coding-agent-skills 0.2.14 → 0.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +22 -0
- package/README.md +5 -1
- package/ROADMAP.md +4 -2
- package/bin/coding-agent-skills +7 -0
- package/docs/adapters/README.md +21 -0
- package/docs/adapters/project-installation.md +14 -0
- package/docs/adapters/real-project-adoption.md +2 -2
- package/docs/architecture/README.md +3 -2
- package/docs/release/README.md +1 -1
- package/docs/release/npm-package.md +7 -2
- package/docs/safety/README.md +6 -1
- package/docs/testing/README.md +8 -0
- package/docs/usage/README.md +15 -5
- package/examples/command-policies/deployment-preflight.json +70 -0
- package/examples/evidence-packs/deployment-preflight.json +60 -0
- package/examples/manifests/deployment-preflight.json +14 -0
- package/examples/workflows/deployment-preflight.md +8 -0
- package/package.json +2 -1
- package/runs/skill-runs.md +19 -0
- package/schemas/project-adapter-installation.schema.json +2 -0
- package/schemas/project-adapter.schema.json +2 -0
- package/scripts/lib/deployment-preflight.mjs +655 -0
- package/scripts/lib/pack-rules.mjs +11 -2
- package/scripts/render-deployment-preflight.mjs +9 -0
- package/scripts/test-pack.mjs +60 -1
- package/scripts/validate-pack.mjs +5 -2
- package/skills/deployment-preflight/SKILL.md +89 -0
- package/skills/deployment-preflight/adapter-interface.md +17 -0
- package/skills/deployment-preflight/agents/openai.yaml +3 -0
- package/skills/deployment-preflight/checklist.md +7 -0
- package/skills/deployment-preflight/evidence-template.md +19 -0
- package/skills/deployment-preflight/examples.md +11 -0
- package/skills/deployment-preflight/failure-modes.md +11 -0
- package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/adapters/deployment-preflight-fixture/adapter.json +56 -0
- package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/skills.json +23 -0
- package/tests/fixtures/deployment-preflight/adapter-project/README.md +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/deploy/netlify.toml +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/ignored/render.yaml +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/package.json +5 -0
- package/tests/fixtures/deployment-preflight/static-project/Dockerfile +2 -0
- package/tests/fixtures/deployment-preflight/static-project/README.md +3 -0
- package/tests/fixtures/deployment-preflight/static-project/docs/deployment.md +4 -0
- package/tests/fixtures/deployment-preflight/static-project/package.json +6 -0
- package/tests/fixtures/deployment-preflight/static-project/src/index.js +1 -0
- package/tests/fixtures/deployment-preflight/static-project/wrangler.toml +3 -0
- package/tests/fixtures/triggers/cases.json +13 -1
- package/tests/trigger/README.md +2 -0
- package/work-ledger.md +18 -6
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import {
|
|
3
|
+
deploymentPreflightCliResult,
|
|
4
|
+
} from "./lib/deployment-preflight.mjs";
|
|
5
|
+
|
|
6
|
+
const result = deploymentPreflightCliResult(process.argv[2]);
|
|
7
|
+
const stream = result.stream === "stderr" ? process.stderr : process.stdout;
|
|
8
|
+
stream.write(`${result.lines.join("\n")}\n`);
|
|
9
|
+
process.exitCode = result.exitCode;
|
package/scripts/test-pack.mjs
CHANGED
|
@@ -72,6 +72,11 @@ import {
|
|
|
72
72
|
githubHandoffCliResult,
|
|
73
73
|
renderGithubHandoffReport,
|
|
74
74
|
} from "./lib/github-handoff.mjs";
|
|
75
|
+
import {
|
|
76
|
+
buildDeploymentPreflightReport,
|
|
77
|
+
deploymentPreflightCliResult,
|
|
78
|
+
renderDeploymentPreflightReport,
|
|
79
|
+
} from "./lib/deployment-preflight.mjs";
|
|
75
80
|
import {
|
|
76
81
|
adapterUpgradeCliResult,
|
|
77
82
|
checkAdapterUpgrade,
|
|
@@ -313,6 +318,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
313
318
|
assert.ok(cliText.includes("scripts/render-api-contract-audit.mjs"));
|
|
314
319
|
assert.ok(cliText.includes("scripts/render-migration-review.mjs"));
|
|
315
320
|
assert.ok(cliText.includes("scripts/render-github-handoff.mjs"));
|
|
321
|
+
assert.ok(cliText.includes("scripts/render-deployment-preflight.mjs"));
|
|
316
322
|
assert.ok(cliText.includes("scripts/validate-adapters.mjs"));
|
|
317
323
|
assert.ok(!cliText.includes(".env"));
|
|
318
324
|
|
|
@@ -363,6 +369,10 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
363
369
|
["github-handoff", githubHandoffFixture],
|
|
364
370
|
/# GitHub Handoff Report/,
|
|
365
371
|
],
|
|
372
|
+
[
|
|
373
|
+
["deployment-preflight", path.join(fixtureRoot, "deployment-preflight", "static-project")],
|
|
374
|
+
/# Deployment Preflight Report/,
|
|
375
|
+
],
|
|
366
376
|
];
|
|
367
377
|
|
|
368
378
|
for (const [args, expected] of commands) {
|
|
@@ -387,7 +397,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
387
397
|
test("npm package metadata is public-ready and dependency-free", () => {
|
|
388
398
|
const packageJson = readJson("package.json");
|
|
389
399
|
assert.equal(packageJson.name, "coding-agent-skills");
|
|
390
|
-
assert.equal(packageJson.version, "0.2.
|
|
400
|
+
assert.equal(packageJson.version, "0.2.15");
|
|
391
401
|
assert.equal(
|
|
392
402
|
packageJson.description,
|
|
393
403
|
"Evidence-first, read-only coding-agent skills and project adapter tooling.",
|
|
@@ -405,6 +415,7 @@ test("npm package metadata is public-ready and dependency-free", () => {
|
|
|
405
415
|
"api-contract-audit",
|
|
406
416
|
"migration-review",
|
|
407
417
|
"github-handoff",
|
|
418
|
+
"deployment-preflight",
|
|
408
419
|
"project-adapters",
|
|
409
420
|
"code-validation",
|
|
410
421
|
"cli",
|
|
@@ -796,6 +807,54 @@ test("github-handoff does not broaden a repo-map-only project adapter", () => {
|
|
|
796
807
|
assert.match(renderGithubHandoffReport(result), /github-handoff is not enabled/);
|
|
797
808
|
});
|
|
798
809
|
|
|
810
|
+
test("deployment-preflight maps static deployment surfaces without deployment behavior", () => {
|
|
811
|
+
const result = buildDeploymentPreflightReport(
|
|
812
|
+
path.join(root, "tests", "fixtures", "deployment-preflight", "static-project"),
|
|
813
|
+
{ coreRoot: root },
|
|
814
|
+
);
|
|
815
|
+
|
|
816
|
+
assert.equal(result.status, "complete");
|
|
817
|
+
assert.ok(result.configFiles.some((record) => record.path === "wrangler.toml"));
|
|
818
|
+
assert.ok(result.configFiles.some((record) => record.path === "Dockerfile"));
|
|
819
|
+
assert.ok(result.deploymentDocs.some((record) => record.path === "docs/deployment.md"));
|
|
820
|
+
assert.ok(result.packageScriptKeys.some((record) => record.key === "deploy"));
|
|
821
|
+
assert.ok(result.platformIndicators.some((record) => record.platform === "cloudflare"));
|
|
822
|
+
assert.ok(result.riskIndicators.some((record) => record.type === "production-reference"));
|
|
823
|
+
assert.match(renderDeploymentPreflightReport(result), /No deployment, cloud provider API call/);
|
|
824
|
+
});
|
|
825
|
+
|
|
826
|
+
test("deployment-preflight respects adapter-declared scope", () => {
|
|
827
|
+
const result = buildDeploymentPreflightReport(
|
|
828
|
+
path.join(root, "tests", "fixtures", "deployment-preflight", "adapter-project"),
|
|
829
|
+
{ coreRoot: root },
|
|
830
|
+
);
|
|
831
|
+
|
|
832
|
+
assert.equal(result.status, "complete");
|
|
833
|
+
assert.equal(result.adapter.enabled, true);
|
|
834
|
+
assert.deepEqual(result.scopePaths, ["deploy"]);
|
|
835
|
+
assert.deepEqual(result.filesScanned, ["deploy/netlify.toml"]);
|
|
836
|
+
assert.ok(result.configFiles.some((record) => record.path === "deploy/netlify.toml"));
|
|
837
|
+
assert.ok(result.warnings.includes("deployment-preflight used adapter-declared safe read paths only"));
|
|
838
|
+
const cli = deploymentPreflightCliResult(
|
|
839
|
+
path.join(root, "tests", "fixtures", "deployment-preflight", "adapter-project"),
|
|
840
|
+
{ coreRoot: root },
|
|
841
|
+
);
|
|
842
|
+
assert.equal(cli.exitCode, 0);
|
|
843
|
+
assert.match(cli.lines.join("\n"), /Deployment-preflight enabled: yes/);
|
|
844
|
+
});
|
|
845
|
+
|
|
846
|
+
test("deployment-preflight does not broaden a repo-map-only project adapter", () => {
|
|
847
|
+
const result = buildDeploymentPreflightReport(
|
|
848
|
+
path.join(root, "tests", "fixtures", "project-adapter-installation", "valid-exact-pin"),
|
|
849
|
+
{ coreRoot: root },
|
|
850
|
+
);
|
|
851
|
+
|
|
852
|
+
assert.equal(result.status, "partial");
|
|
853
|
+
assert.equal(result.filesScanned.length, 0);
|
|
854
|
+
assert.equal(result.configFiles.length, 0);
|
|
855
|
+
assert.match(renderDeploymentPreflightReport(result), /deployment-preflight is not enabled/);
|
|
856
|
+
});
|
|
857
|
+
|
|
799
858
|
test("validate-pack accepts installed package trees without source-only gitignore", () => {
|
|
800
859
|
const temporaryRoot = fs.mkdtempSync(path.join(os.tmpdir(), "installed-package-"));
|
|
801
860
|
const installedRoot = path.join(temporaryRoot, "coding-agent-skills");
|
|
@@ -101,6 +101,7 @@ const requiredRootFiles = [
|
|
|
101
101
|
"scripts/render-api-contract-audit.mjs",
|
|
102
102
|
"scripts/render-migration-review.mjs",
|
|
103
103
|
"scripts/render-github-handoff.mjs",
|
|
104
|
+
"scripts/render-deployment-preflight.mjs",
|
|
104
105
|
"scripts/check-adapter-upgrade.mjs",
|
|
105
106
|
"scripts/check-adapter-upgrade-chain.mjs",
|
|
106
107
|
"scripts/validate-adapters.mjs",
|
|
@@ -112,6 +113,7 @@ const requiredRootFiles = [
|
|
|
112
113
|
"scripts/lib/api-contract-audit.mjs",
|
|
113
114
|
"scripts/lib/migration-review.mjs",
|
|
114
115
|
"scripts/lib/github-handoff.mjs",
|
|
116
|
+
"scripts/lib/deployment-preflight.mjs",
|
|
115
117
|
"scripts/lib/adapter-upgrade.mjs",
|
|
116
118
|
"scripts/lib/adapter-upgrade-chain.mjs",
|
|
117
119
|
"scripts/lib/adapter-discovery.mjs",
|
|
@@ -685,8 +687,8 @@ if (packageJson) {
|
|
|
685
687
|
if (packageJson.name !== "coding-agent-skills") {
|
|
686
688
|
failures.push("package.json has unexpected package name");
|
|
687
689
|
}
|
|
688
|
-
if (packageJson.version !== "0.2.
|
|
689
|
-
failures.push("package.json version must be 0.2.
|
|
690
|
+
if (packageJson.version !== "0.2.15") {
|
|
691
|
+
failures.push("package.json version must be 0.2.15 for public package validation");
|
|
690
692
|
}
|
|
691
693
|
if (packageJson.type !== "module") failures.push("package.json must preserve ESM mode");
|
|
692
694
|
if (packageJson.private !== false) {
|
|
@@ -710,6 +712,7 @@ if (packageJson) {
|
|
|
710
712
|
"api-contract-audit",
|
|
711
713
|
"migration-review",
|
|
712
714
|
"github-handoff",
|
|
715
|
+
"deployment-preflight",
|
|
713
716
|
"project-adapters",
|
|
714
717
|
"code-validation",
|
|
715
718
|
"cli",
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: deployment-preflight
|
|
3
|
+
description: Map statically visible deployment readiness evidence without deploying, calling provider APIs, installing packages, building, testing, reading secrets, or mutating project/runtime state. Use when Codex needs a bounded pre-deploy orientation report from config files, docs, package script keys, and static platform indicators before separately approved deployment work.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Deployment Preflight
|
|
7
|
+
|
|
8
|
+
Map deployment-related evidence that is already visible in the repository. Remain
|
|
9
|
+
audit-only and avoid turning preflight discovery into deployment, cloud, runtime, build, or
|
|
10
|
+
secret work.
|
|
11
|
+
|
|
12
|
+
This skill must not change project files, Git state, dependencies, runtime state, services,
|
|
13
|
+
databases, cloud provider state, remotes, deployment targets, or generated outputs.
|
|
14
|
+
|
|
15
|
+
## Purpose And Use
|
|
16
|
+
|
|
17
|
+
Use this skill before deployment planning, release handoff, or platform-specific work when
|
|
18
|
+
the agent needs to understand visible deployment config, deployment docs, platform hints,
|
|
19
|
+
and static readiness risks.
|
|
20
|
+
|
|
21
|
+
Do not use it as proof of deployability, provider CLI behavior, cloud API state, domain
|
|
22
|
+
validity, environment values, build outcomes, test outcomes, service runtime, deployment
|
|
23
|
+
publication, database migration state, or secret content.
|
|
24
|
+
|
|
25
|
+
## Inputs
|
|
26
|
+
|
|
27
|
+
Require a project root or starting path. Optionally accept a project adapter, intended scan
|
|
28
|
+
area, documentation precedence, deployment config hints, or known platform boundaries.
|
|
29
|
+
|
|
30
|
+
Do not assume a missing deployment config means no deployment exists, package script keys are
|
|
31
|
+
safe to run, provider credentials are present, remote state matches repository state, or a
|
|
32
|
+
project adapter enables this skill unless validation proves it.
|
|
33
|
+
|
|
34
|
+
## Procedure
|
|
35
|
+
|
|
36
|
+
1. Record user intent, project root, declared scope, adapter state, and safety boundary.
|
|
37
|
+
2. Validate a project adapter when present before reading adapter-declared metadata.
|
|
38
|
+
3. If an adapter is present but does not enable `deployment-preflight`, stop static file
|
|
39
|
+
reading and report the adapter-limited skip.
|
|
40
|
+
4. Build scan scope from adapter safe read paths when available; otherwise use a bounded
|
|
41
|
+
generic static scan.
|
|
42
|
+
5. Exclude `.env`, secret-bearing files, generated output, dependency paths, build output,
|
|
43
|
+
runtime output, and oversized files before reading.
|
|
44
|
+
6. Identify deployment config files and platform indicators.
|
|
45
|
+
7. Identify deployment documentation and runbook references.
|
|
46
|
+
8. Identify package script keys that mention deployment tooling without printing command
|
|
47
|
+
values.
|
|
48
|
+
9. Identify static risk indicators without judging runtime or provider safety.
|
|
49
|
+
10. Emit the shared evidence pack or deployment preflight report before claiming completion.
|
|
50
|
+
|
|
51
|
+
Use [checklist.md](checklist.md). Consult [failure-modes.md](failure-modes.md),
|
|
52
|
+
[adapter-interface.md](adapter-interface.md), and [examples.md](examples.md). Format findings
|
|
53
|
+
with [evidence-template.md](evidence-template.md).
|
|
54
|
+
|
|
55
|
+
## Evidence, Recovery, And Dependencies
|
|
56
|
+
|
|
57
|
+
Emit repository identity, adapter state, scan scope, ignored paths, files scanned, deployment
|
|
58
|
+
config files, deployment docs, package script keys, platform indicators, risk indicators,
|
|
59
|
+
skipped items, not-verified areas, warnings, and changed-state declaration through the
|
|
60
|
+
shared evidence-pack contract.
|
|
61
|
+
|
|
62
|
+
Recover from missing configs, ambiguous platform hints, unreadable files, or adapter limits
|
|
63
|
+
by reporting uncertainty. Never recover by deploying, running provider CLIs, calling cloud
|
|
64
|
+
APIs, installing dependencies, building, testing, starting services, broadening adapter
|
|
65
|
+
scope, or reading `.env`.
|
|
66
|
+
|
|
67
|
+
This skill depends on the evidence-pack contract and may consume validated project adapters.
|
|
68
|
+
Adapters may add safe paths, ignored paths, documentation precedence, and evidence
|
|
69
|
+
requirements, but cannot weaken policy or turn this skill into deployment work.
|
|
70
|
+
|
|
71
|
+
## Approval Boundary
|
|
72
|
+
|
|
73
|
+
Explicit approval may permit one named non-secret static file read outside normal source
|
|
74
|
+
paths. Approval does not permit `.env` or secret-file reads, provider API calls, provider CLI
|
|
75
|
+
execution, package installation, builds, tests, runtime checks, service mutation,
|
|
76
|
+
deployments, migrations, Git mutation, or project writes.
|
|
77
|
+
|
|
78
|
+
## Completion
|
|
79
|
+
|
|
80
|
+
Claim `complete` only when the declared static scan scope was inspected, visible deployment
|
|
81
|
+
surfaces are reported, skipped and not-verified areas are explicit, adapter limitations are
|
|
82
|
+
clear, and no project, Git, dependency, runtime, service, database, cloud provider, remote,
|
|
83
|
+
deployment, or generated-output state changed.
|
|
84
|
+
|
|
85
|
+
Report `partial`, `failed`, or `blocked` when adapter scope prevents scanning, requested
|
|
86
|
+
evidence requires deployment/runtime/provider behavior, the project root cannot be
|
|
87
|
+
established, or safety exclusions prevent the requested conclusion.
|
|
88
|
+
|
|
89
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Deployment Preflight Adapter Interface
|
|
2
|
+
|
|
3
|
+
Adapters may narrow the static scan by declaring:
|
|
4
|
+
|
|
5
|
+
- `extensions.safeReadPaths`
|
|
6
|
+
- `extensions.ignoredPaths`
|
|
7
|
+
- `extensions.documentationPrecedence`
|
|
8
|
+
- `extensions.requiredEvidence`
|
|
9
|
+
- `extensions.expectedPackageManagers`
|
|
10
|
+
|
|
11
|
+
Adapters must declare `deployment-preflight` with `declaredMode: "audit-only"` and
|
|
12
|
+
compatible core versions. They cannot allow deployments, provider API calls, package
|
|
13
|
+
installs, builds, tests, runtime checks, migrations, secret reads, project writes, failure
|
|
14
|
+
suppression, completion overrides, or scope expansion without approval.
|
|
15
|
+
|
|
16
|
+
If a project adapter is present but does not enable `deployment-preflight`, the skill reports
|
|
17
|
+
`partial` and does not read target files.
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
display_name: Deployment Preflight
|
|
2
|
+
short_description: Map static deployment readiness evidence without deploying or calling provider APIs.
|
|
3
|
+
default_prompt: Review this repository's static deployment readiness evidence as an audit-only pass without modifying files, deploying, calling provider APIs, installing packages, building, testing, mutating services, or reading secrets.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Deployment Preflight Checklist
|
|
2
|
+
|
|
3
|
+
- Confirm the project root, branch state, adapter state, and declared scan scope.
|
|
4
|
+
- Validate the project adapter before consuming adapter-declared paths.
|
|
5
|
+
- Exclude `.env`, secret-bearing, generated, dependency, build, runtime-output, and oversized files.
|
|
6
|
+
- Report deployment config files, deployment docs, package script keys, platform indicators, risk indicators, skipped items, and not-verified areas.
|
|
7
|
+
- Confirm no deployment, provider API call, package install, build, test, runtime check, migration, secret read, project write, or Git mutation occurred.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Deployment Preflight Evidence Template
|
|
2
|
+
|
|
3
|
+
- Status:
|
|
4
|
+
- Project root:
|
|
5
|
+
- Branch state:
|
|
6
|
+
- Adapter present/enabled:
|
|
7
|
+
- Scope paths:
|
|
8
|
+
- Ignored paths:
|
|
9
|
+
- Files scanned:
|
|
10
|
+
- Deployment config files:
|
|
11
|
+
- Deployment docs:
|
|
12
|
+
- Package script keys:
|
|
13
|
+
- Platform indicators:
|
|
14
|
+
- Risk indicators:
|
|
15
|
+
- Skipped items:
|
|
16
|
+
- Not verified:
|
|
17
|
+
- Refused behavior:
|
|
18
|
+
- Changed-state declaration:
|
|
19
|
+
- Recommended next action:
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Deployment Preflight Examples
|
|
2
|
+
|
|
3
|
+
**Safe:** `coding-agent-skills deployment-preflight /workspace/project`
|
|
4
|
+
|
|
5
|
+
**Safe:** `node scripts/render-deployment-preflight.mjs /workspace/project`
|
|
6
|
+
|
|
7
|
+
**Unsafe and denied:** provider deployment commands, package deploy scripts, and production
|
|
8
|
+
publish commands.
|
|
9
|
+
|
|
10
|
+
Use the report to orient future deployment planning. Do not treat static evidence as proof
|
|
11
|
+
that credentials, cloud resources, domains, builds, or deployed services are valid.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Deployment Preflight Failure Modes
|
|
2
|
+
|
|
3
|
+
- The project root cannot be established.
|
|
4
|
+
- A project adapter is present but invalid or does not enable `deployment-preflight`.
|
|
5
|
+
- Deployment config is absent, generated, or outside the approved scan scope.
|
|
6
|
+
- Files are skipped because they are secret-bearing, oversized, symlinked, generated, or ignored.
|
|
7
|
+
- A request asks for provider state, deployment execution, runtime health, credential checks, or build verification.
|
|
8
|
+
|
|
9
|
+
Recover by reporting partial evidence and clear uncertainty. Do not recover by deploying,
|
|
10
|
+
calling provider APIs, installing packages, building, testing, running services, widening
|
|
11
|
+
scope, or reading secrets.
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"adapterId": "deployment-preflight-fixture",
|
|
3
|
+
"adapterVersion": "1.0.0",
|
|
4
|
+
"project": {
|
|
5
|
+
"id": "fixture-deployment-preflight",
|
|
6
|
+
"detection": {
|
|
7
|
+
"rootMarkers": [
|
|
8
|
+
{"kind": "file", "path": "package.json"},
|
|
9
|
+
{"kind": "file", "path": "README.md"}
|
|
10
|
+
],
|
|
11
|
+
"maximumDepth": 1,
|
|
12
|
+
"scope": "declared-project-root",
|
|
13
|
+
"requireApprovalOutsideScope": true
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"supportedSkills": [
|
|
17
|
+
{
|
|
18
|
+
"id": "deployment-preflight",
|
|
19
|
+
"compatibleVersions": ["0.2.3", "0.2.x"],
|
|
20
|
+
"declaredMode": "audit-only"
|
|
21
|
+
}
|
|
22
|
+
],
|
|
23
|
+
"extensions": {
|
|
24
|
+
"safeReadPaths": ["deploy"],
|
|
25
|
+
"ignoredPaths": ["ignored", "node_modules", "dist", "build"],
|
|
26
|
+
"documentationPrecedence": ["README.md"],
|
|
27
|
+
"commandAliases": [],
|
|
28
|
+
"safeStatusCommands": [],
|
|
29
|
+
"requiredEvidence": ["project root", "adapter scope", "deployment config", "not-verified provider areas"],
|
|
30
|
+
"expectedRuntimeManagers": [],
|
|
31
|
+
"expectedPackageManagers": ["npm"]
|
|
32
|
+
},
|
|
33
|
+
"approvalRequirements": [],
|
|
34
|
+
"inheritance": {
|
|
35
|
+
"sharedRestrictions": "required",
|
|
36
|
+
"deniedOperationCategories": [
|
|
37
|
+
"file-write",
|
|
38
|
+
"package-install",
|
|
39
|
+
"deployment",
|
|
40
|
+
"git-mutation",
|
|
41
|
+
"unrestricted-scan",
|
|
42
|
+
"secret-read",
|
|
43
|
+
"process-mutation",
|
|
44
|
+
"service-mutation",
|
|
45
|
+
"migration-apply",
|
|
46
|
+
"privileged-api"
|
|
47
|
+
],
|
|
48
|
+
"allowRestrictionRemoval": false,
|
|
49
|
+
"allowModeOverride": false,
|
|
50
|
+
"allowFailureSuppression": false,
|
|
51
|
+
"allowCompletionOverride": false,
|
|
52
|
+
"allowSecretExposure": false,
|
|
53
|
+
"allowRequiredEvidenceRemoval": false,
|
|
54
|
+
"allowScopeExpansionWithoutApproval": false
|
|
55
|
+
}
|
|
56
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"declarationVersion": "1.0.0",
|
|
3
|
+
"projectId": "fixture-deployment-preflight",
|
|
4
|
+
"adapterRoot": ".coding-agent/adapters",
|
|
5
|
+
"adapterSchemaVersion": "1.0.0",
|
|
6
|
+
"core": {
|
|
7
|
+
"id": "coding-agent-skills",
|
|
8
|
+
"expectedVersion": "0.2.3",
|
|
9
|
+
"versionPin": ">=0.2.3 <0.3.0"
|
|
10
|
+
},
|
|
11
|
+
"compatibleSkillIds": ["deployment-preflight"],
|
|
12
|
+
"adapters": [
|
|
13
|
+
{
|
|
14
|
+
"id": "deployment-preflight-fixture",
|
|
15
|
+
"version": "1.0.0",
|
|
16
|
+
"skillIds": ["deployment-preflight"]
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
"validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
|
|
20
|
+
"evidenceOutput": ".coding-agent/evidence",
|
|
21
|
+
"approvalPolicyReference": ".coding-agent/approval-policy.md",
|
|
22
|
+
"noSecrets": true
|
|
23
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export const handler = () => "ok";
|
|
@@ -91,6 +91,18 @@
|
|
|
91
91
|
"expectedSkill": "github-handoff",
|
|
92
92
|
"notSkills": ["runtime-truth", "deployment-preflight"]
|
|
93
93
|
},
|
|
94
|
+
{
|
|
95
|
+
"id": "deployment-preflight-static",
|
|
96
|
+
"prompt": "Run a deployment preflight and map static deployment config, docs, and package script keys without deploying.",
|
|
97
|
+
"expectedSkill": "deployment-preflight",
|
|
98
|
+
"notSkills": ["runtime-truth", "build-verify"]
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"id": "deployment-preflight-readiness",
|
|
102
|
+
"prompt": "Map deployment readiness evidence before release, but do not call provider APIs or run builds.",
|
|
103
|
+
"expectedSkill": "deployment-preflight",
|
|
104
|
+
"notSkills": ["github-handoff", "migration-review"]
|
|
105
|
+
},
|
|
94
106
|
{
|
|
95
107
|
"id": "build-after-implementation",
|
|
96
108
|
"prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
|
|
@@ -143,7 +155,7 @@
|
|
|
143
155
|
"id": "negative-deploy",
|
|
144
156
|
"prompt": "Deploy this application to production.",
|
|
145
157
|
"expectedSkill": null,
|
|
146
|
-
"notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "github-handoff", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
158
|
+
"notSkills": ["repo-map", "route-trace", "env-audit", "secret-audit", "api-contract-audit", "migration-review", "github-handoff", "deployment-preflight", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
147
159
|
},
|
|
148
160
|
{
|
|
149
161
|
"id": "negative-install",
|
package/tests/trigger/README.md
CHANGED
|
@@ -14,6 +14,8 @@
|
|
|
14
14
|
deployment, or migration execution.
|
|
15
15
|
- Local GitHub handoff evidence must trigger `github-handoff`, not publication,
|
|
16
16
|
pull request creation, or Git mutation.
|
|
17
|
+
- Static deployment readiness mapping must trigger `deployment-preflight`, not deployment,
|
|
18
|
+
provider API calls, or runtime mutation.
|
|
17
19
|
- Local validation must trigger `build-verify` only when project-native checks are requested.
|
|
18
20
|
- Git readiness must trigger `git-preflight`, not publication.
|
|
19
21
|
- Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
|
package/work-ledger.md
CHANGED
|
@@ -4,13 +4,13 @@
|
|
|
4
4
|
|
|
5
5
|
- Repository: `coding-agent-skills`
|
|
6
6
|
- Branch: `main`
|
|
7
|
-
- Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
7
|
+
- Pilot skills: `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `deployment-preflight`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
8
8
|
- Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
|
|
9
9
|
- Real-project adapter adoption readiness is documented as a planning-only approval gate.
|
|
10
10
|
- First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
|
|
11
11
|
- The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
|
|
12
12
|
- The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
|
|
13
|
-
- Public npm package release `v0.2.
|
|
13
|
+
- Public npm package release `v0.2.15` exposes the dependency-free
|
|
14
14
|
`coding-agent-skills` CLI under MIT license.
|
|
15
15
|
- `route-trace` is implemented as an audit-only static route tracing skill.
|
|
16
16
|
- `env-audit` is implemented as an audit-only value-free environment variable name mapping
|
|
@@ -21,19 +21,21 @@
|
|
|
21
21
|
- `migration-review` is implemented as an audit-only static migration and schema evidence
|
|
22
22
|
review skill.
|
|
23
23
|
- `github-handoff` is implemented as an audit-only local Git handoff evidence skill.
|
|
24
|
+
- `deployment-preflight` is implemented as an audit-only static deployment readiness
|
|
25
|
+
evidence skill.
|
|
24
26
|
- Builder-mode approval: complete the remaining read-only skill wave for
|
|
25
27
|
`coding-agent-skills` itself. Real-world project execution constraints remain unchanged.
|
|
26
28
|
|
|
27
29
|
## Last Completed Version
|
|
28
30
|
|
|
29
|
-
`v0.2.
|
|
31
|
+
`v0.2.15`
|
|
30
32
|
|
|
31
33
|
## Current Recommended Milestone
|
|
32
34
|
|
|
33
|
-
The `
|
|
35
|
+
The `deployment-preflight` public npm release is in progress under builder-mode approval.
|
|
34
36
|
Continue the remaining read-only skill wave one release at a time unless a real safety,
|
|
35
37
|
validation, publication, or authentication boundary appears. The next approved wave item is
|
|
36
|
-
`
|
|
38
|
+
`cloudflare-preflight-skill`.
|
|
37
39
|
|
|
38
40
|
## Allowed Next Actions
|
|
39
41
|
|
|
@@ -110,10 +112,20 @@ No autonomous maintainer-loop run has been recorded yet.
|
|
|
110
112
|
- Latest tag observed: `v0.2.13`
|
|
111
113
|
- Implemented milestone: `github-handoff` audit-only local Git handoff evidence skill and CLI command.
|
|
112
114
|
- Required permission: `builder-mode-skill-implementation`
|
|
113
|
-
- Validation result:
|
|
115
|
+
- Validation result: passed; `v0.2.14` commit, tag, npm publication, registry smoke, npm exec, and GitHub Release completed
|
|
114
116
|
- Next recommended milestone: continue builder-mode wave with `deployment-preflight-skill`
|
|
115
117
|
after `v0.2.14` publication completes.
|
|
116
118
|
|
|
119
|
+
### 2026-07-03T14:00:00Z
|
|
120
|
+
|
|
121
|
+
- Latest tag observed: `v0.2.14`
|
|
122
|
+
- Implemented milestone: `deployment-preflight` audit-only static deployment readiness
|
|
123
|
+
evidence skill and CLI command.
|
|
124
|
+
- Required permission: `builder-mode-skill-implementation`
|
|
125
|
+
- Validation result: pass pending final publication evidence
|
|
126
|
+
- Next recommended milestone: continue builder-mode wave with `cloudflare-preflight-skill`
|
|
127
|
+
after `v0.2.15` publication completes.
|
|
128
|
+
|
|
117
129
|
### 2026-07-03T12:00:00Z
|
|
118
130
|
|
|
119
131
|
- Latest tag observed: `v0.2.12`
|