bmad-module-skill-forge 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/.claude-plugin/marketplace.json +1 -1
  2. package/docs/_data/pinned.yaml +1 -1
  3. package/docs/skill-model.md +26 -32
  4. package/docs/troubleshooting.md +12 -0
  5. package/docs/workflows.md +87 -15
  6. package/package.json +2 -2
  7. package/src/shared/references/output-contract-schema.md +10 -0
  8. package/src/shared/scripts/schemas/skf-brief-result-envelope.v1.json +58 -0
  9. package/src/shared/scripts/schemas/skill-brief.v1.json +77 -0
  10. package/src/shared/scripts/schemas/workspace-detection.v1.json +44 -0
  11. package/src/shared/scripts/skf-detect-language.py +277 -0
  12. package/src/shared/scripts/skf-detect-workspaces.py +427 -0
  13. package/src/shared/scripts/skf-emit-brief-result-envelope.py +257 -0
  14. package/src/shared/scripts/skf-extract-public-api.py +534 -0
  15. package/src/shared/scripts/skf-forge-tier-rw.py +73 -0
  16. package/src/shared/scripts/skf-recommend-scope-type.py +369 -0
  17. package/src/shared/scripts/skf-render-quick-metadata.py +192 -0
  18. package/src/shared/scripts/skf-resolve-package.py +264 -0
  19. package/src/shared/scripts/skf-validate-brief-inputs.py +293 -0
  20. package/src/shared/scripts/skf-validate-output.py +24 -7
  21. package/src/shared/scripts/skf-write-skill-brief.py +509 -0
  22. package/src/skf-brief-skill/SKILL.md +41 -12
  23. package/src/skf-brief-skill/assets/description-voice-examples.md +19 -0
  24. package/src/skf-brief-skill/assets/scope-templates.md +5 -0
  25. package/src/skf-brief-skill/assets/skill-brief-schema.md +1 -40
  26. package/src/skf-brief-skill/references/draft-checkpoint.md +46 -0
  27. package/src/skf-brief-skill/references/headless-args.md +22 -0
  28. package/src/skf-brief-skill/references/headless-source-authority-detection.md +26 -0
  29. package/src/skf-brief-skill/references/portfolio-similarity-check.md +35 -0
  30. package/src/skf-brief-skill/references/qmd-collection-registration.md +52 -0
  31. package/src/skf-brief-skill/references/version-resolution.md +46 -0
  32. package/src/skf-brief-skill/steps-c/step-01-gather-intent.md +164 -14
  33. package/src/skf-brief-skill/steps-c/step-02-analyze-target.md +118 -50
  34. package/src/skf-brief-skill/steps-c/step-03-scope-definition.md +48 -5
  35. package/src/skf-brief-skill/steps-c/step-04-confirm-brief.md +33 -19
  36. package/src/skf-brief-skill/steps-c/step-05-write-brief.md +93 -97
  37. package/src/skf-brief-skill/steps-c/step-06-health-check.md +11 -2
  38. package/src/skf-quick-skill/SKILL.md +178 -10
  39. package/src/skf-quick-skill/assets/skill-template.md +5 -1
  40. package/src/skf-quick-skill/references/registry-resolution.md +2 -0
  41. package/src/skf-quick-skill/steps-c/step-01-resolve-target.md +84 -16
  42. package/src/skf-quick-skill/steps-c/step-02-ecosystem-check.md +3 -3
  43. package/src/skf-quick-skill/steps-c/step-03-quick-extract.md +86 -43
  44. package/src/skf-quick-skill/steps-c/step-04-compile.md +49 -56
  45. package/src/skf-quick-skill/steps-c/step-05-write-and-validate.md +164 -0
  46. package/src/skf-quick-skill/steps-c/{step-06-write.md → step-06-finalize.md} +15 -7
  47. package/src/skf-quick-skill/steps-c/step-07-health-check.md +5 -3
  48. package/src/skf-quick-skill/steps-c/step-05-validate.md +0 -193
@@ -0,0 +1,164 @@
1
+ ---
2
+ nextStepFile: './step-06-finalize.md'
3
+ frontmatterValidatorProbeOrder:
4
+ - '{project-root}/_bmad/skf/shared/scripts/skf-validate-frontmatter.py'
5
+ - '{project-root}/src/shared/scripts/skf-validate-frontmatter.py'
6
+ outputValidatorProbeOrder:
7
+ - '{project-root}/_bmad/skf/shared/scripts/skf-validate-output.py'
8
+ - '{project-root}/src/shared/scripts/skf-validate-output.py'
9
+ ---
10
+
11
+ # Step 5: Write & Validate
12
+
13
+ Communicate with the user in `{communication_language}`. Validation reports are user-facing — render their narrative content in `{document_output_language}`.
14
+
15
+ ## STEP GOAL:
16
+
17
+ To write the compiled SKILL.md, context-snippet.md, and metadata.json to the versioned skill package, then validate them on disk against the agentskills.io specification at community tier. Writing happens here (before step-06 finalization) because `skill-check` is a file-based CLI — it reads artifacts from disk — so the files must exist before validation runs. Report any gaps or issues. Validation is advisory — issues are reported but do not block the workflow.
18
+
19
+ ## Rules
20
+
21
+ - Write exactly what was compiled — do not modify content during writing
22
+ - Validation is advisory — report issues but never block output
23
+ - Do not modify compiled content post-validation — report only
24
+ - Community-tier validation (lighter than official requirements)
25
+
26
+ ## MANDATORY SEQUENCE
27
+
28
+ ### 1. Create Output Directory
29
+
30
+ Resolve `{version}` from the extraction inventory's detected version, defaulting to `1.0.0` if not detected. Create the skill output directories:
31
+
32
+ ```
33
+ {skill_group} # {skills_output_folder}/{repo_name}/
34
+ {skill_package} # {skills_output_folder}/{repo_name}/{version}/{repo_name}/
35
+ ```
36
+
37
+ If `{skill_package}` already exists, confirm with user before overwriting:
38
+
39
+ "**Directory `{skill_package}` already exists.** Overwrite will replace the prior compiled output; validation results, result contracts, and any manual tweaks from the previous run will not be preserved. Overwrite existing files? [Y/N]"
40
+
41
+ - **If user selects Y:** Proceed to section 2.
42
+ - **If user selects N:** HARD HALT with **exit code 5 (overwrite-cancelled)** per the SKILL.md exit-code map: "Overwrite cancelled. Existing skill preserved. Run [QS] with a different skill name or remove the existing directory manually." Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "write-and-validate"`, `error.code: "overwrite-cancelled"`, `skill_package` set to the existing path that was preserved). Disk write of the `-latest.json` envelope is REQUIRED here since `{skill_package}` is known.
43
+
44
+ **GATE [default: Y]** — If `{headless_mode}` is true, auto-proceed with Y and log: "headless: overwriting existing `{skill_package}`".
45
+
46
+ ### 2. Write Deliverables
47
+
48
+ Write the three compiled artifacts to the skill package so that validation in sections 3–7 has files on disk to read:
49
+
50
+ **File 1:** `{skill_package}/SKILL.md` — the compiled skill document
51
+ **File 2:** `{skill_package}/context-snippet.md` — the compressed context snippet. **Skip this write** if `{overrides.skip_snippet}` was set; the artifact is omitted from `outputs`.
52
+ **File 3:** `{skill_package}/metadata.json` — the machine-readable metadata
53
+
54
+ Confirm after each write: "Written: SKILL.md" / "Written: context-snippet.md" / "Written: metadata.json". When `--skip-snippet` is active, log "Skipped: context-snippet.md (--skip-snippet)" instead of the snippet write confirmation.
55
+
56
+ **If any write fails — HARD HALT (exit code 4, write-failure):** Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "write-and-validate"`, `error.code: "write-failure"`, `error.details: {failed_path: <path>, error: <details>}`, `skill_package` set, `outputs` listing any files that did write successfully before the failure).
57
+
58
+ "**Write failed:** Could not write to `{file_path}`.
59
+
60
+ Error: {error details}
61
+
62
+ Check:
63
+ - Does the output directory exist and is it writable?
64
+ - Is there sufficient disk space?
65
+ - Are there permission issues?"
66
+
67
+ ### 3. Check Tool Availability
68
+
69
+ Run: `npx skill-check -h`
70
+
71
+ - If succeeds (returns usage information): Continue to automated validation (section 4)
72
+ - If fails (command not found or error): Skip to manual fallback in section 4
73
+
74
+ **Important:** Use the verification command. Do not assume availability — empirical check required.
75
+
76
+ ### 4. Validate SKILL.md via skill-check (if available)
77
+
78
+ **If `npx skill-check` is available**, run automated validation + security scan in one invocation against the skill package written in section 2 (security scan is enabled by default when `--no-security-scan` is omitted, so the same call covers §6 and avoids paying the npx startup cost twice):
79
+
80
+ ```bash
81
+ npx skill-check check {skill_package} --fix --format json
82
+ ```
83
+
84
+ This validates frontmatter, description, body limits, links, and formatting; runs the security scan; and auto-fixes deterministic issues (field ordering, slug format, required fields, trailing newlines).
85
+
86
+ **Parse JSON output** to extract:
87
+ - `qualityScore` — overall score (0-100)
88
+ - `diagnostics[]` — remaining issues after auto-fix
89
+ - `fixed[]` — issues automatically corrected
90
+ - `security[]` (when present) — security findings, recorded as advisory warnings (security issues do not block output)
91
+
92
+ Record quality score, remaining diagnostics, and security findings as validation issues.
93
+
94
+ **If skill-check is NOT available**, run the shared frontmatter validator instead of an LLM-walked checklist. Resolve `{frontmatterValidator}` from `{frontmatterValidatorProbeOrder}`; first existing path wins. If no candidate exists, log a high-severity issue ("frontmatter validator unavailable — both `npx skill-check` and `skf-validate-frontmatter.py` missing") and skip frontmatter validation.
95
+
96
+ ```bash
97
+ python3 {frontmatterValidator} {skill_package}/SKILL.md --skill-dir-name {repo_name}
98
+ ```
99
+
100
+ The validator emits JSON with `status` (`pass`/`fail`), `issues[]` (each with `severity`, `code`, `message`), and `frontmatter` (the parsed name/description). It checks frontmatter delimiters, name format (Unicode letters + digits + hyphens, no consecutive/trailing hyphens), name-directory match, description presence and length, and unknown fields against the agentskills.io spec — the same shape this step would otherwise hand-walk. Record each `issues[]` entry as a validation issue with its reported severity. Missing frontmatter or missing required fields are high-severity — skills without valid frontmatter will fail `npx skills add` and `npx skill-check check`.
101
+
102
+ ### 5. Validate Body, Snippet, and Metadata via skf-validate-output.py
103
+
104
+ Run the shared output validator against the on-disk skill package — it performs the body-structure, snippet-format, and metadata-shape checks that this step previously walked by hand. Pass `--skip-frontmatter` since §4 has already covered frontmatter.
105
+
106
+ **Resolve `{outputValidator}`:** probe `{outputValidatorProbeOrder}` (installed first, dev fallback); first existing path wins. If neither candidate exists, log a high-severity issue ("output validator unavailable — `skf-validate-output.py` missing") and skip body/snippet/metadata validation.
107
+
108
+ ```bash
109
+ python3 {outputValidator} {skill_package} --generated-by quick-skill --skip-frontmatter
110
+ ```
111
+
112
+ The validator emits JSON with `result` (PASS/FAIL), `validation.skill_md.body[]`, `validation.context_snippet.issues[]`, `validation.metadata.issues[]`, and a severity-bucketed `summary`. Record each issue as a validation issue at its reported severity.
113
+
114
+ Coverage replaces these former hand-walked checklists:
115
+
116
+ - **Body structure** — Overview, Description, Key Exports, Usage sections present (medium when missing)
117
+ - **Context snippet** — `[{name} v{version}]|root: ...` first line, `|IMPORTANT:` second line, ~80–120-token length
118
+ - **Metadata** — required string fields (`name`, `version`, `source_authority`, `language`, `generation_date`), `source_repo`, `generated_by`, `confidence_tier`, and `stats` numerics (`exports_documented`, `exports_public_api`, `exports_total`, `public_api_coverage`, `total_coverage`)
119
+
120
+ ### 6. Security Scan (covered by §4)
121
+
122
+ Security findings are already collected from the §4 invocation (no separate `npx` round trip needed — `skill-check check ... --fix --format json` runs the security scan by default). If skill-check was unavailable in §3, log "security scan skipped — skill-check unavailable" in validation results.
123
+
124
+ ### 7. Report Validation Results
125
+
126
+ "**Validation complete:**
127
+
128
+ **SKILL.md:** {pass/issues found} (quality score: {score}/100 if skill-check was available)
129
+ {list any issues}
130
+ {list any auto-fixed issues}
131
+
132
+ **context-snippet.md:** {pass/issues found}
133
+ {list any issues}
134
+
135
+ **metadata.json:** {pass/issues found}
136
+ {list any issues}
137
+
138
+ **Security:** {pass/warn/skipped}
139
+ {list any security findings}
140
+
141
+ **Overall:** {pass / N issues found}
142
+
143
+ {If issues found:}
144
+ These issues are advisory for community-tier skills. You can proceed to finalize or go back to adjust.
145
+
146
+ **Proceeding to finalize...**"
147
+
148
+ Set `validation_result` with pass/fail status, quality score, and issues list.
149
+
150
+ ### 8. Auto-Proceed to Finalize
151
+
152
+ #### Menu Handling Logic:
153
+
154
+ - After validation report, immediately load, read entire file, then execute {nextStepFile}
155
+
156
+ #### EXECUTION RULES:
157
+
158
+ - This is an auto-proceed step — validation is advisory
159
+ - Proceed directly to finalize step after reporting results
160
+
161
+ ## CRITICAL STEP COMPLETION NOTE
162
+
163
+ ONLY WHEN deliverables have been written to `{skill_package}` and validation checks are complete and results reported will you load and read fully `{nextStepFile}` to execute finalization.
164
+
@@ -1,9 +1,14 @@
1
1
  ---
2
2
  nextStepFile: './step-07-health-check.md'
3
+ atomicWriteProbeOrder:
4
+ - '{project-root}/_bmad/skf/shared/scripts/skf-atomic-write.py'
5
+ - '{project-root}/src/shared/scripts/skf-atomic-write.py'
3
6
  ---
4
7
 
5
8
  # Step 6: Finalize
6
9
 
10
+ Communicate with the user in `{communication_language}`. Render the user-facing completion summary content in `{document_output_language}`.
11
+
7
12
  ## STEP GOAL:
8
13
 
9
14
  To finalize the skill by creating the active-version pointer, displaying the completion summary, and writing the result contract. Deliverables (SKILL.md, context-snippet.md, metadata.json) were already written in step-05 so that validation could run against files on disk; this step only performs the post-write finalization.
@@ -16,21 +21,23 @@ To finalize the skill by creating the active-version pointer, displaying the com
16
21
 
17
22
  ## MANDATORY SEQUENCE
18
23
 
19
- **CRITICAL:** Follow this sequence exactly. Do not skip, reorder, or improvise unless user explicitly requests a change.
20
-
21
24
  ### 1. Create Active Pointer (atomic flip, Windows-safe)
22
25
 
26
+ **If `{overrides.no_active_pointer}` is true** — skip the helper invocation entirely. Log: "Active pointer: skipped per `--no-active-pointer` override." Do not update `{skill_group}/active`. Proceed to §2 with the active-pointer line omitted from the completion summary and the outputs payload.
27
+
23
28
  `{skill_group}` and `{skill_package}` were computed in step-05 §1 from `{skills_output_folder}`, `{repo_name}`, and `{version}`; `{version}` was resolved from the extraction inventory. Reuse the same values here — do not recompute.
24
29
 
25
30
  Create or update the `active` pointer at `{skill_group}/active` pointing to `{version}` using the shared atomic-flip helper. The helper acquires an `flock` on `{skill_group}/active.skf-lock`, refuses to replace a non-link at `{skill_group}/active` (protecting against accidental `rm -rf` of a real directory), and uses a rename-over-symlink pattern so the update is atomic from a concurrent reader's perspective. On Windows the helper automatically falls back to a directory junction (`mklink /J`) when `os.symlink` fails with `PRIVILEGE_NOT_HELD` / `ACCESS_DENIED` — junctions require no admin elevation and resolve identically for `skf-skill-inventory`'s consumers:
26
31
 
32
+ **Resolve `{atomicWriteHelper}`** from `{atomicWriteProbeOrder}`; first existing path wins. HALT if no candidate exists — the active-pointer flip MUST go through the atomic helper.
33
+
27
34
  ```bash
28
- python3 {project-root}/src/shared/scripts/skf-atomic-write.py flip-link \
35
+ python3 {atomicWriteHelper} flip-link \
29
36
  --link {skill_group}/active \
30
37
  --target {version}
31
38
  ```
32
39
 
33
- The helper returns non-zero (exit 2) if `{skill_group}/active` already exists as a real directory or file rather than a link — in that case, halt with: "Refusing to flip `{skill_group}/active` — existing path is not a symlink or junction. Investigate manually; expected a link pointing at a version directory." A common cause on Windows is a prior run that executed `ln -s` under git-bash without Developer Mode enabled, which silently wrote a full directory copy; remove that copy and retry.
40
+ The helper returns non-zero (helper exit 2) if `{skill_group}/active` already exists as a real directory or file rather than a link — in that case, HARD HALT the workflow with **exit code 7 (finalize-blocked)** per the SKILL.md exit-code map: "Refusing to flip `{skill_group}/active` — existing path is not a symlink or junction. Investigate manually; expected a link pointing at a version directory." Before exiting, emit the error result contract per SKILL.md "Result Contract on HARD HALT" (`phase: "finalize"`, `error.code: "finalize-blocked"`, `skill_package` set, `outputs` listing the deliverables already on disk from step-05). A common cause on Windows is a prior run that executed `ln -s` under git-bash without Developer Mode enabled, which silently wrote a full directory copy; remove that copy and retry.
34
41
 
35
42
  **Never `rm` + `ln -s` the active pointer manually.** The bare-rm pattern has two failure modes: (1) a concurrent reader sees a missing `active` mid-flip, and (2) a bug or typo that replaces `{skill_group}/active` with a plain directory turns the next manual `rm -rf {skill_group}/active` into data loss. The helper encapsulates both guards and the Windows junction fallback.
36
43
 
@@ -45,12 +52,13 @@ Confirm: "Active pointer: {skill_group}/active -> {version} ({kind})" where `{ki
45
52
  **Source:** {resolved_url}
46
53
  **Authority:** community
47
54
  **Confidence:** {extraction confidence}
55
+ {If `scope_hint` is non-empty, add:} **Scope:** {scope_hint}
48
56
 
49
57
  **Files written:**
50
58
  - `{skill_package}/SKILL.md`
51
- - `{skill_package}/context-snippet.md`
59
+ - `{skill_package}/context-snippet.md` (omit this line when `--skip-snippet` was set)
52
60
  - `{skill_package}/metadata.json`
53
- - `{skill_group}/active` -> `{version}`
61
+ - `{skill_group}/active` -> `{version}` (omit this line when `--no-active-pointer` was set)
54
62
 
55
63
  **Exports documented:** {count}
56
64
  **Validation:** {pass / N issues (advisory)}
@@ -70,4 +78,4 @@ Write the result contract per `shared/references/output-contract-schema.md`: the
70
78
 
71
79
  ### 4. Chain to Health Check
72
80
 
73
- ONLY WHEN the active pointer has been created and the completion summary and result contract have been written will you then load, read the full file, and execute `{nextStepFile}`. The health-check step is the true terminal step — do not stop here even though the summary reads as final.
81
+ ONLY WHEN the active pointer has been created and the completion summary and result contract have been written will you then load, read the full file, and proceed to `{nextStepFile}`. The health-check step is the true terminal step — do not stop here even though the summary reads as final.
@@ -1,12 +1,14 @@
1
1
  ---
2
2
  # `shared/health-check.md` resolves relative to the SKF module root
3
- # (`_bmad/skf/` when installed, `src/` during development), NOT relative
4
- # to this step file.
3
+ # (`{project-root}/_bmad/skf/` when installed, `{project-root}/src/` during
4
+ # development), NOT relative to this step file.
5
5
  nextStepFile: 'shared/health-check.md'
6
6
  ---
7
7
 
8
8
  # Step 7: Workflow Health Check
9
9
 
10
+ Communicate with the user in `{communication_language}`.
11
+
10
12
  ## STEP GOAL:
11
13
 
12
14
  Chain to the shared workflow self-improvement health check at `{nextStepFile}`. This is the terminal step of quick-skill — after the shared health check completes, the workflow is fully done.
@@ -19,4 +21,4 @@ Chain to the shared workflow self-improvement health check at `{nextStepFile}`.
19
21
 
20
22
  ## MANDATORY SEQUENCE
21
23
 
22
- Load `{nextStepFile}`, read it fully, then execute it.
24
+ Load `{nextStepFile}`, read it fully, then proceed to execute it.
@@ -1,193 +0,0 @@
1
- ---
2
- nextStepFile: './step-06-write.md'
3
- ---
4
-
5
- # Step 5: Write & Validate
6
-
7
- ## STEP GOAL:
8
-
9
- To write the compiled SKILL.md, context-snippet.md, and metadata.json to the versioned skill package, then validate them on disk against the agentskills.io specification at community tier. Writing happens here (before step-06 finalization) because `skill-check` is a file-based CLI — it reads artifacts from disk — so the files must exist before validation runs. Report any gaps or issues. Validation is advisory — issues are reported but do not block the workflow.
10
-
11
- ## Rules
12
-
13
- - Write exactly what was compiled — do not modify content during writing
14
- - Validation is advisory — report issues but never block output
15
- - Do not modify compiled content post-validation — report only
16
- - Community-tier validation (lighter than official requirements)
17
-
18
- ## MANDATORY SEQUENCE
19
-
20
- **CRITICAL:** Follow this sequence exactly. Do not skip, reorder, or improvise unless user explicitly requests a change.
21
-
22
- ### 1. Create Output Directory
23
-
24
- Resolve `{version}` from the extraction inventory's detected version, defaulting to `1.0.0` if not detected. Create the skill output directories:
25
-
26
- ```
27
- {skill_group} # {skills_output_folder}/{repo_name}/
28
- {skill_package} # {skills_output_folder}/{repo_name}/{version}/{repo_name}/
29
- ```
30
-
31
- If `{skill_package}` already exists, confirm with user before overwriting:
32
-
33
- "**Directory `{skill_package}` already exists.** Overwrite will replace the prior compiled output; validation results, result contracts, and any manual tweaks from the previous run will not be preserved. Overwrite existing files? [Y/N]"
34
-
35
- - **If user selects Y:** Proceed to section 2.
36
- - **If user selects N:** Halt with: "Overwrite cancelled. Existing skill preserved. Run [QS] with a different skill name or remove the existing directory manually."
37
-
38
- **GATE [default: Y]** — If `{headless_mode}` is true, auto-proceed with Y and log: "headless: overwriting existing `{skill_package}`".
39
-
40
- ### 2. Write Deliverables
41
-
42
- Write the three compiled artifacts to the skill package so that validation in sections 3–9 has files on disk to read:
43
-
44
- **File 1:** `{skill_package}/SKILL.md` — the compiled skill document
45
- **File 2:** `{skill_package}/context-snippet.md` — the compressed context snippet
46
- **File 3:** `{skill_package}/metadata.json` — the machine-readable metadata
47
-
48
- Confirm after each write: "Written: SKILL.md" / "Written: context-snippet.md" / "Written: metadata.json".
49
-
50
- **If any write fails — HARD HALT:**
51
-
52
- "**Write failed:** Could not write to `{file_path}`.
53
-
54
- Error: {error details}
55
-
56
- Please check:
57
- - Does the output directory exist and is it writable?
58
- - Is there sufficient disk space?
59
- - Are there permission issues?"
60
-
61
- ### 3. Check Tool Availability
62
-
63
- Run: `npx skill-check -h`
64
-
65
- - If succeeds (returns usage information): Continue to automated validation (section 4)
66
- - If fails (command not found or error): Skip to manual fallback in section 4
67
-
68
- **Important:** Use the verification command. Do not assume availability — empirical check required.
69
-
70
- ### 4. Validate SKILL.md via skill-check (if available)
71
-
72
- **If `npx skill-check` is available**, run automated validation with auto-fix against the skill package written in section 2:
73
-
74
- ```bash
75
- npx skill-check check {skill_package} --fix --format json --no-security-scan
76
- ```
77
-
78
- This validates frontmatter, description, body limits, links, and formatting — and auto-fixes deterministic issues (field ordering, slug format, required fields, trailing newlines).
79
-
80
- **Parse JSON output** to extract:
81
- - `qualityScore` — overall score (0-100)
82
- - `diagnostics[]` — remaining issues after auto-fix
83
- - `fixed[]` — issues automatically corrected
84
-
85
- Record quality score and any remaining diagnostics as validation issues.
86
-
87
- **If skill-check is NOT available**, perform manual frontmatter check:
88
-
89
- - [ ] **Frontmatter present** — file starts with `---` delimiter and has closing `---`
90
- - [ ] **`name` field** — present, non-empty, lowercase alphanumeric + hyphens only, 1-64 chars
91
- - [ ] **`name` matches directory** — frontmatter `name` matches the skill output directory name
92
- - [ ] **`description` field** — present, non-empty, 1-1024 characters
93
- - [ ] **No unknown fields** — only `name`, `description`, `license`, `compatibility`, `metadata`, `allowed-tools` are permitted
94
-
95
- **For each violation, log an issue.** Missing frontmatter or missing required fields are high-severity issues — skills without valid frontmatter will fail `npx skills add` and `npx skill-check check`.
96
-
97
- ### 5. Validate SKILL.md Body Structure
98
-
99
- Check that SKILL.md has these required sections populated:
100
-
101
- - [ ] **Overview section** present with package name, repo, language, authority
102
- - [ ] **Description section** present with non-empty content
103
- - [ ] **Key Exports section** present (may be empty if confidence is low)
104
- - [ ] **Usage Patterns section** present (may have README fallback)
105
-
106
- **For each missing or empty required section, log an issue.**
107
-
108
- ### 6. Validate Context Snippet Format
109
-
110
- Check context-snippet.md format compliance:
111
-
112
- - [ ] **Vercel-aligned indexed format** — pipe-delimited with version, retrieval instruction, section anchors
113
- - [ ] **First line** matches pattern: `[{name} v{version}]|root: {prefix}{name}/` where prefix is `skills/` (draft form) or any IDE skill root (`.{dir}/skills/`)
114
- - [ ] **Second line** starts with: `|IMPORTANT:`
115
- - [ ] **Approximate token count** is ~80-120 tokens
116
-
117
- **If format is wrong, log an issue.**
118
-
119
- ### 7. Validate Metadata JSON
120
-
121
- Check metadata.json has required fields:
122
-
123
- - [ ] `name` — present, non-empty
124
- - [ ] `version` — present (auto-detected or "1.0.0")
125
- - [ ] `source_authority` — must be "community"
126
- - [ ] `source_repo` — present, valid GitHub URL
127
- - [ ] `language` — present, non-empty
128
- - [ ] `generated_by` — must be "quick-skill"
129
- - [ ] `generation_date` — present
130
- - [ ] `stats.exports_documented` — present, number
131
- - [ ] `stats.exports_public_api` — present, number
132
- - [ ] `stats.exports_total` — present, number
133
- - [ ] `stats.public_api_coverage` — present, number
134
- - [ ] `stats.total_coverage` — present, number
135
- - [ ] `confidence_tier` — present
136
-
137
- **For each missing or invalid field, log an issue.**
138
-
139
- ### 8. Security Scan (if skill-check available)
140
-
141
- Run security scan on the compiled skill package:
142
-
143
- ```bash
144
- npx skill-check check {skill_package} --format json
145
- ```
146
-
147
- (Security scan is enabled by default when `--no-security-scan` is omitted.)
148
-
149
- Record any security findings as advisory warnings. Security issues do not block output.
150
-
151
- **If skill-check unavailable:** Skip with note in validation results.
152
-
153
- ### 9. Report Validation Results
154
-
155
- "**Validation complete:**
156
-
157
- **SKILL.md:** {pass/issues found} (quality score: {score}/100 if skill-check was available)
158
- {list any issues}
159
- {list any auto-fixed issues}
160
-
161
- **context-snippet.md:** {pass/issues found}
162
- {list any issues}
163
-
164
- **metadata.json:** {pass/issues found}
165
- {list any issues}
166
-
167
- **Security:** {pass/warn/skipped}
168
- {list any security findings}
169
-
170
- **Overall:** {pass / N issues found}
171
-
172
- {If issues found:}
173
- These issues are advisory for community-tier skills. You can proceed to finalize or go back to adjust.
174
-
175
- **Proceeding to finalize...**"
176
-
177
- Set `validation_result` with pass/fail status, quality score, and issues list.
178
-
179
- ### 10. Auto-Proceed to Finalize
180
-
181
- #### Menu Handling Logic:
182
-
183
- - After validation report, immediately load, read entire file, then execute {nextStepFile}
184
-
185
- #### EXECUTION RULES:
186
-
187
- - This is an auto-proceed step — validation is advisory
188
- - Proceed directly to finalize step after reporting results
189
-
190
- ## CRITICAL STEP COMPLETION NOTE
191
-
192
- ONLY WHEN deliverables have been written to `{skill_package}` and validation checks are complete and results reported will you load and read fully `{nextStepFile}` to execute finalization.
193
-