coding-agent-skills 0.2.8 → 0.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/README.md +4 -0
- package/ROADMAP.md +6 -3
- package/bin/coding-agent-skills +8 -1
- package/docs/adapters/README.md +17 -0
- package/docs/adapters/project-installation.md +14 -1
- package/docs/adapters/real-project-adoption.md +2 -2
- package/docs/architecture/README.md +4 -1
- package/docs/release/README.md +10 -8
- package/docs/release/npm-package.md +7 -4
- package/docs/safety/README.md +5 -1
- package/docs/testing/README.md +8 -0
- package/docs/usage/README.md +13 -5
- package/examples/command-policies/route-trace.json +72 -0
- package/examples/evidence-packs/route-trace.json +55 -0
- package/examples/manifests/route-trace.json +14 -0
- package/examples/workflows/route-trace.md +20 -0
- package/package.json +2 -1
- package/runs/skill-runs.md +27 -0
- package/schemas/project-adapter-installation.schema.json +5 -3
- package/schemas/project-adapter.schema.json +2 -0
- package/scripts/lib/pack-rules.mjs +11 -2
- package/scripts/lib/route-trace.mjs +785 -0
- package/scripts/render-route-trace.mjs +8 -0
- package/scripts/test-pack.mjs +89 -1
- package/scripts/validate-pack.mjs +5 -2
- package/skills/route-trace/SKILL.md +58 -0
- package/skills/route-trace/adapter-interface.md +20 -0
- package/skills/route-trace/agents/openai.yaml +4 -0
- package/skills/route-trace/checklist.md +11 -0
- package/skills/route-trace/evidence-template.md +18 -0
- package/skills/route-trace/examples.md +32 -0
- package/skills/route-trace/failure-modes.md +9 -0
- package/tests/fixtures/route-trace/adapter-project/.coding-agent/adapters/route-trace-fixture/adapter.json +59 -0
- package/tests/fixtures/route-trace/adapter-project/.coding-agent/skills.json +23 -0
- package/tests/fixtures/route-trace/adapter-project/README.md +3 -0
- package/tests/fixtures/route-trace/adapter-project/app/api/items/route.ts +3 -0
- package/tests/fixtures/route-trace/adapter-project/package.json +5 -0
- package/tests/fixtures/route-trace/adapter-project/pages/index.tsx +3 -0
- package/tests/fixtures/route-trace/adapter-project/src/routes.ts +3 -0
- package/tests/fixtures/route-trace/static-project/.env.example +1 -0
- package/tests/fixtures/route-trace/static-project/README.md +3 -0
- package/tests/fixtures/route-trace/static-project/app/api/users/route.ts +3 -0
- package/tests/fixtures/route-trace/static-project/app/blog/[slug]/page.tsx +3 -0
- package/tests/fixtures/route-trace/static-project/app/page.tsx +3 -0
- package/tests/fixtures/route-trace/static-project/package.json +5 -0
- package/tests/fixtures/route-trace/static-project/pages/about.tsx +3 -0
- package/tests/fixtures/route-trace/static-project/pages/api/hello.ts +3 -0
- package/tests/fixtures/route-trace/static-project/server/routes.ts +4 -0
- package/tests/fixtures/route-trace/static-project/src/route-config.ts +4 -0
- package/tests/fixtures/route-trace/static-project/src/router.tsx +10 -0
- package/tests/fixtures/triggers/cases.json +13 -1
- package/tests/trigger/README.md +1 -0
- package/work-ledger.md +19 -7
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { routeTraceCliResult } from "./lib/route-trace.mjs";
|
|
2
|
+
|
|
3
|
+
const outcome = routeTraceCliResult(process.argv[2]);
|
|
4
|
+
for (const line of outcome.lines) {
|
|
5
|
+
if (outcome.stream === "stdout") console.log(line);
|
|
6
|
+
else console.error(line);
|
|
7
|
+
}
|
|
8
|
+
process.exitCode = outcome.exitCode;
|
package/scripts/test-pack.mjs
CHANGED
|
@@ -42,6 +42,11 @@ import {
|
|
|
42
42
|
buildAdapterRepoMapReport,
|
|
43
43
|
renderAdapterRepoMapReport,
|
|
44
44
|
} from "./lib/adapter-repo-map.mjs";
|
|
45
|
+
import {
|
|
46
|
+
buildRouteTraceReport,
|
|
47
|
+
renderRouteTraceReport,
|
|
48
|
+
routeTraceCliResult,
|
|
49
|
+
} from "./lib/route-trace.mjs";
|
|
45
50
|
import {
|
|
46
51
|
adapterUpgradeCliResult,
|
|
47
52
|
checkAdapterUpgrade,
|
|
@@ -256,6 +261,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
256
261
|
assert.ok(cliText.includes("scripts/validate-pack.mjs"));
|
|
257
262
|
assert.ok(cliText.includes("scripts/validate-project-adapters.mjs"));
|
|
258
263
|
assert.ok(cliText.includes("scripts/render-adapter-repo-map.mjs"));
|
|
264
|
+
assert.ok(cliText.includes("scripts/render-route-trace.mjs"));
|
|
259
265
|
assert.ok(cliText.includes("scripts/validate-adapters.mjs"));
|
|
260
266
|
assert.ok(!cliText.includes(".env"));
|
|
261
267
|
|
|
@@ -277,6 +283,10 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
277
283
|
["repo-map", path.join(fixtureRoot, "project-adapter-installation", "valid-exact-pin")],
|
|
278
284
|
/# Adapter-Aware Repo Map/,
|
|
279
285
|
],
|
|
286
|
+
[
|
|
287
|
+
["route-trace", path.join(fixtureRoot, "route-trace", "static-project")],
|
|
288
|
+
/# Route Trace Report/,
|
|
289
|
+
],
|
|
280
290
|
];
|
|
281
291
|
|
|
282
292
|
for (const [args, expected] of commands) {
|
|
@@ -301,7 +311,7 @@ test("local CLI maps approved commands to existing safe scripts", () => {
|
|
|
301
311
|
test("npm package metadata is public-ready and dependency-free", () => {
|
|
302
312
|
const packageJson = readJson("package.json");
|
|
303
313
|
assert.equal(packageJson.name, "coding-agent-skills");
|
|
304
|
-
assert.equal(packageJson.version, "0.2.
|
|
314
|
+
assert.equal(packageJson.version, "0.2.9");
|
|
305
315
|
assert.equal(
|
|
306
316
|
packageJson.description,
|
|
307
317
|
"Evidence-first, read-only coding-agent skills and project adapter tooling.",
|
|
@@ -313,6 +323,7 @@ test("npm package metadata is public-ready and dependency-free", () => {
|
|
|
313
323
|
"coding-agent",
|
|
314
324
|
"agent-skills",
|
|
315
325
|
"repo-map",
|
|
326
|
+
"route-trace",
|
|
316
327
|
"project-adapters",
|
|
317
328
|
"code-validation",
|
|
318
329
|
"cli",
|
|
@@ -363,6 +374,83 @@ test("npm package metadata is public-ready and dependency-free", () => {
|
|
|
363
374
|
assert.match(read("docs/release/npm-package.md"), /npm install -g coding-agent-skills/);
|
|
364
375
|
});
|
|
365
376
|
|
|
377
|
+
test("route-trace renderer identifies static route files and inferred patterns", () => {
|
|
378
|
+
const result = buildRouteTraceReport(
|
|
379
|
+
path.join(root, "tests", "fixtures", "route-trace", "static-project"),
|
|
380
|
+
{ coreRoot: root },
|
|
381
|
+
);
|
|
382
|
+
assert.equal(result.ok, true);
|
|
383
|
+
assert.equal(result.status, "complete");
|
|
384
|
+
assert.equal(result.adapter.present, false);
|
|
385
|
+
assert.ok(
|
|
386
|
+
result.verifiedRouteFiles.some(
|
|
387
|
+
(record) => record.route === "/api/users" && record.file === "app/api/users/route.ts",
|
|
388
|
+
),
|
|
389
|
+
);
|
|
390
|
+
assert.ok(
|
|
391
|
+
result.verifiedRouteFiles.some(
|
|
392
|
+
(record) => record.route === "/blog/[slug]" && record.file === "app/blog/[slug]/page.tsx",
|
|
393
|
+
),
|
|
394
|
+
);
|
|
395
|
+
assert.ok(
|
|
396
|
+
result.verifiedRouteFiles.some(
|
|
397
|
+
(record) => record.route === "/api/hello" && record.file === "pages/api/hello.ts",
|
|
398
|
+
),
|
|
399
|
+
);
|
|
400
|
+
assert.ok(
|
|
401
|
+
result.inferredRoutePatterns.some(
|
|
402
|
+
(record) => record.route === "/dashboard" && record.kind === "react-router-route-declaration",
|
|
403
|
+
),
|
|
404
|
+
);
|
|
405
|
+
assert.ok(
|
|
406
|
+
result.inferredRoutePatterns.some(
|
|
407
|
+
(record) => record.route === "/health" && record.method === "GET",
|
|
408
|
+
),
|
|
409
|
+
);
|
|
410
|
+
assert.ok(result.notVerified.includes("runtime-generated routes"));
|
|
411
|
+
assert.ok(renderRouteTraceReport(result).includes("No target project build"));
|
|
412
|
+
});
|
|
413
|
+
|
|
414
|
+
test("route-trace renderer respects adapter-declared scope", () => {
|
|
415
|
+
const result = buildRouteTraceReport(
|
|
416
|
+
path.join(root, "tests", "fixtures", "route-trace", "adapter-project"),
|
|
417
|
+
{ coreRoot: root },
|
|
418
|
+
);
|
|
419
|
+
assert.equal(result.ok, true);
|
|
420
|
+
assert.equal(result.status, "complete");
|
|
421
|
+
assert.equal(result.adapter.present, true);
|
|
422
|
+
assert.equal(result.adapter.enabled, true);
|
|
423
|
+
assert.deepEqual(result.adapter.scopePaths, ["app", "pages", "src"]);
|
|
424
|
+
assert.ok(
|
|
425
|
+
result.verifiedRouteFiles.some(
|
|
426
|
+
(record) => record.route === "/api/items" && record.file === "app/api/items/route.ts",
|
|
427
|
+
),
|
|
428
|
+
);
|
|
429
|
+
assert.ok(
|
|
430
|
+
result.inferredRoutePatterns.some((record) => record.route === "/adapter-health"),
|
|
431
|
+
);
|
|
432
|
+
|
|
433
|
+
const cli = routeTraceCliResult(
|
|
434
|
+
path.join(root, "tests", "fixtures", "route-trace", "adapter-project"),
|
|
435
|
+
{ coreRoot: root },
|
|
436
|
+
);
|
|
437
|
+
assert.equal(cli.exitCode, 0);
|
|
438
|
+
assert.match(cli.lines.join("\n"), /route-trace used adapter-declared safe read paths only/);
|
|
439
|
+
});
|
|
440
|
+
|
|
441
|
+
test("route-trace does not broaden a repo-map-only project adapter", () => {
|
|
442
|
+
const result = buildRouteTraceReport(
|
|
443
|
+
path.join(root, "tests", "fixtures", "project-adapter-installation", "valid-exact-pin"),
|
|
444
|
+
{ coreRoot: root },
|
|
445
|
+
);
|
|
446
|
+
assert.equal(result.ok, true);
|
|
447
|
+
assert.equal(result.status, "partial");
|
|
448
|
+
assert.equal(result.adapter.present, true);
|
|
449
|
+
assert.equal(result.adapter.enabled, false);
|
|
450
|
+
assert.deepEqual(result.scannedFiles, []);
|
|
451
|
+
assert.match(renderRouteTraceReport(result), /route-trace is not enabled/);
|
|
452
|
+
});
|
|
453
|
+
|
|
366
454
|
test("validate-pack accepts installed package trees without source-only gitignore", () => {
|
|
367
455
|
const temporaryRoot = fs.mkdtempSync(path.join(os.tmpdir(), "installed-package-"));
|
|
368
456
|
const installedRoot = path.join(temporaryRoot, "coding-agent-skills");
|
|
@@ -95,11 +95,13 @@ const requiredRootFiles = [
|
|
|
95
95
|
"scripts/verify-evidence-bundle.mjs",
|
|
96
96
|
"scripts/render-evidence-archive-report.mjs",
|
|
97
97
|
"scripts/render-adapter-repo-map.mjs",
|
|
98
|
+
"scripts/render-route-trace.mjs",
|
|
98
99
|
"scripts/check-adapter-upgrade.mjs",
|
|
99
100
|
"scripts/check-adapter-upgrade-chain.mjs",
|
|
100
101
|
"scripts/validate-adapters.mjs",
|
|
101
102
|
"scripts/validate-project-adapters.mjs",
|
|
102
103
|
"scripts/lib/adapter-repo-map.mjs",
|
|
104
|
+
"scripts/lib/route-trace.mjs",
|
|
103
105
|
"scripts/lib/adapter-upgrade.mjs",
|
|
104
106
|
"scripts/lib/adapter-upgrade-chain.mjs",
|
|
105
107
|
"scripts/lib/adapter-discovery.mjs",
|
|
@@ -673,8 +675,8 @@ if (packageJson) {
|
|
|
673
675
|
if (packageJson.name !== "coding-agent-skills") {
|
|
674
676
|
failures.push("package.json has unexpected package name");
|
|
675
677
|
}
|
|
676
|
-
if (packageJson.version !== "0.2.
|
|
677
|
-
failures.push("package.json version must be 0.2.
|
|
678
|
+
if (packageJson.version !== "0.2.9") {
|
|
679
|
+
failures.push("package.json version must be 0.2.9 for public package validation");
|
|
678
680
|
}
|
|
679
681
|
if (packageJson.type !== "module") failures.push("package.json must preserve ESM mode");
|
|
680
682
|
if (packageJson.private !== false) {
|
|
@@ -692,6 +694,7 @@ if (packageJson) {
|
|
|
692
694
|
"coding-agent",
|
|
693
695
|
"agent-skills",
|
|
694
696
|
"repo-map",
|
|
697
|
+
"route-trace",
|
|
695
698
|
"project-adapters",
|
|
696
699
|
"code-validation",
|
|
697
700
|
"cli",
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: route-trace
|
|
3
|
+
description: Trace statically visible application route surfaces without executing project code or changing state. Use when Codex must identify Next.js, API, React Router, Express/Fastify/Hono, or route-config surfaces from files before editing, reviewing, or planning route work; do not use for runtime URL probing, server execution, builds, tests, deployment checks, migrations, or runtime truth claims.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Route Trace
|
|
7
|
+
|
|
8
|
+
Identify route surfaces from static project files and emit an evidence-backed report. Remain audit-only and fail closed when route evidence would require execution or secret-bearing configuration.
|
|
9
|
+
|
|
10
|
+
This skill must not change project files, Git state, dependencies, runtime state, services,
|
|
11
|
+
databases, remotes, or deployment state.
|
|
12
|
+
|
|
13
|
+
## Purpose And Use
|
|
14
|
+
|
|
15
|
+
Use this skill to locate and classify statically visible routes before changing application code, reviewing API surfaces, or planning route-level work. It can identify verified route files and inferred route declarations, but it must not claim that a route works at runtime.
|
|
16
|
+
|
|
17
|
+
Do not use this skill for live endpoint checks, server startup, browser tests, build verification, deployment readiness, migrations, database inspection, or secret auditing.
|
|
18
|
+
|
|
19
|
+
## Inputs
|
|
20
|
+
|
|
21
|
+
Require a project root or starting path. Optionally accept a project adapter, intended route area, maximum static scan depth, or named route framework to prioritize.
|
|
22
|
+
|
|
23
|
+
Do not assume every route is statically discoverable, every route file is reachable in production, framework conventions are current, an adapter covers all route surfaces, or documentation route lists are authoritative.
|
|
24
|
+
|
|
25
|
+
## Procedure
|
|
26
|
+
|
|
27
|
+
1. Record user intent, project root, declared scope, adapter state, and safety boundary.
|
|
28
|
+
2. Validate a project adapter when present before reading adapter-declared metadata.
|
|
29
|
+
3. If an adapter is present but does not enable `route-trace`, stop static file reading and report the adapter-limited skip.
|
|
30
|
+
4. Build the scan scope from adapter safe read paths when available; otherwise use a bounded generic static scan.
|
|
31
|
+
5. Apply ignored paths and secret-file exclusions before reading any file.
|
|
32
|
+
6. Identify verified route files from static conventions such as Next.js `app/` and `pages/` route files.
|
|
33
|
+
7. Identify inferred route patterns from visible declarations such as React Router paths, Express/Fastify/Hono registrations, and route config objects.
|
|
34
|
+
8. Label every finding as verified, inferred, skipped, not verified, or adapter-limited.
|
|
35
|
+
9. Report skipped files, unverified runtime-dependent areas, branch state warnings, and safety refusals.
|
|
36
|
+
10. Emit the shared evidence pack or route-trace report before claiming completion.
|
|
37
|
+
|
|
38
|
+
Use [checklist.md](checklist.md). Consult [failure-modes.md](failure-modes.md), [adapter-interface.md](adapter-interface.md), and [examples.md](examples.md). Format findings with [evidence-template.md](evidence-template.md).
|
|
39
|
+
|
|
40
|
+
## Evidence, Recovery, And Dependencies
|
|
41
|
+
|
|
42
|
+
Emit repository identity, adapter state, scan scope, ignored paths, verified route files, inferred route patterns, skipped items, not-verified route classes, warnings, and changed-state declaration through the shared evidence-pack contract.
|
|
43
|
+
|
|
44
|
+
Recover from missing adapters, unsupported frameworks, unreadable files, or ambiguous route declarations by narrowing scope and reporting uncertainty. Never recover by installing dependencies, running app code, starting servers, hitting URLs, broadening adapter scope, reading `.env`, or mutating files.
|
|
45
|
+
|
|
46
|
+
This skill depends on the evidence-pack contract and may consume validated project adapters. Adapters may add safe paths, ignored paths, documentation precedence, and evidence requirements, but cannot weaken policy or turn this skill into runtime verification.
|
|
47
|
+
|
|
48
|
+
## Approval Boundary
|
|
49
|
+
|
|
50
|
+
Explicit approval may permit one named non-secret static file read outside normal route paths. Approval does not permit package installation, builds, tests, runtime checks, server startup, URL probing, database inspection, migrations, deployments, Git mutation, or secret-file reads.
|
|
51
|
+
|
|
52
|
+
## Completion
|
|
53
|
+
|
|
54
|
+
Claim `complete` only when the declared static scan scope was inspected, route findings are labeled by evidence type, skipped and not-verified areas are recorded with consequences, adapter limitations are explicit, and no project, Git, dependency, runtime, service, or remote state changed.
|
|
55
|
+
|
|
56
|
+
Report `partial`, `failed`, or `blocked` when adapter scope prevents route scanning, route evidence requires execution, the project root cannot be established, or safety exclusions prevent a requested conclusion. Never claim runtime availability or route correctness from static findings alone.
|
|
57
|
+
|
|
58
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Route Trace Adapter Interface
|
|
2
|
+
|
|
3
|
+
Project adapters may enable `route-trace` only as an audit-only static inspection skill.
|
|
4
|
+
|
|
5
|
+
Adapters may provide:
|
|
6
|
+
|
|
7
|
+
- `safeReadPaths` for route-bearing source and route config files.
|
|
8
|
+
- `ignoredPaths` for generated output, dependency folders, and non-route surfaces.
|
|
9
|
+
- `documentationPrecedence` for route documentation that should be reviewed separately.
|
|
10
|
+
- `requiredEvidence` such as route files inspected, adapter scope, skipped paths, and not-verified runtime classes.
|
|
11
|
+
- `expectedPackageManagers` as metadata only.
|
|
12
|
+
|
|
13
|
+
Adapters must not:
|
|
14
|
+
|
|
15
|
+
- Add commands for `route-trace`.
|
|
16
|
+
- Permit builds, tests, package installs, server startup, URL probing, deployment, migration, database inspection, or secret reads.
|
|
17
|
+
- Remove inherited restrictions.
|
|
18
|
+
- Change `route-trace` from `audit-only` to action-capable.
|
|
19
|
+
- Expand scanning outside the declared project root without named approval.
|
|
20
|
+
- Suppress skipped checks, warnings, uncertainty, or completion requirements.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Route Trace Checklist
|
|
2
|
+
|
|
3
|
+
- Confirm project root and declared scope.
|
|
4
|
+
- Validate any project adapter before consuming adapter metadata.
|
|
5
|
+
- If the adapter is present but does not enable `route-trace`, stop and report the adapter-limited skip.
|
|
6
|
+
- Build a bounded static scan scope from adapter safe paths or generic repository-local defaults.
|
|
7
|
+
- Exclude `.env`, secret-bearing files, generated output, dependencies, and ignored paths.
|
|
8
|
+
- Identify verified route files separately from inferred route declarations.
|
|
9
|
+
- Record skipped paths and not-verified runtime-dependent route classes.
|
|
10
|
+
- State that no server, build, test, runtime check, deployment, migration, package install, or secret read was performed.
|
|
11
|
+
- Emit an evidence pack or route-trace report before claiming completion.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Route Trace Evidence Template
|
|
2
|
+
|
|
3
|
+
Use the shared evidence-pack contract and include:
|
|
4
|
+
|
|
5
|
+
- Skill: `route-trace`
|
|
6
|
+
- Repository root, branch, HEAD, and working-tree state
|
|
7
|
+
- User intent and declared route scope
|
|
8
|
+
- Project adapter ID or `null`
|
|
9
|
+
- Static scan scope and ignored paths
|
|
10
|
+
- Verified route files with file paths and route patterns
|
|
11
|
+
- Inferred route declarations with evidence file paths
|
|
12
|
+
- Skipped paths with reasons and consequences
|
|
13
|
+
- Not-verified runtime-dependent route classes
|
|
14
|
+
- Safety refusals
|
|
15
|
+
- Changed state: `false`
|
|
16
|
+
- Recommended next action
|
|
17
|
+
|
|
18
|
+
Completion requires evidence for both findings and boundaries. A static route trace is not runtime truth.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Route Trace Examples
|
|
2
|
+
|
|
3
|
+
## Safe
|
|
4
|
+
|
|
5
|
+
- Inspect a repository for statically visible Next.js `app/` and `pages/` routes.
|
|
6
|
+
- Trace route declarations in React Router config without running the app.
|
|
7
|
+
- Identify Express, Fastify, or Hono-style route registrations from visible source files.
|
|
8
|
+
- Report that a project adapter prevents route scanning because `route-trace` is not enabled.
|
|
9
|
+
|
|
10
|
+
## Unsafe
|
|
11
|
+
|
|
12
|
+
- Start a dev server to see which URLs respond.
|
|
13
|
+
- Run browser tests or fetch live endpoints.
|
|
14
|
+
- Read `.env` to determine route prefixes.
|
|
15
|
+
- Run migrations, seed databases, deploy, or inspect production infrastructure.
|
|
16
|
+
- Claim that a static route finding proves runtime availability.
|
|
17
|
+
|
|
18
|
+
## Example Output Shape
|
|
19
|
+
|
|
20
|
+
```text
|
|
21
|
+
# Route Trace Report
|
|
22
|
+
Status: complete
|
|
23
|
+
|
|
24
|
+
## Verified Route Files
|
|
25
|
+
- /api/users (next-app-api-route-file) in app/api/users/route.ts
|
|
26
|
+
|
|
27
|
+
## Inferred Route Patterns
|
|
28
|
+
- GET /health (express-style-route-registration) in server/routes.ts
|
|
29
|
+
|
|
30
|
+
## Not Verified
|
|
31
|
+
- runtime-generated routes
|
|
32
|
+
```
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# Route Trace Failure Modes
|
|
2
|
+
|
|
3
|
+
- **No project root**: stop with `failed`; do not search outside the declared scope.
|
|
4
|
+
- **Malformed adapter**: stop with adapter validation failure; do not fall back to broader scanning.
|
|
5
|
+
- **Adapter present but not enabled**: report `partial` with adapter-limited scope and no target-file reads.
|
|
6
|
+
- **Unreadable or large files**: skip and record the consequence.
|
|
7
|
+
- **Secret-bearing path**: skip; do not request contents unless the user gives a named-file approval and the file is non-secret.
|
|
8
|
+
- **Runtime-dependent routing**: mark as not verified instead of running the app.
|
|
9
|
+
- **Ambiguous route declaration**: label as inferred or unresolved; do not upgrade it to verified.
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
{
|
|
2
|
+
"adapterId": "route-trace-fixture",
|
|
3
|
+
"adapterVersion": "1.0.0",
|
|
4
|
+
"project": {
|
|
5
|
+
"id": "route-trace-fixture",
|
|
6
|
+
"detection": {
|
|
7
|
+
"rootMarkers": [{"kind": "file", "path": "package.json"}],
|
|
8
|
+
"maximumDepth": 2,
|
|
9
|
+
"scope": "declared-project-root",
|
|
10
|
+
"requireApprovalOutsideScope": true
|
|
11
|
+
}
|
|
12
|
+
},
|
|
13
|
+
"supportedSkills": [
|
|
14
|
+
{
|
|
15
|
+
"id": "route-trace",
|
|
16
|
+
"compatibleVersions": ["0.2.x"],
|
|
17
|
+
"declaredMode": "audit-only"
|
|
18
|
+
}
|
|
19
|
+
],
|
|
20
|
+
"extensions": {
|
|
21
|
+
"safeReadPaths": ["app", "pages", "src"],
|
|
22
|
+
"ignoredPaths": ["dist", "build", "node_modules"],
|
|
23
|
+
"documentationPrecedence": ["README.md"],
|
|
24
|
+
"commandAliases": [],
|
|
25
|
+
"safeStatusCommands": [],
|
|
26
|
+
"requiredEvidence": [
|
|
27
|
+
"adapter scope",
|
|
28
|
+
"verified route files",
|
|
29
|
+
"inferred route patterns",
|
|
30
|
+
"skipped route paths",
|
|
31
|
+
"not-verified runtime classes"
|
|
32
|
+
],
|
|
33
|
+
"expectedRuntimeManagers": [],
|
|
34
|
+
"expectedPackageManagers": ["npm"]
|
|
35
|
+
},
|
|
36
|
+
"approvalRequirements": [],
|
|
37
|
+
"inheritance": {
|
|
38
|
+
"sharedRestrictions": "required",
|
|
39
|
+
"deniedOperationCategories": [
|
|
40
|
+
"file-write",
|
|
41
|
+
"package-install",
|
|
42
|
+
"deployment",
|
|
43
|
+
"git-mutation",
|
|
44
|
+
"unrestricted-scan",
|
|
45
|
+
"secret-read",
|
|
46
|
+
"process-mutation",
|
|
47
|
+
"service-mutation",
|
|
48
|
+
"migration-apply",
|
|
49
|
+
"privileged-api"
|
|
50
|
+
],
|
|
51
|
+
"allowRestrictionRemoval": false,
|
|
52
|
+
"allowModeOverride": false,
|
|
53
|
+
"allowFailureSuppression": false,
|
|
54
|
+
"allowCompletionOverride": false,
|
|
55
|
+
"allowSecretExposure": false,
|
|
56
|
+
"allowRequiredEvidenceRemoval": false,
|
|
57
|
+
"allowScopeExpansionWithoutApproval": false
|
|
58
|
+
}
|
|
59
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"declarationVersion": "1.0.0",
|
|
3
|
+
"projectId": "route-trace-fixture",
|
|
4
|
+
"adapterRoot": ".coding-agent/adapters",
|
|
5
|
+
"adapterSchemaVersion": "1.0.0",
|
|
6
|
+
"core": {
|
|
7
|
+
"id": "coding-agent-skills",
|
|
8
|
+
"expectedVersion": "0.2.3",
|
|
9
|
+
"versionPin": ">=0.2.3 <0.3.0"
|
|
10
|
+
},
|
|
11
|
+
"compatibleSkillIds": ["route-trace"],
|
|
12
|
+
"adapters": [
|
|
13
|
+
{
|
|
14
|
+
"id": "route-trace-fixture",
|
|
15
|
+
"version": "1.0.0",
|
|
16
|
+
"skillIds": ["route-trace"]
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
"validationCommand": "node <shared-core>/scripts/validate-project-adapters.mjs <project-root>",
|
|
20
|
+
"evidenceOutput": "validation-output/route-trace.json",
|
|
21
|
+
"approvalPolicyReference": "docs/coding-agent-approval-policy.md",
|
|
22
|
+
"noSecrets": true
|
|
23
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
PUBLIC_EXAMPLE=value
|
|
@@ -19,6 +19,18 @@
|
|
|
19
19
|
"expectedSkill": "repo-map",
|
|
20
20
|
"notSkills": ["llm-drift-control"]
|
|
21
21
|
},
|
|
22
|
+
{
|
|
23
|
+
"id": "route-trace-static-routes",
|
|
24
|
+
"prompt": "Trace the static route surface and identify Next.js API route files before I edit a handler.",
|
|
25
|
+
"expectedSkill": "route-trace",
|
|
26
|
+
"notSkills": ["repo-map", "runtime-truth"]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": "route-trace-express",
|
|
30
|
+
"prompt": "Find the Express routes and React Router paths that are statically visible without running the app.",
|
|
31
|
+
"expectedSkill": "route-trace",
|
|
32
|
+
"notSkills": ["build-verify", "runtime-truth"]
|
|
33
|
+
},
|
|
22
34
|
{
|
|
23
35
|
"id": "build-after-implementation",
|
|
24
36
|
"prompt": "The implementation is finished. Run the existing typecheck, tests, and build.",
|
|
@@ -71,7 +83,7 @@
|
|
|
71
83
|
"id": "negative-deploy",
|
|
72
84
|
"prompt": "Deploy this application to production.",
|
|
73
85
|
"expectedSkill": null,
|
|
74
|
-
"notSkills": ["repo-map", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
86
|
+
"notSkills": ["repo-map", "route-trace", "build-verify", "git-preflight", "runtime-truth", "llm-drift-control"]
|
|
75
87
|
},
|
|
76
88
|
{
|
|
77
89
|
"id": "negative-install",
|
package/tests/trigger/README.md
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
`tests/fixtures/triggers/cases.json` provides executable positive, negative, and wrong-skill cases for every pilot skill.
|
|
4
4
|
|
|
5
5
|
- Repository orientation must trigger `repo-map`, not build or runtime validation.
|
|
6
|
+
- Static route-surface tracing must trigger `route-trace`, not repository mapping or runtime truth.
|
|
6
7
|
- Local validation must trigger `build-verify` only when project-native checks are requested.
|
|
7
8
|
- Git readiness must trigger `git-preflight`, not publication.
|
|
8
9
|
- Process/listener/health questions must trigger `runtime-truth`, not restart behavior.
|
package/work-ledger.md
CHANGED
|
@@ -4,24 +4,25 @@
|
|
|
4
4
|
|
|
5
5
|
- Repository: `coding-agent-skills`
|
|
6
6
|
- Branch: `main`
|
|
7
|
-
- Pilot skills: `repo-map`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
7
|
+
- Pilot skills: `repo-map`, `route-trace`, `build-verify`, `git-preflight`, `runtime-truth`, `llm-drift-control`
|
|
8
8
|
- Adapter discovery, project adapter installation, stale-pin detection, upgrade evidence, compatibility-chain validation, evidence-bundle verification, retention policy, provenance design, archive-report rendering, archive-index fixtures, retention-expiry advisory reporting, and detached-signature verification planning are implemented.
|
|
9
9
|
- Real-project adapter adoption readiness is documented as a planning-only approval gate.
|
|
10
10
|
- First external project-owned adapter adoption completed for `/home/oneclickwebsitedesignfactory/tax-lien-platform` at candidate commit `c548b1a6cbb3455a70b89d0e301e22435bfccac9`.
|
|
11
11
|
- The adopted adapter is `repo-map` only, docs/metadata-only, and contains no commands, runtime checks, build/test/package behavior, platform/deployment behavior, or secret-aware behavior.
|
|
12
12
|
- The shared repository does not contain real adapter manifests; real project adapters remain owned by their project repositories.
|
|
13
|
-
- Public npm package release `v0.2.
|
|
13
|
+
- Public npm package release `v0.2.9` exposes the dependency-free
|
|
14
14
|
`coding-agent-skills` CLI under MIT license.
|
|
15
|
-
-
|
|
15
|
+
- `route-trace` is implemented as an audit-only static route tracing skill. Additional new
|
|
16
|
+
skills are not approved.
|
|
16
17
|
|
|
17
18
|
## Last Completed Version
|
|
18
19
|
|
|
19
|
-
`v0.2.
|
|
20
|
+
`v0.2.9`
|
|
20
21
|
|
|
21
22
|
## Current Recommended Milestone
|
|
22
23
|
|
|
23
|
-
The public npm release is complete for the
|
|
24
|
-
adapters, adapter expansion, new skills, platform skills, deployment/preflight work,
|
|
24
|
+
The `route-trace` public npm release is complete for the approved CLI surface. No further
|
|
25
|
+
real adapters, adapter expansion, new skills, platform skills, deployment/preflight work,
|
|
25
26
|
signing infrastructure, or evidence-harness milestone is approved.
|
|
26
27
|
|
|
27
28
|
## Allowed Next Actions
|
|
@@ -40,7 +41,7 @@ signing infrastructure, or evidence-harness milestone is approved.
|
|
|
40
41
|
|
|
41
42
|
## Blocked Actions
|
|
42
43
|
|
|
43
|
-
- Adding new skills.
|
|
44
|
+
- Adding more new skills.
|
|
44
45
|
- Creating real project adapters.
|
|
45
46
|
- Modifying real project repositories.
|
|
46
47
|
- Publishing release artifacts without explicit approval.
|
|
@@ -105,6 +106,17 @@ No autonomous maintainer-loop run has been recorded yet.
|
|
|
105
106
|
skills require separate human approval.
|
|
106
107
|
|
|
107
108
|
|
|
109
|
+
### 2026-07-03T00:00:00Z
|
|
110
|
+
|
|
111
|
+
- Latest tag observed: `v0.2.8`
|
|
112
|
+
- Implemented milestone: `route-trace` audit-only static route tracing skill and CLI command.
|
|
113
|
+
- Required permission: `skill-implementation`
|
|
114
|
+
- Validation result: pass pending final publication evidence
|
|
115
|
+
- Next recommended milestone: no next runner command is queued; future real adapter
|
|
116
|
+
expansion, new skills, platform work, deployment/preflight skills, and release-policy
|
|
117
|
+
changes require separate human approval.
|
|
118
|
+
|
|
119
|
+
|
|
108
120
|
### 2026-06-15T21:02:34.116Z
|
|
109
121
|
|
|
110
122
|
- Latest tag observed: `v0.2.0`
|