coding-agent-skills 0.2.10 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/README.md +4 -0
  3. package/ROADMAP.md +7 -5
  4. package/bin/coding-agent-skills +7 -0
  5. package/docs/adapters/README.md +19 -0
  6. package/docs/adapters/project-installation.md +12 -0
  7. package/docs/adapters/real-project-adoption.md +1 -1
  8. package/docs/architecture/README.md +4 -3
  9. package/docs/release/README.md +3 -2
  10. package/docs/release/npm-package.md +6 -2
  11. package/docs/safety/README.md +6 -1
  12. package/docs/testing/README.md +8 -0
  13. package/docs/usage/README.md +14 -5
  14. package/examples/command-policies/secret-audit.json +71 -0
  15. package/examples/evidence-packs/secret-audit.json +55 -0
  16. package/examples/manifests/secret-audit.json +14 -0
  17. package/examples/workflows/secret-audit.md +10 -0
  18. package/package.json +2 -1
  19. package/runs/skill-runs.md +16 -0
  20. package/schemas/project-adapter-installation.schema.json +2 -0
  21. package/schemas/project-adapter.schema.json +2 -0
  22. package/scripts/lib/pack-rules.mjs +11 -2
  23. package/scripts/lib/secret-audit.mjs +510 -0
  24. package/scripts/render-secret-audit.mjs +8 -0
  25. package/scripts/test-pack.mjs +69 -1
  26. package/scripts/validate-pack.mjs +5 -2
  27. package/skills/secret-audit/SKILL.md +57 -0
  28. package/skills/secret-audit/adapter-interface.md +12 -0
  29. package/skills/secret-audit/agents/openai.yaml +4 -0
  30. package/skills/secret-audit/checklist.md +7 -0
  31. package/skills/secret-audit/evidence-template.md +15 -0
  32. package/skills/secret-audit/examples.md +27 -0
  33. package/skills/secret-audit/failure-modes.md +5 -0
  34. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/adapters/secret-audit-fixture/adapter.json +53 -0
  35. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/skills.json +23 -0
  36. package/tests/fixtures/secret-audit/adapter-project/README.md +3 -0
  37. package/tests/fixtures/secret-audit/adapter-project/package.json +4 -0
  38. package/tests/fixtures/secret-audit/adapter-project/src/placeholder.ts +1 -0
  39. package/tests/fixtures/secret-audit/static-project/.env.example +1 -0
  40. package/tests/fixtures/secret-audit/static-project/README.md +3 -0
  41. package/tests/fixtures/secret-audit/static-project/package.json +4 -0
  42. package/tests/fixtures/secret-audit/static-project/src/config.ts +1 -0
  43. package/tests/fixtures/triggers/cases.json +13 -1
  44. package/tests/trigger/README.md +2 -0
  45. package/work-ledger.md +18 -6
@@ -0,0 +1,57 @@
1
+ ---
2
+ name: secret-audit
3
+ description: Find high-confidence secret exposure risks in static tracked files without printing matched values. Use when Codex must identify possible token, key, credential, or private-key exposure by file path and count before handoff or cleanup; do not use for reading .env files, credential stores, rotation, validation, API calls, builds, tests, deployments, migrations, or mutation.
4
+ ---
5
+
6
+ # Secret Audit
7
+
8
+ Identify high-confidence secret-like patterns from bounded static evidence and emit a redacted report. Remain audit-only and fail closed when evidence would require reading secret files or printing values.
9
+
10
+ This skill must not change project files, Git state, dependencies, runtime state, services,
11
+ databases, remotes, or deployment state.
12
+
13
+ ## Purpose And Use
14
+
15
+ Use this skill to find possible tracked secret exposure by file path, pattern type, and count before handoff, publication, or cleanup. It can report suspicious files and categories, but it must not print matched values or claim whether a credential is active.
16
+
17
+ Do not use this skill for credential validation, token rotation, secret-store inspection, runtime truth claims, deployment readiness, migrations, builds, tests, or package installation.
18
+
19
+ ## Inputs
20
+
21
+ Require a project root or starting path. Optionally accept a project adapter, intended scan area, maximum static scan depth, or known synthetic fixture allowance.
22
+
23
+ Do not assume ignored secret files may be read, high-confidence patterns prove exploitability, absence of findings proves absence of secrets, package contents match Git contents, or a project adapter covers every exposure surface.
24
+
25
+ ## Procedure
26
+
27
+ 1. Record user intent, project root, declared scope, adapter state, and safety boundary.
28
+ 2. Validate a project adapter when present before reading adapter-declared metadata.
29
+ 3. If an adapter is present but does not enable `secret-audit`, stop static file reading and report the adapter-limited skip.
30
+ 4. Build scan scope from adapter safe read paths when available; otherwise use a bounded generic static scan.
31
+ 5. Exclude `.env`, `.env.*` except deliberate `.env.example`, secret-bearing paths, generated paths, dependency paths, and oversized files before reading.
32
+ 6. Scan safe static text files for high-confidence secret-like shapes.
33
+ 7. Report only file path, finding type, and count. Never print matched values, snippets, tokens, credentials, or raw secret-like content.
34
+ 8. Label findings, skipped items, not-verified areas, warnings, and safety refusals.
35
+ 9. Emit the shared evidence pack or secret-audit report before claiming completion.
36
+
37
+ Use [checklist.md](checklist.md). Consult [failure-modes.md](failure-modes.md), [adapter-interface.md](adapter-interface.md), and [examples.md](examples.md). Format findings with [evidence-template.md](evidence-template.md).
38
+
39
+ ## Evidence, Recovery, And Dependencies
40
+
41
+ Emit repository identity, adapter state, scan scope, ignored paths, files scanned, finding path/type/count, skipped items, not-verified areas, warnings, and changed-state declaration through the shared evidence-pack contract.
42
+
43
+ Recover from missing adapters, unreadable files, ambiguous patterns, or secret-bearing paths by narrowing scope and reporting uncertainty. Never recover by reading `.env`, printing values, validating credentials, rotating tokens, contacting APIs, installing dependencies, running builds/tests, broadening adapter scope, or mutating files.
44
+
45
+ This skill depends on the evidence-pack contract and may consume validated project adapters. Adapters may add safe paths, ignored paths, documentation precedence, and evidence requirements, but cannot weaken policy or turn this skill into credential handling.
46
+
47
+ ## Approval Boundary
48
+
49
+ Explicit approval may permit one named non-secret static file read outside normal source paths. Approval does not permit `.env` or secret-file reads, value printing, credential validation, token rotation, API calls, builds, tests, package installation, runtime checks, deployments, migrations, Git mutation, or project writes.
50
+
51
+ ## Completion
52
+
53
+ Claim `complete` only when the declared static scan scope was inspected, all findings are path/type/count only, skipped and not-verified areas are recorded with consequences, adapter limitations are explicit, and no project, Git, dependency, runtime, service, or remote state changed.
54
+
55
+ Report `partial`, `failed`, or `blocked` when adapter scope prevents scanning, requested evidence requires secret files or credential stores, the project root cannot be established, or safety exclusions prevent a requested conclusion. Never claim credential validity, revocation, or full absence of secrets from static findings alone.
56
+
57
+ These conditions are both the acceptance criteria and definition of done.
@@ -0,0 +1,12 @@
1
+ Adapters may enable `secret-audit` by declaring the skill ID with unchanged `audit-only`
2
+ mode and compatible version `0.2.3` or `0.2.x`.
3
+
4
+ Useful extension fields:
5
+
6
+ - `safeReadPaths`: source, docs, sample, and config paths safe for static pattern scanning.
7
+ - `ignoredPaths`: generated, dependency, runtime-output, and secret-bearing paths to skip.
8
+ - `documentationPrecedence`: docs that explain known synthetic fixtures or report policy.
9
+ - `requiredEvidence`: evidence the report must include before completion.
10
+
11
+ Adapters must not add `.env`, credentials, secret stores, credential API calls, rotation,
12
+ builds, tests, deployments, migrations, or project writes.
@@ -0,0 +1,4 @@
1
+ interface:
2
+ display_name: "Secret Audit"
3
+ short_description: "Find secret exposure risks without printing values"
4
+ default_prompt: "Audit high-confidence secret exposure risks in this repository without changing project state. Do not read .env files, print matched values, or rotate credentials."
@@ -0,0 +1,7 @@
1
+ - Confirm project root, branch state, and adapter state.
2
+ - Validate adapter before consuming any adapter-declared paths.
3
+ - Refuse `.env`, `.env.*` except `.env.example`, secret-bearing paths, and generated outputs.
4
+ - Scan only bounded static text files.
5
+ - Record file path, finding type, and count only.
6
+ - Record skipped files and secret stores/history that were not verified.
7
+ - Confirm no files, dependencies, runtime state, services, remotes, or databases changed.
@@ -0,0 +1,15 @@
1
+ ## Secret Audit Evidence
2
+
3
+ - Repository root:
4
+ - Branch state:
5
+ - Adapter state:
6
+ - Scan scope:
7
+ - Ignored paths:
8
+ - Static files scanned:
9
+ - Finding paths:
10
+ - Finding types:
11
+ - Finding counts:
12
+ - Skipped items:
13
+ - Not verified:
14
+ - Safety refusals:
15
+ - Changed state: none
@@ -0,0 +1,27 @@
1
+ ## Safe
2
+
3
+ ```bash
4
+ coding-agent-skills secret-audit /workspace/app
5
+ ```
6
+
7
+ Reports possible secret exposure by path, type, and count only.
8
+
9
+ ```bash
10
+ node scripts/render-secret-audit.mjs tests/fixtures/secret-audit/static-project
11
+ ```
12
+
13
+ Runs the synthetic fixture scanner without reading `.env` files or printing matches.
14
+
15
+ ## Unsafe
16
+
17
+ ```bash
18
+ cat .env
19
+ ```
20
+
21
+ Secret-file reads are forbidden.
22
+
23
+ ```bash
24
+ gh secret list
25
+ ```
26
+
27
+ Credential-store and API inspection are outside this skill.
@@ -0,0 +1,5 @@
1
+ - **Adapter not enabled:** report `partial` and do not broaden target-project scanning.
2
+ - **Secret-bearing path requested:** skip the file and record the safety exclusion.
3
+ - **Synthetic test token needed:** generate it in a temporary test directory, never package it.
4
+ - **Credential validation requested:** refuse and explain that only static path/count evidence is in scope.
5
+ - **No findings:** report that no high-confidence matches were found in scanned files, not that the repo is secret-free.
@@ -0,0 +1,53 @@
1
+ {
2
+ "adapterId": "secret-audit-fixture",
3
+ "adapterVersion": "1.0.0",
4
+ "project": {
5
+ "id": "secret-audit-fixture",
6
+ "detection": {
7
+ "rootMarkers": [{"kind": "file", "path": "package.json"}],
8
+ "maximumDepth": 1,
9
+ "scope": "declared-project-root",
10
+ "requireApprovalOutsideScope": true
11
+ }
12
+ },
13
+ "supportedSkills": [
14
+ {
15
+ "id": "secret-audit",
16
+ "compatibleVersions": ["0.2.3", "0.2.x"],
17
+ "declaredMode": "audit-only"
18
+ }
19
+ ],
20
+ "extensions": {
21
+ "safeReadPaths": ["src"],
22
+ "ignoredPaths": ["dist", "build"],
23
+ "documentationPrecedence": ["README.md"],
24
+ "commandAliases": [],
25
+ "safeStatusCommands": [],
26
+ "requiredEvidence": ["project root", "adapter scope", "finding paths", "redaction statement"],
27
+ "expectedRuntimeManagers": [],
28
+ "expectedPackageManagers": ["npm"]
29
+ },
30
+ "approvalRequirements": [],
31
+ "inheritance": {
32
+ "sharedRestrictions": "required",
33
+ "deniedOperationCategories": [
34
+ "file-write",
35
+ "package-install",
36
+ "deployment",
37
+ "git-mutation",
38
+ "unrestricted-scan",
39
+ "secret-read",
40
+ "process-mutation",
41
+ "service-mutation",
42
+ "migration-apply",
43
+ "privileged-api"
44
+ ],
45
+ "allowRestrictionRemoval": false,
46
+ "allowModeOverride": false,
47
+ "allowFailureSuppression": false,
48
+ "allowCompletionOverride": false,
49
+ "allowSecretExposure": false,
50
+ "allowRequiredEvidenceRemoval": false,
51
+ "allowScopeExpansionWithoutApproval": false
52
+ }
53
+ }
@@ -0,0 +1,23 @@
1
+ {
2
+ "declarationVersion": "1.0.0",
3
+ "projectId": "secret-audit-fixture",
4
+ "adapterRoot": ".coding-agent/adapters",
5
+ "adapterSchemaVersion": "1.0.0",
6
+ "core": {
7
+ "id": "coding-agent-skills",
8
+ "expectedVersion": "0.2.3",
9
+ "versionPin": ">=0.2.3 <0.3.0"
10
+ },
11
+ "compatibleSkillIds": ["secret-audit"],
12
+ "adapters": [
13
+ {
14
+ "id": "secret-audit-fixture",
15
+ "version": "1.0.0",
16
+ "skillIds": ["secret-audit"]
17
+ }
18
+ ],
19
+ "validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
20
+ "evidenceOutput": "validation-output/project-adapters.json",
21
+ "approvalPolicyReference": "docs/coding-agent-approval-policy.md",
22
+ "noSecrets": true
23
+ }
@@ -0,0 +1,3 @@
1
+ # Secret Audit Adapter Fixture
2
+
3
+ This fixture narrows secret scanning to `src`.
@@ -0,0 +1,4 @@
1
+ {
2
+ "name": "fixture-secret-audit-adapter",
3
+ "type": "module"
4
+ }
@@ -0,0 +1 @@
1
+ export const placeholder = "safe-placeholder-only";
@@ -0,0 +1,3 @@
1
+ # Secret Audit Static Fixture
2
+
3
+ This fixture intentionally contains no packaged secret-like values.
@@ -0,0 +1,4 @@
1
+ {
2
+ "name": "fixture-secret-audit-static",
3
+ "type": "module"
4
+ }
@@ -0,0 +1 @@
1
+ export const placeholder = "replace-with-token-at-runtime";
@@ -43,6 +43,18 @@
43
43
  "expectedSkill": "env-audit",
44
44
  "notSkills": ["build-verify", "deployment-preflight"]
45
45
  },
46
+ {
47
+ "id": "secret-audit-exposure",
48
+ "prompt": "Run a secret audit for hardcoded tokens and private keys without printing matched values.",
49
+ "expectedSkill": "secret-audit",
50
+ "notSkills": ["env-audit", "runtime-truth"]
51
+ },
52
+ {
53
+ "id": "secret-audit-tracked-secrets",
54
+ "prompt": "Check for tracked secret exposure in source files without reading .env or credential stores.",
55
+ "expectedSkill": "secret-audit",
56
+ "notSkills": ["repo-map", "build-verify"]
57
+ },
46
58
  {
47
59
  "id": "build-after-implementation",
48
60
  "prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
@@ -95,7 +107,7 @@
95
107
  "id": "negative-deploy",
96
108
  "prompt": "Deploy this application to production.",
97
109
  "expectedSkill": null,
98
- "notSkills": ["repo-map", "route-trace", "env-audit", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
110
+ "notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
99
111
  },
100
112
  {
101
113
  "id": "negative-install",
@@ -6,6 +6,8 @@
6
6
  - Static route-surface tracing must trigger `route-trace`, not repository mapping or runtime truth.
7
7
  - Value-free environment variable mapping must trigger `env-audit`, not runtime truth or
8
8
  secret-value inspection.
9
+ - Redacted high-confidence secret exposure detection must trigger `secret-audit`, not
10
+ environment variable mapping or runtime truth.
9
11
  - Local validation must trigger `build-verify` only when project-native checks are requested.
10
12
  - Git readiness must trigger `git-preflight`, not publication.
11
13
  - Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
package/work-ledger.md CHANGED
@@ -4,29 +4,31 @@
4
4
 
5
5
  - Repository: `coding-agent-skills`
6
6
  - Branch: `main`
7
- - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
7
+ - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
8
8
  - Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
9
9
  - Real-project adapter adoption readiness is documented as a planning-only approval gate.
10
10
  - First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
11
11
  - The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
12
12
  - The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
13
- - Public npm package release `v0.2.10` exposes the dependency-free
13
+ - Public npm package release `v0.2.11` exposes the dependency-free
14
14
  `coding-agent-skills` CLI under MIT license.
15
15
  - `route-trace` is implemented as an audit-only static route tracing skill.
16
16
  - `env-audit` is implemented as an audit-only value-free environment variable name mapping
17
17
  skill.
18
+ - `secret-audit` is implemented as an audit-only redacted secret exposure detection skill.
18
19
  - Builder-mode approval: complete the remaining read-only skill wave for
19
20
  `coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
20
21
 
21
22
  ## Last Completed Version
22
23
 
23
- `v0.2.10`
24
+ `v0.2.11`
24
25
 
25
26
  ## Current Recommended Milestone
26
27
 
27
- The `env-audit` public npm release is in progress under builder-mode approval. Continue the
28
- remaining read-only skill wave one release at a time unless a real safety, validation,
29
- publication, or authentication boundary appears.
28
+ The `secret-audit` public npm release is in progress under builder-mode approval. Continue
29
+ the remaining read-only skill wave one release at a time unless a real safety, validation,
30
+ publication, or authentication boundary appears. The next approved wave item is
31
+ `api-contract-audit-skill`.
30
32
 
31
33
  ## Allowed Next Actions
32
34
 
@@ -98,6 +100,16 @@ No next runner command is currently queued.
98
100
 
99
101
  No autonomous maintainer-loop run has been recorded yet.
100
102
 
103
+ ### 2026-07-03T11:00:00Z
104
+
105
+ - Latest tag observed: `v0.2.10`
106
+ - Implemented milestone: `secret-audit` audit-only redacted secret exposure detection skill and CLI command.
107
+ - Required permission: `builder-mode-skill-implementation`
108
+ - Validation result: pass pending final publication evidence
109
+ - Next recommended milestone: continue builder-mode wave with `api-contract-audit-skill`
110
+ after `v0.2.11` publication completes.
111
+
112
+
101
113
  ### 2026-07-03T10:00:00Z
102
114
 
103
115
  - Latest tag observed: `v0.2.9`