coding-agent-skills 0.2.14 → 0.2.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +42 -0
- package/README.md +31 -1
- package/ROADMAP.md +7 -2
- package/bin/coding-agent-skills +340 -2
- package/docs/adapters/README.md +21 -0
- package/docs/adapters/project-installation.md +14 -0
- package/docs/adapters/real-project-adoption.md +2 -2
- package/docs/architecture/README.md +3 -2
- package/docs/release/README.md +13 -10
- package/docs/release/npm-package.md +27 -2
- package/docs/safety/README.md +6 -1
- package/docs/testing/README.md +16 -0
- package/docs/usage/README.md +59 -5
- package/examples/command-policies/deployment-preflight.json +70 -0
- package/examples/evidence-packs/deployment-preflight.json +60 -0
- package/examples/manifests/deployment-preflight.json +14 -0
- package/examples/workflows/deployment-preflight.md +8 -0
- package/package.json +2 -1
- package/runs/skill-runs.md +36 -0
- package/schemas/project-adapter-installation.schema.json +2 -0
- package/schemas/project-adapter.schema.json +2 -0
- package/scripts/lib/deployment-preflight.mjs +655 -0
- package/scripts/lib/pack-rules.mjs +11 -2
- package/scripts/render-deployment-preflight.mjs +9 -0
- package/scripts/test-pack.mjs +151 -1
- package/scripts/validate-pack.mjs +5 -2
- package/skills/deployment-preflight/SKILL.md +89 -0
- package/skills/deployment-preflight/adapter-interface.md +17 -0
- package/skills/deployment-preflight/agents/openai.yaml +3 -0
- package/skills/deployment-preflight/checklist.md +7 -0
- package/skills/deployment-preflight/evidence-template.md +19 -0
- package/skills/deployment-preflight/examples.md +11 -0
- package/skills/deployment-preflight/failure-modes.md +11 -0
- package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/adapters/deployment-preflight-fixture/adapter.json +56 -0
- package/tests/fixtures/deployment-preflight/adapter-project/.coding-agent/skills.json +23 -0
- package/tests/fixtures/deployment-preflight/adapter-project/README.md +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/deploy/netlify.toml +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/ignored/render.yaml +3 -0
- package/tests/fixtures/deployment-preflight/adapter-project/package.json +5 -0
- package/tests/fixtures/deployment-preflight/static-project/Dockerfile +2 -0
- package/tests/fixtures/deployment-preflight/static-project/README.md +3 -0
- package/tests/fixtures/deployment-preflight/static-project/docs/deployment.md +4 -0
- package/tests/fixtures/deployment-preflight/static-project/package.json +6 -0
- package/tests/fixtures/deployment-preflight/static-project/src/index.js +1 -0
- package/tests/fixtures/deployment-preflight/static-project/wrangler.toml +3 -0
- package/tests/fixtures/triggers/cases.json +13 -1
- package/tests/trigger/README.md +2 -0
- package/work-ledger.md +33 -8
|
@@ -7,7 +7,7 @@ safety model.
|
|
|
7
7
|
## Current Package Shape
|
|
8
8
|
|
|
9
9
|
- Package name: `coding-agent-skills`.
|
|
10
|
-
- Package version: `0.2.
|
|
10
|
+
- Package version: `0.2.16`.
|
|
11
11
|
- CLI bin: `coding-agent-skills` mapped to `bin/coding-agent-skills`.
|
|
12
12
|
- Module type: `module`.
|
|
13
13
|
- Dependencies: none.
|
|
@@ -33,9 +33,22 @@ coding-agent-skills secret-audit /path/to/project
|
|
|
33
33
|
coding-agent-skills api-contract-audit /path/to/project
|
|
34
34
|
coding-agent-skills migration-review /path/to/project
|
|
35
35
|
coding-agent-skills github-handoff /path/to/project
|
|
36
|
+
coding-agent-skills deployment-preflight /path/to/project
|
|
36
37
|
coding-agent-skills validate-adapters /path/to/adapter-root
|
|
37
38
|
```
|
|
38
39
|
|
|
40
|
+
Each public command also supports optional machine-readable output:
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
coding-agent-skills repo-map /path/to/project --json
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
The JSON contract is intended for OpenClaw-style orchestrators that already own memory,
|
|
47
|
+
routing, approvals, scheduling, and workflow state. It includes `success`, `status`,
|
|
48
|
+
`command`, `skillId`, `packageVersion`, sanitized findings and warnings, safety flags,
|
|
49
|
+
`recommendedNextAction`, and `exitCodeMeaning`. The default human-readable output is
|
|
50
|
+
unchanged.
|
|
51
|
+
|
|
39
52
|
The package can also be executed without a repo-local install:
|
|
40
53
|
|
|
41
54
|
```bash
|
|
@@ -60,6 +73,10 @@ secrets.
|
|
|
60
73
|
`github-handoff` is local Git metadata only; it reports branch state, HEAD, tags at HEAD,
|
|
61
74
|
remote names, and changed-file summaries without printing remote URLs, reading tokens,
|
|
62
75
|
creating pull requests, committing, pushing, tagging, or calling GitHub APIs.
|
|
76
|
+
`deployment-preflight` is static and audit-only; it reports deployment config files,
|
|
77
|
+
deployment docs, package script keys, platform indicators, risk indicators, and
|
|
78
|
+
not-verified provider/runtime behavior without deploying, calling provider APIs,
|
|
79
|
+
installing packages, building, testing, or reading secrets.
|
|
63
80
|
|
|
64
81
|
`coding-agent-skills validate-pack` is package-aware. In a source checkout, it keeps
|
|
65
82
|
source-only checks such as `.gitignore` validation. In an installed package tree, where
|
|
@@ -95,7 +112,7 @@ included.
|
|
|
95
112
|
The public CLI remains read-only for target projects unless a specific underlying skill
|
|
96
113
|
already permits a bounded local validation action. The installed `repo-map`,
|
|
97
114
|
`route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`,
|
|
98
|
-
`github-handoff`, and adapter flows do not:
|
|
115
|
+
`github-handoff`, `deployment-preflight`, and adapter flows do not:
|
|
99
116
|
|
|
100
117
|
- deploy
|
|
101
118
|
- run migrations
|
|
@@ -107,3 +124,11 @@ already permits a bounded local validation action. The installed `repo-map`,
|
|
|
107
124
|
|
|
108
125
|
Project adapters narrow context for safer repository understanding; they do not weaken
|
|
109
126
|
shared restrictions or authorize additional command families.
|
|
127
|
+
|
|
128
|
+
## Exit Codes
|
|
129
|
+
|
|
130
|
+
- `0`: handled execution path, including complete, partial, blocked, or controlled audit result
|
|
131
|
+
- `2`: usage error
|
|
132
|
+
- `3`: safety refusal
|
|
133
|
+
- `4`: missing required input or file
|
|
134
|
+
- `5`: unexpected internal or runtime failure
|
package/docs/safety/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
## Audit-Only Rule
|
|
4
4
|
|
|
5
|
-
`repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
|
|
5
|
+
`repo-map`, `route-trace`, `env-audit`, `secret-audit`, `api-contract-audit`, `migration-review`, `github-handoff`, `deployment-preflight`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
|
|
6
6
|
|
|
7
7
|
`route-trace` is static only. It may read bounded non-secret route files and route
|
|
8
8
|
configuration, but it must not execute app code, run servers, hit URLs, claim runtime
|
|
@@ -32,6 +32,11 @@ HEAD, remote names, and changed-file status, but it must not print remote URLs,
|
|
|
32
32
|
tokens, create pull requests, commit, push, tag, call GitHub APIs, mutate Git state, or
|
|
33
33
|
broaden adapter scope.
|
|
34
34
|
|
|
35
|
+
`deployment-preflight` is static only. It may read bounded non-secret deployment config,
|
|
36
|
+
docs, and package metadata, but it must not deploy, run provider CLIs, call cloud APIs,
|
|
37
|
+
install packages, build, test, run services, migrate databases, read secret files, or
|
|
38
|
+
broaden adapter scope.
|
|
39
|
+
|
|
35
40
|
`build-verify` may run existing project-native validation commands. Build or test tools may create their normal local artifacts, but the skill must declare observed changes and must reject installation, fix modes, snapshot updates, deployment, migration, or unknown scripts.
|
|
36
41
|
|
|
37
42
|
## Restricted Categories
|
package/docs/testing/README.md
CHANGED
|
@@ -75,6 +75,14 @@ summary, adapter-declared evidence metadata, and adapter-present-but-not-enabled
|
|
|
75
75
|
Tests must never commit to the shared repository, push, tag shared history, create pull
|
|
76
76
|
requests, call GitHub APIs, print remote URLs, read tokens, or read `.env` files.
|
|
77
77
|
|
|
78
|
+
## Deployment Preflight
|
|
79
|
+
|
|
80
|
+
Synthetic deployment-preflight projects cover deployment config detection, deployment docs,
|
|
81
|
+
package script keys without command values, static platform indicators, risk indicators,
|
|
82
|
+
adapter-declared scope, and adapter-present-but-not-enabled behavior. Tests must never
|
|
83
|
+
deploy, call provider APIs, install packages, build, test, run services, migrate, or read
|
|
84
|
+
`.env` files.
|
|
85
|
+
|
|
78
86
|
## Privacy And Redaction
|
|
79
87
|
|
|
80
88
|
Sensitive shapes are stored as ordered synthetic parts and reconstructed only in memory. Tests verify type detection, redaction, and absence from reusable skill content without printing fixture values.
|
|
@@ -118,6 +126,14 @@ compatibility, schema drift, restriction weakening, evidence removal, failure su
|
|
|
118
126
|
completion override, mode escalation, `.env` avoidance, traversal, symlinks, and mutation
|
|
119
127
|
snapshots. Chain summaries use ordinal revision labels rather than directory names.
|
|
120
128
|
|
|
129
|
+
## OpenClaw-Compatible CLI JSON
|
|
130
|
+
|
|
131
|
+
Public CLI tests exercise `--json` for every exposed command. The contract must remain
|
|
132
|
+
valid JSON, preserve default human-readable output, include safety flags and
|
|
133
|
+
`recommendedNextAction`, use handled exit semantics for successful/partial audit results,
|
|
134
|
+
redact local home paths, and avoid token, private-key, authorization-header, or `.env`
|
|
135
|
+
contents.
|
|
136
|
+
|
|
121
137
|
## Evidence Bundles
|
|
122
138
|
|
|
123
139
|
Disposable evidence bundles cover valid replay, hash mismatch, missing entries,
|
package/docs/usage/README.md
CHANGED
|
@@ -11,6 +11,7 @@ Select the least-privileged skill that matches the request:
|
|
|
11
11
|
| Map static API contract surfaces | `api-contract-audit` |
|
|
12
12
|
| Review static migration and schema evidence | `migration-review` |
|
|
13
13
|
| Prepare local GitHub handoff evidence | `github-handoff` |
|
|
14
|
+
| Map static deployment readiness evidence | `deployment-preflight` |
|
|
14
15
|
| Run existing local validation checks | `build-verify` |
|
|
15
16
|
| Assess Git handoff readiness | `git-preflight` |
|
|
16
17
|
| Determine what is actually running | `runtime-truth` |
|
|
@@ -30,11 +31,13 @@ Select the least-privileged skill that matches the request:
|
|
|
30
31
|
and static risk-indicator evidence must be mapped without database access.
|
|
31
32
|
7. Use `github-handoff` when local Git metadata and changed-file summaries are needed
|
|
32
33
|
before separately approved GitHub work.
|
|
33
|
-
8.
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
34
|
+
8. Use `deployment-preflight` when visible deployment config, docs, package script keys,
|
|
35
|
+
and platform hints must be mapped without deployment behavior.
|
|
36
|
+
9. Perform implementation outside this pilot pack.
|
|
37
|
+
10. Use `build-verify` for approved project-native checks.
|
|
38
|
+
11. Use `git-preflight` before handoff or publication.
|
|
39
|
+
12. Use `runtime-truth` only when live local state matters.
|
|
40
|
+
13. Use `llm-drift-control` when claims and evidence may disagree.
|
|
38
41
|
|
|
39
42
|
Every skill emits an evidence pack. Read `status`, skipped checks, failures, confidence, and changed state before relying on a completion claim.
|
|
40
43
|
|
|
@@ -71,6 +74,7 @@ coding-agent-skills secret-audit /path/to/project
|
|
|
71
74
|
coding-agent-skills api-contract-audit /path/to/project
|
|
72
75
|
coding-agent-skills migration-review /path/to/project
|
|
73
76
|
coding-agent-skills github-handoff /path/to/project
|
|
77
|
+
coding-agent-skills deployment-preflight /path/to/project
|
|
74
78
|
coding-agent-skills validate-adapters /path/to/adapter-root
|
|
75
79
|
```
|
|
76
80
|
|
|
@@ -104,11 +108,59 @@ database access or migration execution.
|
|
|
104
108
|
state, HEAD, tags at HEAD, remote names, and changed-file summaries without printing
|
|
105
109
|
remote URLs, committing, pushing, tagging, creating pull requests, calling GitHub APIs,
|
|
106
110
|
or reading tokens.
|
|
111
|
+
`deployment-preflight` validates a project adapter when present, uses adapter-declared
|
|
112
|
+
safe paths when enabled, and statically reports deployment config files, deployment docs,
|
|
113
|
+
package script keys, platform indicators, risk indicators, skipped paths, and
|
|
114
|
+
not-verified provider/runtime behavior without deploying or calling provider APIs.
|
|
107
115
|
|
|
108
116
|
The installed CLI does not run target project builds or tests, perform runtime checks,
|
|
109
117
|
deploy, migrate, mutate services or processes, or read `.env` files. Project adapters
|
|
110
118
|
narrow context; they do not grant additional power or weaken shared restrictions.
|
|
111
119
|
|
|
120
|
+
## Machine-Readable Output
|
|
121
|
+
|
|
122
|
+
Every public CLI command accepts optional `--json` for OpenClaw-style tool callers:
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
coding-agent-skills repo-map /path/to/project --json
|
|
126
|
+
coding-agent-skills validate-pack --json
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
The default human-readable output is unchanged. JSON output is sanitized and includes:
|
|
130
|
+
|
|
131
|
+
- `success`
|
|
132
|
+
- `status`
|
|
133
|
+
- `tool`
|
|
134
|
+
- `command`
|
|
135
|
+
- `skillId`
|
|
136
|
+
- `packageVersion`
|
|
137
|
+
- `mode`
|
|
138
|
+
- `changedState`
|
|
139
|
+
- `summary`
|
|
140
|
+
- `findings`
|
|
141
|
+
- `warnings`
|
|
142
|
+
- `risks`
|
|
143
|
+
- `skipped`
|
|
144
|
+
- `notVerified`
|
|
145
|
+
- `refusedBehavior`
|
|
146
|
+
- `adapter`
|
|
147
|
+
- `recommendedNextAction`
|
|
148
|
+
- `safety`
|
|
149
|
+
- `exitCode`
|
|
150
|
+
- `exitCodeMeaning`
|
|
151
|
+
|
|
152
|
+
Exit-code semantics:
|
|
153
|
+
|
|
154
|
+
- `0`: handled execution path, including complete, partial, blocked, or controlled audit result
|
|
155
|
+
- `2`: usage error
|
|
156
|
+
- `3`: safety refusal
|
|
157
|
+
- `4`: missing required input or file
|
|
158
|
+
- `5`: unexpected internal or runtime failure
|
|
159
|
+
|
|
160
|
+
OpenClaw or another orchestrator should own memory, routing, permissions, scheduling,
|
|
161
|
+
chat/user interaction, and workflow state. This package remains a read-only external tool
|
|
162
|
+
and evidence producer.
|
|
163
|
+
|
|
112
164
|
## Local Command Surface
|
|
113
165
|
|
|
114
166
|
From the shared skill repository root, the same wrapper can be used directly:
|
|
@@ -123,6 +175,7 @@ bin/coding-agent-skills secret-audit /path/to/project
|
|
|
123
175
|
bin/coding-agent-skills api-contract-audit /path/to/project
|
|
124
176
|
bin/coding-agent-skills migration-review /path/to/project
|
|
125
177
|
bin/coding-agent-skills github-handoff /path/to/project
|
|
178
|
+
bin/coding-agent-skills deployment-preflight /path/to/project
|
|
126
179
|
bin/coding-agent-skills validate-adapters /path/to/adapter-root
|
|
127
180
|
```
|
|
128
181
|
|
|
@@ -139,6 +192,7 @@ coding-agent-skills secret-audit /path/to/project
|
|
|
139
192
|
coding-agent-skills api-contract-audit /path/to/project
|
|
140
193
|
coding-agent-skills migration-review /path/to/project
|
|
141
194
|
coding-agent-skills github-handoff /path/to/project
|
|
195
|
+
coding-agent-skills deployment-preflight /path/to/project
|
|
142
196
|
coding-agent-skills validate-adapters /path/to/adapter-root
|
|
143
197
|
```
|
|
144
198
|
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "0.2.3",
|
|
3
|
+
"mode": "audit-only",
|
|
4
|
+
"parserPolicy": {
|
|
5
|
+
"inspectEverySegment": true,
|
|
6
|
+
"inspectScriptBodies": true,
|
|
7
|
+
"rejectUnknownExecutables": true,
|
|
8
|
+
"rejectShellWrappers": true,
|
|
9
|
+
"rejectHeredocs": true,
|
|
10
|
+
"rejectRedirection": true,
|
|
11
|
+
"providerSpecificNpx": true,
|
|
12
|
+
"authenticatedCurlRequiresApproval": true,
|
|
13
|
+
"boundedReadsRequired": true,
|
|
14
|
+
"allowedComposition": "read-only"
|
|
15
|
+
},
|
|
16
|
+
"allowedFamilies": [
|
|
17
|
+
{
|
|
18
|
+
"name": "bounded-deployment-preflight-inspection",
|
|
19
|
+
"executables": ["pwd", "ls", "rg", "find", "sed", "head"],
|
|
20
|
+
"argumentPolicy": {
|
|
21
|
+
"strategy": "pattern",
|
|
22
|
+
"allowedPatterns": ["bounded repository-local static deployment config, docs, and package metadata inspection"],
|
|
23
|
+
"deniedPatterns": ["deployments, provider APIs, package installs, builds, tests, runtime checks, secret files, and unbounded traversal"]
|
|
24
|
+
},
|
|
25
|
+
"constraints": [
|
|
26
|
+
"Remain inside the declared project scope.",
|
|
27
|
+
"Bound traversal depth and output.",
|
|
28
|
+
"Exclude .env, secret-bearing, generated, dependency, build, and runtime-output paths."
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
"name": "git-identity-inspection",
|
|
33
|
+
"executables": ["git"],
|
|
34
|
+
"argumentPolicy": {
|
|
35
|
+
"strategy": "exact",
|
|
36
|
+
"allowedPatterns": ["rev-parse and status --short --branch"],
|
|
37
|
+
"deniedPatterns": ["all Git mutation and publication subcommands"]
|
|
38
|
+
},
|
|
39
|
+
"constraints": ["Allow only read-only repository identity and branch-state inspection."]
|
|
40
|
+
},
|
|
41
|
+
{
|
|
42
|
+
"name": "deployment-preflight-renderer",
|
|
43
|
+
"executables": ["node", "coding-agent-skills"],
|
|
44
|
+
"argumentPolicy": {
|
|
45
|
+
"strategy": "exact",
|
|
46
|
+
"allowedPatterns": ["node scripts/render-deployment-preflight.mjs <project-root>; coding-agent-skills deployment-preflight <project-root>"],
|
|
47
|
+
"deniedPatterns": ["deployments, provider APIs, package installs, builds, tests, runtime checks, migrations, service mutation, and secret-file reads"]
|
|
48
|
+
},
|
|
49
|
+
"constraints": [
|
|
50
|
+
"The renderer must remain static and read-only.",
|
|
51
|
+
"Do not run provider CLIs, deploy, build, test, or inspect secrets."
|
|
52
|
+
]
|
|
53
|
+
}
|
|
54
|
+
],
|
|
55
|
+
"restrictedCategories": [
|
|
56
|
+
"file-write",
|
|
57
|
+
"package-install",
|
|
58
|
+
"deployment",
|
|
59
|
+
"git-mutation",
|
|
60
|
+
"unrestricted-scan",
|
|
61
|
+
"secret-read",
|
|
62
|
+
"process-mutation",
|
|
63
|
+
"service-mutation",
|
|
64
|
+
"migration-apply",
|
|
65
|
+
"privileged-api"
|
|
66
|
+
],
|
|
67
|
+
"approvalExceptions": [
|
|
68
|
+
"A named-file approval may permit one otherwise excluded non-mutating static read when the file is not secret-bearing."
|
|
69
|
+
]
|
|
70
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"contractVersion": "1.0.0",
|
|
3
|
+
"skill": {"name": "deployment-preflight", "version": "0.2.3"},
|
|
4
|
+
"invocation": {
|
|
5
|
+
"id": "example-deployment-preflight",
|
|
6
|
+
"startedAt": "2026-07-03T12:00:00Z",
|
|
7
|
+
"endedAt": "2026-07-03T12:01:00Z"
|
|
8
|
+
},
|
|
9
|
+
"repository": {
|
|
10
|
+
"root": "/workspace/example-project",
|
|
11
|
+
"branch": "main",
|
|
12
|
+
"head": "0123456789abcdef",
|
|
13
|
+
"workingTreeState": "clean"
|
|
14
|
+
},
|
|
15
|
+
"userIntent": "Map static deployment readiness evidence before deployment planning.",
|
|
16
|
+
"declaredScope": ["/workspace/example-project"],
|
|
17
|
+
"projectAdapter": "example-deployment-preflight-adapter",
|
|
18
|
+
"environmentSummary": {"platform": "linux", "shell": "bash"},
|
|
19
|
+
"status": "complete",
|
|
20
|
+
"confidence": {
|
|
21
|
+
"level": "medium",
|
|
22
|
+
"reason": "Static deployment evidence was inspected, but provider credentials and deployed state were not verified."
|
|
23
|
+
},
|
|
24
|
+
"commands": [
|
|
25
|
+
{
|
|
26
|
+
"command": "coding-agent-skills deployment-preflight /workspace/example-project",
|
|
27
|
+
"family": "deployment-preflight-renderer",
|
|
28
|
+
"workingDirectory": "/workspace/example-project",
|
|
29
|
+
"startedAt": "2026-07-03T12:00:20Z",
|
|
30
|
+
"endedAt": "2026-07-03T12:00:21Z",
|
|
31
|
+
"exitStatus": 0,
|
|
32
|
+
"resultStatus": "success",
|
|
33
|
+
"safetyClass": "allowed",
|
|
34
|
+
"approvalReference": null,
|
|
35
|
+
"purpose": "Render a static deployment preflight report.",
|
|
36
|
+
"outputSummary": "Reported static deployment config files, docs, platform indicators, risk indicators, skipped items, and not-verified provider areas."
|
|
37
|
+
}
|
|
38
|
+
],
|
|
39
|
+
"skippedChecks": [],
|
|
40
|
+
"findings": [
|
|
41
|
+
{
|
|
42
|
+
"summary": "Static deployment evidence was mapped without deployment behavior.",
|
|
43
|
+
"evidence": ["wrangler.toml", "docs/deployment.md"]
|
|
44
|
+
}
|
|
45
|
+
],
|
|
46
|
+
"risks": [
|
|
47
|
+
{
|
|
48
|
+
"summary": "Provider and deployed service state may differ from static repository evidence.",
|
|
49
|
+
"evidence": ["provider APIs were not called", "runtime health checks were not performed"]
|
|
50
|
+
}
|
|
51
|
+
],
|
|
52
|
+
"failures": [],
|
|
53
|
+
"unresolvedQuestions": [],
|
|
54
|
+
"changedState": {
|
|
55
|
+
"changed": false,
|
|
56
|
+
"summary": "No project, Git, dependency, runtime, service, database, cloud provider, remote, deployment, or generated-output state changed."
|
|
57
|
+
},
|
|
58
|
+
"handoffSummary": "Static deployment evidence is mapped; deployment execution and provider state remain unverified.",
|
|
59
|
+
"recommendedNextAction": "Review reported deployment surfaces before separately approving any platform-specific deployment work."
|
|
60
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "deployment-preflight",
|
|
3
|
+
"version": "0.2.3",
|
|
4
|
+
"mode": "audit-only",
|
|
5
|
+
"evidenceContract": "../../contracts/evidence-pack/evidence-pack.schema.json",
|
|
6
|
+
"commandPolicy": "../command-policies/deployment-preflight.json",
|
|
7
|
+
"adapterSchema": "../../schemas/project-adapter.schema.json",
|
|
8
|
+
"adapterCompatibility": {
|
|
9
|
+
"contractVersion": "1.0.0",
|
|
10
|
+
"compatibleAdapterVersions": ["1.0.0"]
|
|
11
|
+
},
|
|
12
|
+
"adapterInterface": "../../skills/deployment-preflight/adapter-interface.md",
|
|
13
|
+
"description": "Map static deployment readiness evidence without deployment behavior."
|
|
14
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
# Deployment Preflight Workflow
|
|
2
|
+
|
|
3
|
+
```bash
|
|
4
|
+
coding-agent-skills deployment-preflight /workspace/project
|
|
5
|
+
```
|
|
6
|
+
|
|
7
|
+
Use the output as static deployment orientation only. It does not deploy, call provider APIs,
|
|
8
|
+
install packages, run builds, run tests, start services, run migrations, or read secrets.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "coding-agent-skills",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.16",
|
|
4
4
|
"description": "Evidence-first, read-only coding-agent skills and project adapter tooling.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"private": false,
|
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
"api-contract-audit",
|
|
16
16
|
"migration-review",
|
|
17
17
|
"github-handoff",
|
|
18
|
+
"deployment-preflight",
|
|
18
19
|
"project-adapters",
|
|
19
20
|
"code-validation",
|
|
20
21
|
"cli"
|
package/runs/skill-runs.md
CHANGED
|
@@ -258,6 +258,42 @@ This file records bounded maintainer-loop runs. Entries must not contain secrets
|
|
|
258
258
|
- Safety boundary: read-only local Git metadata only, no `.env` reads, no token reads, no
|
|
259
259
|
remote URL printing, no commits, no pushes, no tags, no pull request creation, no GitHub
|
|
260
260
|
API calls, and no target-project mutation.
|
|
261
|
+
- Validation commands: full source validation, package dry-run, tarball smoke, registry
|
|
262
|
+
install smoke, npm exec, and GitHub Release verification.
|
|
263
|
+
- Result: passed; `v0.2.14` was committed, pushed, tagged, published to npm, smoke-tested
|
|
264
|
+
from the registry, and released on GitHub.
|
|
265
|
+
- Commit/tag/push status: complete.
|
|
266
|
+
|
|
267
|
+
## implementation-v0.2.15-deployment-preflight
|
|
268
|
+
|
|
269
|
+
- Run ID: `implementation-v0.2.15-deployment-preflight`
|
|
270
|
+
- Repository: `/home/oneclickwebsitedesignfactory/coding-agent-skills`
|
|
271
|
+
- Command used: `builder-mode approval for deployment-preflight-skill implementation and release`
|
|
272
|
+
- Files changed: `deployment-preflight` skill, deployment preflight renderer and library,
|
|
273
|
+
CLI wrapper, adapter schemas, pack rules, release tests, synthetic deployment fixtures,
|
|
274
|
+
usage/release/safety/adapter docs, changelog, roadmap, work ledger, run log, and package
|
|
275
|
+
metadata.
|
|
276
|
+
- Safety boundary: read-only static deployment evidence only, no `.env` reads, no provider
|
|
277
|
+
API calls, no provider CLI execution, no package installs, no builds, no tests, no
|
|
278
|
+
runtime checks, no service mutation, no deployments, no migrations, and no target-project
|
|
279
|
+
mutation.
|
|
280
|
+
- Validation commands: full source validation, package dry-run, tarball smoke, registry
|
|
281
|
+
install smoke, npm exec, and GitHub Release verification.
|
|
282
|
+
- Result: passed; `v0.2.15` was committed, pushed, tagged, published to npm, smoke-tested
|
|
283
|
+
from the registry, and released on GitHub.
|
|
284
|
+
- Commit/tag/push status: complete.
|
|
285
|
+
|
|
286
|
+
## implementation-v0.2.16-openclaw-json-output
|
|
287
|
+
|
|
288
|
+
- Run ID: `implementation-v0.2.16-openclaw-json-output`
|
|
289
|
+
- Repository: `/home/oneclickwebsitedesignfactory/coding-agent-skills`
|
|
290
|
+
- Command used: `bounded approval for OpenClaw-compatible JSON output and exit-code contract`
|
|
291
|
+
- Files changed: CLI wrapper, release tests, usage/release/testing docs, changelog,
|
|
292
|
+
roadmap, work ledger, run log, and package metadata.
|
|
293
|
+
- Safety boundary: read-only machine-readable output only; no `.env` reads, no OpenClaw
|
|
294
|
+
modification, no OpenClaw plugin code, no cron or memory integration, no real project
|
|
295
|
+
repository mutation, no target-project builds/tests/runtime checks, no deployments, no
|
|
296
|
+
migrations, and no dependency changes.
|
|
261
297
|
- Validation commands: pending final release validation matrix.
|
|
262
298
|
- Result: pass pending final publication evidence.
|
|
263
299
|
- Commit/tag/push status: pending approved release workflow.
|
|
@@ -71,6 +71,7 @@
|
|
|
71
71
|
"api-contract-audit",
|
|
72
72
|
"migration-review",
|
|
73
73
|
"github-handoff",
|
|
74
|
+
"deployment-preflight",
|
|
74
75
|
"build-verify",
|
|
75
76
|
"git-preflight",
|
|
76
77
|
"runtime-truth",
|
|
@@ -109,6 +110,7 @@
|
|
|
109
110
|
"api-contract-audit",
|
|
110
111
|
"migration-review",
|
|
111
112
|
"github-handoff",
|
|
113
|
+
"deployment-preflight",
|
|
112
114
|
"build-verify",
|
|
113
115
|
"git-preflight",
|
|
114
116
|
"runtime-truth",
|
|
@@ -95,6 +95,7 @@
|
|
|
95
95
|
"api-contract-audit",
|
|
96
96
|
"migration-review",
|
|
97
97
|
"github-handoff",
|
|
98
|
+
"deployment-preflight",
|
|
98
99
|
"build-verify",
|
|
99
100
|
"git-preflight",
|
|
100
101
|
"runtime-truth",
|
|
@@ -177,6 +178,7 @@
|
|
|
177
178
|
"api-contract-audit",
|
|
178
179
|
"migration-review",
|
|
179
180
|
"github-handoff",
|
|
181
|
+
"deployment-preflight",
|
|
180
182
|
"build-verify",
|
|
181
183
|
"git-preflight",
|
|
182
184
|
"runtime-truth",
|