that agents should use. SKF detects and packages them automatically.
200
+
201
+ ```
202
+ @Ferris BS # Brief — set scripts_intent: detect
203
+ @Ferris CS # Create — scripts/ and assets/ auto-detected
204
+ ```
205
+
206
+ Scripts from `scripts/`, `bin/`, and `tools/` directories are copied with provenance. Config templates and schemas from `assets/`, `templates/`, and `schemas/` are included. Custom files you add to `scripts/[MANUAL]/` survive updates.
207
+
197
208
  ---
198
209
 
199
210
  ## What's Next?
@@ -35,7 +35,7 @@ Each workflow directory contains these files, and each has a specific job:
35
35
  | `data/*.md` | Workflow-specific reference data — schemas, heuristics, rules, patterns | Read by steps on demand |
36
36
  | `templates/*.md` | Output skeletons with placeholder vars — steps fill these in to produce the final artifact | Read by steps when generating output |
37
37
  | `skf-knowledge-index.csv` | Knowledge fragment index — id, name, tags, tier, file path | Read by steps to decide which fragments to load |
38
- | `knowledge/*.md` | 10 reusable fragments — cross-cutting principles and patterns (e.g., `zero-hallucination.md`, `confidence-tiers.md`) | Selectively read into context when a step directs |
38
+ | `knowledge/*.md` | 12 reusable fragments — cross-cutting principles and patterns (e.g., `zero-hallucination.md`, `confidence-tiers.md`, `ccc-bridge.md`) | Selectively read into context when a step directs |
39
39
 
40
40
  ```mermaid
41
41
  flowchart LR
@@ -96,7 +96,8 @@ SKF uses an additive tier model. Each tier is the previous tier plus one tool. Y
96
96
  |------|-------|-------------|
97
97
  | **Quick** | `gh_bridge` + `skill-check` + `tessl` | Source reading + spec validation + content quality review. Best-effort skills in under a minute. |
98
98
  | **Forge** | + `ast_bridge` | Structural truth. AST-verified signatures. Co-import detection. T1 confidence. |
99
- | **Deep** | + `qmd_bridge` | Knowledge search. Temporal provenance. Drift detection. Full intelligence. |
99
+ | **Forge+** | + `ccc_bridge` | Semantic discovery. CCC pre-ranks files by meaning before AST extraction. Better coverage on large codebases. |
100
+ | **Deep** | + `gh_bridge` + `qmd_bridge` | Requires ast-grep + gh + QMD. Knowledge search. Temporal provenance. Drift detection. Full intelligence. |
100
101
 
101
102
  Setup detects your installed tools and sets your tier automatically:
102
103
 
@@ -105,10 +106,10 @@ Setup detects your installed tools and sets your tier automatically:
105
106
  ```
106
107
 
107
108
  ```
108
- Forge initialized. Tools: gh, ast-grep, QMD. Tier: Deep. Ready.
109
+ Forge initialized. Tools: gh, ast-grep, ccc, QMD. Tier: Deep. Ready.
109
110
  ```
110
111
 
111
- Don't have ast-grep or QMD yet? No problem — Quick mode works with just the GitHub CLI. Install tools later; your tier upgrades automatically.
112
+ Don't have ast-grep, cocoindex-code, or QMD yet? No problem — Quick mode works with just the GitHub CLI. Install tools later; your tier upgrades automatically.
112
113
 
113
114
  ### Tier Override — Comparing Output Across Tiers
114
115
 
@@ -128,10 +129,13 @@ This is useful for comparing skill quality across tiers for the same target:
128
129
  # 2. Change to tier_override: Forge
129
130
  @Ferris CS # recompile at Forge tier — compare output
130
131
 
131
- # 3. Reset to tier_override: ~ (auto-detect)
132
+ # 3. Change to tier_override: Forge+
133
+ @Ferris CS # recompile with semantic discovery — compare coverage
134
+
135
+ # 4. Reset to tier_override: ~ (auto-detect)
132
136
  ```
133
137
 
134
- Set `tier_override` to `Quick`, `Forge`, or `Deep`. Set to `~` (null) to return to auto-detection. The override is respected by all tier-aware workflows (CS, SS, US, AS, TS).
138
+ Set `tier_override` to `Quick`, `Forge`, `Forge+`, or `Deep`. Set to `~` (null) to return to auto-detection. The override is respected by all tier-aware workflows (CS, SS, US, AS, TS).
135
139
 
136
140
  ---
137
141
 
@@ -142,7 +146,8 @@ Every claim in a generated skill carries a confidence tier that traces to its so
142
146
  | Tier | Source | Tool | What It Means |
143
147
  |------|--------|------|---------------|
144
148
  | **T1** | AST extraction | `ast_bridge` | Current code, structurally verified. Immutable for that version. |
145
- | **T2** | QMD evidence / source reading | `qmd_bridge` / `gh_bridge` | Historical + planned context (issues, PRs, changelogs, docs). |
149
+ | **T1-low** | Source reading | `gh_bridge` | Source-read without AST verification. Location correct, signature may be inferred. |
150
+ | **T2** | QMD evidence | `qmd_bridge` | Historical + planned context (issues, PRs, changelogs, docs). |
146
151
  | **T3** | External documentation | `doc_fetcher` | External, untrusted. Quarantined. |
147
152
 
148
153
  ### Temporal Provenance
@@ -165,11 +170,12 @@ Progressive disclosure controls how much context surfaces at each level:
165
170
 
166
171
  Your forge tier limits what authority claims a skill can make:
167
172
 
168
- | Forge Tier | AST? | QMD? | Max Authority | Accuracy Guarantee |
169
- |-----------|------|------|---------------|-------------------|
170
- | Quick | No | No | `community` | Best-effort |
171
- | Forge | Yes | No | `official` | Structural (AST-verified) |
172
- | Deep | Yes | Yes | `official` | Full (structural + contextual + temporal) |
173
+ | Forge Tier | AST? | CCC? | QMD? | Max Authority | Accuracy Guarantee |
174
+ |-----------|------|------|------|---------------|-------------------|
175
+ | Quick | No | No | No | `community` | Best-effort |
176
+ | Forge | Yes | No | No | `official` | Structural (AST-verified) |
177
+ | Forge+ | Yes | Yes | No | `official` | Structural + semantic discovery |
178
+ | Deep | Yes | opt. (enhances when installed) | Yes | `official` | Full (structural + contextual + temporal) |
173
179
 
174
180
  ---
175
181
 
@@ -184,14 +190,17 @@ skills/{name}/
184
190
  ├── SKILL.md # Active skill (loaded on trigger)
185
191
  ├── context-snippet.md # Passive context (compressed, always-on)
186
192
  ├── metadata.json # Machine-readable provenance
187
- └── references/ # Progressive disclosure
188
- ├── {function-a}.md
189
- ├── {function-b}.md
190
- └── integrations/ # Stack skills only
191
- ├── auth-db.md
192
- └── pwa-auth.md
193
+ ├── references/ # Progressive disclosure
194
+ ├── {function-a}.md
195
+ │ └── {function-b}.md
196
+ ├── scripts/ # Executable automation (when detected in source)
197
+ │ └── {script-name}.sh
198
+ └── assets/ # Templates, schemas, configs (when detected in source)
199
+ └── {asset-name}.json
193
200
  ```
194
201
 
202
+ The `scripts/` and `assets/` directories are optional — only created when the source repository contains executable scripts or static assets matching detection heuristics. Each file traces to its source via `[SRC:file:L1]` provenance citations with SHA-256 content hashes for drift detection. User-authored files go in `scripts/[MANUAL]/` or `assets/[MANUAL]/` subdirectories and are preserved during updates.
203
+
195
204
  ### SKILL.md Format
196
205
 
197
206
  Skills follow the [agentskills.io specification](https://agentskills.io/specification) with frontmatter:
@@ -199,9 +208,10 @@ Skills follow the [agentskills.io specification](https://agentskills.io/specific
199
208
  ```yaml
200
209
  ---
201
210
  name: payment-service
202
- version: 2.1.0
203
- description: Payment processing API skill 23 verified functions
204
- author: org/payment-team
211
+ description: >
212
+ Processes payments via REST API with token-based auth. Use when writing
213
+ payment integration code. NOT for: billing dashboards or reporting.
214
+ 23 verified functions from github.com/org/payment-service.
205
215
  ---
206
216
  ```
207
217
 
@@ -233,11 +243,21 @@ Machine-readable provenance for every skill:
233
243
  "coverage": 1.0,
234
244
  "confidence_t1": 20,
235
245
  "confidence_t2": 3,
236
- "confidence_t3": 0
237
- }
246
+ "confidence_t3": 0,
247
+ "scripts_count": 1,
248
+ "assets_count": 1
249
+ },
250
+ "scripts": [
251
+ { "file": "scripts/validate.sh", "purpose": "Validates config schema", "confidence": "T1-low" }
252
+ ],
253
+ "assets": [
254
+ { "file": "assets/config-schema.json", "purpose": "Configuration JSON schema", "confidence": "T1-low" }
255
+ ]
238
256
  }
239
257
  ```
240
258
 
259
+ `scripts` and `assets` arrays are optional — omitted entirely (not empty) when the source has no scripts or assets.
260
+
241
261
  ### Stack Skill Output
242
262
 
243
263
  Stack skills map how your dependencies interact — shared types, co-import patterns, integration points:
@@ -301,7 +321,7 @@ Export injects a managed section between markers:
301
321
 
302
322
  ## Tool Ecosystem
303
323
 
304
- ### 6 Tools
324
+ ### 7 Tools
305
325
 
306
326
  | Tool | Wraps | Purpose |
307
327
  |------|-------|---------|
@@ -309,6 +329,7 @@ Export injects a managed section between markers:
309
329
  | **`skill-check`** | [thedaviddias/skill-check](https://github.com/thedaviddias/skill-check) | Validation + auto-fix (`check --fix`), quality scoring (0-100), security scan, split-body, diff comparison |
310
330
  | **`tessl`** | [tessl](https://tessl.io) | Content quality review, actionability scoring, progressive disclosure evaluation, AI judge with suggestions |
311
331
  | **`ast_bridge`** | ast-grep CLI | Structural extraction, custom AST queries, co-import detection |
332
+ | **`ccc_bridge`** | cocoindex-code | Semantic code search, project indexing, file discovery pre-ranking |
312
333
  | **`qmd_bridge`** | QMD (local search) | BM25 keyword search, vector semantic search, collection indexing |
313
334
  | **`doc_fetcher`** | Environment web tools | Remote documentation fetching for T3-confidence content. Tool-agnostic — uses whatever web fetching is available (Firecrawl, WebFetch, curl, etc.). Output quarantined as T3. |
314
335
 
@@ -319,6 +340,7 @@ When tools disagree, higher priority wins for instructions. Lower priority is pr
319
340
  | Priority | Source | Tool |
320
341
  |----------|--------|------|
321
342
  | 1 (highest) | AST extraction | `ast_bridge` |
343
+ | 1b | CCC discovery (pre-ranking) | `ccc_bridge` |
322
344
  | 2 | QMD evidence | `qmd_bridge` |
323
345
  | 3 | Source reading (non-AST) | `gh_bridge` |
324
346
  | 4 | External documentation | `doc_fetcher` |
@@ -344,6 +366,8 @@ forge-data/{skill-name}/
344
366
  └── extraction-rules.yaml # Language-specific ast-grep schema
345
367
  ```
346
368
 
369
+ The `provenance-map.json` includes a `file_entries` array for script/asset file-level provenance (SHA-256 hashes, source paths) alongside the export-level `entries` array.
370
+
347
371
  `skills/` and `forge-data/` are committed. Agent memory (`_bmad/_memory/forger-sidecar/`) is gitignored.
348
372
 
349
373
  ---
@@ -396,7 +420,7 @@ src/
396
420
  │ └── README.md
397
421
  ├── knowledge/
398
422
  │ ├── skf-knowledge-index.csv
399
- │ └── *.md (10 fragments)
423
+ │ └── *.md (12 fragments)
400
424
  └── workflows/
401
425
  ├── setup-forge/
402
426
  ├── analyze-source/
package/docs/index.md CHANGED
@@ -17,7 +17,7 @@ hero:
17
17
 
18
18
  ## What does Skill Forge do?
19
19
 
20
- AI agents hallucinate API calls. They invent function names, guess parameter types, and produce code that doesn't compile. Skill Forge fixes this by analyzing code repositories, documentation, and developer discourse — extracting real signatures and patterns and compiling them into verified instruction files that any AI agent can follow. Every instruction traces back to where it came from.
20
+ AI agents hallucinate API calls. They invent function names, guess parameter types, and produce code that doesn't compile. Skill Forge fixes this by analyzing code repositories, documentation, and developer discourse — extracting real signatures and patterns and compiling them into verified instruction files that any AI agent can follow. Every instruction traces back to where it came from. Generated skills can also include executable scripts and static assets extracted from the source repository, each with full provenance tracking.
21
21
 
22
22
  ## Quick Install
23
23
 
@@ -40,7 +40,7 @@ See the [Getting Started](./getting-started/) guide for full installation and us
40
40
 
41
41
  - **[Getting Started](./getting-started/)** — Installation, prerequisites, and your first skill
42
42
  - **[Concepts](./concepts/)** — Plain-English definitions of key terms (provenance, tiers, drift, and more)
43
- - **[How It Works](./architecture/)** — Architecture, capability model, output format, and design decisions
43
+ - **[How It Works](./how-it-works/)** — Architecture, capability model, output format, and design decisions
44
44
  - **[Workflows](./workflows/)** — All 10 workflows with commands and connection diagrams
45
45
  - **[Agents](./agents/)** — Ferris: the AI agent that runs all SKF workflows
46
46
  - **[Examples](./examples/)** — Real-world scenarios, tips, and troubleshooting
package/docs/workflows.md CHANGED
@@ -15,11 +15,11 @@ SKF has 10 workflows. You trigger them by typing commands to [Ferris](../agents.
15
15
 
16
16
  **Command:** `@Ferris SF`
17
17
 
18
- **Purpose:** Initialize forge environment, detect tools, set capability tier, verify QMD collection health.
18
+ **Purpose:** Initialize forge environment, detect tools (ast-grep, ccc, gh, qmd), set capability tier, index project in CCC (Forge+), verify QMD collection health (Deep).
19
19
 
20
20
  **When to Use:** First time using SKF in a project. Run once per project.
21
21
 
22
- **Key Steps:** Detect tools → Determine tier → Write forge-tier.yaml → QMD hygiene (Deep)
22
+ **Key Steps:** Detect tools → CCC index check (Forge+) → Determine tier → Write forge-tier.yaml → QMD hygiene (Deep)
23
23
 
24
24
  **Agent:** Ferris (Architect mode)
25
25
 
@@ -33,7 +33,7 @@ SKF has 10 workflows. You trigger them by typing commands to [Ferris](../agents.
33
33
 
34
34
  **When to Use:** Before `Create Skill` when you want maximum control over what gets compiled.
35
35
 
36
- **Key Steps:** Gather intent → Analyze target → Define scope → Write skill-brief.yaml
36
+ **Key Steps:** Gather intent → Analyze target → Define scope → Scripts/assets intent → Write skill-brief.yaml
37
37
 
38
38
  **Agent:** Ferris (Architect mode)
39
39
 
@@ -47,7 +47,7 @@ SKF has 10 workflows. You trigger them by typing commands to [Ferris](../agents.
47
47
 
48
48
  **When to Use:** After Brief Skill, or with an existing skill-brief.yaml.
49
49
 
50
- **Key Steps:** Load brief → Ecosystem check → AST extract → QMD enrich → Compile → Validate → Generate
50
+ **Key Steps:** Load brief → Ecosystem check → AST extract → Scripts/assets detect → QMD enrich → Compile → Validate → Generate
51
51
 
52
52
  **Agent:** Ferris (Architect mode)
53
53
 
@@ -61,7 +61,7 @@ SKF has 10 workflows. You trigger them by typing commands to [Ferris](../agents.
61
61
 
62
62
  **When to Use:** After source code changes when an existing skill needs updating.
63
63
 
64
- **Key Steps:** Load existing → Detect changes → Re-extract → Merge (preserve MANUAL) → Validate → Write
64
+ **Key Steps:** Load existing → Detect changes (incl. scripts/assets) → Re-extract → Merge (preserve MANUAL) → Validate → Write
65
65
 
66
66
  **Agent:** Ferris (Surgeon mode)
67
67
 
@@ -119,7 +119,7 @@ SKF has 10 workflows. You trigger them by typing commands to [Ferris](../agents.
119
119
 
120
120
  **When to Use:** To check if a skill has fallen out of date with its source code.
121
121
 
122
- **Key Steps:** Load skill → Re-index source → Structural diff → Semantic diff (Deep) → Classify severity → Report
122
+ **Key Steps:** Load skill → Re-index source → Structural diff → Script/asset drift → Semantic diff (Deep) → Classify severity → Report
123
123
 
124
124
  **Agent:** Ferris (Audit mode)
125
125
 
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "https://json.schemastore.org/package.json",
3
3
  "name": "bmad-module-skill-forge",
4
- "version": "0.4.0",
5
- "description": "BMAD module — Turn code and docs into instructions AI agents can actually follow. Progressive capability tiers (Quick/Forge/Deep).",
4
+ "version": "0.6.0",
5
+ "description": "BMAD module — Turn code and docs into instructions AI agents can actually follow. Progressive capability tiers (Quick/Forge/Forge+/Deep).",
6
6
  "keywords": [
7
7
  "bmad",
8
8
  "bmad-method",
@@ -15,7 +15,7 @@ agent:
15
15
  Skill compilation specialist who transforms code repositories, documentation, and developer discourse into verified agent skills.
16
16
  Manages the full lifecycle: source analysis, skill briefing, AST-backed compilation,
17
17
  integrity testing, and ecosystem-ready export across progressive capability tiers
18
- (Quick/Forge/Deep).
18
+ (Quick/Forge/Forge+/Deep).
19
19
 
20
20
  identity: |
21
21
  The forge master — a precision-focused craftsman who works through four modes:
@@ -6,8 +6,24 @@ tools:
6
6
  ast_grep: ~
7
7
  gh_cli: ~
8
8
  qmd: ~
9
+ ccc: ~
10
+ security_scan: ~
9
11
 
10
12
  # Capability tier (derived from tool availability)
11
- # Quick = no tools required | Forge = + ast-grep | Deep = + ast-grep + gh + QMD
13
+ # Quick = no tools | Forge = + ast-grep | Forge+ = + ast-grep + ccc | Deep = + ast-grep + gh + QMD
12
14
  tier: ~
13
15
  tier_detected_at: ~
16
+
17
+ # CCC semantic index state (managed by setup-forge and extraction workflows)
18
+ ccc_index:
19
+ indexed_path: ~
20
+ last_indexed: ~
21
+ status: "none"
22
+ staleness_threshold_hours: 24
23
+
24
+ # CCC index registry (tracks which source paths have been indexed for skill workflows)
25
+ ccc_index_registry: []
26
+
27
+ # QMD collection registry (populated by create-skill, consumed by audit/update-skill)
28
+ # Each entry tracks a QMD collection created during skill workflows
29
+ qmd_collections: []
@@ -2,7 +2,7 @@
2
2
  # Created by setup-forge workflow on first run
3
3
  # Edit this file to customize Ferris behavior
4
4
 
5
- # Override detected tier (set to Quick, Forge, or Deep to force a tier)
5
+ # Override detected tier (set to Quick, Forge, Forge+, or Deep to force a tier)
6
6
  tier_override: ~
7
7
 
8
8
  # Passive context injection (set to false to skip snippet generation and CLAUDE.md updates during export)
@@ -36,7 +36,9 @@ description: >
36
36
 
37
37
  **Frontmatter constraints:**
38
38
  - `name`: 1-64 characters, lowercase alphanumeric + hyphens, must match parent directory name
39
+ - **Naming convention:** Prefer gerund form (verb + -ing) for clarity: `processing-pdfs`, `analyzing-spreadsheets`, `managing-databases`. Noun phrases (`pdf-processing`) and action-oriented forms (`process-pdfs`) are acceptable alternatives. Avoid vague names (`helper`, `utils`, `tools`).
39
40
  - `description`: 1-1024 characters, trigger-optimized for agent matching
41
+ - **MUST use third-person voice.** The description is injected into the system prompt; inconsistent point-of-view causes discovery problems. Write "Processes Excel files and generates reports" — never "I can help you process Excel files" or "You can use this to process Excel files."
40
42
 
41
43
  **Body:** Free-form markdown — no structural restrictions, but Skill Forge follows a consistent section order (see skill-sections.md in create-skill/data/).
42
44
 
@@ -52,6 +54,8 @@ skill-name/
52
54
 
53
55
  All subdirectories are exactly one level deep. Files are loaded on demand when SKILL.md directs — never automatically.
54
56
 
57
+ Scripts and assets extracted by Skill Forge inherit provenance from their source repository. Each file receives a `[SRC:{source_path}:L1]` citation (T1-low confidence) and a SHA-256 content hash for drift detection. Scripts must follow the quality principles in the Script Quality section below. Assets are static files loaded on demand — agents use them as directed by SKILL.md instructions.
58
+
55
59
  ## Progressive Disclosure Model
56
60
 
57
61
  The format implements a three-phase loading model:
@@ -141,6 +145,24 @@ the user's configuration against the expected structure.
141
145
  - Line count is a guideline — exceeding 500 lines produces a warning
142
146
  - Path validation prevents broken references in the published skill
143
147
 
148
+ ## MCP Tool References
149
+
150
+ If a skill references MCP (Model Context Protocol) tools, always use fully qualified names to avoid "tool not found" errors: `ServerName:tool_name` (e.g., `BigQuery:bigquery_schema`, `GitHub:create_issue`). Without the server prefix, agents may fail to locate the tool when multiple MCP servers are available.
151
+
152
+ ## Script Quality
153
+
154
+ Skills that include executable scripts in `scripts/` must follow these principles:
155
+
156
+ - **Solve, don't punt.** Scripts handle errors explicitly rather than failing and leaving the agent to figure it out. Provide fallback behavior, descriptive error messages, and recovery paths.
157
+ - **No voodoo constants.** Every magic number or configuration value must be justified with a comment explaining why that value was chosen. If you don't know the right value, the agent won't either.
158
+ - **Descriptive error output.** Write error messages to stdout/stderr that enable agents to self-correct without user intervention (e.g., "Field 'signature_date' not found. Available fields: customer_name, order_total").
159
+
160
+ ## Development Methodology
161
+
162
+ - **Evaluation-driven development.** Define 2-3 concrete use cases and realistic test prompts before building the skill. Build evaluations before writing extensive documentation — this ensures the skill solves real problems rather than documenting imagined ones.
163
+ - **Realistic test prompts.** Test with prompts the way real users actually talk — with typos, casual abbreviations, and incomplete context. A skill tested only with clean prompts will break in unexpected ways in production.
164
+ - **Iterative refinement.** Observe how agents navigate and use the skill. Watch for unexpected exploration paths, missed references, overreliance on certain sections, and ignored content. Iterate based on observed behavior, not assumptions.
165
+
144
166
  ## Anti-Patterns
145
167
 
146
168
  - Writing skills as documentation (README-style) instead of procedural agent instructions
@@ -148,6 +170,9 @@ the user's configuration against the expected structure.
148
170
  - Vague descriptions ("helps with databases") — descriptions must be specific and trigger-optimized
149
171
  - Including redundant content that duplicates what the agent already knows (standard language features, basic CLI commands)
150
172
  - Bundling large library code inside skills — skills reference existing tools, not replace them
173
+ - Time-sensitive instructions ("If before August 2025, use the old API") — use versioned sections instead
174
+ - Offering too many tool/library options without a clear default — provide one recommended approach with escape hatches for edge cases
175
+ - Inconsistent terminology — mixing synonyms ("API endpoint", "URL", "route") confuses agent execution
151
176
 
152
177
  ## Related Fragments
153
178