coding-agent-skills 0.2.11 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (71) hide show
  1. package/CHANGELOG.md +41 -0
  2. package/README.md +8 -0
  3. package/ROADMAP.md +8 -4
  4. package/bin/coding-agent-skills +14 -0
  5. package/docs/adapters/README.md +39 -0
  6. package/docs/adapters/project-installation.md +25 -0
  7. package/docs/adapters/real-project-adoption.md +2 -2
  8. package/docs/architecture/README.md +2 -0
  9. package/docs/release/README.md +4 -3
  10. package/docs/release/npm-package.md +11 -2
  11. package/docs/safety/README.md +11 -1
  12. package/docs/testing/README.md +15 -0
  13. package/docs/usage/README.md +24 -5
  14. package/examples/command-policies/api-contract-audit.json +70 -0
  15. package/examples/command-policies/migration-review.json +70 -0
  16. package/examples/evidence-packs/api-contract-audit.json +60 -0
  17. package/examples/evidence-packs/migration-review.json +60 -0
  18. package/examples/manifests/api-contract-audit.json +14 -0
  19. package/examples/manifests/migration-review.json +14 -0
  20. package/examples/workflows/api-contract-audit.md +8 -0
  21. package/examples/workflows/migration-review.md +7 -0
  22. package/package.json +3 -1
  23. package/runs/skill-runs.md +32 -0
  24. package/schemas/project-adapter-installation.schema.json +4 -0
  25. package/schemas/project-adapter.schema.json +4 -0
  26. package/scripts/lib/api-contract-audit.mjs +651 -0
  27. package/scripts/lib/migration-review.mjs +641 -0
  28. package/scripts/lib/pack-rules.mjs +20 -2
  29. package/scripts/render-api-contract-audit.mjs +8 -0
  30. package/scripts/render-migration-review.mjs +8 -0
  31. package/scripts/test-pack.mjs +120 -1
  32. package/scripts/validate-pack.mjs +8 -2
  33. package/skills/api-contract-audit/SKILL.md +85 -0
  34. package/skills/api-contract-audit/adapter-interface.md +16 -0
  35. package/skills/api-contract-audit/agents/openai.yaml +4 -0
  36. package/skills/api-contract-audit/checklist.md +7 -0
  37. package/skills/api-contract-audit/evidence-template.md +13 -0
  38. package/skills/api-contract-audit/examples.md +20 -0
  39. package/skills/api-contract-audit/failure-modes.md +5 -0
  40. package/skills/migration-review/SKILL.md +87 -0
  41. package/skills/migration-review/adapter-interface.md +16 -0
  42. package/skills/migration-review/agents/openai.yaml +3 -0
  43. package/skills/migration-review/checklist.md +8 -0
  44. package/skills/migration-review/evidence-template.md +12 -0
  45. package/skills/migration-review/examples.md +20 -0
  46. package/skills/migration-review/failure-modes.md +5 -0
  47. package/tests/fixtures/api-contract-audit/adapter-project/.coding-agent/adapters/api-contract-audit-fixture/adapter.json +53 -0
  48. package/tests/fixtures/api-contract-audit/adapter-project/.coding-agent/skills.json +23 -0
  49. package/tests/fixtures/api-contract-audit/adapter-project/README.md +3 -0
  50. package/tests/fixtures/api-contract-audit/adapter-project/package.json +4 -0
  51. package/tests/fixtures/api-contract-audit/adapter-project/src/routes.ts +1 -0
  52. package/tests/fixtures/api-contract-audit/static-project/README.md +3 -0
  53. package/tests/fixtures/api-contract-audit/static-project/app/api/users/route.ts +7 -0
  54. package/tests/fixtures/api-contract-audit/static-project/docs/openapi.yaml +10 -0
  55. package/tests/fixtures/api-contract-audit/static-project/package.json +4 -0
  56. package/tests/fixtures/api-contract-audit/static-project/schemas/user.schema.ts +4 -0
  57. package/tests/fixtures/api-contract-audit/static-project/src/client.ts +3 -0
  58. package/tests/fixtures/migration-review/adapter-project/.coding-agent/adapters/migration-review-fixture/adapter.json +56 -0
  59. package/tests/fixtures/migration-review/adapter-project/.coding-agent/skills.json +23 -0
  60. package/tests/fixtures/migration-review/adapter-project/README.md +3 -0
  61. package/tests/fixtures/migration-review/adapter-project/db/migrations/001_create_accounts.sql +3 -0
  62. package/tests/fixtures/migration-review/adapter-project/ignored/migrations/999_ignore.sql +1 -0
  63. package/tests/fixtures/migration-review/adapter-project/package.json +3 -0
  64. package/tests/fixtures/migration-review/static-project/README.md +3 -0
  65. package/tests/fixtures/migration-review/static-project/drizzle.config.ts +4 -0
  66. package/tests/fixtures/migration-review/static-project/package.json +7 -0
  67. package/tests/fixtures/migration-review/static-project/prisma/migrations/20260703010101_init/migration.sql +6 -0
  68. package/tests/fixtures/migration-review/static-project/prisma/schema.prisma +4 -0
  69. package/tests/fixtures/triggers/cases.json +25 -1
  70. package/tests/trigger/README.md +4 -0
  71. package/work-ledger.md +31 -7
@@ -0,0 +1,4 @@
1
+ export interface UserDto {
2
+ id: string;
3
+ email: string;
4
+ }
@@ -0,0 +1,3 @@
1
+ export async function loadUsers() {
2
+ return fetch("/api/users");
3
+ }
@@ -0,0 +1,56 @@
1
+ {
2
+ "adapterId": "migration-review-fixture",
3
+ "adapterVersion": "1.0.0",
4
+ "project": {
5
+ "id": "fixture-migration-review",
6
+ "detection": {
7
+ "rootMarkers": [
8
+ {"kind": "file", "path": "package.json"},
9
+ {"kind": "file", "path": "README.md"}
10
+ ],
11
+ "maximumDepth": 1,
12
+ "scope": "declared-project-root",
13
+ "requireApprovalOutsideScope": true
14
+ }
15
+ },
16
+ "supportedSkills": [
17
+ {
18
+ "id": "migration-review",
19
+ "compatibleVersions": ["0.2.3", "0.2.x"],
20
+ "declaredMode": "audit-only"
21
+ }
22
+ ],
23
+ "extensions": {
24
+ "safeReadPaths": ["db"],
25
+ "ignoredPaths": ["ignored", "node_modules", "dist", "build"],
26
+ "documentationPrecedence": ["README.md"],
27
+ "commandAliases": [],
28
+ "safeStatusCommands": [],
29
+ "requiredEvidence": ["project root", "adapter scope", "migration files", "not-verified database areas"],
30
+ "expectedRuntimeManagers": [],
31
+ "expectedPackageManagers": ["npm"]
32
+ },
33
+ "approvalRequirements": [],
34
+ "inheritance": {
35
+ "sharedRestrictions": "required",
36
+ "deniedOperationCategories": [
37
+ "file-write",
38
+ "package-install",
39
+ "deployment",
40
+ "git-mutation",
41
+ "unrestricted-scan",
42
+ "secret-read",
43
+ "process-mutation",
44
+ "service-mutation",
45
+ "migration-apply",
46
+ "privileged-api"
47
+ ],
48
+ "allowRestrictionRemoval": false,
49
+ "allowModeOverride": false,
50
+ "allowFailureSuppression": false,
51
+ "allowCompletionOverride": false,
52
+ "allowSecretExposure": false,
53
+ "allowRequiredEvidenceRemoval": false,
54
+ "allowScopeExpansionWithoutApproval": false
55
+ }
56
+ }
@@ -0,0 +1,23 @@
1
+ {
2
+ "declarationVersion": "1.0.0",
3
+ "projectId": "fixture-migration-review",
4
+ "adapterRoot": ".coding-agent/adapters",
5
+ "adapterSchemaVersion": "1.0.0",
6
+ "core": {
7
+ "id": "coding-agent-skills",
8
+ "expectedVersion": "0.2.3",
9
+ "versionPin": ">=0.2.3 <0.3.0"
10
+ },
11
+ "compatibleSkillIds": ["migration-review"],
12
+ "adapters": [
13
+ {
14
+ "id": "migration-review-fixture",
15
+ "version": "1.0.0",
16
+ "skillIds": ["migration-review"]
17
+ }
18
+ ],
19
+ "validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
20
+ "evidenceOutput": ".coding-agent/evidence",
21
+ "approvalPolicyReference": ".coding-agent/approval-policy.md",
22
+ "noSecrets": true
23
+ }
@@ -0,0 +1,3 @@
1
+ # Adapter Migration Fixture
2
+
3
+ Synthetic adapter-scoped migration fixture.
@@ -0,0 +1,3 @@
1
+ CREATE TABLE accounts (
2
+ id text PRIMARY KEY
3
+ );
@@ -0,0 +1,3 @@
1
+ {
2
+ "name": "fixture-migration-review-adapter"
3
+ }
@@ -0,0 +1,3 @@
1
+ # Migration Review Fixture
2
+
3
+ Synthetic static migration fixture.
@@ -0,0 +1,4 @@
1
+ export default {
2
+ schema: "./src/db/schema.ts",
3
+ out: "./drizzle",
4
+ };
@@ -0,0 +1,7 @@
1
+ {
2
+ "name": "fixture-migration-review-static",
3
+ "scripts": {
4
+ "db:migrate": "prisma migrate deploy",
5
+ "db:generate": "prisma generate"
6
+ }
7
+ }
@@ -0,0 +1,6 @@
1
+ CREATE TABLE "User" (
2
+ "id" text PRIMARY KEY,
3
+ "email" text NOT NULL
4
+ );
5
+
6
+ ALTER TABLE "User" DROP COLUMN "legacyName";
@@ -0,0 +1,4 @@
1
+ model User {
2
+ id String @id
3
+ email String @unique
4
+ }
@@ -55,6 +55,30 @@
55
55
  "expectedSkill": "secret-audit",
56
56
  "notSkills": ["repo-map", "build-verify"]
57
57
  },
58
+ {
59
+ "id": "api-contract-audit-openapi",
60
+ "prompt": "Audit the OpenAPI file, endpoint declarations, client calls, and API schema files without running the server.",
61
+ "expectedSkill": "api-contract-audit",
62
+ "notSkills": ["route-trace", "runtime-truth"]
63
+ },
64
+ {
65
+ "id": "api-contract-audit-drift",
66
+ "prompt": "Map possible API contract drift between static route handlers and client calls before handoff.",
67
+ "expectedSkill": "api-contract-audit",
68
+ "notSkills": ["build-verify", "llm-drift-control"]
69
+ },
70
+ {
71
+ "id": "migration-review-static",
72
+ "prompt": "Review database migrations and schema files without connecting to the database.",
73
+ "expectedSkill": "migration-review",
74
+ "notSkills": ["runtime-truth", "build-verify"]
75
+ },
76
+ {
77
+ "id": "migration-review-rollback",
78
+ "prompt": "Map Prisma migrations and rollback review concerns from static files before handoff.",
79
+ "expectedSkill": "migration-review",
80
+ "notSkills": ["deployment-preflight", "runtime-truth"]
81
+ },
58
82
  {
59
83
  "id": "build-after-implementation",
60
84
  "prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
@@ -107,7 +131,7 @@
107
131
  "id": "negative-deploy",
108
132
  "prompt": "Deploy this application to production.",
109
133
  "expectedSkill": null,
110
- "notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
134
+ "notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
111
135
  },
112
136
  {
113
137
  "id": "negative-install",
@@ -8,6 +8,10 @@
8
8
  secret-value inspection.
9
9
  - Redacted high-confidence secret exposure detection must trigger `secret-audit`, not
10
10
  environment variable mapping or runtime truth.
11
+ - Static API contract mapping must trigger `api-contract-audit`, not runtime truth or
12
+ build verification.
13
+ - Static migration/schema review must trigger `migration-review`, not runtime truth,
14
+ deployment, or migration execution.
11
15
  - Local validation must trigger `build-verify` only when project-native checks are requested.
12
16
  - Git readiness must trigger `git-preflight`, not publication.
13
17
  - Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
package/work-ledger.md CHANGED
@@ -4,31 +4,35 @@
4
4
 
5
5
  - Repository: `coding-agent-skills`
6
6
  - Branch: `main`
7
- - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
7
+ - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
8
8
  - Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
9
9
  - Real-project adapter adoption readiness is documented as a planning-only approval gate.
10
10
  - First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
11
11
  - The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
12
12
  - The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
13
- - Public npm package release `v0.2.11` exposes the dependency-free
13
+ - Public npm package release `v0.2.13` exposes the dependency-free
14
14
  `coding-agent-skills` CLI under MIT license.
15
15
  - `route-trace` is implemented as an audit-only static route tracing skill.
16
16
  - `env-audit` is implemented as an audit-only value-free environment variable name mapping
17
17
  skill.
18
18
  - `secret-audit` is implemented as an audit-only redacted secret exposure detection skill.
19
+ - `api-contract-audit` is implemented as an audit-only static API contract surface mapping
20
+ skill.
21
+ - `migration-review` is implemented as an audit-only static migration and schema evidence
22
+ review skill.
19
23
  - Builder-mode approval: complete the remaining read-only skill wave for
20
24
  `coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
21
25
 
22
26
  ## Last Completed Version
23
27
 
24
- `v0.2.11`
28
+ `v0.2.13`
25
29
 
26
30
  ## Current Recommended Milestone
27
31
 
28
- The `secret-audit` public npm release is in progress under builder-mode approval. Continue
29
- the remaining read-only skill wave one release at a time unless a real safety, validation,
30
- publication, or authentication boundary appears. The next approved wave item is
31
- `api-contract-audit-skill`.
32
+ The `migration-review` public npm release is in progress under builder-mode approval.
33
+ Continue the remaining read-only skill wave one release at a time unless a real safety,
34
+ validation, publication, or authentication boundary appears. The next approved wave item is
35
+ `github-handoff-skill`.
32
36
 
33
37
  ## Allowed Next Actions
34
38
 
@@ -100,6 +104,26 @@ No next runner command is currently queued.
100
104
 
101
105
  No autonomous maintainer-loop run has been recorded yet.
102
106
 
107
+ ### 2026-07-03T12:00:00Z
108
+
109
+ - Latest tag observed: `v0.2.12`
110
+ - Implemented milestone: `migration-review` audit-only static migration and schema evidence review skill and CLI command.
111
+ - Required permission: `builder-mode-skill-implementation`
112
+ - Validation result: pass pending final publication evidence
113
+ - Next recommended milestone: continue builder-mode wave with `github-handoff-skill`
114
+ after `v0.2.13` publication completes.
115
+
116
+
117
+ ### 2026-07-03T12:00:00Z
118
+
119
+ - Latest tag observed: `v0.2.11`
120
+ - Implemented milestone: `api-contract-audit` audit-only static API contract surface mapping skill and CLI command.
121
+ - Required permission: `builder-mode-skill-implementation`
122
+ - Validation result: pass pending final publication evidence
123
+ - Next recommended milestone: continue builder-mode wave with `migration-review-skill`
124
+ after `v0.2.12` publication completes.
125
+
126
+
103
127
  ### 2026-07-03T11:00:00Z
104
128
 
105
129
  - Latest tag observed: `v0.2.10`