coding-agent-skills 0.2.14 → 0.2.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/CHANGELOG.md +42 -0
  2. package/README.md +31 -1
  3. package/ROADMAP.md +7 -2
  4. package/bin/coding-agent-skills +340 -2
  5. package/docs/adapters/README.md +21 -0
  6. package/docs/adapters/project-installation.md +14 -0
  7. package/docs/adapters/real-project-adoption.md +2 -2
  8. package/docs/architecture/README.md +3 -2
  9. package/docs/release/README.md +13 -10
  10. package/docs/release/npm-package.md +27 -2
  11. package/docs/safety/README.md +6 -1
  12. package/docs/testing/README.md +16 -0
  13. package/docs/usage/README.md +59 -5
  14. package/examples/command-policies/deployment-preflight.json +70 -0
  15. package/examples/evidence-packs/deployment-preflight.json +60 -0
  16. package/examples/manifests/deployment-preflight.json +14 -0
  17. package/examples/workflows/deployment-preflight.md +8 -0
  18. package/package.json +2 -1
  19. package/runs/skill-runs.md +36 -0
  20. package/schemas/project-adapter-installation.schema.json +2 -0
  21. package/schemas/project-adapter.schema.json +2 -0
  22. package/scripts/lib/deployment-preflight.mjs +655 -0
  23. package/scripts/lib/pack-rules.mjs +11 -2
  24. package/scripts/render-deployment-preflight.mjs +9 -0
  25. package/scripts/test-pack.mjs +151 -1
  26. package/scripts/validate-pack.mjs +5 -2
  27. package/skills/deployment-preflight/SKILL.md +89 -0
  28. package/skills/deployment-preflight/adapter-interface.md +17 -0
  29. package/skills/deployment-preflight/agents/openai.yaml +3 -0
  30. package/skills/deployment-preflight/checklist.md +7 -0
  31. package/skills/deployment-preflight/evidence-template.md +19 -0
  32. package/skills/deployment-preflight/examples.md +11 -0
  33. package/skills/deployment-preflight/failure-modes.md +11 -0
  34. package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/adapters/deployment-preflight-fixture/adapter.json +56 -0
  35. package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/skills.json +23 -0
  36. package/tests/fixtures/deployment-preflight/adapter-project/README.md +3 -0
  37. package/tests/fixtures/deployment-preflight/adapter-project/deploy/netlify.toml +3 -0
  38. package/tests/fixtures/deployment-preflight/adapter-project/ignored/render.yaml +3 -0
  39. package/tests/fixtures/deployment-preflight/adapter-project/package.json +5 -0
  40. package/tests/fixtures/deployment-preflight/static-project/Dockerfile +2 -0
  41. package/tests/fixtures/deployment-preflight/static-project/README.md +3 -0
  42. package/tests/fixtures/deployment-preflight/static-project/docs/deployment.md +4 -0
  43. package/tests/fixtures/deployment-preflight/static-project/package.json +6 -0
  44. package/tests/fixtures/deployment-preflight/static-project/src/index.js +1 -0
  45. package/tests/fixtures/deployment-preflight/static-project/wrangler.toml +3 -0
  46. package/tests/fixtures/triggers/cases.json +13 -1
  47. package/tests/trigger/README.md +2 -0
  48. package/work-ledger.md +33 -8
@@ -7,7 +7,7 @@ safety model.
7
7
  ## Current Package Shape
8
8
 
9
9
  - Package name: `coding-agent-skills`.
10
- - Package version: `0.2.14`.
10
+ - Package version: `0.2.16`.
11
11
  - CLI bin: `coding-agent-skills` mapped to `bin/coding-agent-skills`.
12
12
  - Module type: `module`.
13
13
  - Dependencies: none.
@@ -33,9 +33,22 @@ coding-agent-skills secret-audit /path/to/project
33
33
  coding-agent-skills api-contract-audit /path/to/project
34
34
  coding-agent-skills migration-review /path/to/project
35
35
  coding-agent-skills github-handoff /path/to/project
36
+ coding-agent-skills deployment-preflight /path/to/project
36
37
  coding-agent-skills validate-adapters /path/to/adapter-root
37
38
  ```
38
39
 
40
+ Each public command also supports optional machine-readable output:
41
+
42
+ ```bash
43
+ coding-agent-skills repo-map /path/to/project --json
44
+ ```
45
+
46
+ The JSON contract is intended for OpenClaw-style orchestrators that already own memory,
47
+ routing, approvals, scheduling, and workflow state. It includes `success`, `status`,
48
+ `command`, `skillId`, `packageVersion`, sanitized findings and warnings, safety flags,
49
+ `recommendedNextAction`, and `exitCodeMeaning`. The default human-readable output is
50
+ unchanged.
51
+
39
52
  The package can also be executed without a repo-local install:
40
53
 
41
54
  ```bash
@@ -60,6 +73,10 @@ secrets.
60
73
  `github-handoff` is local Git metadata only; it reports branch state, HEAD, tags at HEAD,
61
74
  remote names, and changed-file summaries without printing remote URLs, reading tokens,
62
75
  creating pull requests, committing, pushing, tagging, or calling GitHub APIs.
76
+ `deployment-preflight` is static and audit-only; it reports deployment config files,
77
+ deployment docs, package script keys, platform indicators, risk indicators, and
78
+ not-verified provider/runtime behavior without deploying, calling provider APIs,
79
+ installing packages, building, testing, or reading secrets.
63
80
 
64
81
  `coding-agent-skills validate-pack` is package-aware. In a source checkout, it keeps
65
82
  source-only checks such as `.gitignore` validation. In an installed package tree, where
@@ -95,7 +112,7 @@ included.
95
112
  The public CLI remains read-only for target projects unless a specific underlying skill
96
113
  already permits a bounded local validation action. The installed `repo-map`,
97
114
  `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`,
98
- `github-handoff`, and adapter flows do not:
115
+ `github-handoff`, `deployment-preflight`, and adapter flows do not:
99
116
 
100
117
  - deploy
101
118
  - run migrations
@@ -107,3 +124,11 @@ already permits a bounded local validation action. The installed `repo-map`,
107
124
 
108
125
  Project adapters narrow context for safer repository understanding; they do not weaken
109
126
  shared restrictions or authorize additional command families.
127
+
128
+ ## Exit Codes
129
+
130
+ - `0`: handled execution path, including complete, partial, blocked, or controlled audit result
131
+ - `2`: usage error
132
+ - `3`: safety refusal
133
+ - `4`: missing required input or file
134
+ - `5`: unexpected internal or runtime failure
@@ -2,7 +2,7 @@
2
2
 
3
3
  ## Audit-Only Rule
4
4
 
5
- `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
5
+ `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `deployment-preflight`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
6
6
 
7
7
  `route-trace` is static only. It may read bounded non-secret route files and route
8
8
  configuration, but it must not execute app code, run servers, hit URLs, claim runtime
@@ -32,6 +32,11 @@ HEAD, remote names, and changed-file status, but it must not print remote URLs,
32
32
  tokens, create pull requests, commit, push, tag, call GitHub APIs, mutate Git state, or
33
33
  broaden adapter scope.
34
34
 
35
+ `deployment-preflight` is static only. It may read bounded non-secret deployment config,
36
+ docs, and package metadata, but it must not deploy, run provider CLIs, call cloud APIs,
37
+ install packages, build, test, run services, migrate databases, read secret files, or
38
+ broaden adapter scope.
39
+
35
40
  `build-verify` may run existing project-native validation commands. Build or test tools may create their normal local artifacts, but the skill must declare observed changes and must reject installation, fix modes, snapshot updates, deployment, migration, or unknown scripts.
36
41
 
37
42
  ## Restricted Categories
@@ -75,6 +75,14 @@ summary, adapter-declared evidence metadata, and adapter-present-but-not-enabled
75
75
  Tests must never commit to the shared repository, push, tag shared history, create pull
76
76
  requests, call GitHub APIs, print remote URLs, read tokens, or read `.env` files.
77
77
 
78
+ ## Deployment Preflight
79
+
80
+ Synthetic deployment-preflight projects cover deployment config detection, deployment docs,
81
+ package script keys without command values, static platform indicators, risk indicators,
82
+ adapter-declared scope, and adapter-present-but-not-enabled behavior. Tests must never
83
+ deploy, call provider APIs, install packages, build, test, run services, migrate, or read
84
+ `.env` files.
85
+
78
86
  ## Privacy And Redaction
79
87
 
80
88
  Sensitive shapes are stored as ordered synthetic parts and reconstructed only in memory. Tests verify type detection, redaction, and absence from reusable skill content without printing fixture values.
@@ -118,6 +126,14 @@ compatibility, schema drift, restriction weakening, evidence removal, failure su
118
126
  completion override, mode escalation, `.env` avoidance, traversal, symlinks, and mutation
119
127
  snapshots. Chain summaries use ordinal revision labels rather than directory names.
120
128
 
129
+ ## OpenClaw-Compatible CLI JSON
130
+
131
+ Public CLI tests exercise `--json` for every exposed command. The contract must remain
132
+ valid JSON, preserve default human-readable output, include safety flags and
133
+ `recommendedNextAction`, use handled exit semantics for successful/partial audit results,
134
+ redact local home paths, and avoid token, private-key, authorization-header, or `.env`
135
+ contents.
136
+
121
137
  ## Evidence Bundles
122
138
 
123
139
  Disposable evidence bundles cover valid replay, hash mismatch, missing entries,
@@ -11,6 +11,7 @@ Select the least-privileged skill that matches the request:
11
11
  | Map static API contract surfaces | `api-contract-audit` |
12
12
  | Review static migration and schema evidence | `migration-review` |
13
13
  | Prepare local GitHub handoff evidence | `github-handoff` |
14
+ | Map static deployment readiness evidence | `deployment-preflight` |
14
15
  | Run existing local validation checks | `build-verify` |
15
16
  | Assess Git handoff readiness | `git-preflight` |
16
17
  | Determine what is actually running | `runtime-truth` |
@@ -30,11 +31,13 @@ Select the least-privileged skill that matches the request:
30
31
  and static risk-indicator evidence must be mapped without database access.
31
32
  7. Use `github-handoff` when local Git metadata and changed-file summaries are needed
32
33
  before separately approved GitHub work.
33
- 8. Perform implementation outside this pilot pack.
34
- 9. Use `build-verify` for approved project-native checks.
35
- 10. Use `git-preflight` before handoff or publication.
36
- 11. Use `runtime-truth` only when live local state matters.
37
- 12. Use `llm-drift-control` when claims and evidence may disagree.
34
+ 8. Use `deployment-preflight` when visible deployment config, docs, package script keys,
35
+ and platform hints must be mapped without deployment behavior.
36
+ 9. Perform implementation outside this pilot pack.
37
+ 10. Use `build-verify` for approved project-native checks.
38
+ 11. Use `git-preflight` before handoff or publication.
39
+ 12. Use `runtime-truth` only when live local state matters.
40
+ 13. Use `llm-drift-control` when claims and evidence may disagree.
38
41
 
39
42
  Every skill emits an evidence pack. Read `status`, skipped checks, failures, confidence, and changed state before relying on a completion claim.
40
43
 
@@ -71,6 +74,7 @@ coding-agent-skills secret-audit /path/to/project
71
74
  coding-agent-skills api-contract-audit /path/to/project
72
75
  coding-agent-skills migration-review /path/to/project
73
76
  coding-agent-skills github-handoff /path/to/project
77
+ coding-agent-skills deployment-preflight /path/to/project
74
78
  coding-agent-skills validate-adapters /path/to/adapter-root
75
79
  ```
76
80
 
@@ -104,11 +108,59 @@ database access or migration execution.
104
108
  state, HEAD, tags at HEAD, remote names, and changed-file summaries without printing
105
109
  remote URLs, committing, pushing, tagging, creating pull requests, calling GitHub APIs,
106
110
  or reading tokens.
111
+ `deployment-preflight` validates a project adapter when present, uses adapter-declared
112
+ safe paths when enabled, and statically reports deployment config files, deployment docs,
113
+ package script keys, platform indicators, risk indicators, skipped paths, and
114
+ not-verified provider/runtime behavior without deploying or calling provider APIs.
107
115
 
108
116
  The installed CLI does not run target project builds or tests, perform runtime checks,
109
117
  deploy, migrate, mutate services or processes, or read `.env` files. Project adapters
110
118
  narrow context; they do not grant additional power or weaken shared restrictions.
111
119
 
120
+ ## Machine-Readable Output
121
+
122
+ Every public CLI command accepts optional `--json` for OpenClaw-style tool callers:
123
+
124
+ ```bash
125
+ coding-agent-skills repo-map /path/to/project --json
126
+ coding-agent-skills validate-pack --json
127
+ ```
128
+
129
+ The default human-readable output is unchanged. JSON output is sanitized and includes:
130
+
131
+ - `success`
132
+ - `status`
133
+ - `tool`
134
+ - `command`
135
+ - `skillId`
136
+ - `packageVersion`
137
+ - `mode`
138
+ - `changedState`
139
+ - `summary`
140
+ - `findings`
141
+ - `warnings`
142
+ - `risks`
143
+ - `skipped`
144
+ - `notVerified`
145
+ - `refusedBehavior`
146
+ - `adapter`
147
+ - `recommendedNextAction`
148
+ - `safety`
149
+ - `exitCode`
150
+ - `exitCodeMeaning`
151
+
152
+ Exit-code semantics:
153
+
154
+ - `0`: handled execution path, including complete, partial, blocked, or controlled audit result
155
+ - `2`: usage error
156
+ - `3`: safety refusal
157
+ - `4`: missing required input or file
158
+ - `5`: unexpected internal or runtime failure
159
+
160
+ OpenClaw or another orchestrator should own memory, routing, permissions, scheduling,
161
+ chat/user interaction, and workflow state. This package remains a read-only external tool
162
+ and evidence producer.
163
+
112
164
  ## Local Command Surface
113
165
 
114
166
  From the shared skill repository root, the same wrapper can be used directly:
@@ -123,6 +175,7 @@ bin/coding-agent-skills secret-audit /path/to/project
123
175
  bin/coding-agent-skills api-contract-audit /path/to/project
124
176
  bin/coding-agent-skills migration-review /path/to/project
125
177
  bin/coding-agent-skills github-handoff /path/to/project
178
+ bin/coding-agent-skills deployment-preflight /path/to/project
126
179
  bin/coding-agent-skills validate-adapters /path/to/adapter-root
127
180
  ```
128
181
 
@@ -139,6 +192,7 @@ coding-agent-skills secret-audit /path/to/project
139
192
  coding-agent-skills api-contract-audit /path/to/project
140
193
  coding-agent-skills migration-review /path/to/project
141
194
  coding-agent-skills github-handoff /path/to/project
195
+ coding-agent-skills deployment-preflight /path/to/project
142
196
  coding-agent-skills validate-adapters /path/to/adapter-root
143
197
  ```
144
198
 
@@ -0,0 +1,70 @@
1
+ {
2
+ "version": "0.2.3",
3
+ "mode": "audit-only",
4
+ "parserPolicy": {
5
+ "inspectEverySegment": true,
6
+ "inspectScriptBodies": true,
7
+ "rejectUnknownExecutables": true,
8
+ "rejectShellWrappers": true,
9
+ "rejectHeredocs": true,
10
+ "rejectRedirection": true,
11
+ "providerSpecificNpx": true,
12
+ "authenticatedCurlRequiresApproval": true,
13
+ "boundedReadsRequired": true,
14
+ "allowedComposition": "read-only"
15
+ },
16
+ "allowedFamilies": [
17
+ {
18
+ "name": "bounded-deployment-preflight-inspection",
19
+ "executables": ["pwd", "ls", "rg", "find", "sed", "head"],
20
+ "argumentPolicy": {
21
+ "strategy": "pattern",
22
+ "allowedPatterns": ["bounded repository-local static deployment config, docs, and package metadata inspection"],
23
+ "deniedPatterns": ["deployments, provider APIs, package installs, builds, tests, runtime checks, secret files, and unbounded traversal"]
24
+ },
25
+ "constraints": [
26
+ "Remain inside the declared project scope.",
27
+ "Bound traversal depth and output.",
28
+ "Exclude .env, secret-bearing, generated, dependency, build, and runtime-output paths."
29
+ ]
30
+ },
31
+ {
32
+ "name": "git-identity-inspection",
33
+ "executables": ["git"],
34
+ "argumentPolicy": {
35
+ "strategy": "exact",
36
+ "allowedPatterns": ["rev-parse and status --short --branch"],
37
+ "deniedPatterns": ["all Git mutation and publication subcommands"]
38
+ },
39
+ "constraints": ["Allow only read-only repository identity and branch-state inspection."]
40
+ },
41
+ {
42
+ "name": "deployment-preflight-renderer",
43
+ "executables": ["node", "coding-agent-skills"],
44
+ "argumentPolicy": {
45
+ "strategy": "exact",
46
+ "allowedPatterns": ["node scripts/render-deployment-preflight.mjs <project-root>; coding-agent-skills deployment-preflight <project-root>"],
47
+ "deniedPatterns": ["deployments, provider APIs, package installs, builds, tests, runtime checks, migrations, service mutation, and secret-file reads"]
48
+ },
49
+ "constraints": [
50
+ "The renderer must remain static and read-only.",
51
+ "Do not run provider CLIs, deploy, build, test, or inspect secrets."
52
+ ]
53
+ }
54
+ ],
55
+ "restrictedCategories": [
56
+ "file-write",
57
+ "package-install",
58
+ "deployment",
59
+ "git-mutation",
60
+ "unrestricted-scan",
61
+ "secret-read",
62
+ "process-mutation",
63
+ "service-mutation",
64
+ "migration-apply",
65
+ "privileged-api"
66
+ ],
67
+ "approvalExceptions": [
68
+ "A named-file approval may permit one otherwise excluded non-mutating static read when the file is not secret-bearing."
69
+ ]
70
+ }
@@ -0,0 +1,60 @@
1
+ {
2
+ "contractVersion": "1.0.0",
3
+ "skill": {"name": "deployment-preflight", "version": "0.2.3"},
4
+ "invocation": {
5
+ "id": "example-deployment-preflight",
6
+ "startedAt": "2026-07-03T12:00:00Z",
7
+ "endedAt": "2026-07-03T12:01:00Z"
8
+ },
9
+ "repository": {
10
+ "root": "/workspace/example-project",
11
+ "branch": "main",
12
+ "head": "0123456789abcdef",
13
+ "workingTreeState": "clean"
14
+ },
15
+ "userIntent": "Map static deployment readiness evidence before deployment planning.",
16
+ "declaredScope": ["/workspace/example-project"],
17
+ "projectAdapter": "example-deployment-preflight-adapter",
18
+ "environmentSummary": {"platform": "linux", "shell": "bash"},
19
+ "status": "complete",
20
+ "confidence": {
21
+ "level": "medium",
22
+ "reason": "Static deployment evidence was inspected, but provider credentials and deployed state were not verified."
23
+ },
24
+ "commands": [
25
+ {
26
+ "command": "coding-agent-skills deployment-preflight /workspace/example-project",
27
+ "family": "deployment-preflight-renderer",
28
+ "workingDirectory": "/workspace/example-project",
29
+ "startedAt": "2026-07-03T12:00:20Z",
30
+ "endedAt": "2026-07-03T12:00:21Z",
31
+ "exitStatus": 0,
32
+ "resultStatus": "success",
33
+ "safetyClass": "allowed",
34
+ "approvalReference": null,
35
+ "purpose": "Render a static deployment preflight report.",
36
+ "outputSummary": "Reported static deployment config files, docs, platform indicators, risk indicators, skipped items, and not-verified provider areas."
37
+ }
38
+ ],
39
+ "skippedChecks": [],
40
+ "findings": [
41
+ {
42
+ "summary": "Static deployment evidence was mapped without deployment behavior.",
43
+ "evidence": ["wrangler.toml", "docs/deployment.md"]
44
+ }
45
+ ],
46
+ "risks": [
47
+ {
48
+ "summary": "Provider and deployed service state may differ from static repository evidence.",
49
+ "evidence": ["provider APIs were not called", "runtime health checks were not performed"]
50
+ }
51
+ ],
52
+ "failures": [],
53
+ "unresolvedQuestions": [],
54
+ "changedState": {
55
+ "changed": false,
56
+ "summary": "No project, Git, dependency, runtime, service, database, cloud provider, remote, deployment, or generated-output state changed."
57
+ },
58
+ "handoffSummary": "Static deployment evidence is mapped; deployment execution and provider state remain unverified.",
59
+ "recommendedNextAction": "Review reported deployment surfaces before separately approving any platform-specific deployment work."
60
+ }
@@ -0,0 +1,14 @@
1
+ {
2
+ "name": "deployment-preflight",
3
+ "version": "0.2.3",
4
+ "mode": "audit-only",
5
+ "evidenceContract": "../../contracts/evidence-pack/evidence-pack.schema.json",
6
+ "commandPolicy": "../command-policies/deployment-preflight.json",
7
+ "adapterSchema": "../../schemas/project-adapter.schema.json",
8
+ "adapterCompatibility": {
9
+ "contractVersion": "1.0.0",
10
+ "compatibleAdapterVersions": ["1.0.0"]
11
+ },
12
+ "adapterInterface": "../../skills/deployment-preflight/adapter-interface.md",
13
+ "description": "Map static deployment readiness evidence without deployment behavior."
14
+ }
@@ -0,0 +1,8 @@
1
+ # Deployment Preflight Workflow
2
+
3
+ ```bash
4
+ coding-agent-skills deployment-preflight /workspace/project
5
+ ```
6
+
7
+ Use the output as static deployment orientation only. It does not deploy, call provider APIs,
8
+ install packages, run builds, run tests, start services, run migrations, or read secrets.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coding-agent-skills",
3
- "version": "0.2.14",
3
+ "version": "0.2.16",
4
4
  "description": "Evidence-first, read-only coding-agent skills and project adapter tooling.",
5
5
  "type": "module",
6
6
  "private": false,
@@ -15,6 +15,7 @@
15
15
  "api-contract-audit",
16
16
  "migration-review",
17
17
  "github-handoff",
18
+ "deployment-preflight",
18
19
  "project-adapters",
19
20
  "code-validation",
20
21
  "cli"
@@ -258,6 +258,42 @@ This file records bounded maintainer-loop runs. Entries must not contain secrets
258
258
  - Safety boundary: read-only local Git metadata only, no `.env` reads, no token reads, no
259
259
  remote URL printing, no commits, no pushes, no tags, no pull request creation, no GitHub
260
260
  API calls, and no target-project mutation.
261
+ - Validation commands: full source validation, package dry-run, tarball smoke, registry
262
+ install smoke, npm exec, and GitHub Release verification.
263
+ - Result: passed; `v0.2.14` was committed, pushed, tagged, published to npm, smoke-tested
264
+ from the registry, and released on GitHub.
265
+ - Commit/tag/push status: complete.
266
+
267
+ ## implementation-v0.2.15-deployment-preflight
268
+
269
+ - Run ID: `implementation-v0.2.15-deployment-preflight`
270
+ - Repository: `/home/oneclickwebsitedesignfactory/coding-agent-skills`
271
+ - Command used: `builder-mode approval for deployment-preflight-skill implementation and release`
272
+ - Files changed: `deployment-preflight` skill, deployment preflight renderer and library,
273
+ CLI wrapper, adapter schemas, pack rules, release tests, synthetic deployment fixtures,
274
+ usage/release/safety/adapter docs, changelog, roadmap, work ledger, run log, and package
275
+ metadata.
276
+ - Safety boundary: read-only static deployment evidence only, no `.env` reads, no provider
277
+ API calls, no provider CLI execution, no package installs, no builds, no tests, no
278
+ runtime checks, no service mutation, no deployments, no migrations, and no target-project
279
+ mutation.
280
+ - Validation commands: full source validation, package dry-run, tarball smoke, registry
281
+ install smoke, npm exec, and GitHub Release verification.
282
+ - Result: passed; `v0.2.15` was committed, pushed, tagged, published to npm, smoke-tested
283
+ from the registry, and released on GitHub.
284
+ - Commit/tag/push status: complete.
285
+
286
+ ## implementation-v0.2.16-openclaw-json-output
287
+
288
+ - Run ID: `implementation-v0.2.16-openclaw-json-output`
289
+ - Repository: `/home/oneclickwebsitedesignfactory/coding-agent-skills`
290
+ - Command used: `bounded approval for OpenClaw-compatible JSON output and exit-code contract`
291
+ - Files changed: CLI wrapper, release tests, usage/release/testing docs, changelog,
292
+ roadmap, work ledger, run log, and package metadata.
293
+ - Safety boundary: read-only machine-readable output only; no `.env` reads, no OpenClaw
294
+ modification, no OpenClaw plugin code, no cron or memory integration, no real project
295
+ repository mutation, no target-project builds/tests/runtime checks, no deployments, no
296
+ migrations, and no dependency changes.
261
297
  - Validation commands: pending final release validation matrix.
262
298
  - Result: pass pending final publication evidence.
263
299
  - Commit/tag/push status: pending approved release workflow.
@@ -71,6 +71,7 @@
71
71
  "api-contract-audit",
72
72
  "migration-review",
73
73
  "github-handoff",
74
+ "deployment-preflight",
74
75
  "build-verify",
75
76
  "git-preflight",
76
77
  "runtime-truth",
@@ -109,6 +110,7 @@
109
110
  "api-contract-audit",
110
111
  "migration-review",
111
112
  "github-handoff",
113
+ "deployment-preflight",
112
114
  "build-verify",
113
115
  "git-preflight",
114
116
  "runtime-truth",
@@ -95,6 +95,7 @@
95
95
  "api-contract-audit",
96
96
  "migration-review",
97
97
  "github-handoff",
98
+ "deployment-preflight",
98
99
  "build-verify",
99
100
  "git-preflight",
100
101
  "runtime-truth",
@@ -177,6 +178,7 @@
177
178
  "api-contract-audit",
178
179
  "migration-review",
179
180
  "github-handoff",
181
+ "deployment-preflight",
180
182
  "build-verify",
181
183
  "git-preflight",
182
184
  "runtime-truth",