coding-agent-skills 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +44 -0
- package/CHANGELOG.md +205 -0
- package/CONTRIBUTING.md +54 -0
- package/LICENSE +21 -0
- package/README.md +85 -0
- package/ROADMAP.md +87 -0
- package/RUNBOOK.md +47 -0
- package/bin/coding-agent-skills +75 -0
- package/contracts/evidence-pack/README.md +22 -0
- package/contracts/evidence-pack/evidence-pack.example.json +60 -0
- package/contracts/evidence-pack/evidence-pack.example.md +49 -0
- package/contracts/evidence-pack/evidence-pack.schema.json +156 -0
- package/docs/adapters/README.md +82 -0
- package/docs/adapters/discovery.md +50 -0
- package/docs/adapters/external-adapters.md +42 -0
- package/docs/adapters/project-installation.md +135 -0
- package/docs/adapters/real-project-adoption.md +193 -0
- package/docs/adapters/upgrade-evidence.md +67 -0
- package/docs/adapters/upgrades.md +83 -0
- package/docs/architecture/README.md +23 -0
- package/docs/authoring/README.md +54 -0
- package/docs/evidence-bundles/README.md +94 -0
- package/docs/privacy/README.md +26 -0
- package/docs/release/README.md +42 -0
- package/docs/release/npm-package.md +85 -0
- package/docs/safety/README.md +94 -0
- package/docs/testing/README.md +100 -0
- package/docs/usage/README.md +89 -0
- package/docs/versioning/README.md +30 -0
- package/docs/versioning/adapter-compatibility.md +54 -0
- package/examples/README.md +12 -0
- package/examples/adapters/README.md +9 -0
- package/examples/adapters/documentation-precedence.json +62 -0
- package/examples/adapters/narrow-repo-map.json +64 -0
- package/examples/adapters/runtime-status-hints.json +76 -0
- package/examples/command-policies/README.md +3 -0
- package/examples/command-policies/build-verify.json +57 -0
- package/examples/command-policies/git-preflight.json +44 -0
- package/examples/command-policies/llm-drift-control.json +45 -0
- package/examples/command-policies/repo-map.json +59 -0
- package/examples/command-policies/runtime-truth.json +59 -0
- package/examples/evidence-packs/README.md +3 -0
- package/examples/evidence-packs/build-verify.json +68 -0
- package/examples/evidence-packs/git-preflight.json +55 -0
- package/examples/evidence-packs/llm-drift-control.json +55 -0
- package/examples/evidence-packs/repo-map.json +55 -0
- package/examples/evidence-packs/runtime-truth.json +55 -0
- package/examples/manifests/README.md +3 -0
- package/examples/manifests/build-verify.json +14 -0
- package/examples/manifests/git-preflight.json +14 -0
- package/examples/manifests/llm-drift-control.json +14 -0
- package/examples/manifests/repo-map.json +14 -0
- package/examples/manifests/runtime-truth.json +14 -0
- package/examples/upgrade-evidence/README.md +14 -0
- package/examples/upgrade-evidence/chain-fail.evidence.json +155 -0
- package/examples/upgrade-evidence/chain-fail.evidence.md +14 -0
- package/examples/upgrade-evidence/chain-pass.evidence.json +156 -0
- package/examples/upgrade-evidence/stale-pin.evidence.json +117 -0
- package/examples/upgrade-evidence/unsafe-upgrade.evidence.json +128 -0
- package/examples/upgrade-evidence/valid-upgrade.evidence.json +105 -0
- package/examples/upgrade-evidence/valid-upgrade.evidence.md +13 -0
- package/examples/workflows/README.md +3 -0
- package/examples/workflows/build-verify.md +20 -0
- package/examples/workflows/git-preflight.md +18 -0
- package/examples/workflows/llm-drift-control.md +16 -0
- package/examples/workflows/repo-map.md +20 -0
- package/examples/workflows/runtime-truth.md +17 -0
- package/package.json +58 -0
- package/runs/skill-runs.md +162 -0
- package/schemas/adapter-upgrade-evidence.schema.json +443 -0
- package/schemas/archive-index.schema.json +174 -0
- package/schemas/archive-report.schema.json +322 -0
- package/schemas/command-policy.schema.json +125 -0
- package/schemas/evidence-bundle.schema.json +394 -0
- package/schemas/project-adapter-installation.schema.json +127 -0
- package/schemas/project-adapter.schema.json +328 -0
- package/schemas/skill-manifest.schema.json +40 -0
- package/scripts/check-adapter-upgrade-chain.mjs +32 -0
- package/scripts/check-adapter-upgrade.mjs +31 -0
- package/scripts/lib/adapter-discovery.mjs +441 -0
- package/scripts/lib/adapter-repo-map.mjs +358 -0
- package/scripts/lib/adapter-upgrade-chain.mjs +261 -0
- package/scripts/lib/adapter-upgrade.mjs +434 -0
- package/scripts/lib/evidence-bundle.mjs +831 -0
- package/scripts/lib/pack-rules.mjs +704 -0
- package/scripts/lib/project-adapter-installation.mjs +327 -0
- package/scripts/lib/safe-evidence-output.mjs +92 -0
- package/scripts/lib/schema-validator.mjs +146 -0
- package/scripts/lib/semver.mjs +54 -0
- package/scripts/lib/upgrade-evidence.mjs +276 -0
- package/scripts/render-adapter-repo-map.mjs +8 -0
- package/scripts/render-evidence-archive-report.mjs +18 -0
- package/scripts/run-next +220 -0
- package/scripts/test-pack.mjs +2232 -0
- package/scripts/validate-adapters.mjs +10 -0
- package/scripts/validate-maintainer-loop.mjs +146 -0
- package/scripts/validate-pack.mjs +950 -0
- package/scripts/validate-project-adapters.mjs +8 -0
- package/scripts/verify-evidence-bundle.mjs +18 -0
- package/skills/build-verify/SKILL.md +62 -0
- package/skills/build-verify/adapter-interface.md +7 -0
- package/skills/build-verify/agents/openai.yaml +4 -0
- package/skills/build-verify/checklist.md +12 -0
- package/skills/build-verify/evidence-template.md +11 -0
- package/skills/build-verify/examples.md +16 -0
- package/skills/build-verify/failure-modes.md +14 -0
- package/skills/git-preflight/SKILL.md +65 -0
- package/skills/git-preflight/adapter-interface.md +7 -0
- package/skills/git-preflight/agents/openai.yaml +4 -0
- package/skills/git-preflight/checklist.md +11 -0
- package/skills/git-preflight/evidence-template.md +10 -0
- package/skills/git-preflight/examples.md +18 -0
- package/skills/git-preflight/failure-modes.md +13 -0
- package/skills/llm-drift-control/SKILL.md +67 -0
- package/skills/llm-drift-control/adapter-interface.md +7 -0
- package/skills/llm-drift-control/agents/openai.yaml +4 -0
- package/skills/llm-drift-control/checklist.md +11 -0
- package/skills/llm-drift-control/evidence-template.md +13 -0
- package/skills/llm-drift-control/examples.md +15 -0
- package/skills/llm-drift-control/failure-modes.md +13 -0
- package/skills/repo-map/SKILL.md +71 -0
- package/skills/repo-map/adapter-interface.md +18 -0
- package/skills/repo-map/agents/openai.yaml +4 -0
- package/skills/repo-map/checklist.md +15 -0
- package/skills/repo-map/evidence-template.md +29 -0
- package/skills/repo-map/examples.md +19 -0
- package/skills/repo-map/failure-modes.md +16 -0
- package/skills/runtime-truth/SKILL.md +62 -0
- package/skills/runtime-truth/adapter-interface.md +7 -0
- package/skills/runtime-truth/agents/openai.yaml +4 -0
- package/skills/runtime-truth/checklist.md +11 -0
- package/skills/runtime-truth/evidence-template.md +12 -0
- package/skills/runtime-truth/examples.md +20 -0
- package/skills/runtime-truth/failure-modes.md +13 -0
- package/tests/README.md +44 -0
- package/tests/adapters/README.md +15 -0
- package/tests/completion/README.md +15 -0
- package/tests/evidence/README.md +15 -0
- package/tests/fixtures/README.md +23 -0
- package/tests/fixtures/adapters/allow-deploy.json +60 -0
- package/tests/fixtures/adapters/allow-git-push.json +60 -0
- package/tests/fixtures/adapters/expand-scope.json +53 -0
- package/tests/fixtures/adapters/expose-secrets.json +53 -0
- package/tests/fixtures/adapters/incompatible-version.json +53 -0
- package/tests/fixtures/adapters/override-audit-only.json +53 -0
- package/tests/fixtures/adapters/redefine-completion.json +53 -0
- package/tests/fixtures/adapters/remove-required-evidence.json +53 -0
- package/tests/fixtures/adapters/suppress-failures.json +53 -0
- package/tests/fixtures/adapters/valid-narrowing.json +53 -0
- package/tests/fixtures/adapters/valid-repo-map.json +53 -0
- package/tests/fixtures/adapters/weakening-repo-map.json +42 -0
- package/tests/fixtures/completion/cases.json +143 -0
- package/tests/fixtures/completion/false-complete.json +51 -0
- package/tests/fixtures/evidence-bundles/advisory-review-soon/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/advisory-review-soon/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/advisory-review-soon/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/advisory-review-soon/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-archive/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-archive/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-archive/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-archive/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-archive-index/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-archive-index/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-archive-index/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-archive-index/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-hash/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-hash/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-hash/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-hash/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-missing-entry/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-missing-entry/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-missing-entry/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-missing-entry/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-path/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-path/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-path/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-path/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-provenance/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-provenance/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-provenance/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-provenance/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-regression/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-regression/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-regression/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-regression/evidence-bundle.json +113 -0
- package/tests/fixtures/evidence-bundles/invalid-retention/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-retention/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-retention/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-retention/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/invalid-signature-plan/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/invalid-signature-plan/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/invalid-signature-plan/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/invalid-signature-plan/evidence-bundle.json +109 -0
- package/tests/fixtures/evidence-bundles/valid-bundle/archive/evidence-archive-index.json +52 -0
- package/tests/fixtures/evidence-bundles/valid-bundle/evidence/repo-map.evidence.json +68 -0
- package/tests/fixtures/evidence-bundles/valid-bundle/evidence/valid-upgrade.evidence.json +105 -0
- package/tests/fixtures/evidence-bundles/valid-bundle/evidence-bundle.json +109 -0
- package/tests/fixtures/external-adapters/empty/README.md +3 -0
- package/tests/fixtures/external-adapters/invalid-completion-override/.coding-agent/adapters/completion/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-deploy/.coding-agent/adapters/deploy/adapter.json +60 -0
- package/tests/fixtures/external-adapters/invalid-evidence-suppression/.coding-agent/adapters/evidence/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-failure-suppression/.coding-agent/adapters/failures/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-git-push/.coding-agent/adapters/publish/adapter.json +60 -0
- package/tests/fixtures/external-adapters/invalid-malformed/.coding-agent/adapters/malformed/adapter.json +1 -0
- package/tests/fixtures/external-adapters/invalid-malformed/malformed-adapter.txt +1 -0
- package/tests/fixtures/external-adapters/invalid-mode-escalation/.coding-agent/adapters/mode/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-path-traversal/.coding-agent/adapters/path/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-restriction-removal/.coding-agent/adapters/restrictions/adapter.json +52 -0
- package/tests/fixtures/external-adapters/invalid-scope-expansion/.coding-agent/adapters/scope/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-secret-exposure/.coding-agent/adapters/secrets/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-skill-id/.coding-agent/adapters/skill/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-skill-version/.coding-agent/adapters/skill-version/adapter.json +53 -0
- package/tests/fixtures/external-adapters/invalid-unknown-manifest/.coding-agent/adapters/unknown/manifest.json +1 -0
- package/tests/fixtures/external-adapters/invalid-version/.coding-agent/adapters/version/adapter.json +53 -0
- package/tests/fixtures/external-adapters/mixed/.coding-agent/adapters/invalid/adapter.json +60 -0
- package/tests/fixtures/external-adapters/mixed/.coding-agent/adapters/valid/adapter.json +53 -0
- package/tests/fixtures/external-adapters/valid-basic/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/external-adapters/valid-doc-precedence/coding-agent/adapters/docs/adapter.json +53 -0
- package/tests/fixtures/external-adapters/valid-runtime-status/adapters/coding-agent/runtime/adapter.json +65 -0
- package/tests/fixtures/mutation/cases.json +87 -0
- package/tests/fixtures/mutation/snapshot-target/README.md +3 -0
- package/tests/fixtures/mutation/snapshot-target/state.json +4 -0
- package/tests/fixtures/policy/commands.json +164 -0
- package/tests/fixtures/policy/properties.json +126 -0
- package/tests/fixtures/privacy/cases.json +47 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-location/.agents/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-location/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-schema-version/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-schema-version/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-version-mismatch/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-adapter-version-mismatch/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-bad-semver/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-bad-semver/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-completion-override/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-completion-override/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-failure-suppression/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-failure-suppression/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-missing-declaration/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-mode-escalation/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-mode-escalation/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-path-traversal/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-path-traversal/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-scope-expansion/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-scope-expansion/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-secret-exposure/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-secret-exposure/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-skill-mismatch/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-skill-mismatch/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-unknown-skill/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-unknown-skill/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-unsupported-core-version/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/invalid-unsupported-core-version/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/invalid-weakens-restrictions/.coding-agent/adapters/basic/adapter.json +52 -0
- package/tests/fixtures/project-adapter-installation/invalid-weakens-restrictions/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/valid-compatible-range/coding-agent/adapters/docs/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/valid-compatible-range/coding-agent.skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/valid-exact-pin/.coding-agent/adapters/basic/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/valid-exact-pin/.coding-agent/skills.json +23 -0
- package/tests/fixtures/project-adapter-installation/valid-multiple-adapters/.coding-agent/skills.json +28 -0
- package/tests/fixtures/project-adapter-installation/valid-multiple-adapters/adapters/coding-agent/repo/adapter.json +53 -0
- package/tests/fixtures/project-adapter-installation/valid-multiple-adapters/adapters/coding-agent/runtime/adapter.json +58 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/02-incompatible/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/02-incompatible/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/03-target/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/broken-compatibility-chain/03-target/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/schema-drift-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/schema-drift-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/schema-drift-chain/02-schema-drift/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/schema-drift-chain/02-schema-drift/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/skill-drift-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/skill-drift-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/skill-drift-chain/02-skill-drift/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/skill-drift-chain/02-skill-drift/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/02-stale/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/02-stale/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/03-target/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/stale-pin-chain/03-target/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/02-safe/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/02-safe/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/03-weakens-restrictions/.coding-agent/adapters/fixture-chain-adapter/adapter.json +69 -0
- package/tests/fixtures/project-adapter-upgrade-chains/unsafe-weakening-chain/03-weakens-restrictions/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/01-current/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/01-current/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/02-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/02-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/03-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/03-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/04-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/04-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/05-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/05-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/06-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/06-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/07-upgrade/.coding-agent/adapters/fixture-chain-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrade-chains/valid-chain/07-upgrade/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/adapter-schema-drift/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/adapter-schema-drift/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/adapter-schema-drift/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/adapter-schema-drift/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/safe-upgrade-preserves-restrictions/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +71 -0
- package/tests/fixtures/project-adapter-upgrades/safe-upgrade-preserves-restrictions/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/safe-upgrade-preserves-restrictions/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/safe-upgrade-preserves-restrictions/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/skill-compatibility-drift/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/skill-compatibility-drift/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/skill-compatibility-drift/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/skill-compatibility-drift/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/stale-compatible-range/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/stale-compatible-range/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/stale-compatible-range/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/stale-compatible-range/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/stale-exact-pin/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/stale-exact-pin/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/stale-exact-pin/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/stale-exact-pin/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-mode-escalation/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-mode-escalation/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-mode-escalation/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-mode-escalation/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-removes-evidence/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +69 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-removes-evidence/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-removes-evidence/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-removes-evidence/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-weakens-restrictions/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +69 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-weakens-restrictions/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-weakens-restrictions/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsafe-upgrade-weakens-restrictions/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-future-core/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-future-core/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-future-core/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-future-core/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-old-core/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-old-core/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-old-core/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/unsupported-old-core/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/valid-upgrade/after/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/valid-upgrade/after/.coding-agent/skills.json +27 -0
- package/tests/fixtures/project-adapter-upgrades/valid-upgrade/before/.coding-agent/adapters/fixture-upgrade-adapter/adapter.json +70 -0
- package/tests/fixtures/project-adapter-upgrades/valid-upgrade/before/.coding-agent/skills.json +27 -0
- package/tests/fixtures/sample-repo/.env.example +1 -0
- package/tests/fixtures/sample-repo/README.md +4 -0
- package/tests/fixtures/sample-repo/docs/architecture.md +3 -0
- package/tests/fixtures/sample-repo/package.json +11 -0
- package/tests/fixtures/sample-repo/src/index.js +3 -0
- package/tests/fixtures/sample-repo/test/index.test.js +8 -0
- package/tests/fixtures/triggers/cases.json +101 -0
- package/tests/policy/README.md +16 -0
- package/tests/privacy/README.md +14 -0
- package/tests/safety/README.md +17 -0
- package/tests/trigger/README.md +11 -0
- package/work-ledger.md +159 -0
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { projectAdapterCliResult } from "./lib/project-adapter-installation.mjs";
|
|
2
|
+
|
|
3
|
+
const outcome = projectAdapterCliResult(process.argv[2]);
|
|
4
|
+
for (const line of outcome.lines) {
|
|
5
|
+
if (outcome.stream === "stdout") console.log(line);
|
|
6
|
+
else console.error(line);
|
|
7
|
+
}
|
|
8
|
+
process.exitCode = outcome.exitCode;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import { evidenceBundleCliResult } from "./lib/evidence-bundle.mjs";
|
|
3
|
+
|
|
4
|
+
const args = process.argv.slice(2);
|
|
5
|
+
const bundleFile = args[0];
|
|
6
|
+
const json = args.includes("--json");
|
|
7
|
+
|
|
8
|
+
try {
|
|
9
|
+
const result = evidenceBundleCliResult(bundleFile, { json });
|
|
10
|
+
for (const line of result.lines) {
|
|
11
|
+
if (result.stream === "stderr") console.error(line);
|
|
12
|
+
else console.log(line);
|
|
13
|
+
}
|
|
14
|
+
process.exit(result.exitCode);
|
|
15
|
+
} catch {
|
|
16
|
+
console.error("evidence bundle verification failed safely");
|
|
17
|
+
process.exit(2);
|
|
18
|
+
}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: build-verify
|
|
3
|
+
description: Discover and run existing project-native lint, typecheck, test, build, and targeted-test commands as controlled local validation. Use after code changes, when reproducing CI failures, or before handoff; do not use to install dependencies, auto-fix files, deploy, migrate, or validate live runtime state.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Build Verify
|
|
7
|
+
|
|
8
|
+
Validate the changed scope with existing project commands and emit an evidence pack. This skill is action-capable only for approved local validation that the repository already defines.
|
|
9
|
+
|
|
10
|
+
## Purpose And Use
|
|
11
|
+
|
|
12
|
+
Use after code changes, for bounded CI reproduction, or before handoff. Do not use for dependency setup, auto-repair, deployment, migration, publication, or live-runtime health.
|
|
13
|
+
|
|
14
|
+
## Inputs
|
|
15
|
+
|
|
16
|
+
Require repository root and changed or requested scope. Optionally accept required checks, target tests, time budget, known pre-existing failures, and a project adapter.
|
|
17
|
+
|
|
18
|
+
Do not assume scripts exist, dependencies are installed, a successful build proves tests pass, or a failure was caused by the current change.
|
|
19
|
+
|
|
20
|
+
## Command Policy
|
|
21
|
+
|
|
22
|
+
First inspect known manifests. Permit only discovered, non-mutating validation scripts for:
|
|
23
|
+
|
|
24
|
+
- lint without auto-fix
|
|
25
|
+
- typecheck
|
|
26
|
+
- targeted tests
|
|
27
|
+
- full tests
|
|
28
|
+
- build or compile
|
|
29
|
+
- repository-provided verification checks inspected before use
|
|
30
|
+
|
|
31
|
+
Do not install, add, update, audit-fix, deploy, migrate, update snapshots, run watch mode, rewrite generated files, auto-fix, or invoke scripts whose behavior is unknown. Treat any script containing a restricted operation as rejected.
|
|
32
|
+
|
|
33
|
+
The skill may execute only discovered local validation commands. It must record any files those tools change and cannot silently accept generated mutations.
|
|
34
|
+
|
|
35
|
+
## Procedure
|
|
36
|
+
|
|
37
|
+
1. Obtain repository identity and working-tree context, using `repo-map` evidence when available.
|
|
38
|
+
2. Inspect package or build manifests and CI configuration to discover applicable commands.
|
|
39
|
+
3. Classify each command as allowed, restricted, unknown, or not applicable.
|
|
40
|
+
4. Run the narrowest relevant check first.
|
|
41
|
+
5. Run required broad checks in the repository's established order.
|
|
42
|
+
6. Record exit status, duration, concise output, and whether a failure is new, pre-existing, or unclassified.
|
|
43
|
+
7. Rerun only checks affected by an approved repair; do not repair outside this skill.
|
|
44
|
+
8. Emit the shared evidence pack.
|
|
45
|
+
|
|
46
|
+
Use [checklist.md](checklist.md). Consult [failure-modes.md](failure-modes.md), [adapter-interface.md](adapter-interface.md), and [examples.md](examples.md). Format findings with [evidence-template.md](evidence-template.md).
|
|
47
|
+
|
|
48
|
+
## Evidence, Recovery, And Dependencies
|
|
49
|
+
|
|
50
|
+
Emit discovered scripts, required and skipped checks, command results, durations, failure classification, changed state, and the final verification matrix. Recover from missing tools, timeouts, flaky checks, or malformed scripts by recording the limitation and using only safer discovered checks; never install or mutate to recover.
|
|
51
|
+
|
|
52
|
+
Depend on repository identity from `repo-map` or equivalent evidence and the evidence-pack contract. Adapters may define safe aliases, order, selectors, and timeouts but cannot permit restricted behavior. Safe usage runs existing lint, typecheck, test, and build checks; unsafe usage installs dependencies or invokes fix/deploy scripts.
|
|
53
|
+
|
|
54
|
+
## Approval Boundary
|
|
55
|
+
|
|
56
|
+
Normal local validation needs no additional approval after command discovery. Installation, file-changing fix modes, snapshot updates, migrations, deployments, network publication, and external-system mutation remain outside this skill even if a project script exposes them.
|
|
57
|
+
|
|
58
|
+
## Completion
|
|
59
|
+
|
|
60
|
+
Claim `complete` only when all required applicable checks passed and skipped checks do not weaken the requested conclusion. Report `partial`, `failed`, or `blocked` when dependencies, timeouts, missing scripts, or failures prevent full validation. Never claim a check passed when it was not run.
|
|
61
|
+
|
|
62
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Project Adapter Interface
|
|
2
|
+
|
|
3
|
+
Validate adapters against `../../schemas/project-adapter.schema.json` and confirm manifest compatibility before applying them.
|
|
4
|
+
|
|
5
|
+
An adapter may declare package manager, manifest paths, validation script aliases, safe test selectors, check order, timeouts, generated-output expectations, and checks required for specific scopes.
|
|
6
|
+
|
|
7
|
+
It must not permit installation, auto-fix, snapshot updates, deployment, migration, privileged APIs, or suppression of failed/skipped checks. Shared safety and completion rules win.
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
interface:
|
|
2
|
+
display_name: "Build Verify"
|
|
3
|
+
short_description: "Run project-native validation without installing or deploying"
|
|
4
|
+
default_prompt: "Discover and run approved local lint, typecheck, test, and build checks, then report evidence without installing dependencies or changing external systems."
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Build Verification Checklist
|
|
2
|
+
|
|
3
|
+
- [ ] Record repository, intent, changed scope, adapter, and time budget.
|
|
4
|
+
- [ ] Inspect manifests and CI to discover existing validation commands.
|
|
5
|
+
- [ ] Reject scripts with installs, fixes, deploys, migrations, watch mode, or unknown mutation.
|
|
6
|
+
- [ ] Run the narrowest relevant tests first.
|
|
7
|
+
- [ ] Run required lint, typecheck, test, and build checks.
|
|
8
|
+
- [ ] Record command, duration, exit status, and concise failure evidence.
|
|
9
|
+
- [ ] Separate pre-existing, new, and unclassified failures.
|
|
10
|
+
- [ ] Record skipped checks and consequences.
|
|
11
|
+
- [ ] Declare all observed state changes.
|
|
12
|
+
- [ ] Emit an evidence pack without unsupported success claims.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Build Verification Evidence
|
|
2
|
+
|
|
3
|
+
Include:
|
|
4
|
+
|
|
5
|
+
- Repository identity and changed scope.
|
|
6
|
+
- Discovered validation scripts and their source manifests.
|
|
7
|
+
- Required, executed, skipped, and rejected checks.
|
|
8
|
+
- Command results, durations, failure summaries, and reruns.
|
|
9
|
+
- Classification of failures as new, pre-existing, or unclassified.
|
|
10
|
+
- Changed-state declaration.
|
|
11
|
+
- Final verification matrix and status.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Examples
|
|
2
|
+
|
|
3
|
+
## Safe
|
|
4
|
+
|
|
5
|
+
- "Run the repository's existing typecheck, targeted tests, full tests, and build."
|
|
6
|
+
- "Reproduce the failing CI test using scripts already defined in the project."
|
|
7
|
+
- After inspection confirms them: `npm run lint`, `npm run typecheck`, `npm run test`, or `npm run build`.
|
|
8
|
+
|
|
9
|
+
## Unsafe
|
|
10
|
+
|
|
11
|
+
- "Install anything missing and keep trying until it passes."
|
|
12
|
+
- "Run the fix script and update snapshots automatically."
|
|
13
|
+
- "Deploy after the build succeeds."
|
|
14
|
+
- "Run every package script without inspecting it."
|
|
15
|
+
|
|
16
|
+
Reject unsafe operations and report the blocked verification consequence.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Failure Modes
|
|
2
|
+
|
|
3
|
+
| Failure | Recovery |
|
|
4
|
+
|---|---|
|
|
5
|
+
| Script is absent | Record skipped check; do not invent an equivalent |
|
|
6
|
+
| Dependency or executable missing | Report `blocked`; do not install |
|
|
7
|
+
| Validation times out | Capture partial evidence and narrow only when justified |
|
|
8
|
+
| Test is flaky | Rerun a bounded number of times and label instability |
|
|
9
|
+
| Failure predates current changes | Preserve evidence and avoid claiming current work caused it |
|
|
10
|
+
| Command mutates files | Stop, report the mutation, and downgrade status |
|
|
11
|
+
| Script behavior is unclear | Inspect its definition; reject if still uncertain |
|
|
12
|
+
| Broad check fails after targeted pass | Report failure; targeted success is not overall success |
|
|
13
|
+
|
|
14
|
+
Recovery remains within discovered validation commands. Repairs are outside this skill.
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: git-preflight
|
|
3
|
+
description: Inspect Git repository and handoff readiness without changing Git state. Use before commits, reviews, handoffs, or publication to report branch, HEAD, staged, unstaged, untracked, file-scope, diff-stat, and whitespace evidence; never add, commit, push, pull, merge, rebase, reset, restore, clean, checkout, switch, or stash.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Git Preflight
|
|
7
|
+
|
|
8
|
+
Produce an evidence-backed description of Git state. Remain audit-only.
|
|
9
|
+
|
|
10
|
+
## Purpose And Use
|
|
11
|
+
|
|
12
|
+
Use before review, commit preparation, handoff, or publication decisions. Do not use to stage, repair, synchronize, rewrite, commit, or publish Git state.
|
|
13
|
+
|
|
14
|
+
## Inputs
|
|
15
|
+
|
|
16
|
+
Require repository path and handoff intent. Optionally accept expected branch, base branch, expected files, generated-file rules, and a project adapter.
|
|
17
|
+
|
|
18
|
+
Do not assume the current directory is the root, a dirty tree belongs to the current task, staged changes are complete, or the current branch is safe to publish.
|
|
19
|
+
|
|
20
|
+
## Command Policy
|
|
21
|
+
|
|
22
|
+
Permit read-only Git inspection such as:
|
|
23
|
+
|
|
24
|
+
- `git rev-parse`
|
|
25
|
+
- `git remote -v`
|
|
26
|
+
- `git branch --show-current`
|
|
27
|
+
- bounded `git log`
|
|
28
|
+
- `git status --short --branch`
|
|
29
|
+
- `git diff --check`
|
|
30
|
+
- `git diff --stat`
|
|
31
|
+
- `git diff --name-only`
|
|
32
|
+
- corresponding cached/staged diff inspection
|
|
33
|
+
|
|
34
|
+
Do not add, commit, push, pull, fetch with side effects, merge, rebase, reset, restore, clean, checkout, switch, stash, tag, update-index, or alter configuration.
|
|
35
|
+
|
|
36
|
+
This is audit-only behavior. Inspect full shell structure and reject wrappers or chains that conceal mutation.
|
|
37
|
+
|
|
38
|
+
## Procedure
|
|
39
|
+
|
|
40
|
+
1. Confirm the repository root and worktree.
|
|
41
|
+
2. Record branch, HEAD, remote identity, and detached-head state.
|
|
42
|
+
3. Inventory staged, unstaged, untracked, conflicted, and ignored-sensitive conditions.
|
|
43
|
+
4. Inspect file names and diff statistics without exposing secret contents.
|
|
44
|
+
5. Run whitespace/error checks.
|
|
45
|
+
6. Compare observed files with declared task scope and identify unrelated changes.
|
|
46
|
+
7. Report readiness; do not perform the handoff action.
|
|
47
|
+
8. Emit the shared evidence pack.
|
|
48
|
+
|
|
49
|
+
Use [checklist.md](checklist.md), [failure-modes.md](failure-modes.md), [adapter-interface.md](adapter-interface.md), [examples.md](examples.md), and [evidence-template.md](evidence-template.md).
|
|
50
|
+
|
|
51
|
+
## Evidence, Recovery, And Dependencies
|
|
52
|
+
|
|
53
|
+
Emit Git root, worktree, remote, branch, HEAD, staged/unstaged/untracked/conflicted state, diff summaries, whitespace result, scope mismatch, and readiness. Recover from detached HEAD, locks, conflicts, or nested worktrees only by reporting and narrowing inspection; never repair them.
|
|
54
|
+
|
|
55
|
+
Depend on repository identity from `repo-map` or equivalent evidence and the evidence-pack contract. Adapters may add protected-branch and generated-file rules but cannot hide dirty state. Safe usage reports handoff readiness; unsafe usage stages, restores, rebases, commits, or pushes.
|
|
56
|
+
|
|
57
|
+
## Approval Boundary
|
|
58
|
+
|
|
59
|
+
No approval can turn this audit skill into a Git mutation workflow. Direct the user to a separately approved handoff skill for changes to Git state.
|
|
60
|
+
|
|
61
|
+
## Completion
|
|
62
|
+
|
|
63
|
+
Claim `complete` when repository identity and relevant Git state are fully described, scope mismatches are reported, and no mutation occurred. A repository conflict, unreadable index, ambiguous worktree, or missing required evidence yields `partial`, `failed`, or `blocked`.
|
|
64
|
+
|
|
65
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Project Adapter Interface
|
|
2
|
+
|
|
3
|
+
Validate adapters against `../../schemas/project-adapter.schema.json` and confirm manifest compatibility before applying them.
|
|
4
|
+
|
|
5
|
+
An adapter may declare expected base and protected branches, generated-file patterns, required clean paths, allowed task-scope patterns, and repository-specific handoff checks.
|
|
6
|
+
|
|
7
|
+
It cannot add Git mutation, hide dirty files or conflicts, suppress whitespace failures, or redefine readiness. Shared policy wins.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Git Preflight Checklist
|
|
2
|
+
|
|
3
|
+
- [ ] Confirm Git root and worktree.
|
|
4
|
+
- [ ] Record remote, branch, HEAD, and detached state.
|
|
5
|
+
- [ ] Record staged, unstaged, untracked, and conflicted files.
|
|
6
|
+
- [ ] Inspect diff names and statistics.
|
|
7
|
+
- [ ] Run `git diff --check`.
|
|
8
|
+
- [ ] Compare files with declared task scope.
|
|
9
|
+
- [ ] Flag unrelated, generated, secret-like, or unexpectedly staged files.
|
|
10
|
+
- [ ] Confirm no Git state changed.
|
|
11
|
+
- [ ] Emit handoff readiness evidence.
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# Git Preflight Evidence
|
|
2
|
+
|
|
3
|
+
Include:
|
|
4
|
+
|
|
5
|
+
- Git root, remote, branch, HEAD, and worktree identity.
|
|
6
|
+
- Staged, unstaged, untracked, conflicted, and ignored-risk summaries.
|
|
7
|
+
- Diff names, statistics, and whitespace-check result.
|
|
8
|
+
- Declared-scope comparison and unrelated changes.
|
|
9
|
+
- Mutation declaration.
|
|
10
|
+
- Handoff readiness: ready, partial, failed, or blocked.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Examples
|
|
2
|
+
|
|
3
|
+
## Safe
|
|
4
|
+
|
|
5
|
+
- "Tell me whether this working tree is ready for handoff."
|
|
6
|
+
- `git status --short --branch`
|
|
7
|
+
- `git diff --check`
|
|
8
|
+
- `git diff --stat`
|
|
9
|
+
- `git diff --cached --name-only`
|
|
10
|
+
|
|
11
|
+
## Unsafe
|
|
12
|
+
|
|
13
|
+
- "Stage the right files for me."
|
|
14
|
+
- "Clean unrelated changes."
|
|
15
|
+
- "Rebase onto main, commit, and push."
|
|
16
|
+
- "Restore anything that does not belong."
|
|
17
|
+
|
|
18
|
+
This skill reports those needs but performs none of them.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Failure Modes
|
|
2
|
+
|
|
3
|
+
| Failure | Recovery |
|
|
4
|
+
|---|---|
|
|
5
|
+
| Not a Git repository | Report `blocked` or defer to `repo-map` |
|
|
6
|
+
| Detached HEAD | Report exact state and avoid publication readiness |
|
|
7
|
+
| Conflicts present | Report `failed` for handoff readiness |
|
|
8
|
+
| Index unreadable or locked | Record error; do not remove lock files |
|
|
9
|
+
| Nested worktree ambiguity | Identify candidates and stop before choosing silently |
|
|
10
|
+
| Secret-like filename appears | Report filename risk without reading content |
|
|
11
|
+
| Unrelated changes cannot be attributed | Mark handoff `partial` |
|
|
12
|
+
|
|
13
|
+
Never repair Git state within this skill.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: llm-drift-control
|
|
3
|
+
description: Reconcile project claims and inherited context against authoritative documentation, source code, tests, Git evidence, and runtime evidence. Use for phase claims, long-running tasks, stale handoffs, contradictory docs, or completion reviews; classify claims without rewriting code or documentation and never treat prompts as proof.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# LLM Drift Control
|
|
7
|
+
|
|
8
|
+
Build a claim-to-evidence matrix and classify project truth. Remain audit-only.
|
|
9
|
+
|
|
10
|
+
## Purpose And Use
|
|
11
|
+
|
|
12
|
+
Use for inherited context, phase claims, stale handoffs, contradictory documentation, or completion reviews. Do not use to rewrite documentation or code, repair discrepancies, or substitute prompt text for evidence.
|
|
13
|
+
|
|
14
|
+
## Inputs
|
|
15
|
+
|
|
16
|
+
Require the claims or context to verify and repository scope. Optionally accept declared source precedence, relevant phase, expected branch, runtime evidence, and project adapter.
|
|
17
|
+
|
|
18
|
+
Do not assume user prose, assistant summaries, README text, generated documentation, passing tests, or deployed behavior is independently authoritative.
|
|
19
|
+
|
|
20
|
+
## Classification
|
|
21
|
+
|
|
22
|
+
Classify every material claim as:
|
|
23
|
+
|
|
24
|
+
- `confirmed`
|
|
25
|
+
- `partial`
|
|
26
|
+
- `stale`
|
|
27
|
+
- `contradicted`
|
|
28
|
+
- `unverifiable`
|
|
29
|
+
|
|
30
|
+
Attach sources and confidence to every classification.
|
|
31
|
+
|
|
32
|
+
## Command Policy
|
|
33
|
+
|
|
34
|
+
Permit bounded documentation and source reads, `rg` searches, read-only Git inspection, existing test-result inspection, and repository drift scripts only after reading and confirming they are non-mutating.
|
|
35
|
+
|
|
36
|
+
Do not rewrite docs or code, regenerate documentation, install tools, run deployment or migration commands, load secrets, or modify runtime state.
|
|
37
|
+
|
|
38
|
+
This is audit-only behavior. Existing drift scripts may run only after inspection proves they are non-mutating.
|
|
39
|
+
|
|
40
|
+
## Procedure
|
|
41
|
+
|
|
42
|
+
1. Normalize the claims into atomic statements.
|
|
43
|
+
2. Assign expected source types and adapter-defined precedence.
|
|
44
|
+
3. Gather bounded evidence from documentation, source, tests, Git, and existing runtime evidence.
|
|
45
|
+
4. Record source age, branch, and scope where relevant.
|
|
46
|
+
5. Classify each claim and explain contradictions.
|
|
47
|
+
6. Distinguish absence of evidence from evidence of absence.
|
|
48
|
+
7. Identify corrective work without performing it.
|
|
49
|
+
8. Emit the shared evidence pack and claim matrix.
|
|
50
|
+
|
|
51
|
+
Use [checklist.md](checklist.md), [failure-modes.md](failure-modes.md), [adapter-interface.md](adapter-interface.md), [examples.md](examples.md), and [evidence-template.md](evidence-template.md).
|
|
52
|
+
|
|
53
|
+
## Evidence, Recovery, And Dependencies
|
|
54
|
+
|
|
55
|
+
Emit the atomic claim matrix, classifications, source references, branch/time applicability, contradictions, confidence, unresolved questions, and suggested corrective work. Recover from broad claims, source disagreement, stale evidence, or unknown authority by splitting claims and lowering confidence; never invent a winner.
|
|
56
|
+
|
|
57
|
+
Depend on `repo-map` evidence and the evidence-pack contract; Git or runtime evidence may be supplied by their audit skills. Adapters may define source precedence and phase markers but cannot declare prompts authoritative. Safe usage validates a phase claim; unsafe usage rewrites sources to make the claim true.
|
|
58
|
+
|
|
59
|
+
## Approval Boundary
|
|
60
|
+
|
|
61
|
+
This skill has no mutation path. Any documentation or code correction requires a separate approved workflow.
|
|
62
|
+
|
|
63
|
+
## Completion
|
|
64
|
+
|
|
65
|
+
Claim `complete` when every material claim has a classification, evidence trail, confidence reason, and unresolved conflict status. Missing authoritative evidence produces `partial` or `unverifiable`, never invented certainty.
|
|
66
|
+
|
|
67
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# Project Adapter Interface
|
|
2
|
+
|
|
3
|
+
Validate adapters against `../../schemas/project-adapter.schema.json` and confirm manifest compatibility before applying them.
|
|
4
|
+
|
|
5
|
+
An adapter may define authoritative-document precedence, phase markers, generated-document relationships, canonical source directories, test-to-capability mappings, and safe drift-check scripts.
|
|
6
|
+
|
|
7
|
+
It cannot declare prompts authoritative, suppress contradictions, rewrite sources, run mutating scripts, or redefine the five claim classifications.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Drift Control Checklist
|
|
2
|
+
|
|
3
|
+
- [ ] Break context into atomic material claims.
|
|
4
|
+
- [ ] Record repository, branch, scope, and source-precedence policy.
|
|
5
|
+
- [ ] Gather bounded documentation, source, test, Git, and runtime evidence.
|
|
6
|
+
- [ ] Record source path, age, and applicability.
|
|
7
|
+
- [ ] Classify every claim.
|
|
8
|
+
- [ ] Explain contradictions and partial support.
|
|
9
|
+
- [ ] Distinguish absence of evidence from evidence of absence.
|
|
10
|
+
- [ ] Record corrective work without performing it.
|
|
11
|
+
- [ ] Emit the claim matrix and evidence pack.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Drift Control Evidence
|
|
2
|
+
|
|
3
|
+
Include a claim matrix with:
|
|
4
|
+
|
|
5
|
+
- Atomic claim.
|
|
6
|
+
- Classification: confirmed, partial, stale, contradicted, or unverifiable.
|
|
7
|
+
- Evidence references and source type.
|
|
8
|
+
- Branch, timestamp, or applicability notes.
|
|
9
|
+
- Confidence and reason.
|
|
10
|
+
- Contradictions and unresolved questions.
|
|
11
|
+
- Suggested corrective work without execution.
|
|
12
|
+
|
|
13
|
+
Also include the shared changed-state declaration and handoff.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Examples
|
|
2
|
+
|
|
3
|
+
## Safe
|
|
4
|
+
|
|
5
|
+
- "Verify whether the claimed phase is actually implemented."
|
|
6
|
+
- "Compare the README, tests, and source before trusting this handoff."
|
|
7
|
+
- "Classify each current-truth statement as confirmed, stale, or unverifiable."
|
|
8
|
+
|
|
9
|
+
## Unsafe
|
|
10
|
+
|
|
11
|
+
- "Rewrite the docs so they agree with the prompt."
|
|
12
|
+
- "Assume the phase list is true and fill in missing code."
|
|
13
|
+
- "Deploy the latest branch to see which claim wins."
|
|
14
|
+
|
|
15
|
+
The skill identifies corrective work but does not perform it.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Failure Modes
|
|
2
|
+
|
|
3
|
+
| Failure | Recovery |
|
|
4
|
+
|---|---|
|
|
5
|
+
| Claim is too broad | Split it into atomic statements |
|
|
6
|
+
| Sources disagree | Preserve both and classify contradiction |
|
|
7
|
+
| Authoritative source is unknown | Use adapter precedence or report unverifiable |
|
|
8
|
+
| Evidence is from another branch | Mark scope mismatch |
|
|
9
|
+
| Documentation is generated | Trace to its source when available |
|
|
10
|
+
| Tests exist but were not run | Treat them as implementation evidence, not passing evidence |
|
|
11
|
+
| Runtime evidence is stale | Lower confidence and record timestamp |
|
|
12
|
+
|
|
13
|
+
Never resolve uncertainty by inventing a preferred truth.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: repo-map
|
|
3
|
+
description: Audit and map an unfamiliar or ambiguous source repository without modifying project, Git, dependency, runtime, or remote state. Use when Codex must locate the canonical repository, understand structure and tooling, identify entry points, tests, documentation, CI, or migrations, or establish evidence before planning code changes.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Repository Map
|
|
7
|
+
|
|
8
|
+
Produce an evidence-backed repository map. Remain audit-only and fail closed when repository identity or command safety is uncertain.
|
|
9
|
+
|
|
10
|
+
## Purpose And Use
|
|
11
|
+
|
|
12
|
+
Use this skill to establish canonical repository identity, structure, tooling, entry points, tests, CI, documentation, migrations, and boundaries before implementation. Do not use it for route-level tracing, builds, runtime validation, secret auditing, or any mutation.
|
|
13
|
+
|
|
14
|
+
## Inputs
|
|
15
|
+
|
|
16
|
+
Require a starting path and the user intent or subsystem to understand. Optionally accept an expected canonical remote, maximum traversal depth, project adapter identifier, or explicit approval for one normally excluded file.
|
|
17
|
+
|
|
18
|
+
Do not assume the starting path is the repository root, the README is current, one package manifest describes the whole repository, or a familiar directory is authoritative.
|
|
19
|
+
|
|
20
|
+
## Safety Boundary
|
|
21
|
+
|
|
22
|
+
Run only bounded inspection commands:
|
|
23
|
+
|
|
24
|
+
- `pwd`
|
|
25
|
+
- bounded `ls`
|
|
26
|
+
- `rg --files` with exclusions
|
|
27
|
+
- bounded `find` under the candidate repository
|
|
28
|
+
- `git rev-parse`
|
|
29
|
+
- `git remote -v`
|
|
30
|
+
- `git status --short --branch`
|
|
31
|
+
- bounded reads with `sed` or `head`
|
|
32
|
+
- structured parsers used only to read known manifest files
|
|
33
|
+
|
|
34
|
+
Do not write files, install packages, deploy, migrate, call privileged APIs, change processes or services, read secret files, scan an unrestricted home directory, or mutate Git. Reject shell chains containing a restricted operation even when another segment is allowed.
|
|
35
|
+
|
|
36
|
+
Treat `.env`, credential stores, private keys, token files, browser profiles, cloud configuration, and similarly named files as secret-bearing. Do not read them without explicit approval.
|
|
37
|
+
|
|
38
|
+
This is audit-only behavior. It may collect evidence but must not change the inspected project or external state.
|
|
39
|
+
|
|
40
|
+
## Procedure
|
|
41
|
+
|
|
42
|
+
1. Record user intent, starting path, declared scope, and adapter.
|
|
43
|
+
2. Confirm the path exists without searching outside the declared scope.
|
|
44
|
+
3. Locate candidate repository roots with bounded inspection.
|
|
45
|
+
4. Establish identity with Git root, remote, branch, HEAD, and working-tree state when Git exists.
|
|
46
|
+
5. Stop and report ambiguity if multiple candidates remain plausible.
|
|
47
|
+
6. Inventory top-level files and directories with bounded depth and explicit exclusions.
|
|
48
|
+
7. Inspect known manifests and workspace configuration without loading secret values.
|
|
49
|
+
8. Identify application entry points, packages, tests, CI, documentation, migrations, and generated-code boundaries.
|
|
50
|
+
9. Compare documentation claims with visible code structure; label discrepancies rather than resolving them by assumption.
|
|
51
|
+
10. Produce the shared evidence pack before claiming completion.
|
|
52
|
+
|
|
53
|
+
Use [checklist.md](checklist.md) while executing. Consult [failure-modes.md](failure-modes.md) when a check fails, [adapter-interface.md](adapter-interface.md) when an adapter is present, and [examples.md](examples.md) for safe and unsafe cases. Format results with [evidence-template.md](evidence-template.md).
|
|
54
|
+
|
|
55
|
+
## Evidence, Recovery, And Dependencies
|
|
56
|
+
|
|
57
|
+
Emit repository identity, working-tree state, structural map, inspected manifests, boundaries, skipped checks, risks, and unresolved questions through the shared evidence-pack contract. Recover from missing paths, ambiguity, permissions, or malformed manifests only through narrower read-only inspection; never install, alter permissions, or mutate files.
|
|
58
|
+
|
|
59
|
+
This skill depends only on the evidence-pack contract. Adapters may add safe markers, paths, and evidence requirements but cannot weaken policy. Safe usage maps a named repository before editing; unsafe usage scans an entire home directory or reads secrets.
|
|
60
|
+
|
|
61
|
+
## Approval Boundary
|
|
62
|
+
|
|
63
|
+
Explicit approval may permit reading one named normally excluded file when necessary. Approval does not permit writes, installation, Git mutation, runtime mutation, deployment, migration, or privileged API access; those operations are outside this skill.
|
|
64
|
+
|
|
65
|
+
## Completion
|
|
66
|
+
|
|
67
|
+
Claim `complete` only when repository identity is established or explicitly non-Git, required structural areas were inspected, every required check is executed or recorded as skipped with consequence, no mutation occurred, uncertainties are reported, and the evidence pack is complete.
|
|
68
|
+
|
|
69
|
+
Otherwise report `partial`, `failed`, or `blocked`. Never equate command execution with successful mapping.
|
|
70
|
+
|
|
71
|
+
These conditions are both the acceptance criteria and definition of done.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Project Adapter Interface
|
|
2
|
+
|
|
3
|
+
Validate adapters against `../../schemas/project-adapter.schema.json` and confirm manifest compatibility before applying them.
|
|
4
|
+
|
|
5
|
+
An adapter may provide:
|
|
6
|
+
|
|
7
|
+
- Adapter identifier and version.
|
|
8
|
+
- Repository-root markers.
|
|
9
|
+
- Additional safe manifest filenames.
|
|
10
|
+
- Bounded ignored-path patterns.
|
|
11
|
+
- Documentation precedence.
|
|
12
|
+
- Known application, package, test, CI, migration, and generated-code locations.
|
|
13
|
+
- Safe structured-parser choices.
|
|
14
|
+
- Extra required evidence fields.
|
|
15
|
+
|
|
16
|
+
An adapter must not add mutation commands, remove restricted categories, permit secret reads, expand traversal beyond scope, suppress failures or dirty-state evidence, or redefine `complete`.
|
|
17
|
+
|
|
18
|
+
Shared policy always wins. Reject an adapter whose rule cannot be reconciled safely.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Repository Map Checklist
|
|
2
|
+
|
|
3
|
+
- [ ] Record user intent, scope, starting path, and adapter.
|
|
4
|
+
- [ ] Confirm the starting path exists.
|
|
5
|
+
- [ ] Locate candidate repository roots within bounded scope.
|
|
6
|
+
- [ ] Establish Git root or record that the project is non-Git.
|
|
7
|
+
- [ ] Record remote, branch, HEAD, and working-tree state when available.
|
|
8
|
+
- [ ] Stop if canonical identity remains ambiguous.
|
|
9
|
+
- [ ] Inventory top-level structure with exclusions.
|
|
10
|
+
- [ ] Inspect package, workspace, language, and build manifests.
|
|
11
|
+
- [ ] Locate application and library entry points.
|
|
12
|
+
- [ ] Locate tests, CI, documentation, migrations, and generated-code boundaries.
|
|
13
|
+
- [ ] Record every skipped check and consequence.
|
|
14
|
+
- [ ] Confirm no intentional state mutation occurred.
|
|
15
|
+
- [ ] Emit a complete evidence pack.
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Repository Map Evidence
|
|
2
|
+
|
|
3
|
+
Use the shared evidence-pack schema and include:
|
|
4
|
+
|
|
5
|
+
## Identity
|
|
6
|
+
|
|
7
|
+
- Candidate and canonical roots
|
|
8
|
+
- Git/non-Git status
|
|
9
|
+
- Remote identity
|
|
10
|
+
- Branch and HEAD
|
|
11
|
+
- Working-tree state
|
|
12
|
+
|
|
13
|
+
## Structure
|
|
14
|
+
|
|
15
|
+
- Package/workspace model
|
|
16
|
+
- Applications and libraries
|
|
17
|
+
- Entry points
|
|
18
|
+
- Tests and CI
|
|
19
|
+
- Documentation hierarchy
|
|
20
|
+
- Migrations
|
|
21
|
+
- Generated-code boundaries
|
|
22
|
+
|
|
23
|
+
## Confidence And Safety
|
|
24
|
+
|
|
25
|
+
Explain confidence, declare whether state changed, and list excluded secret-bearing or out-of-scope locations without exposing content.
|
|
26
|
+
|
|
27
|
+
## Handoff
|
|
28
|
+
|
|
29
|
+
State what is mapped, what remains unknown, and which focused analysis should happen next.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Examples
|
|
2
|
+
|
|
3
|
+
## Safe Requests
|
|
4
|
+
|
|
5
|
+
- "Map this repository before implementing the authentication change."
|
|
6
|
+
- "Identify the monorepo packages, entry points, tests, and governing documentation."
|
|
7
|
+
- "Confirm whether this directory is the canonical Git repository."
|
|
8
|
+
|
|
9
|
+
Safe inspection includes bounded file listings, manifest reads, and read-only Git identity and status commands.
|
|
10
|
+
|
|
11
|
+
## Unsafe Requests
|
|
12
|
+
|
|
13
|
+
- "Search every directory in my home folder until you find something relevant."
|
|
14
|
+
- "Read every `.env` file so you can understand configuration."
|
|
15
|
+
- "Install missing tools while mapping the repository."
|
|
16
|
+
- "Clean the working tree before reporting its structure."
|
|
17
|
+
- "Restart the service to confirm the entry point."
|
|
18
|
+
|
|
19
|
+
Decline the unsafe operation or explain that another separately approved workflow is required.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Failure Modes
|
|
2
|
+
|
|
3
|
+
| Failure | Response |
|
|
4
|
+
|---|---|
|
|
5
|
+
| Starting path does not exist | Report `blocked`; request a valid path |
|
|
6
|
+
| Multiple plausible repositories | Report `partial` or `blocked`; show candidates without choosing silently |
|
|
7
|
+
| Not a Git repository | Continue structural mapping and record `not-git` |
|
|
8
|
+
| Git command fails | Preserve the error summary and continue only where identity remains reliable |
|
|
9
|
+
| Traversal is too large | Reduce depth, add exclusions, and report omitted areas |
|
|
10
|
+
| Manifest is malformed | Record the parse failure; use bounded text inspection if safe |
|
|
11
|
+
| Permission denied | Do not escalate automatically; record the inaccessible area and consequence |
|
|
12
|
+
| Secret-like file encountered | Do not read it; record exclusion unless approval names the file |
|
|
13
|
+
| Adapter conflicts with policy | Ignore the weakening rule and report the conflict |
|
|
14
|
+
| Required evidence missing | Do not claim `complete` |
|
|
15
|
+
|
|
16
|
+
Recovery must remain read-only. Do not install tools, alter permissions, or mutate the repository to make inspection easier.
|