bmad-module-skill-forge 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +1 -1
- package/docs/_data/pinned.yaml +1 -1
- package/docs/skill-model.md +26 -32
- package/docs/troubleshooting.md +12 -0
- package/docs/workflows.md +53 -0
- package/package.json +2 -2
- package/src/shared/references/output-contract-schema.md +10 -0
- package/src/shared/scripts/skf-extract-public-api.py +505 -0
- package/src/shared/scripts/skf-render-quick-metadata.py +192 -0
- package/src/shared/scripts/skf-resolve-package.py +264 -0
- package/src/shared/scripts/skf-validate-output.py +24 -7
- package/src/skf-quick-skill/SKILL.md +178 -10
- package/src/skf-quick-skill/assets/skill-template.md +5 -1
- package/src/skf-quick-skill/references/registry-resolution.md +2 -0
- package/src/skf-quick-skill/steps-c/step-01-resolve-target.md +84 -16
- package/src/skf-quick-skill/steps-c/step-02-ecosystem-check.md +3 -3
- package/src/skf-quick-skill/steps-c/step-03-quick-extract.md +86 -43
- package/src/skf-quick-skill/steps-c/step-04-compile.md +49 -56
- package/src/skf-quick-skill/steps-c/step-05-write-and-validate.md +164 -0
- package/src/skf-quick-skill/steps-c/{step-06-write.md → step-06-finalize.md} +15 -7
- package/src/skf-quick-skill/steps-c/step-07-health-check.md +5 -3
- package/src/skf-quick-skill/steps-c/step-05-validate.md +0 -193
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
---
|
|
2
|
+
nextStepFile: './step-06-finalize.md'
|
|
3
|
+
frontmatterValidatorProbeOrder:
|
|
4
|
+
- '{project-root}/_bmad/skf/shared/scripts/skf-validate-frontmatter.py'
|
|
5
|
+
- '{project-root}/src/shared/scripts/skf-validate-frontmatter.py'
|
|
6
|
+
outputValidatorProbeOrder:
|
|
7
|
+
- '{project-root}/_bmad/skf/shared/scripts/skf-validate-output.py'
|
|
8
|
+
- '{project-root}/src/shared/scripts/skf-validate-output.py'
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Step 5: Write & Validate
|
|
12
|
+
|
|
13
|
+
Communicate with the user in `{communication_language}`. Validation reports are user-facing — render their narrative content in `{document_output_language}`.
|
|
14
|
+
|
|
15
|
+
## STEP GOAL:
|
|
16
|
+
|
|
17
|
+
To write the compiled SKILL.md, context-snippet.md, and metadata.json to the versioned skill package, then validate them on disk against the agentskills.io specification at community tier. Writing happens here (before step-06 finalization) because `skill-check` is a file-based CLI — it reads artifacts from disk — so the files must exist before validation runs. Report any gaps or issues. Validation is advisory — issues are reported but do not block the workflow.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
|
|
21
|
+
- Write exactly what was compiled — do not modify content during writing
|
|
22
|
+
- Validation is advisory — report issues but never block output
|
|
23
|
+
- Do not modify compiled content post-validation — report only
|
|
24
|
+
- Community-tier validation (lighter than official requirements)
|
|
25
|
+
|
|
26
|
+
## MANDATORY SEQUENCE
|
|
27
|
+
|
|
28
|
+
### 1. Create Output Directory
|
|
29
|
+
|
|
30
|
+
Resolve `{version}` from the extraction inventory's detected version, defaulting to `1.0.0` if not detected. Create the skill output directories:
|
|
31
|
+
|
|
32
|
+
```
|
|
33
|
+
{skill_group} # {skills_output_folder}/{repo_name}/
|
|
34
|
+
{skill_package} # {skills_output_folder}/{repo_name}/{version}/{repo_name}/
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
If `{skill_package}` already exists, confirm with user before overwriting:
|
|
38
|
+
|
|
39
|
+
"**Directory `{skill_package}` already exists.** Overwrite will replace the prior compiled output; validation results, result contracts, and any manual tweaks from the previous run will not be preserved. Overwrite existing files? [Y/N]"
|
|
40
|
+
|
|
41
|
+
- **If user selects Y:** Proceed to section 2.
|
|
42
|
+
- **If user selects N:** HARD HALT with **exit code 5 (overwrite-cancelled)** per the SKILL.md exit-code map: "Overwrite cancelled. Existing skill preserved. Run [QS] with a different skill name or remove the existing directory manually." Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "write-and-validate"`, `error.code: "overwrite-cancelled"`, `skill_package` set to the existing path that was preserved). Disk write of the `-latest.json` envelope is REQUIRED here since `{skill_package}` is known.
|
|
43
|
+
|
|
44
|
+
**GATE [default: Y]** — If `{headless_mode}` is true, auto-proceed with Y and log: "headless: overwriting existing `{skill_package}`".
|
|
45
|
+
|
|
46
|
+
### 2. Write Deliverables
|
|
47
|
+
|
|
48
|
+
Write the three compiled artifacts to the skill package so that validation in sections 3–7 has files on disk to read:
|
|
49
|
+
|
|
50
|
+
**File 1:** `{skill_package}/SKILL.md` — the compiled skill document
|
|
51
|
+
**File 2:** `{skill_package}/context-snippet.md` — the compressed context snippet. **Skip this write** if `{overrides.skip_snippet}` was set; the artifact is omitted from `outputs`.
|
|
52
|
+
**File 3:** `{skill_package}/metadata.json` — the machine-readable metadata
|
|
53
|
+
|
|
54
|
+
Confirm after each write: "Written: SKILL.md" / "Written: context-snippet.md" / "Written: metadata.json". When `--skip-snippet` is active, log "Skipped: context-snippet.md (--skip-snippet)" instead of the snippet write confirmation.
|
|
55
|
+
|
|
56
|
+
**If any write fails — HARD HALT (exit code 4, write-failure):** Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "write-and-validate"`, `error.code: "write-failure"`, `error.details: {failed_path: <path>, error: <details>}`, `skill_package` set, `outputs` listing any files that did write successfully before the failure).
|
|
57
|
+
|
|
58
|
+
"**Write failed:** Could not write to `{file_path}`.
|
|
59
|
+
|
|
60
|
+
Error: {error details}
|
|
61
|
+
|
|
62
|
+
Check:
|
|
63
|
+
- Does the output directory exist and is it writable?
|
|
64
|
+
- Is there sufficient disk space?
|
|
65
|
+
- Are there permission issues?"
|
|
66
|
+
|
|
67
|
+
### 3. Check Tool Availability
|
|
68
|
+
|
|
69
|
+
Run: `npx skill-check -h`
|
|
70
|
+
|
|
71
|
+
- If succeeds (returns usage information): Continue to automated validation (section 4)
|
|
72
|
+
- If fails (command not found or error): Skip to manual fallback in section 4
|
|
73
|
+
|
|
74
|
+
**Important:** Use the verification command. Do not assume availability — empirical check required.
|
|
75
|
+
|
|
76
|
+
### 4. Validate SKILL.md via skill-check (if available)
|
|
77
|
+
|
|
78
|
+
**If `npx skill-check` is available**, run automated validation + security scan in one invocation against the skill package written in section 2 (security scan is enabled by default when `--no-security-scan` is omitted, so the same call covers §6 and avoids paying the npx startup cost twice):
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
npx skill-check check {skill_package} --fix --format json
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
This validates frontmatter, description, body limits, links, and formatting; runs the security scan; and auto-fixes deterministic issues (field ordering, slug format, required fields, trailing newlines).
|
|
85
|
+
|
|
86
|
+
**Parse JSON output** to extract:
|
|
87
|
+
- `qualityScore` — overall score (0-100)
|
|
88
|
+
- `diagnostics[]` — remaining issues after auto-fix
|
|
89
|
+
- `fixed[]` — issues automatically corrected
|
|
90
|
+
- `security[]` (when present) — security findings, recorded as advisory warnings (security issues do not block output)
|
|
91
|
+
|
|
92
|
+
Record quality score, remaining diagnostics, and security findings as validation issues.
|
|
93
|
+
|
|
94
|
+
**If skill-check is NOT available**, run the shared frontmatter validator instead of an LLM-walked checklist. Resolve `{frontmatterValidator}` from `{frontmatterValidatorProbeOrder}`; first existing path wins. If no candidate exists, log a high-severity issue ("frontmatter validator unavailable — both `npx skill-check` and `skf-validate-frontmatter.py` missing") and skip frontmatter validation.
|
|
95
|
+
|
|
96
|
+
```bash
|
|
97
|
+
python3 {frontmatterValidator} {skill_package}/SKILL.md --skill-dir-name {repo_name}
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
The validator emits JSON with `status` (`pass`/`fail`), `issues[]` (each with `severity`, `code`, `message`), and `frontmatter` (the parsed name/description). It checks frontmatter delimiters, name format (Unicode letters + digits + hyphens, no consecutive/trailing hyphens), name-directory match, description presence and length, and unknown fields against the agentskills.io spec — the same shape this step would otherwise hand-walk. Record each `issues[]` entry as a validation issue with its reported severity. Missing frontmatter or missing required fields are high-severity — skills without valid frontmatter will fail `npx skills add` and `npx skill-check check`.
|
|
101
|
+
|
|
102
|
+
### 5. Validate Body, Snippet, and Metadata via skf-validate-output.py
|
|
103
|
+
|
|
104
|
+
Run the shared output validator against the on-disk skill package — it performs the body-structure, snippet-format, and metadata-shape checks that this step previously walked by hand. Pass `--skip-frontmatter` since §4 has already covered frontmatter.
|
|
105
|
+
|
|
106
|
+
**Resolve `{outputValidator}`:** probe `{outputValidatorProbeOrder}` (installed first, dev fallback); first existing path wins. If neither candidate exists, log a high-severity issue ("output validator unavailable — `skf-validate-output.py` missing") and skip body/snippet/metadata validation.
|
|
107
|
+
|
|
108
|
+
```bash
|
|
109
|
+
python3 {outputValidator} {skill_package} --generated-by quick-skill --skip-frontmatter
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
The validator emits JSON with `result` (PASS/FAIL), `validation.skill_md.body[]`, `validation.context_snippet.issues[]`, `validation.metadata.issues[]`, and a severity-bucketed `summary`. Record each issue as a validation issue at its reported severity.
|
|
113
|
+
|
|
114
|
+
Coverage replaces these former hand-walked checklists:
|
|
115
|
+
|
|
116
|
+
- **Body structure** — Overview, Description, Key Exports, Usage sections present (medium when missing)
|
|
117
|
+
- **Context snippet** — `[{name} v{version}]|root: ...` first line, `|IMPORTANT:` second line, ~80–120-token length
|
|
118
|
+
- **Metadata** — required string fields (`name`, `version`, `source_authority`, `language`, `generation_date`), `source_repo`, `generated_by`, `confidence_tier`, and `stats` numerics (`exports_documented`, `exports_public_api`, `exports_total`, `public_api_coverage`, `total_coverage`)
|
|
119
|
+
|
|
120
|
+
### 6. Security Scan (covered by §4)
|
|
121
|
+
|
|
122
|
+
Security findings are already collected from the §4 invocation (no separate `npx` round trip needed — `skill-check check ... --fix --format json` runs the security scan by default). If skill-check was unavailable in §3, log "security scan skipped — skill-check unavailable" in validation results.
|
|
123
|
+
|
|
124
|
+
### 7. Report Validation Results
|
|
125
|
+
|
|
126
|
+
"**Validation complete:**
|
|
127
|
+
|
|
128
|
+
**SKILL.md:** {pass/issues found} (quality score: {score}/100 if skill-check was available)
|
|
129
|
+
{list any issues}
|
|
130
|
+
{list any auto-fixed issues}
|
|
131
|
+
|
|
132
|
+
**context-snippet.md:** {pass/issues found}
|
|
133
|
+
{list any issues}
|
|
134
|
+
|
|
135
|
+
**metadata.json:** {pass/issues found}
|
|
136
|
+
{list any issues}
|
|
137
|
+
|
|
138
|
+
**Security:** {pass/warn/skipped}
|
|
139
|
+
{list any security findings}
|
|
140
|
+
|
|
141
|
+
**Overall:** {pass / N issues found}
|
|
142
|
+
|
|
143
|
+
{If issues found:}
|
|
144
|
+
These issues are advisory for community-tier skills. You can proceed to finalize or go back to adjust.
|
|
145
|
+
|
|
146
|
+
**Proceeding to finalize...**"
|
|
147
|
+
|
|
148
|
+
Set `validation_result` with pass/fail status, quality score, and issues list.
|
|
149
|
+
|
|
150
|
+
### 8. Auto-Proceed to Finalize
|
|
151
|
+
|
|
152
|
+
#### Menu Handling Logic:
|
|
153
|
+
|
|
154
|
+
- After validation report, immediately load, read entire file, then execute {nextStepFile}
|
|
155
|
+
|
|
156
|
+
#### EXECUTION RULES:
|
|
157
|
+
|
|
158
|
+
- This is an auto-proceed step — validation is advisory
|
|
159
|
+
- Proceed directly to finalize step after reporting results
|
|
160
|
+
|
|
161
|
+
## CRITICAL STEP COMPLETION NOTE
|
|
162
|
+
|
|
163
|
+
ONLY WHEN deliverables have been written to `{skill_package}` and validation checks are complete and results reported will you load and read fully `{nextStepFile}` to execute finalization.
|
|
164
|
+
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
---
|
|
2
2
|
nextStepFile: './step-07-health-check.md'
|
|
3
|
+
atomicWriteProbeOrder:
|
|
4
|
+
- '{project-root}/_bmad/skf/shared/scripts/skf-atomic-write.py'
|
|
5
|
+
- '{project-root}/src/shared/scripts/skf-atomic-write.py'
|
|
3
6
|
---
|
|
4
7
|
|
|
5
8
|
# Step 6: Finalize
|
|
6
9
|
|
|
10
|
+
Communicate with the user in `{communication_language}`. Render the user-facing completion summary content in `{document_output_language}`.
|
|
11
|
+
|
|
7
12
|
## STEP GOAL:
|
|
8
13
|
|
|
9
14
|
To finalize the skill by creating the active-version pointer, displaying the completion summary, and writing the result contract. Deliverables (SKILL.md, context-snippet.md, metadata.json) were already written in step-05 so that validation could run against files on disk; this step only performs the post-write finalization.
|
|
@@ -16,21 +21,23 @@ To finalize the skill by creating the active-version pointer, displaying the com
|
|
|
16
21
|
|
|
17
22
|
## MANDATORY SEQUENCE
|
|
18
23
|
|
|
19
|
-
**CRITICAL:** Follow this sequence exactly. Do not skip, reorder, or improvise unless user explicitly requests a change.
|
|
20
|
-
|
|
21
24
|
### 1. Create Active Pointer (atomic flip, Windows-safe)
|
|
22
25
|
|
|
26
|
+
**If `{overrides.no_active_pointer}` is true** — skip the helper invocation entirely. Log: "Active pointer: skipped per `--no-active-pointer` override." Do not update `{skill_group}/active`. Proceed to §2 with the active-pointer line omitted from the completion summary and the outputs payload.
|
|
27
|
+
|
|
23
28
|
`{skill_group}` and `{skill_package}` were computed in step-05 §1 from `{skills_output_folder}`, `{repo_name}`, and `{version}`; `{version}` was resolved from the extraction inventory. Reuse the same values here — do not recompute.
|
|
24
29
|
|
|
25
30
|
Create or update the `active` pointer at `{skill_group}/active` pointing to `{version}` using the shared atomic-flip helper. The helper acquires an `flock` on `{skill_group}/active.skf-lock`, refuses to replace a non-link at `{skill_group}/active` (protecting against accidental `rm -rf` of a real directory), and uses a rename-over-symlink pattern so the update is atomic from a concurrent reader's perspective. On Windows the helper automatically falls back to a directory junction (`mklink /J`) when `os.symlink` fails with `PRIVILEGE_NOT_HELD` / `ACCESS_DENIED` — junctions require no admin elevation and resolve identically for `skf-skill-inventory`'s consumers:
|
|
26
31
|
|
|
32
|
+
**Resolve `{atomicWriteHelper}`** from `{atomicWriteProbeOrder}`; first existing path wins. HALT if no candidate exists — the active-pointer flip MUST go through the atomic helper.
|
|
33
|
+
|
|
27
34
|
```bash
|
|
28
|
-
python3 {
|
|
35
|
+
python3 {atomicWriteHelper} flip-link \
|
|
29
36
|
--link {skill_group}/active \
|
|
30
37
|
--target {version}
|
|
31
38
|
```
|
|
32
39
|
|
|
33
|
-
The helper returns non-zero (exit 2) if `{skill_group}/active` already exists as a real directory or file rather than a link — in that case,
|
|
40
|
+
The helper returns non-zero (helper exit 2) if `{skill_group}/active` already exists as a real directory or file rather than a link — in that case, HARD HALT the workflow with **exit code 7 (finalize-blocked)** per the SKILL.md exit-code map: "Refusing to flip `{skill_group}/active` — existing path is not a symlink or junction. Investigate manually; expected a link pointing at a version directory." Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "finalize"`, `error.code: "finalize-blocked"`, `skill_package` set, `outputs` listing the deliverables already on disk from step-05). A common cause on Windows is a prior run that executed `ln -s` under git-bash without Developer Mode enabled, which silently wrote a full directory copy; remove that copy and retry.
|
|
34
41
|
|
|
35
42
|
**Never `rm` + `ln -s` the active pointer manually.** The bare-rm pattern has two failure modes: (1) a concurrent reader sees a missing `active` mid-flip, and (2) a bug or typo that replaces `{skill_group}/active` with a plain directory turns the next manual `rm -rf {skill_group}/active` into data loss. The helper encapsulates both guards and the Windows junction fallback.
|
|
36
43
|
|
|
@@ -45,12 +52,13 @@ Confirm: "Active pointer: {skill_group}/active -> {version} ({kind})" where `{ki
|
|
|
45
52
|
**Source:** {resolved_url}
|
|
46
53
|
**Authority:** community
|
|
47
54
|
**Confidence:** {extraction confidence}
|
|
55
|
+
{If `scope_hint` is non-empty, add:} **Scope:** {scope_hint}
|
|
48
56
|
|
|
49
57
|
**Files written:**
|
|
50
58
|
- `{skill_package}/SKILL.md`
|
|
51
|
-
- `{skill_package}/context-snippet.md`
|
|
59
|
+
- `{skill_package}/context-snippet.md` (omit this line when `--skip-snippet` was set)
|
|
52
60
|
- `{skill_package}/metadata.json`
|
|
53
|
-
- `{skill_group}/active` -> `{version}`
|
|
61
|
+
- `{skill_group}/active` -> `{version}` (omit this line when `--no-active-pointer` was set)
|
|
54
62
|
|
|
55
63
|
**Exports documented:** {count}
|
|
56
64
|
**Validation:** {pass / N issues (advisory)}
|
|
@@ -70,4 +78,4 @@ Write the result contract per `shared/references/output-contract-schema.md`: the
|
|
|
70
78
|
|
|
71
79
|
### 4. Chain to Health Check
|
|
72
80
|
|
|
73
|
-
ONLY WHEN the active pointer has been created and the completion summary and result contract have been written will you then load, read the full file, and
|
|
81
|
+
ONLY WHEN the active pointer has been created and the completion summary and result contract have been written will you then load, read the full file, and proceed to `{nextStepFile}`. The health-check step is the true terminal step — do not stop here even though the summary reads as final.
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
---
|
|
2
2
|
# `shared/health-check.md` resolves relative to the SKF module root
|
|
3
|
-
# (`_bmad/skf/` when installed, `src/` during
|
|
4
|
-
# to this step file.
|
|
3
|
+
# (`{project-root}/_bmad/skf/` when installed, `{project-root}/src/` during
|
|
4
|
+
# development), NOT relative to this step file.
|
|
5
5
|
nextStepFile: 'shared/health-check.md'
|
|
6
6
|
---
|
|
7
7
|
|
|
8
8
|
# Step 7: Workflow Health Check
|
|
9
9
|
|
|
10
|
+
Communicate with the user in `{communication_language}`.
|
|
11
|
+
|
|
10
12
|
## STEP GOAL:
|
|
11
13
|
|
|
12
14
|
Chain to the shared workflow self-improvement health check at `{nextStepFile}`. This is the terminal step of quick-skill — after the shared health check completes, the workflow is fully done.
|
|
@@ -19,4 +21,4 @@ Chain to the shared workflow self-improvement health check at `{nextStepFile}`.
|
|
|
19
21
|
|
|
20
22
|
## MANDATORY SEQUENCE
|
|
21
23
|
|
|
22
|
-
Load `{nextStepFile}`, read it fully, then execute it.
|
|
24
|
+
Load `{nextStepFile}`, read it fully, then proceed to execute it.
|
|
@@ -1,193 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
nextStepFile: './step-06-write.md'
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
# Step 5: Write & Validate
|
|
6
|
-
|
|
7
|
-
## STEP GOAL:
|
|
8
|
-
|
|
9
|
-
To write the compiled SKILL.md, context-snippet.md, and metadata.json to the versioned skill package, then validate them on disk against the agentskills.io specification at community tier. Writing happens here (before step-06 finalization) because `skill-check` is a file-based CLI — it reads artifacts from disk — so the files must exist before validation runs. Report any gaps or issues. Validation is advisory — issues are reported but do not block the workflow.
|
|
10
|
-
|
|
11
|
-
## Rules
|
|
12
|
-
|
|
13
|
-
- Write exactly what was compiled — do not modify content during writing
|
|
14
|
-
- Validation is advisory — report issues but never block output
|
|
15
|
-
- Do not modify compiled content post-validation — report only
|
|
16
|
-
- Community-tier validation (lighter than official requirements)
|
|
17
|
-
|
|
18
|
-
## MANDATORY SEQUENCE
|
|
19
|
-
|
|
20
|
-
**CRITICAL:** Follow this sequence exactly. Do not skip, reorder, or improvise unless user explicitly requests a change.
|
|
21
|
-
|
|
22
|
-
### 1. Create Output Directory
|
|
23
|
-
|
|
24
|
-
Resolve `{version}` from the extraction inventory's detected version, defaulting to `1.0.0` if not detected. Create the skill output directories:
|
|
25
|
-
|
|
26
|
-
```
|
|
27
|
-
{skill_group} # {skills_output_folder}/{repo_name}/
|
|
28
|
-
{skill_package} # {skills_output_folder}/{repo_name}/{version}/{repo_name}/
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
If `{skill_package}` already exists, confirm with user before overwriting:
|
|
32
|
-
|
|
33
|
-
"**Directory `{skill_package}` already exists.** Overwrite will replace the prior compiled output; validation results, result contracts, and any manual tweaks from the previous run will not be preserved. Overwrite existing files? [Y/N]"
|
|
34
|
-
|
|
35
|
-
- **If user selects Y:** Proceed to section 2.
|
|
36
|
-
- **If user selects N:** Halt with: "Overwrite cancelled. Existing skill preserved. Run [QS] with a different skill name or remove the existing directory manually."
|
|
37
|
-
|
|
38
|
-
**GATE [default: Y]** — If `{headless_mode}` is true, auto-proceed with Y and log: "headless: overwriting existing `{skill_package}`".
|
|
39
|
-
|
|
40
|
-
### 2. Write Deliverables
|
|
41
|
-
|
|
42
|
-
Write the three compiled artifacts to the skill package so that validation in sections 3–9 has files on disk to read:
|
|
43
|
-
|
|
44
|
-
**File 1:** `{skill_package}/SKILL.md` — the compiled skill document
|
|
45
|
-
**File 2:** `{skill_package}/context-snippet.md` — the compressed context snippet
|
|
46
|
-
**File 3:** `{skill_package}/metadata.json` — the machine-readable metadata
|
|
47
|
-
|
|
48
|
-
Confirm after each write: "Written: SKILL.md" / "Written: context-snippet.md" / "Written: metadata.json".
|
|
49
|
-
|
|
50
|
-
**If any write fails — HARD HALT:**
|
|
51
|
-
|
|
52
|
-
"**Write failed:** Could not write to `{file_path}`.
|
|
53
|
-
|
|
54
|
-
Error: {error details}
|
|
55
|
-
|
|
56
|
-
Please check:
|
|
57
|
-
- Does the output directory exist and is it writable?
|
|
58
|
-
- Is there sufficient disk space?
|
|
59
|
-
- Are there permission issues?"
|
|
60
|
-
|
|
61
|
-
### 3. Check Tool Availability
|
|
62
|
-
|
|
63
|
-
Run: `npx skill-check -h`
|
|
64
|
-
|
|
65
|
-
- If succeeds (returns usage information): Continue to automated validation (section 4)
|
|
66
|
-
- If fails (command not found or error): Skip to manual fallback in section 4
|
|
67
|
-
|
|
68
|
-
**Important:** Use the verification command. Do not assume availability — empirical check required.
|
|
69
|
-
|
|
70
|
-
### 4. Validate SKILL.md via skill-check (if available)
|
|
71
|
-
|
|
72
|
-
**If `npx skill-check` is available**, run automated validation with auto-fix against the skill package written in section 2:
|
|
73
|
-
|
|
74
|
-
```bash
|
|
75
|
-
npx skill-check check {skill_package} --fix --format json --no-security-scan
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
This validates frontmatter, description, body limits, links, and formatting — and auto-fixes deterministic issues (field ordering, slug format, required fields, trailing newlines).
|
|
79
|
-
|
|
80
|
-
**Parse JSON output** to extract:
|
|
81
|
-
- `qualityScore` — overall score (0-100)
|
|
82
|
-
- `diagnostics[]` — remaining issues after auto-fix
|
|
83
|
-
- `fixed[]` — issues automatically corrected
|
|
84
|
-
|
|
85
|
-
Record quality score and any remaining diagnostics as validation issues.
|
|
86
|
-
|
|
87
|
-
**If skill-check is NOT available**, perform manual frontmatter check:
|
|
88
|
-
|
|
89
|
-
- [ ] **Frontmatter present** — file starts with `---` delimiter and has closing `---`
|
|
90
|
-
- [ ] **`name` field** — present, non-empty, lowercase alphanumeric + hyphens only, 1-64 chars
|
|
91
|
-
- [ ] **`name` matches directory** — frontmatter `name` matches the skill output directory name
|
|
92
|
-
- [ ] **`description` field** — present, non-empty, 1-1024 characters
|
|
93
|
-
- [ ] **No unknown fields** — only `name`, `description`, `license`, `compatibility`, `metadata`, `allowed-tools` are permitted
|
|
94
|
-
|
|
95
|
-
**For each violation, log an issue.** Missing frontmatter or missing required fields are high-severity issues — skills without valid frontmatter will fail `npx skills add` and `npx skill-check check`.
|
|
96
|
-
|
|
97
|
-
### 5. Validate SKILL.md Body Structure
|
|
98
|
-
|
|
99
|
-
Check that SKILL.md has these required sections populated:
|
|
100
|
-
|
|
101
|
-
- [ ] **Overview section** present with package name, repo, language, authority
|
|
102
|
-
- [ ] **Description section** present with non-empty content
|
|
103
|
-
- [ ] **Key Exports section** present (may be empty if confidence is low)
|
|
104
|
-
- [ ] **Usage Patterns section** present (may have README fallback)
|
|
105
|
-
|
|
106
|
-
**For each missing or empty required section, log an issue.**
|
|
107
|
-
|
|
108
|
-
### 6. Validate Context Snippet Format
|
|
109
|
-
|
|
110
|
-
Check context-snippet.md format compliance:
|
|
111
|
-
|
|
112
|
-
- [ ] **Vercel-aligned indexed format** — pipe-delimited with version, retrieval instruction, section anchors
|
|
113
|
-
- [ ] **First line** matches pattern: `[{name} v{version}]|root: {prefix}{name}/` where prefix is `skills/` (draft form) or any IDE skill root (`.{dir}/skills/`)
|
|
114
|
-
- [ ] **Second line** starts with: `|IMPORTANT:`
|
|
115
|
-
- [ ] **Approximate token count** is ~80-120 tokens
|
|
116
|
-
|
|
117
|
-
**If format is wrong, log an issue.**
|
|
118
|
-
|
|
119
|
-
### 7. Validate Metadata JSON
|
|
120
|
-
|
|
121
|
-
Check metadata.json has required fields:
|
|
122
|
-
|
|
123
|
-
- [ ] `name` — present, non-empty
|
|
124
|
-
- [ ] `version` — present (auto-detected or "1.0.0")
|
|
125
|
-
- [ ] `source_authority` — must be "community"
|
|
126
|
-
- [ ] `source_repo` — present, valid GitHub URL
|
|
127
|
-
- [ ] `language` — present, non-empty
|
|
128
|
-
- [ ] `generated_by` — must be "quick-skill"
|
|
129
|
-
- [ ] `generation_date` — present
|
|
130
|
-
- [ ] `stats.exports_documented` — present, number
|
|
131
|
-
- [ ] `stats.exports_public_api` — present, number
|
|
132
|
-
- [ ] `stats.exports_total` — present, number
|
|
133
|
-
- [ ] `stats.public_api_coverage` — present, number
|
|
134
|
-
- [ ] `stats.total_coverage` — present, number
|
|
135
|
-
- [ ] `confidence_tier` — present
|
|
136
|
-
|
|
137
|
-
**For each missing or invalid field, log an issue.**
|
|
138
|
-
|
|
139
|
-
### 8. Security Scan (if skill-check available)
|
|
140
|
-
|
|
141
|
-
Run security scan on the compiled skill package:
|
|
142
|
-
|
|
143
|
-
```bash
|
|
144
|
-
npx skill-check check {skill_package} --format json
|
|
145
|
-
```
|
|
146
|
-
|
|
147
|
-
(Security scan is enabled by default when `--no-security-scan` is omitted.)
|
|
148
|
-
|
|
149
|
-
Record any security findings as advisory warnings. Security issues do not block output.
|
|
150
|
-
|
|
151
|
-
**If skill-check unavailable:** Skip with note in validation results.
|
|
152
|
-
|
|
153
|
-
### 9. Report Validation Results
|
|
154
|
-
|
|
155
|
-
"**Validation complete:**
|
|
156
|
-
|
|
157
|
-
**SKILL.md:** {pass/issues found} (quality score: {score}/100 if skill-check was available)
|
|
158
|
-
{list any issues}
|
|
159
|
-
{list any auto-fixed issues}
|
|
160
|
-
|
|
161
|
-
**context-snippet.md:** {pass/issues found}
|
|
162
|
-
{list any issues}
|
|
163
|
-
|
|
164
|
-
**metadata.json:** {pass/issues found}
|
|
165
|
-
{list any issues}
|
|
166
|
-
|
|
167
|
-
**Security:** {pass/warn/skipped}
|
|
168
|
-
{list any security findings}
|
|
169
|
-
|
|
170
|
-
**Overall:** {pass / N issues found}
|
|
171
|
-
|
|
172
|
-
{If issues found:}
|
|
173
|
-
These issues are advisory for community-tier skills. You can proceed to finalize or go back to adjust.
|
|
174
|
-
|
|
175
|
-
**Proceeding to finalize...**"
|
|
176
|
-
|
|
177
|
-
Set `validation_result` with pass/fail status, quality score, and issues list.
|
|
178
|
-
|
|
179
|
-
### 10. Auto-Proceed to Finalize
|
|
180
|
-
|
|
181
|
-
#### Menu Handling Logic:
|
|
182
|
-
|
|
183
|
-
- After validation report, immediately load, read entire file, then execute {nextStepFile}
|
|
184
|
-
|
|
185
|
-
#### EXECUTION RULES:
|
|
186
|
-
|
|
187
|
-
- This is an auto-proceed step — validation is advisory
|
|
188
|
-
- Proceed directly to finalize step after reporting results
|
|
189
|
-
|
|
190
|
-
## CRITICAL STEP COMPLETION NOTE
|
|
191
|
-
|
|
192
|
-
ONLY WHEN deliverables have been written to `{skill_package}` and validation checks are complete and results reported will you load and read fully `{nextStepFile}` to execute finalization.
|
|
193
|
-
|