coding-agent-skills 0.2.13 → 0.2.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/README.md +4 -0
- package/ROADMAP.md +5 -3
- package/bin/coding-agent-skills +7 -0
- package/docs/adapters/README.md +18 -0
- package/docs/adapters/project-installation.md +12 -0
- package/docs/adapters/real-project-adoption.md +3 -2
- package/docs/architecture/README.md +3 -2
- package/docs/release/README.md +3 -2
- package/docs/release/npm-package.md +7 -2
- package/docs/safety/README.md +6 -1
- package/docs/testing/README.md +8 -0
- package/docs/usage/README.md +15 -5
- package/examples/command-policies/github-handoff.json +74 -0
- package/examples/evidence-packs/github-handoff.json +67 -0
- package/examples/manifests/github-handoff.json +14 -0
- package/examples/workflows/github-handoff.md +5 -0
- package/package.json +2 -1
- package/runs/skill-runs.md +16 -0
- package/schemas/project-adapter-installation.schema.json +2 -0
- package/schemas/project-adapter.schema.json +2 -0
- package/scripts/lib/github-handoff.mjs +446 -0
- package/scripts/lib/pack-rules.mjs +11 -2
- package/scripts/render-github-handoff.mjs +7 -0
- package/scripts/test-pack.mjs +89 -1
- package/scripts/validate-pack.mjs +5 -2
- package/skills/github-handoff/SKILL.md +95 -0
- package/skills/github-handoff/adapter-interface.md +18 -0
- package/skills/github-handoff/agents/openai.yaml +3 -0
- package/skills/github-handoff/checklist.md +10 -0
- package/skills/github-handoff/evidence-template.md +16 -0
- package/skills/github-handoff/examples.md +19 -0
- package/skills/github-handoff/failure-modes.md +8 -0
- package/tests/fixtures/github-handoff/adapter-project/.coding-agent/adapters/github-handoff-fixture/adapter.json +56 -0
- package/tests/fixtures/github-handoff/adapter-project/.coding-agent/skills.json +23 -0
- package/tests/fixtures/github-handoff/adapter-project/README.md +3 -0
- package/tests/fixtures/github-handoff/adapter-project/package.json +4 -0
- package/tests/fixtures/github-handoff/adapter-project/src/index.js +1 -0
- package/tests/fixtures/github-handoff/static-project/README.md +3 -0
- package/tests/fixtures/github-handoff/static-project/package.json +4 -0
- package/tests/fixtures/github-handoff/static-project/src/index.js +1 -0
- package/tests/fixtures/triggers/cases.json +14 -2
- package/tests/trigger/README.md +2 -0
- package/work-ledger.md +16 -6
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: github-handoff
|
|
3
|
+
description: Prepare read-only GitHub handoff evidence from local Git metadata. Use when Codex needs to summarize branch state, HEAD, tags at HEAD, remote names, and changed-file status before a separately approved pull request, release, or GitHub workflow handoff without creating commits, pushes, tags, pull requests, API calls, token reads, or file changes.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# GitHub Handoff
|
|
7
|
+
|
|
8
|
+
## Purpose And Use
|
|
9
|
+
|
|
10
|
+
Use this skill to produce a local, audit-only handoff report before a human or separately approved workflow performs GitHub work.
|
|
11
|
+
|
|
12
|
+
The skill is for local Git evidence only. It does not create pull requests, publish releases, push branches, inspect tokens, or call GitHub APIs.
|
|
13
|
+
|
|
14
|
+
## Inputs
|
|
15
|
+
|
|
16
|
+
Required:
|
|
17
|
+
|
|
18
|
+
- Project root.
|
|
19
|
+
|
|
20
|
+
Optional:
|
|
21
|
+
|
|
22
|
+
- Project adapter declaration that enables `github-handoff`.
|
|
23
|
+
- Human-provided handoff intent.
|
|
24
|
+
|
|
25
|
+
Do not assume:
|
|
26
|
+
|
|
27
|
+
- GitHub authentication is available.
|
|
28
|
+
- Local commits are pushed.
|
|
29
|
+
- CI status, review status, or PR state is known.
|
|
30
|
+
- Remote URLs are safe to print.
|
|
31
|
+
|
|
32
|
+
## Procedure
|
|
33
|
+
|
|
34
|
+
1. Confirm the project root exists.
|
|
35
|
+
2. Validate the project adapter when one is present.
|
|
36
|
+
3. If an adapter exists but does not enable `github-handoff`, report `partial` and do not list changed files.
|
|
37
|
+
4. Inspect local Git metadata only: root, branch state, current branch, HEAD, tags at HEAD, remote names, and status entries.
|
|
38
|
+
5. Redact secret-bearing changed paths such as `.env`, key files, credential paths, or token paths.
|
|
39
|
+
6. Summarize changed-file counts by status.
|
|
40
|
+
7. Record skipped and not-verified GitHub state honestly.
|
|
41
|
+
8. State refused behavior clearly.
|
|
42
|
+
|
|
43
|
+
## Evidence, Recovery, And Dependencies
|
|
44
|
+
|
|
45
|
+
Expected evidence:
|
|
46
|
+
|
|
47
|
+
- Git root.
|
|
48
|
+
- Branch state.
|
|
49
|
+
- Current branch.
|
|
50
|
+
- HEAD or short HEAD.
|
|
51
|
+
- Tags at HEAD.
|
|
52
|
+
- Remote names only, not remote URLs.
|
|
53
|
+
- Changed-file summary.
|
|
54
|
+
- Redacted path count when applicable.
|
|
55
|
+
|
|
56
|
+
Recovery:
|
|
57
|
+
|
|
58
|
+
- If the directory is not a Git repository, return `failed` with no mutation.
|
|
59
|
+
- If Git status is unavailable, return a warning and preserve partial evidence.
|
|
60
|
+
- If adapter validation fails, fail closed.
|
|
61
|
+
|
|
62
|
+
Dependencies:
|
|
63
|
+
|
|
64
|
+
- Local Git command-line tool.
|
|
65
|
+
- Node.js 20+ for the packaged renderer.
|
|
66
|
+
|
|
67
|
+
## Approval Boundary
|
|
68
|
+
|
|
69
|
+
This skill is audit-only.
|
|
70
|
+
|
|
71
|
+
Allowed:
|
|
72
|
+
|
|
73
|
+
- Read local Git metadata.
|
|
74
|
+
- List changed-file paths unless they are secret-bearing.
|
|
75
|
+
- Validate project adapter metadata.
|
|
76
|
+
- Render a handoff report.
|
|
77
|
+
|
|
78
|
+
Forbidden:
|
|
79
|
+
|
|
80
|
+
- Commit.
|
|
81
|
+
- Push.
|
|
82
|
+
- Tag.
|
|
83
|
+
- Checkout, reset, rebase, merge, stash, restore, or clean.
|
|
84
|
+
- Create pull requests.
|
|
85
|
+
- Create releases.
|
|
86
|
+
- Call GitHub APIs.
|
|
87
|
+
- Read tokens, `.env`, `.env.*`, `.npmrc`, keys, or credential files.
|
|
88
|
+
- Print remote URLs.
|
|
89
|
+
- Change project files.
|
|
90
|
+
|
|
91
|
+
## Completion
|
|
92
|
+
|
|
93
|
+
Complete only after a report states what was verified, what was skipped, and what was not verified.
|
|
94
|
+
|
|
95
|
+
The completion boundary must say that no commit, push, tag, branch change, pull request creation, GitHub API mutation, token read, secret-file read, or project write occurred.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# GitHub Handoff Adapter Interface
|
|
2
|
+
|
|
3
|
+
Adapters may enable `github-handoff` as an audit-only skill.
|
|
4
|
+
|
|
5
|
+
Adapters may narrow:
|
|
6
|
+
|
|
7
|
+
- Required evidence labels.
|
|
8
|
+
- Ignored path labels.
|
|
9
|
+
- Documentation precedence used as human context.
|
|
10
|
+
|
|
11
|
+
Adapters must not:
|
|
12
|
+
|
|
13
|
+
- Permit commits, pushes, tags, pull request creation, release creation, or GitHub API mutation.
|
|
14
|
+
- Permit token reads.
|
|
15
|
+
- Permit secret-file reads.
|
|
16
|
+
- Suppress warnings or failures.
|
|
17
|
+
- Redefine completion.
|
|
18
|
+
- Escalate the skill out of audit-only mode.
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
display_name: GitHub Handoff
|
|
2
|
+
short_description: Prepare local Git handoff evidence without GitHub mutation.
|
|
3
|
+
default_prompt: Prepare a GitHub handoff report as an audit-only pass without modifying files, committing, pushing, tagging, creating pull requests, reading tokens, or calling GitHub APIs.
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# GitHub Handoff Checklist
|
|
2
|
+
|
|
3
|
+
- Confirm the project root.
|
|
4
|
+
- Validate adapter metadata if present.
|
|
5
|
+
- Inspect local Git state only.
|
|
6
|
+
- Summarize changed files without reading file contents.
|
|
7
|
+
- Redact secret-bearing paths.
|
|
8
|
+
- Do not print remote URLs.
|
|
9
|
+
- Report not-verified GitHub state.
|
|
10
|
+
- Confirm no mutation occurred.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# GitHub Handoff Evidence Template
|
|
2
|
+
|
|
3
|
+
- Skill: `github-handoff`
|
|
4
|
+
- Status: `complete`, `partial`, or `failed`
|
|
5
|
+
- Project root:
|
|
6
|
+
- Git root:
|
|
7
|
+
- Branch state:
|
|
8
|
+
- HEAD:
|
|
9
|
+
- Tags at HEAD:
|
|
10
|
+
- Remote names:
|
|
11
|
+
- Changed-file summary:
|
|
12
|
+
- Redacted path count:
|
|
13
|
+
- Skipped:
|
|
14
|
+
- Not verified:
|
|
15
|
+
- Refused behavior:
|
|
16
|
+
- Changed state: no project, Git, GitHub, dependency, runtime, service, or remote state changed.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# GitHub Handoff Examples
|
|
2
|
+
|
|
3
|
+
## Safe Examples
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
coding-agent-skills github-handoff /path/to/project
|
|
7
|
+
```
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
node scripts/render-github-handoff.mjs /path/to/project
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Unsafe Examples
|
|
14
|
+
|
|
15
|
+
- Create a pull request.
|
|
16
|
+
- Push the current branch.
|
|
17
|
+
- Tag the release.
|
|
18
|
+
- Read GitHub tokens.
|
|
19
|
+
- Print configured remote URLs.
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
# GitHub Handoff Failure Modes
|
|
2
|
+
|
|
3
|
+
- Project root is not a Git repository.
|
|
4
|
+
- Adapter exists but does not enable `github-handoff`.
|
|
5
|
+
- Adapter validation fails.
|
|
6
|
+
- Git status is unavailable.
|
|
7
|
+
- Secret-bearing changed paths are present and must be redacted.
|
|
8
|
+
- Remote PR, CI, and review state cannot be verified without separately approved GitHub access.
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"adapterId": "github-handoff-fixture",
|
|
3
|
+
"adapterVersion": "1.0.0",
|
|
4
|
+
"project": {
|
|
5
|
+
"id": "fixture-github-handoff",
|
|
6
|
+
"detection": {
|
|
7
|
+
"rootMarkers": [
|
|
8
|
+
{"kind": "file", "path": "package.json"},
|
|
9
|
+
{"kind": "file", "path": "README.md"}
|
|
10
|
+
],
|
|
11
|
+
"maximumDepth": 1,
|
|
12
|
+
"scope": "declared-project-root",
|
|
13
|
+
"requireApprovalOutsideScope": true
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"supportedSkills": [
|
|
17
|
+
{
|
|
18
|
+
"id": "github-handoff",
|
|
19
|
+
"compatibleVersions": ["0.2.3", "0.2.x"],
|
|
20
|
+
"declaredMode": "audit-only"
|
|
21
|
+
}
|
|
22
|
+
],
|
|
23
|
+
"extensions": {
|
|
24
|
+
"safeReadPaths": ["README.md", "package.json", "src"],
|
|
25
|
+
"ignoredPaths": ["node_modules", "dist", "build", "tmp"],
|
|
26
|
+
"documentationPrecedence": ["README.md"],
|
|
27
|
+
"commandAliases": [],
|
|
28
|
+
"safeStatusCommands": [],
|
|
29
|
+
"requiredEvidence": ["branch state", "HEAD", "working-tree state", "changed-file summary", "handoff summary"],
|
|
30
|
+
"expectedRuntimeManagers": [],
|
|
31
|
+
"expectedPackageManagers": ["npm"]
|
|
32
|
+
},
|
|
33
|
+
"approvalRequirements": [],
|
|
34
|
+
"inheritance": {
|
|
35
|
+
"sharedRestrictions": "required",
|
|
36
|
+
"deniedOperationCategories": [
|
|
37
|
+
"file-write",
|
|
38
|
+
"package-install",
|
|
39
|
+
"deployment",
|
|
40
|
+
"git-mutation",
|
|
41
|
+
"unrestricted-scan",
|
|
42
|
+
"secret-read",
|
|
43
|
+
"process-mutation",
|
|
44
|
+
"service-mutation",
|
|
45
|
+
"migration-apply",
|
|
46
|
+
"privileged-api"
|
|
47
|
+
],
|
|
48
|
+
"allowRestrictionRemoval": false,
|
|
49
|
+
"allowModeOverride": false,
|
|
50
|
+
"allowFailureSuppression": false,
|
|
51
|
+
"allowCompletionOverride": false,
|
|
52
|
+
"allowSecretExposure": false,
|
|
53
|
+
"allowRequiredEvidenceRemoval": false,
|
|
54
|
+
"allowScopeExpansionWithoutApproval": false
|
|
55
|
+
}
|
|
56
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"declarationVersion": "1.0.0",
|
|
3
|
+
"projectId": "fixture-github-handoff",
|
|
4
|
+
"adapterRoot": ".coding-agent/adapters",
|
|
5
|
+
"adapterSchemaVersion": "1.0.0",
|
|
6
|
+
"core": {
|
|
7
|
+
"id": "coding-agent-skills",
|
|
8
|
+
"expectedVersion": "0.2.3",
|
|
9
|
+
"versionPin": ">=0.2.3 <0.3.0"
|
|
10
|
+
},
|
|
11
|
+
"compatibleSkillIds": ["github-handoff"],
|
|
12
|
+
"adapters": [
|
|
13
|
+
{
|
|
14
|
+
"id": "github-handoff-fixture",
|
|
15
|
+
"version": "1.0.0",
|
|
16
|
+
"skillIds": ["github-handoff"]
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
"validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
|
|
20
|
+
"evidenceOutput": ".coding-agent/evidence",
|
|
21
|
+
"approvalPolicyReference": ".coding-agent/approval-policy.md",
|
|
22
|
+
"noSecrets": true
|
|
23
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export const adapterFixture = "github-handoff";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export const fixture = "github-handoff";
|
|
@@ -79,6 +79,18 @@
|
|
|
79
79
|
"expectedSkill": "migration-review",
|
|
80
80
|
"notSkills": ["deployment-preflight", "runtime-truth"]
|
|
81
81
|
},
|
|
82
|
+
{
|
|
83
|
+
"id": "github-handoff-report",
|
|
84
|
+
"prompt": "Prepare a GitHub handoff report from local branch state and changed files without pushing.",
|
|
85
|
+
"expectedSkill": "github-handoff",
|
|
86
|
+
"notSkills": ["git-preflight", "build-verify"]
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
"id": "github-handoff-pr-evidence",
|
|
90
|
+
"prompt": "Summarize handoff evidence for a future PR without creating the pull request.",
|
|
91
|
+
"expectedSkill": "github-handoff",
|
|
92
|
+
"notSkills": ["runtime-truth", "deployment-preflight"]
|
|
93
|
+
},
|
|
82
94
|
{
|
|
83
95
|
"id": "build-after-implementation",
|
|
84
96
|
"prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
|
|
@@ -131,7 +143,7 @@
|
|
|
131
143
|
"id": "negative-deploy",
|
|
132
144
|
"prompt": "Deploy this application to production.",
|
|
133
145
|
"expectedSkill": null,
|
|
134
|
-
"notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
146
|
+
"notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "github-handoff", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
135
147
|
},
|
|
136
148
|
{
|
|
137
149
|
"id": "negative-install",
|
|
@@ -143,7 +155,7 @@
|
|
|
143
155
|
"id": "negative-publish",
|
|
144
156
|
"prompt": "Commit these files and publish the branch.",
|
|
145
157
|
"expectedSkill": null,
|
|
146
|
-
"notSkills": ["git-preflight"]
|
|
158
|
+
"notSkills": ["git-preflight", "github-handoff"]
|
|
147
159
|
},
|
|
148
160
|
{
|
|
149
161
|
"id": "negative-restart",
|
package/tests/trigger/README.md
CHANGED
|
@@ -12,6 +12,8 @@
|
|
|
12
12
|
build verification.
|
|
13
13
|
- Static migration/schema review must trigger `migration-review`, not runtime truth,
|
|
14
14
|
deployment, or migration execution.
|
|
15
|
+
- Local GitHub handoff evidence must trigger `github-handoff`, not publication,
|
|
16
|
+
pull request creation, or Git mutation.
|
|
15
17
|
- Local validation must trigger `build-verify` only when project-native checks are requested.
|
|
16
18
|
- Git readiness must trigger `git-preflight`, not publication.
|
|
17
19
|
- Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
|
package/work-ledger.md
CHANGED
|
@@ -4,13 +4,13 @@
|
|
|
4
4
|
|
|
5
5
|
- Repository: `coding-agent-skills`
|
|
6
6
|
- Branch: `main`
|
|
7
|
-
- Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
7
|
+
- Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
8
8
|
- Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
|
|
9
9
|
- Real-project adapter adoption readiness is documented as a planning-only approval gate.
|
|
10
10
|
- First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
|
|
11
11
|
- The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
|
|
12
12
|
- The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
|
|
13
|
-
- Public npm package release `v0.2.
|
|
13
|
+
- Public npm package release `v0.2.14` exposes the dependency-free
|
|
14
14
|
`coding-agent-skills` CLI under MIT license.
|
|
15
15
|
- `route-trace` is implemented as an audit-only static route tracing skill.
|
|
16
16
|
- `env-audit` is implemented as an audit-only value-free environment variable name mapping
|
|
@@ -20,19 +20,20 @@
|
|
|
20
20
|
skill.
|
|
21
21
|
- `migration-review` is implemented as an audit-only static migration and schema evidence
|
|
22
22
|
review skill.
|
|
23
|
+
- `github-handoff` is implemented as an audit-only local Git handoff evidence skill.
|
|
23
24
|
- Builder-mode approval: complete the remaining read-only skill wave for
|
|
24
25
|
`coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
|
|
25
26
|
|
|
26
27
|
## Last Completed Version
|
|
27
28
|
|
|
28
|
-
`v0.2.
|
|
29
|
+
`v0.2.14`
|
|
29
30
|
|
|
30
31
|
## Current Recommended Milestone
|
|
31
32
|
|
|
32
|
-
The `
|
|
33
|
+
The `github-handoff` public npm release is in progress under builder-mode approval.
|
|
33
34
|
Continue the remaining read-only skill wave one release at a time unless a real safety,
|
|
34
35
|
validation, publication, or authentication boundary appears. The next approved wave item is
|
|
35
|
-
`
|
|
36
|
+
`deployment-preflight-skill`.
|
|
36
37
|
|
|
37
38
|
## Allowed Next Actions
|
|
38
39
|
|
|
@@ -104,12 +105,21 @@ No next runner command is currently queued.
|
|
|
104
105
|
|
|
105
106
|
No autonomous maintainer-loop run has been recorded yet.
|
|
106
107
|
|
|
108
|
+
### 2026-07-03T13:00:00Z
|
|
109
|
+
|
|
110
|
+
- Latest tag observed: `v0.2.13`
|
|
111
|
+
- Implemented milestone: `github-handoff` audit-only local Git handoff evidence skill and CLI command.
|
|
112
|
+
- Required permission: `builder-mode-skill-implementation`
|
|
113
|
+
- Validation result: pass pending final publication evidence
|
|
114
|
+
- Next recommended milestone: continue builder-mode wave with `deployment-preflight-skill`
|
|
115
|
+
after `v0.2.14` publication completes.
|
|
116
|
+
|
|
107
117
|
### 2026-07-03T12:00:00Z
|
|
108
118
|
|
|
109
119
|
- Latest tag observed: `v0.2.12`
|
|
110
120
|
- Implemented milestone: `migration-review` audit-only static migration and schema evidence review skill and CLI command.
|
|
111
121
|
- Required permission: `builder-mode-skill-implementation`
|
|
112
|
-
- Validation result:
|
|
122
|
+
- Validation result: passed; `v0.2.13` commit, tag, npm publication, registry smoke, npm exec, and GitHub Release completed
|
|
113
123
|
- Next recommended milestone: continue builder-mode wave with `github-handoff-skill`
|
|
114
124
|
after `v0.2.13` publication completes.
|
|
115
125
|
|