coding-agent-skills 0.2.12 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/CHANGELOG.md +21 -0
  2. package/README.md +4 -0
  3. package/ROADMAP.md +5 -3
  4. package/bin/coding-agent-skills +7 -0
  5. package/docs/adapters/README.md +20 -0
  6. package/docs/adapters/project-installation.md +13 -0
  7. package/docs/adapters/real-project-adoption.md +1 -1
  8. package/docs/architecture/README.md +1 -0
  9. package/docs/release/README.md +3 -2
  10. package/docs/release/npm-package.md +7 -2
  11. package/docs/safety/README.md +6 -1
  12. package/docs/testing/README.md +8 -0
  13. package/docs/usage/README.md +15 -5
  14. package/examples/command-policies/migration-review.json +70 -0
  15. package/examples/evidence-packs/migration-review.json +60 -0
  16. package/examples/manifests/migration-review.json +14 -0
  17. package/examples/workflows/migration-review.md +7 -0
  18. package/package.json +2 -1
  19. package/runs/skill-runs.md +16 -0
  20. package/schemas/project-adapter-installation.schema.json +2 -0
  21. package/schemas/project-adapter.schema.json +2 -0
  22. package/scripts/lib/migration-review.mjs +641 -0
  23. package/scripts/lib/pack-rules.mjs +11 -2
  24. package/scripts/render-migration-review.mjs +8 -0
  25. package/scripts/test-pack.mjs +59 -1
  26. package/scripts/validate-pack.mjs +5 -2
  27. package/skills/migration-review/SKILL.md +87 -0
  28. package/skills/migration-review/adapter-interface.md +16 -0
  29. package/skills/migration-review/agents/openai.yaml +3 -0
  30. package/skills/migration-review/checklist.md +8 -0
  31. package/skills/migration-review/evidence-template.md +12 -0
  32. package/skills/migration-review/examples.md +20 -0
  33. package/skills/migration-review/failure-modes.md +5 -0
  34. package/tests/fixtures/migration-review/adapter-project/.coding-agent/adapters/migration-review-fixture/adapter.json +56 -0
  35. package/tests/fixtures/migration-review/adapter-project/.coding-agent/skills.json +23 -0
  36. package/tests/fixtures/migration-review/adapter-project/README.md +3 -0
  37. package/tests/fixtures/migration-review/adapter-project/db/migrations/001_create_accounts.sql +3 -0
  38. package/tests/fixtures/migration-review/adapter-project/ignored/migrations/999_ignore.sql +1 -0
  39. package/tests/fixtures/migration-review/adapter-project/package.json +3 -0
  40. package/tests/fixtures/migration-review/static-project/README.md +3 -0
  41. package/tests/fixtures/migration-review/static-project/drizzle.config.ts +4 -0
  42. package/tests/fixtures/migration-review/static-project/package.json +7 -0
  43. package/tests/fixtures/migration-review/static-project/prisma/migrations/20260703010101_init/migration.sql +6 -0
  44. package/tests/fixtures/migration-review/static-project/prisma/schema.prisma +4 -0
  45. package/tests/fixtures/triggers/cases.json +13 -1
  46. package/tests/trigger/README.md +2 -0
  47. package/work-ledger.md +17 -5
@@ -62,6 +62,11 @@ import {
62
62
  buildApiContractAuditReport,
63
63
  renderApiContractAuditReport,
64
64
  } from "./lib/api-contract-audit.mjs";
65
+ import {
66
+ buildMigrationReviewReport,
67
+ migrationReviewCliResult,
68
+ renderMigrationReviewReport,
69
+ } from "./lib/migration-review.mjs";
65
70
  import {
66
71
  adapterUpgradeCliResult,
67
72
  checkAdapterUpgrade,
@@ -280,6 +285,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
280
285
  assert.ok(cliText.includes("scripts/render-env-audit.mjs"));
281
286
  assert.ok(cliText.includes("scripts/render-secret-audit.mjs"));
282
287
  assert.ok(cliText.includes("scripts/render-api-contract-audit.mjs"));
288
+ assert.ok(cliText.includes("scripts/render-migration-review.mjs"));
283
289
  assert.ok(cliText.includes("scripts/validate-adapters.mjs"));
284
290
  assert.ok(!cliText.includes(".env"));
285
291
 
@@ -317,6 +323,10 @@ test("local CLI maps approved commands to existing safe scripts", () => {
317
323
  ["api-contract-audit", path.join(fixtureRoot, "api-contract-audit", "static-project")],
318
324
  /# API Contract Audit Report/,
319
325
  ],
326
+ [
327
+ ["migration-review", path.join(fixtureRoot, "migration-review", "static-project")],
328
+ /# Migration Review Report/,
329
+ ],
320
330
  ];
321
331
 
322
332
  for (const [args, expected] of commands) {
@@ -341,7 +351,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
341
351
  test("npm package metadata is public-ready and dependency-free", () => {
342
352
  const packageJson = readJson("package.json");
343
353
  assert.equal(packageJson.name, "coding-agent-skills");
344
- assert.equal(packageJson.version, "0.2.12");
354
+ assert.equal(packageJson.version, "0.2.13");
345
355
  assert.equal(
346
356
  packageJson.description,
347
357
  "Evidence-first, read-only coding-agent skills and project adapter tooling.",
@@ -357,6 +367,7 @@ test("npm package metadata is public-ready and dependency-free", () => {
357
367
  "env-audit",
358
368
  "secret-audit",
359
369
  "api-contract-audit",
370
+ "migration-review",
360
371
  "project-adapters",
361
372
  "code-validation",
362
373
  "cli",
@@ -650,6 +661,53 @@ test("api-contract-audit does not broaden a repo-map-only project adapter", () =
650
661
  assert.match(renderApiContractAuditReport(result), /api-contract-audit is not enabled/);
651
662
  });
652
663
 
664
+ test("migration-review maps static migration surfaces without database access", () => {
665
+ const result = buildMigrationReviewReport(
666
+ path.join(root, "tests", "fixtures", "migration-review", "static-project"),
667
+ { coreRoot: root },
668
+ );
669
+
670
+ assert.equal(result.status, "complete");
671
+ assert.ok(result.migrationFiles.some((record) => record.path === "prisma/migrations/20260703010101_init/migration.sql"));
672
+ assert.ok(result.schemaFiles.some((record) => record.path === "prisma/schema.prisma"));
673
+ assert.ok(result.configFiles.some((record) => record.path === "drizzle.config.ts"));
674
+ assert.ok(result.packageScriptKeys.some((record) => record.key === "db:migrate"));
675
+ assert.ok(result.riskIndicators.some((record) => record.type === "drop-column"));
676
+ assert.match(renderMigrationReviewReport(result), /No database connection/);
677
+ });
678
+
679
+ test("migration-review respects adapter-declared scope", () => {
680
+ const result = buildMigrationReviewReport(
681
+ path.join(root, "tests", "fixtures", "migration-review", "adapter-project"),
682
+ { coreRoot: root },
683
+ );
684
+
685
+ assert.equal(result.status, "complete");
686
+ assert.equal(result.adapter.enabled, true);
687
+ assert.deepEqual(result.scopePaths, ["db"]);
688
+ assert.deepEqual(result.filesScanned, ["db/migrations/001_create_accounts.sql"]);
689
+ assert.ok(result.migrationFiles.some((record) => record.path === "db/migrations/001_create_accounts.sql"));
690
+ assert.ok(result.warnings.includes("migration-review used adapter-declared safe read paths only"));
691
+ const cli = migrationReviewCliResult(
692
+ path.join(root, "tests", "fixtures", "migration-review", "adapter-project"),
693
+ { coreRoot: root },
694
+ );
695
+ assert.equal(cli.exitCode, 0);
696
+ assert.match(cli.lines.join("\n"), /Migration-review enabled: yes/);
697
+ });
698
+
699
+ test("migration-review does not broaden a repo-map-only project adapter", () => {
700
+ const result = buildMigrationReviewReport(
701
+ path.join(root, "tests", "fixtures", "project-adapter-installation", "valid-exact-pin"),
702
+ { coreRoot: root },
703
+ );
704
+
705
+ assert.equal(result.status, "partial");
706
+ assert.equal(result.filesScanned.length, 0);
707
+ assert.equal(result.migrationFiles.length, 0);
708
+ assert.match(renderMigrationReviewReport(result), /migration-review is not enabled/);
709
+ });
710
+
653
711
  test("validate-pack accepts installed package trees without source-only gitignore", () => {
654
712
  const temporaryRoot = fs.mkdtempSync(path.join(os.tmpdir(), "installed-package-"));
655
713
  const installedRoot = path.join(temporaryRoot, "coding-agent-skills");
@@ -99,6 +99,7 @@ const requiredRootFiles = [
99
99
  "scripts/render-env-audit.mjs",
100
100
  "scripts/render-secret-audit.mjs",
101
101
  "scripts/render-api-contract-audit.mjs",
102
+ "scripts/render-migration-review.mjs",
102
103
  "scripts/check-adapter-upgrade.mjs",
103
104
  "scripts/check-adapter-upgrade-chain.mjs",
104
105
  "scripts/validate-adapters.mjs",
@@ -108,6 +109,7 @@ const requiredRootFiles = [
108
109
  "scripts/lib/env-audit.mjs",
109
110
  "scripts/lib/secret-audit.mjs",
110
111
  "scripts/lib/api-contract-audit.mjs",
112
+ "scripts/lib/migration-review.mjs",
111
113
  "scripts/lib/adapter-upgrade.mjs",
112
114
  "scripts/lib/adapter-upgrade-chain.mjs",
113
115
  "scripts/lib/adapter-discovery.mjs",
@@ -681,8 +683,8 @@ if (packageJson) {
681
683
  if (packageJson.name !== "coding-agent-skills") {
682
684
  failures.push("package.json has unexpected package name");
683
685
  }
684
- if (packageJson.version !== "0.2.12") {
685
- failures.push("package.json version must be 0.2.12 for public package validation");
686
+ if (packageJson.version !== "0.2.13") {
687
+ failures.push("package.json version must be 0.2.13 for public package validation");
686
688
  }
687
689
  if (packageJson.type !== "module") failures.push("package.json must preserve ESM mode");
688
690
  if (packageJson.private !== false) {
@@ -704,6 +706,7 @@ if (packageJson) {
704
706
  "env-audit",
705
707
  "secret-audit",
706
708
  "api-contract-audit",
709
+ "migration-review",
707
710
  "project-adapters",
708
711
  "code-validation",
709
712
  "cli",
@@ -0,0 +1,87 @@
1
+ ---
2
+ name: migration-review
3
+ description: Review statically visible database migration and schema evidence without connecting to databases, applying migrations, generating ORM clients, or modifying projects. Use when Codex must map migration files, schema/config files, migration-related package script keys, and static risk indicators before database work or handoff; do not use for runtime database inspection, migration execution, deploys, builds, tests, package installs, or secret-file reads.
4
+ ---
5
+
6
+ # Migration Review
7
+
8
+ Map statically visible migration evidence and report what is and is not verified. Remain
9
+ audit-only and avoid turning migration discovery into database or deployment work.
10
+
11
+ This skill must not change project files, Git state, dependencies, runtime state, services,
12
+ databases, remotes, generated ORM clients, or deployment state.
13
+
14
+ ## Purpose And Use
15
+
16
+ Use this skill before database work, migration handoff, or schema review when the agent needs
17
+ to understand visible migration files, schema declarations, migration config, and static
18
+ risk indicators.
19
+
20
+ Do not use it to prove database state, apply or roll back migrations, inspect deployed
21
+ databases, generate ORM clients, build, test, deploy, run package scripts, or read secrets.
22
+
23
+ ## Inputs
24
+
25
+ Require a project root or starting path. Optionally accept a project adapter, intended scan
26
+ area, documentation precedence, migration directory hints, or known ORM/database boundaries.
27
+
28
+ Do not assume a missing migration directory means no database exists, migration filenames
29
+ reflect applied state, schema files match production, package script keys are safe to run, or
30
+ a project adapter enables this skill unless validation proves it.
31
+
32
+ ## Procedure
33
+
34
+ 1. Record user intent, project root, declared scope, adapter state, and safety boundary.
35
+ 2. Validate a project adapter when present before reading adapter-declared metadata.
36
+ 3. If an adapter is present but does not enable `migration-review`, stop static file reading
37
+ and report the adapter-limited skip.
38
+ 4. Build scan scope from adapter safe read paths when available; otherwise use a bounded
39
+ generic static scan.
40
+ 5. Exclude `.env`, secret-bearing files, generated output, dependency paths, and oversized
41
+ files before reading.
42
+ 6. Identify statically visible migration files and migration directories.
43
+ 7. Identify schema and migration config files.
44
+ 8. Identify package script keys that mention migration tools without printing command values.
45
+ 9. Identify static risk indicators such as drop-column, truncate, rename, or raw data update
46
+ patterns without judging runtime safety.
47
+ 10. Emit the shared evidence pack or migration review report before claiming completion.
48
+
49
+ Use [checklist.md](checklist.md). Consult [failure-modes.md](failure-modes.md),
50
+ [adapter-interface.md](adapter-interface.md), and [examples.md](examples.md). Format findings
51
+ with [evidence-template.md](evidence-template.md).
52
+
53
+ ## Evidence, Recovery, And Dependencies
54
+
55
+ Emit repository identity, adapter state, scan scope, ignored paths, files scanned, migration
56
+ files, schema files, config files, package script keys, risk indicators, skipped items,
57
+ not-verified areas, warnings, and changed-state declaration through the shared evidence-pack
58
+ contract.
59
+
60
+ Recover from missing migration directories, ambiguous ORM layouts, unreadable files, or
61
+ adapter limits by reporting uncertainty. Never recover by connecting to a database, applying
62
+ migrations, generating ORM clients, installing dependencies, building, testing, deploying,
63
+ broadening adapter scope, or reading `.env`.
64
+
65
+ This skill depends on the evidence-pack contract and may consume validated project adapters.
66
+ Adapters may add safe paths, ignored paths, documentation precedence, and evidence
67
+ requirements, but cannot weaken policy or turn this skill into database work.
68
+
69
+ ## Approval Boundary
70
+
71
+ Explicit approval may permit one named non-secret static file read outside normal source
72
+ paths. Approval does not permit `.env` or secret-file reads, database connections, migration
73
+ execution, ORM generation, package installation, builds, tests, runtime checks, deployments,
74
+ Git mutation, or project writes.
75
+
76
+ ## Completion
77
+
78
+ Claim `complete` only when the declared static scan scope was inspected, visible migration
79
+ surfaces are reported, skipped and not-verified areas are explicit, adapter limitations are
80
+ clear, and no project, Git, dependency, runtime, service, database, remote, generated-code, or
81
+ deployment state changed.
82
+
83
+ Report `partial`, `failed`, or `blocked` when adapter scope prevents scanning, requested
84
+ evidence requires database/runtime behavior, the project root cannot be established, or
85
+ safety exclusions prevent the requested conclusion.
86
+
87
+ These conditions are both the acceptance criteria and definition of done.
@@ -0,0 +1,16 @@
1
+ Adapters may enable `migration-review` only as an audit-only static inspection skill.
2
+
3
+ Allowed adapter extensions:
4
+
5
+ - `safeReadPaths` for migration, schema, config, and relevant package files.
6
+ - `ignoredPaths` for generated, dependency, build, coverage, and output directories.
7
+ - `documentationPrecedence` for migration runbooks or schema docs.
8
+ - `requiredEvidence` for migration files, schemas, config, risk indicators, and not-verified areas.
9
+
10
+ Adapters must not:
11
+
12
+ - Add commands for `migration-review`.
13
+ - Require database connections, migration execution, ORM generation, or package scripts.
14
+ - Include `.env`, credential, service-key, or secret-bearing paths.
15
+ - Change `migration-review` from `audit-only` to action-capable.
16
+ - Expand scope outside the declared project root without named approval.
@@ -0,0 +1,3 @@
1
+ display_name: Migration Review
2
+ short_description: Review static migration and schema evidence without database access.
3
+ default_prompt: Review this repository's migration and schema evidence as an audit-only pass without modifying files, applying migrations, connecting to databases, generating ORM clients, or reading secrets.
@@ -0,0 +1,8 @@
1
+ - Confirm the project root and declared static scope.
2
+ - Validate any project adapter before reading adapter metadata.
3
+ - Stop with `partial` if an adapter is present but does not enable `migration-review`.
4
+ - Exclude `.env`, secret-bearing, dependency, generated, output, and oversized files.
5
+ - Report migration files, schema files, config files, package script keys, and risk indicators.
6
+ - Do not print package script command values.
7
+ - Record not-verified database state, rollback, generated-client, and production gaps.
8
+ - Declare that no database connection, migration execution, ORM generation, build, test, deploy, package install, secret read, or write occurred.
@@ -0,0 +1,12 @@
1
+ Evidence fields:
2
+
3
+ - Project root and Git branch state.
4
+ - Adapter presence, enabled state, and scope paths.
5
+ - Ignored paths and skipped static files.
6
+ - Migration files and reasons.
7
+ - Schema files and reasons.
8
+ - Migration config files and reasons.
9
+ - Package script keys, without command values.
10
+ - Static risk indicators by file and type.
11
+ - Not-verified database, rollback, generated-client, and production areas.
12
+ - Refused behavior and changed-state declaration.
@@ -0,0 +1,20 @@
1
+ Safe examples:
2
+
3
+ ```bash
4
+ coding-agent-skills migration-review /workspace/app
5
+ ```
6
+
7
+ ```bash
8
+ node scripts/render-migration-review.mjs tests/fixtures/migration-review/static-project
9
+ ```
10
+
11
+ Expected result: a report listing static migration files, schema/config files, package
12
+ script keys, risk indicators, skipped paths, not-verified database behavior, and refused
13
+ actions.
14
+
15
+ ## Unsafe Examples
16
+
17
+ - Apply database migrations.
18
+ - Connect to a local or remote database to inspect applied state.
19
+ - Generate ORM clients or migration files.
20
+ - Read `.env`, credentials, service keys, or private runtime config.
@@ -0,0 +1,5 @@
1
+ - Missing migration directories: report uncertainty instead of assuming no database exists.
2
+ - Adapter present without `migration-review`: return `partial` and read no target files.
3
+ - Secret-bearing paths: skip and record the exclusion without printing values.
4
+ - Destructive-looking SQL: report the static indicator without judging production safety.
5
+ - Requested database state or rollback proof: stop at the approval boundary because this skill is static only.
@@ -0,0 +1,56 @@
1
+ {
2
+ "adapterId": "migration-review-fixture",
3
+ "adapterVersion": "1.0.0",
4
+ "project": {
5
+ "id": "fixture-migration-review",
6
+ "detection": {
7
+ "rootMarkers": [
8
+ {"kind": "file", "path": "package.json"},
9
+ {"kind": "file", "path": "README.md"}
10
+ ],
11
+ "maximumDepth": 1,
12
+ "scope": "declared-project-root",
13
+ "requireApprovalOutsideScope": true
14
+ }
15
+ },
16
+ "supportedSkills": [
17
+ {
18
+ "id": "migration-review",
19
+ "compatibleVersions": ["0.2.3", "0.2.x"],
20
+ "declaredMode": "audit-only"
21
+ }
22
+ ],
23
+ "extensions": {
24
+ "safeReadPaths": ["db"],
25
+ "ignoredPaths": ["ignored", "node_modules", "dist", "build"],
26
+ "documentationPrecedence": ["README.md"],
27
+ "commandAliases": [],
28
+ "safeStatusCommands": [],
29
+ "requiredEvidence": ["project root", "adapter scope", "migration files", "not-verified database areas"],
30
+ "expectedRuntimeManagers": [],
31
+ "expectedPackageManagers": ["npm"]
32
+ },
33
+ "approvalRequirements": [],
34
+ "inheritance": {
35
+ "sharedRestrictions": "required",
36
+ "deniedOperationCategories": [
37
+ "file-write",
38
+ "package-install",
39
+ "deployment",
40
+ "git-mutation",
41
+ "unrestricted-scan",
42
+ "secret-read",
43
+ "process-mutation",
44
+ "service-mutation",
45
+ "migration-apply",
46
+ "privileged-api"
47
+ ],
48
+ "allowRestrictionRemoval": false,
49
+ "allowModeOverride": false,
50
+ "allowFailureSuppression": false,
51
+ "allowCompletionOverride": false,
52
+ "allowSecretExposure": false,
53
+ "allowRequiredEvidenceRemoval": false,
54
+ "allowScopeExpansionWithoutApproval": false
55
+ }
56
+ }
@@ -0,0 +1,23 @@
1
+ {
2
+ "declarationVersion": "1.0.0",
3
+ "projectId": "fixture-migration-review",
4
+ "adapterRoot": ".coding-agent/adapters",
5
+ "adapterSchemaVersion": "1.0.0",
6
+ "core": {
7
+ "id": "coding-agent-skills",
8
+ "expectedVersion": "0.2.3",
9
+ "versionPin": ">=0.2.3 <0.3.0"
10
+ },
11
+ "compatibleSkillIds": ["migration-review"],
12
+ "adapters": [
13
+ {
14
+ "id": "migration-review-fixture",
15
+ "version": "1.0.0",
16
+ "skillIds": ["migration-review"]
17
+ }
18
+ ],
19
+ "validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
20
+ "evidenceOutput": ".coding-agent/evidence",
21
+ "approvalPolicyReference": ".coding-agent/approval-policy.md",
22
+ "noSecrets": true
23
+ }
@@ -0,0 +1,3 @@
1
+ # Adapter Migration Fixture
2
+
3
+ Synthetic adapter-scoped migration fixture.
@@ -0,0 +1,3 @@
1
+ CREATE TABLE accounts (
2
+ id text PRIMARY KEY
3
+ );
@@ -0,0 +1,3 @@
1
+ {
2
+ "name": "fixture-migration-review-adapter"
3
+ }
@@ -0,0 +1,3 @@
1
+ # Migration Review Fixture
2
+
3
+ Synthetic static migration fixture.
@@ -0,0 +1,4 @@
1
+ export default {
2
+ schema: "./src/db/schema.ts",
3
+ out: "./drizzle",
4
+ };
@@ -0,0 +1,7 @@
1
+ {
2
+ "name": "fixture-migration-review-static",
3
+ "scripts": {
4
+ "db:migrate": "prisma migrate deploy",
5
+ "db:generate": "prisma generate"
6
+ }
7
+ }
@@ -0,0 +1,6 @@
1
+ CREATE TABLE "User" (
2
+ "id" text PRIMARY KEY,
3
+ "email" text NOT NULL
4
+ );
5
+
6
+ ALTER TABLE "User" DROP COLUMN "legacyName";
@@ -0,0 +1,4 @@
1
+ model User {
2
+ id String @id
3
+ email String @unique
4
+ }
@@ -67,6 +67,18 @@
67
67
  "expectedSkill": "api-contract-audit",
68
68
  "notSkills": ["build-verify", "llm-drift-control"]
69
69
  },
70
+ {
71
+ "id": "migration-review-static",
72
+ "prompt": "Review database migrations and schema files without connecting to the database.",
73
+ "expectedSkill": "migration-review",
74
+ "notSkills": ["runtime-truth", "build-verify"]
75
+ },
76
+ {
77
+ "id": "migration-review-rollback",
78
+ "prompt": "Map Prisma migrations and rollback review concerns from static files before handoff.",
79
+ "expectedSkill": "migration-review",
80
+ "notSkills": ["deployment-preflight", "runtime-truth"]
81
+ },
70
82
  {
71
83
  "id": "build-after-implementation",
72
84
  "prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
@@ -119,7 +131,7 @@
119
131
  "id": "negative-deploy",
120
132
  "prompt": "Deploy this application to production.",
121
133
  "expectedSkill": null,
122
- "notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
134
+ "notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
123
135
  },
124
136
  {
125
137
  "id": "negative-install",
@@ -10,6 +10,8 @@
10
10
  environment variable mapping or runtime truth.
11
11
  - Static API contract mapping must trigger `api-contract-audit`, not runtime truth or
12
12
  build verification.
13
+ - Static migration/schema review must trigger `migration-review`, not runtime truth,
14
+ deployment, or migration execution.
13
15
  - Local validation must trigger `build-verify` only when project-native checks are requested.
14
16
  - Git readiness must trigger `git-preflight`, not publication.
15
17
  - Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
package/work-ledger.md CHANGED
@@ -4,13 +4,13 @@
4
4
 
5
5
  - Repository: `coding-agent-skills`
6
6
  - Branch: `main`
7
- - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
7
+ - Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
8
8
  - Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
9
9
  - Real-project adapter adoption readiness is documented as a planning-only approval gate.
10
10
  - First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
11
11
  - The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
12
12
  - The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
13
- - Public npm package release `v0.2.12` exposes the dependency-free
13
+ - Public npm package release `v0.2.13` exposes the dependency-free
14
14
  `coding-agent-skills` CLI under MIT license.
15
15
  - `route-trace` is implemented as an audit-only static route tracing skill.
16
16
  - `env-audit` is implemented as an audit-only value-free environment variable name mapping
@@ -18,19 +18,21 @@
18
18
  - `secret-audit` is implemented as an audit-only redacted secret exposure detection skill.
19
19
  - `api-contract-audit` is implemented as an audit-only static API contract surface mapping
20
20
  skill.
21
+ - `migration-review` is implemented as an audit-only static migration and schema evidence
22
+ review skill.
21
23
  - Builder-mode approval: complete the remaining read-only skill wave for
22
24
  `coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
23
25
 
24
26
  ## Last Completed Version
25
27
 
26
- `v0.2.12`
28
+ `v0.2.13`
27
29
 
28
30
  ## Current Recommended Milestone
29
31
 
30
- The `api-contract-audit` public npm release is in progress under builder-mode approval.
32
+ The `migration-review` public npm release is in progress under builder-mode approval.
31
33
  Continue the remaining read-only skill wave one release at a time unless a real safety,
32
34
  validation, publication, or authentication boundary appears. The next approved wave item is
33
- `migration-review-skill`.
35
+ `github-handoff-skill`.
34
36
 
35
37
  ## Allowed Next Actions
36
38
 
@@ -102,6 +104,16 @@ No next runner command is currently queued.
102
104
 
103
105
  No autonomous maintainer-loop run has been recorded yet.
104
106
 
107
+ ### 2026-07-03T12:00:00Z
108
+
109
+ - Latest tag observed: `v0.2.12`
110
+ - Implemented milestone: `migration-review` audit-only static migration and schema evidence review skill and CLI command.
111
+ - Required permission: `builder-mode-skill-implementation`
112
+ - Validation result: pass pending final publication evidence
113
+ - Next recommended milestone: continue builder-mode wave with `github-handoff-skill`
114
+ after `v0.2.13` publication completes.
115
+
116
+
105
117
  ### 2026-07-03T12:00:00Z
106
118
 
107
119
  - Latest tag observed: `v0.2.11`