coding-agent-skills 0.2.10 → 0.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/CHANGELOG.md +40 -0
  2. package/README.md +8 -0
  3. package/ROADMAP.md +9 -5
  4. package/bin/coding-agent-skills +14 -0
  5. package/docs/adapters/README.md +38 -0
  6. package/docs/adapters/project-installation.md +24 -0
  7. package/docs/adapters/real-project-adoption.md +2 -2
  8. package/docs/architecture/README.md +5 -3
  9. package/docs/release/README.md +3 -2
  10. package/docs/release/npm-package.md +10 -2
  11. package/docs/safety/README.md +11 -1
  12. package/docs/testing/README.md +15 -0
  13. package/docs/usage/README.md +23 -5
  14. package/examples/command-policies/api-contract-audit.json +70 -0
  15. package/examples/command-policies/secret-audit.json +71 -0
  16. package/examples/evidence-packs/api-contract-audit.json +60 -0
  17. package/examples/evidence-packs/secret-audit.json +55 -0
  18. package/examples/manifests/api-contract-audit.json +14 -0
  19. package/examples/manifests/secret-audit.json +14 -0
  20. package/examples/workflows/api-contract-audit.md +8 -0
  21. package/examples/workflows/secret-audit.md +10 -0
  22. package/package.json +3 -1
  23. package/runs/skill-runs.md +32 -0
  24. package/schemas/project-adapter-installation.schema.json +4 -0
  25. package/schemas/project-adapter.schema.json +4 -0
  26. package/scripts/lib/api-contract-audit.mjs +651 -0
  27. package/scripts/lib/pack-rules.mjs +20 -2
  28. package/scripts/lib/secret-audit.mjs +510 -0
  29. package/scripts/render-api-contract-audit.mjs +8 -0
  30. package/scripts/render-secret-audit.mjs +8 -0
  31. package/scripts/test-pack.mjs +130 -1
  32. package/scripts/validate-pack.mjs +8 -2
  33. package/skills/api-contract-audit/SKILL.md +85 -0
  34. package/skills/api-contract-audit/adapter-interface.md +16 -0
  35. package/skills/api-contract-audit/agents/openai.yaml +4 -0
  36. package/skills/api-contract-audit/checklist.md +7 -0
  37. package/skills/api-contract-audit/evidence-template.md +13 -0
  38. package/skills/api-contract-audit/examples.md +20 -0
  39. package/skills/api-contract-audit/failure-modes.md +5 -0
  40. package/skills/secret-audit/SKILL.md +57 -0
  41. package/skills/secret-audit/adapter-interface.md +12 -0
  42. package/skills/secret-audit/agents/openai.yaml +4 -0
  43. package/skills/secret-audit/checklist.md +7 -0
  44. package/skills/secret-audit/evidence-template.md +15 -0
  45. package/skills/secret-audit/examples.md +27 -0
  46. package/skills/secret-audit/failure-modes.md +5 -0
  47. package/tests/fixtures/api-contract-audit/adapter-project/.coding-agent/adapters/api-contract-audit-fixture/adapter.json +53 -0
  48. package/tests/fixtures/api-contract-audit/adapter-project/.coding-agent/skills.json +23 -0
  49. package/tests/fixtures/api-contract-audit/adapter-project/README.md +3 -0
  50. package/tests/fixtures/api-contract-audit/adapter-project/package.json +4 -0
  51. package/tests/fixtures/api-contract-audit/adapter-project/src/routes.ts +1 -0
  52. package/tests/fixtures/api-contract-audit/static-project/README.md +3 -0
  53. package/tests/fixtures/api-contract-audit/static-project/app/api/users/route.ts +7 -0
  54. package/tests/fixtures/api-contract-audit/static-project/docs/openapi.yaml +10 -0
  55. package/tests/fixtures/api-contract-audit/static-project/package.json +4 -0
  56. package/tests/fixtures/api-contract-audit/static-project/schemas/user.schema.ts +4 -0
  57. package/tests/fixtures/api-contract-audit/static-project/src/client.ts +3 -0
  58. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/adapters/secret-audit-fixture/adapter.json +53 -0
  59. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/skills.json +23 -0
  60. package/tests/fixtures/secret-audit/adapter-project/README.md +3 -0
  61. package/tests/fixtures/secret-audit/adapter-project/package.json +4 -0
  62. package/tests/fixtures/secret-audit/adapter-project/src/placeholder.ts +1 -0
  63. package/tests/fixtures/secret-audit/static-project/.env.example +1 -0
  64. package/tests/fixtures/secret-audit/static-project/README.md +3 -0
  65. package/tests/fixtures/secret-audit/static-project/package.json +4 -0
  66. package/tests/fixtures/secret-audit/static-project/src/config.ts +1 -0
  67. package/tests/fixtures/triggers/cases.json +25 -1
  68. package/tests/trigger/README.md +4 -0
  69. package/work-ledger.md +30 -6
package/work-ledger.md CHANGED
@@ -4,29 +4,33 @@
4
4
 
5
5
  - Repository: `coding-agent-skills`
6
6
  - Branch: `main`
7
- - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
7
+ - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
8
8
  - Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
9
9
  - Real-project adapter adoption readiness is documented as a planning-only approval gate.
10
10
  - First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
11
11
  - The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
12
12
  - The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
13
- - Public npm package release `v0.2.10` exposes the dependency-free
13
+ - Public npm package release `v0.2.12` exposes the dependency-free
14
14
  `coding-agent-skills` CLI under MIT license.
15
15
  - `route-trace` is implemented as an audit-only static route tracing skill.
16
16
  - `env-audit` is implemented as an audit-only value-free environment variable name mapping
17
17
  skill.
18
+ - `secret-audit` is implemented as an audit-only redacted secret exposure detection skill.
19
+ - `api-contract-audit` is implemented as an audit-only static API contract surface mapping
20
+ skill.
18
21
  - Builder-mode approval: complete the remaining read-only skill wave for
19
22
  `coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
20
23
 
21
24
  ## Last Completed Version
22
25
 
23
- `v0.2.10`
26
+ `v0.2.12`
24
27
 
25
28
  ## Current Recommended Milestone
26
29
 
27
- The `env-audit` public npm release is in progress under builder-mode approval. Continue the
28
- remaining read-only skill wave one release at a time unless a real safety, validation,
29
- publication, or authentication boundary appears.
30
+ The `api-contract-audit` public npm release is in progress under builder-mode approval.
31
+ Continue the remaining read-only skill wave one release at a time unless a real safety,
32
+ validation, publication, or authentication boundary appears. The next approved wave item is
33
+ `migration-review-skill`.
30
34
 
31
35
  ## Allowed Next Actions
32
36
 
@@ -98,6 +102,26 @@ No next runner command is currently queued.
98
102
 
99
103
  No autonomous maintainer-loop run has been recorded yet.
100
104
 
105
+ ### 2026-07-03T12:00:00Z
106
+
107
+ - Latest tag observed: `v0.2.11`
108
+ - Implemented milestone: `api-contract-audit` audit-only static API contract surface mapping skill and CLI command.
109
+ - Required permission: `builder-mode-skill-implementation`
110
+ - Validation result: pass pending final publication evidence
111
+ - Next recommended milestone: continue builder-mode wave with `migration-review-skill`
112
+ after `v0.2.12` publication completes.
113
+
114
+
115
+ ### 2026-07-03T11:00:00Z
116
+
117
+ - Latest tag observed: `v0.2.10`
118
+ - Implemented milestone: `secret-audit` audit-only redacted secret exposure detection skill and CLI command.
119
+ - Required permission: `builder-mode-skill-implementation`
120
+ - Validation result: pass pending final publication evidence
121
+ - Next recommended milestone: continue builder-mode wave with `api-contract-audit-skill`
122
+ after `v0.2.11` publication completes.
123
+
124
+
101
125
  ### 2026-07-03T10:00:00Z
102
126
 
103
127
  - Latest tag observed: `v0.2.9`