coding-agent-skills 0.2.9 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/README.md +6 -0
  3. package/ROADMAP.md +20 -15
  4. package/bin/coding-agent-skills +14 -0
  5. package/docs/adapters/README.md +36 -0
  6. package/docs/adapters/project-installation.md +23 -0
  7. package/docs/adapters/real-project-adoption.md +2 -1
  8. package/docs/architecture/README.md +5 -3
  9. package/docs/release/README.md +4 -2
  10. package/docs/release/npm-package.md +10 -3
  11. package/docs/safety/README.md +10 -1
  12. package/docs/testing/README.md +15 -0
  13. package/docs/usage/README.md +24 -5
  14. package/examples/command-policies/env-audit.json +73 -0
  15. package/examples/command-policies/secret-audit.json +71 -0
  16. package/examples/evidence-packs/env-audit.json +55 -0
  17. package/examples/evidence-packs/secret-audit.json +55 -0
  18. package/examples/manifests/env-audit.json +14 -0
  19. package/examples/manifests/secret-audit.json +14 -0
  20. package/examples/workflows/env-audit.md +16 -0
  21. package/examples/workflows/secret-audit.md +10 -0
  22. package/package.json +3 -1
  23. package/runs/skill-runs.md +26 -0
  24. package/schemas/project-adapter-installation.schema.json +4 -0
  25. package/schemas/project-adapter.schema.json +4 -0
  26. package/scripts/lib/env-audit.mjs +640 -0
  27. package/scripts/lib/pack-rules.mjs +20 -2
  28. package/scripts/lib/secret-audit.mjs +510 -0
  29. package/scripts/render-env-audit.mjs +8 -0
  30. package/scripts/render-secret-audit.mjs +8 -0
  31. package/scripts/test-pack.mjs +139 -1
  32. package/scripts/validate-pack.mjs +8 -2
  33. package/skills/env-audit/SKILL.md +58 -0
  34. package/skills/env-audit/adapter-interface.md +12 -0
  35. package/skills/env-audit/agents/openai.yaml +4 -0
  36. package/skills/env-audit/checklist.md +7 -0
  37. package/skills/env-audit/evidence-template.md +17 -0
  38. package/skills/env-audit/examples.md +28 -0
  39. package/skills/env-audit/failure-modes.md +5 -0
  40. package/skills/secret-audit/SKILL.md +57 -0
  41. package/skills/secret-audit/adapter-interface.md +12 -0
  42. package/skills/secret-audit/agents/openai.yaml +4 -0
  43. package/skills/secret-audit/checklist.md +7 -0
  44. package/skills/secret-audit/evidence-template.md +15 -0
  45. package/skills/secret-audit/examples.md +27 -0
  46. package/skills/secret-audit/failure-modes.md +5 -0
  47. package/tests/fixtures/env-audit/adapter-project/.coding-agent/adapters/env-audit-fixture/adapter.json +56 -0
  48. package/tests/fixtures/env-audit/adapter-project/.coding-agent/skills.json +23 -0
  49. package/tests/fixtures/env-audit/adapter-project/README.md +3 -0
  50. package/tests/fixtures/env-audit/adapter-project/package.json +4 -0
  51. package/tests/fixtures/env-audit/adapter-project/src/config.ts +2 -0
  52. package/tests/fixtures/env-audit/static-project/.env.example +3 -0
  53. package/tests/fixtures/env-audit/static-project/README.md +3 -0
  54. package/tests/fixtures/env-audit/static-project/docs/setup.md +3 -0
  55. package/tests/fixtures/env-audit/static-project/package.json +4 -0
  56. package/tests/fixtures/env-audit/static-project/src/config.ts +4 -0
  57. package/tests/fixtures/env-audit/static-project/src/deno.ts +1 -0
  58. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/adapters/secret-audit-fixture/adapter.json +53 -0
  59. package/tests/fixtures/secret-audit/adapter-project/.coding-agent/skills.json +23 -0
  60. package/tests/fixtures/secret-audit/adapter-project/README.md +3 -0
  61. package/tests/fixtures/secret-audit/adapter-project/package.json +4 -0
  62. package/tests/fixtures/secret-audit/adapter-project/src/placeholder.ts +1 -0
  63. package/tests/fixtures/secret-audit/static-project/.env.example +1 -0
  64. package/tests/fixtures/secret-audit/static-project/README.md +3 -0
  65. package/tests/fixtures/secret-audit/static-project/package.json +4 -0
  66. package/tests/fixtures/secret-audit/static-project/src/config.ts +1 -0
  67. package/tests/fixtures/triggers/cases.json +25 -1
  68. package/tests/trigger/README.md +4 -0
  69. package/work-ledger.md +36 -11
package/CHANGELOG.md CHANGED
@@ -2,6 +2,45 @@
2
2
 
3
3
  All notable changes follow [Semantic Versioning](docs/versioning/README.md).
4
4
 
5
+ ## [0.2.11] - 2026-07-03
6
+
7
+ ### Added
8
+
9
+ - `secret-audit` audit-only skill for redacted static secret exposure detection.
10
+ - `coding-agent-skills secret-audit <project-root>` CLI command.
11
+ - Dependency-free secret audit renderer for high-confidence finding paths, finding types,
12
+ counts, skipped secret-bearing paths, not-verified credential surfaces, adapter-limited
13
+ scope, and safety refusals.
14
+ - Synthetic secret-audit fixtures and release tests for generic static scans,
15
+ adapter-scoped scans, `.env` exclusion, matched-value omission, and repo-map-only adapter
16
+ skips.
17
+
18
+ ### Changed
19
+
20
+ - Adapter schemas and validators now recognize `secret-audit` as an audit-only skill while
21
+ preserving the existing `0.2.3` adapter contract compatibility baseline.
22
+ - Usage, release, safety, architecture, adapter, roadmap, ledger, and run-log docs now
23
+ describe the new redacted read-only secret-audit command.
24
+
25
+ ## [0.2.10] - 2026-07-03
26
+
27
+ ### Added
28
+
29
+ - `env-audit` audit-only skill for static environment variable name mapping without values.
30
+ - `coding-agent-skills env-audit <project-root>` CLI command.
31
+ - Dependency-free env audit renderer for variable names, classifications, sample files,
32
+ skipped secret-bearing paths, not-verified runtime stores, adapter-limited scope, and
33
+ safety refusals.
34
+ - Synthetic env-audit fixtures and release tests for generic static scans, adapter-scoped
35
+ scans, `.env` exclusion, `.env.example` inspection, and repo-map-only adapter skips.
36
+
37
+ ### Changed
38
+
39
+ - Adapter schemas and validators now recognize `env-audit` as an audit-only skill while
40
+ preserving the existing `0.2.3` adapter contract compatibility baseline.
41
+ - Builder-mode approval for completing the remaining read-only skill wave is recorded in
42
+ the roadmap, ledger, and run log.
43
+
5
44
  ## [0.2.9] - 2026-07-03
6
45
 
7
46
  ### Added
package/README.md CHANGED
@@ -7,6 +7,8 @@ The pilot pack contains:
7
7
  - Shared evidence-pack contract.
8
8
  - `repo-map`: audit-only repository orientation.
9
9
  - `route-trace`: audit-only static route surface tracing.
10
+ - `env-audit`: audit-only environment variable name mapping without values.
11
+ - `secret-audit`: audit-only high-confidence secret exposure detection without values.
10
12
  - `build-verify`: controlled local validation using existing project commands.
11
13
  - `git-preflight`: audit-only Git readiness inspection.
12
14
  - `runtime-truth`: audit-only runtime evidence collection.
@@ -40,6 +42,8 @@ Every skill emits the evidence-pack contract. A command being attempted is never
40
42
  - Run `npx coding-agent-skills validate-pack` when a one-off npm execution is preferred.
41
43
  - From a clone, the same wrapper is available as `bin/coding-agent-skills validate-pack`.
42
44
  - Trace static route surfaces with `coding-agent-skills route-trace <project-root>`.
45
+ - Map environment variable names with `coding-agent-skills env-audit <project-root>`.
46
+ - Find redacted secret exposure risks with `coding-agent-skills secret-audit <project-root>`.
43
47
  - Validate project adapters against [the formal adapter schema](schemas/project-adapter.schema.json).
44
48
  - Review [external adapter discovery](docs/adapters/discovery.md).
45
49
  - Run `node scripts/validate-adapters.mjs <adapter-root>` for a disposable external root.
@@ -49,6 +53,8 @@ Every skill emits the evidence-pack contract. A command being attempted is never
49
53
  `node scripts/render-adapter-repo-map.mjs <project-root>`.
50
54
  - Render a static route-trace report with
51
55
  `node scripts/render-route-trace.mjs <project-root>`.
56
+ - Render a redacted secret-audit report with
57
+ `node scripts/render-secret-audit.mjs <project-root>`.
52
58
  - Review [adapter upgrade checks](docs/adapters/upgrades.md).
53
59
  - Run `node scripts/check-adapter-upgrade.mjs <before-project-root> <after-project-root>`
54
60
  for disposable project revisions.
package/ROADMAP.md CHANGED
@@ -1,7 +1,8 @@
1
1
  # Roadmap
2
2
 
3
- The public package now contains six approved shared skills. Future work requires separate
4
- design and approval.
3
+ The public package now contains eight approved shared skills. Builder-mode approval is
4
+ active for the remaining read-only skill wave in this repository; real-world project
5
+ execution constraints remain unchanged.
5
6
 
6
7
  ## Released Harness Milestones
7
8
 
@@ -29,15 +30,18 @@ design and approval.
29
30
  install smoke coverage.
30
31
  - `v0.2.9`: audit-only `route-trace` skill and CLI renderer for static route surface
31
32
  tracing.
33
+ - `v0.2.10`: audit-only `env-audit` skill and CLI renderer for value-free environment
34
+ variable name mapping.
35
+ - `v0.2.11`: audit-only `secret-audit` skill and CLI renderer for redacted secret
36
+ exposure detection.
32
37
 
33
38
  The next milestone is recorded in [work-ledger.md](work-ledger.md). The
34
39
  [maintainer loop](RUNBOOK.md) may select and evidence that milestone, but it must stop
35
40
  before implementation until the relevant human approval is granted.
36
41
 
37
- No evidence-harness milestone is queued after `v0.2.3`. Additional real project adapters,
38
- new skills beyond `route-trace`, platform work, deployment/preflight work, and signing infrastructure remain
39
- separately gated. The public npm package exposes the existing read-only CLI surface; it
40
- does not approve new skills or target-project mutation.
42
+ No evidence-harness milestone is queued after `v0.2.3`. Builder-mode approval permits the
43
+ listed read-only skill wave inside this repository. Real project adapters, target-project
44
+ mutation, signing infrastructure, and action-capable platform work remain separately gated.
41
45
 
42
46
  ## Planning Gates
43
47
 
@@ -71,20 +75,21 @@ Next safe milestone options:
71
75
  | Candidate | Scope | Mode | Current gate |
72
76
  |---|---|---|---|
73
77
  | `route-trace-skill` | General | Audit-only | Implemented in `v0.2.9` |
74
- | `env-audit-skill` | General | Audit-only | Needs more evidence |
75
- | `secret-audit-skill` | General | Audit-only | Blocked on privacy and approval model |
76
- | `deployment-preflight-skill` | General | Audit-only | Needs design review |
77
- | `cloudflare-preflight-skill` | Platform-specific | Audit-only | Needs more evidence |
78
+ | `env-audit-skill` | General | Audit-only | Implemented in `v0.2.10` |
79
+ | `secret-audit-skill` | General | Audit-only | Implemented in `v0.2.11` |
80
+ | `api-contract-audit-skill` | General | Audit-only | Builder-mode approved; next in wave |
81
+ | `migration-review-skill` | General with platform adapters | Audit-only | Builder-mode approved; later in wave |
82
+ | `github-handoff-skill` | General | Audit-only | Builder-mode approved; later in wave |
83
+ | `deployment-preflight-skill` | General | Audit-only | Builder-mode approved; later in wave |
84
+ | `cloudflare-preflight-skill` | Platform-specific | Audit-only | Builder-mode approved; later in wave |
78
85
  | `cloudflare-deploy-skill` | Platform-specific | Action-capable | Blocked on approval model |
79
- | `supabase-rls-audit-skill` | Platform-specific | Audit-only | Needs more evidence |
80
- | `migration-review-skill` | General with platform adapters | Audit-only | Needs design review |
81
- | `api-contract-audit-skill` | General | Audit-only | Needs design review |
86
+ | `supabase-rls-audit-skill` | Platform-specific | Audit-only | Builder-mode approved; later in wave |
82
87
  | `repo-knowledge-sync-skill` | General | Action-capable | Blocked on write approval model |
83
88
  | `security-hardening-review-skill` | General coordinator | Audit-only | Needs more evidence |
84
89
  | `worker-queue-debug-skill` | General core with project adapters | Audit-only first | Needs more evidence |
85
90
  | `devvit-ingest-debug-skill` | Project-specific | Audit-only | Needs project evidence |
86
- | `github-handoff-skill` | Platform-specific | Action-capable | Blocked on approval model |
87
91
  | `session-extractor-skill` | General tooling | Action-capable | Blocked on privacy policy and more evidence |
88
92
  | `command-redaction-skill` | General tooling | Action-capable | Needs more evidence |
89
93
 
90
- No roadmap item is implicitly approved for implementation.
94
+ Builder-mode approval applies only to the named read-only wave. No other roadmap item is
95
+ implicitly approved for implementation.
@@ -29,6 +29,18 @@ const commands = {
29
29
  usage: "coding-agent-skills route-trace <project-root>",
30
30
  requiredArgs: 1,
31
31
  },
32
+ "env-audit": {
33
+ script: "scripts/render-env-audit.mjs",
34
+ args: ([projectRoot]) => [projectRoot],
35
+ usage: "coding-agent-skills env-audit <project-root>",
36
+ requiredArgs: 1,
37
+ },
38
+ "secret-audit": {
39
+ script: "scripts/render-secret-audit.mjs",
40
+ args: ([projectRoot]) => [projectRoot],
41
+ usage: "coding-agent-skills secret-audit <project-root>",
42
+ requiredArgs: 1,
43
+ },
32
44
  "validate-adapters": {
33
45
  script: "scripts/validate-adapters.mjs",
34
46
  args: ([adapterRoot]) => [adapterRoot],
@@ -46,6 +58,8 @@ function usage(exitCode = 0) {
46
58
  " validate-project <project-root>",
47
59
  " repo-map <project-root>",
48
60
  " route-trace <project-root>",
61
+ " env-audit <project-root>",
62
+ " secret-audit <project-root>",
49
63
  " validate-adapters <adapter-root>",
50
64
  "",
51
65
  "local wrapper for the published coding-agent-skills package",
@@ -54,12 +54,48 @@ statically reports verified route files, inferred route patterns, skipped items,
54
54
  not-verified runtime-dependent routing classes. It does not execute target code, run
55
55
  servers, hit URLs, build, test, deploy, migrate, inspect databases, or read `.env` files.
56
56
 
57
+ ## Adapter-Aware Env Audit Consumption
58
+
59
+ The shared pack can consume a validated project-owned adapter as bounded context for
60
+ `env-audit`:
61
+
62
+ ```bash
63
+ node scripts/render-env-audit.mjs <project-root>
64
+ ```
65
+
66
+ The renderer validates the project declaration when present. If an adapter is present but
67
+ does not enable `env-audit`, it reports an adapter-limited skip instead of broadening
68
+ scope. When enabled, it reads only adapter-declared safe paths, excludes `.env` and
69
+ secret-bearing files, and reports variable names, classifications, sample files inspected,
70
+ skipped items, and not-verified runtime or credential stores. It never prints values or
71
+ validates credentials.
72
+
73
+ ## Adapter-Aware Secret Audit Consumption
74
+
75
+ The shared pack can consume a validated project-owned adapter as bounded context for
76
+ `secret-audit`:
77
+
78
+ ```bash
79
+ node scripts/render-secret-audit.mjs <project-root>
80
+ ```
81
+
82
+ The renderer validates the project declaration when present. If an adapter is present but
83
+ does not enable `secret-audit`, it reports an adapter-limited skip instead of broadening
84
+ scope. When enabled, it reads only adapter-declared safe paths, excludes `.env`,
85
+ secret-bearing files, generated output, dependency paths, and oversized files, then
86
+ reports finding paths, types, and counts. It never prints matched values, validates
87
+ credentials, rotates secrets, contacts APIs, deploys, migrates, builds, tests, or mutates
88
+ project files.
89
+
57
90
  ## What Adapters May Do
58
91
 
59
92
  - Add bounded relative read paths and ignored paths.
60
93
  - Declare project-root markers and a bounded detection depth.
61
94
  - Add documentation precedence and package-manager hints.
62
95
  - Add route-trace safe read paths for static route files and route config.
96
+ - Add env-audit safe read paths for static source, docs, sample, and config files.
97
+ - Add secret-audit safe read paths for static source, docs, sample, and config files
98
+ while relying on the shared scanner to exclude secret-bearing paths.
63
99
  - Add command aliases that already satisfy the shared command policy.
64
100
  - Add status-only runtime commands and manager hints.
65
101
  - Require additional evidence or named approval for exceptional reads.
@@ -122,6 +122,29 @@ patterns, skipped paths, and not-verified runtime-dependent route classes. It do
122
122
  servers, hit URLs, execute app code, build, test, deploy, migrate, inspect databases, read
123
123
  `.env` files, or modify project state.
124
124
 
125
+ A project-owned adapter can also enable read-only `env-audit` context:
126
+
127
+ ```bash
128
+ node scripts/render-env-audit.mjs <project-root>
129
+ ```
130
+
131
+ The env-audit renderer validates the project declaration when present. If the adapter is
132
+ present but does not enable `env-audit`, it reports an adapter-limited skip. When enabled,
133
+ it reads only adapter-declared safe paths, refuses `.env` and secret-bearing files, and
134
+ reports environment variable names without values.
135
+
136
+ A project-owned adapter can also enable read-only `secret-audit` context:
137
+
138
+ ```bash
139
+ node scripts/render-secret-audit.mjs <project-root>
140
+ ```
141
+
142
+ The secret-audit renderer validates the project declaration when present. If the adapter
143
+ is present but does not enable `secret-audit`, it reports an adapter-limited skip. When
144
+ enabled, it reads only adapter-declared safe paths, refuses `.env` and secret-bearing
145
+ files, and reports high-confidence finding paths, types, and counts without matched
146
+ values or credential validation.
147
+
125
148
  ## Safety Boundary
126
149
 
127
150
  Project adapters are extension-only. They cannot remove denied operations, change an
@@ -21,7 +21,8 @@ project repository is touched:
21
21
  - The project can declare exactly one installation file: `.coding-agent/skills.json` or
22
22
  `coding-agent.skills.json`.
23
23
  - The adapter need is bounded to existing pilot skills: `repo-map`, `route-trace`,
24
- `build-verify`, `git-preflight`, `runtime-truth`, or `llm-drift-control`.
24
+ `env-audit`, `secret-audit`, `build-verify`, `git-preflight`, `runtime-truth`, or
25
+ `llm-drift-control`.
25
26
  - The adapter can narrow context with relative paths, documentation precedence, safe
26
27
  aliases, status-only hints, or extra evidence requirements.
27
28
  - The adapter does not require deployment, migration, package installation, Git
@@ -13,6 +13,8 @@ Audit-only:
13
13
 
14
14
  - `repo-map`
15
15
  - `route-trace`
16
+ - `env-audit`
17
+ - `secret-audit`
16
18
  - `git-preflight`
17
19
  - `runtime-truth`
18
20
  - `llm-drift-control`
@@ -21,6 +23,6 @@ Controlled local validation:
21
23
 
22
24
  - `build-verify`
23
25
 
24
- The evidence pack is a shared output contract, not an executable skill. Environment and
25
- secret audits, deployment preflight, GitHub handoff, provider operations, and additional
26
- project adapters remain separate future work.
26
+ The evidence pack is a shared output contract, not an executable skill. Deployment
27
+ preflight, GitHub handoff, provider operations, and additional project adapters remain
28
+ separate future work.
@@ -19,8 +19,10 @@
19
19
  13. Inspect tarball contents for local-only files, credentials, `.env` files, dependency
20
20
  folders, generated output, and unrelated repositories.
21
21
  14. Install the tarball into a temporary npm prefix and smoke-test the installed CLI.
22
- 15. Smoke-test any new CLI command such as `coding-agent-skills route-trace` against
23
- synthetic fixtures only unless a real project read-only smoke is explicitly approved.
22
+ 15. Smoke-test any new CLI command such as `coding-agent-skills route-trace`,
23
+ `coding-agent-skills env-audit`, or `coding-agent-skills secret-audit` against
24
+ synthetic fixtures only unless a real project
25
+ read-only smoke is explicitly approved.
24
26
  16. Review changelog, ledger, run evidence, and versioning impact.
25
27
  17. Commit with approved identity.
26
28
  18. Push `main` using credential-free remotes.
@@ -7,7 +7,7 @@ safety model.
7
7
  ## Current Package Shape
8
8
 
9
9
  - Package name: `coding-agent-skills`.
10
- - Package version: `0.2.9`.
10
+ - Package version: `0.2.11`.
11
11
  - CLI bin: `coding-agent-skills` mapped to `bin/coding-agent-skills`.
12
12
  - Module type: `module`.
13
13
  - Dependencies: none.
@@ -28,6 +28,8 @@ coding-agent-skills validate-pack
28
28
  coding-agent-skills validate-project /path/to/project
29
29
  coding-agent-skills repo-map /path/to/project
30
30
  coding-agent-skills route-trace /path/to/project
31
+ coding-agent-skills env-audit /path/to/project
32
+ coding-agent-skills secret-audit /path/to/project
31
33
  coding-agent-skills validate-adapters /path/to/adapter-root
32
34
  ```
33
35
 
@@ -39,7 +41,12 @@ npx coding-agent-skills validate-pack
39
41
 
40
42
  Adapter compatibility remains controlled by the existing shared core and
41
43
  project-adapter validators. `route-trace` is static and audit-only; it reports route
42
- files and route declarations without executing the target project.
44
+ files and route declarations without executing the target project. `env-audit` is static
45
+ and audit-only; it reports environment variable names without reading `.env` files or
46
+ printing values.
47
+ `secret-audit` is static and audit-only; it reports high-confidence secret-like finding
48
+ paths, types, and counts without printing matched values, reading `.env` files, or
49
+ validating credentials.
43
50
 
44
51
  `coding-agent-skills validate-pack` is package-aware. In a source checkout, it keeps
45
52
  source-only checks such as `.gitignore` validation. In an installed package tree, where
@@ -74,7 +81,7 @@ included.
74
81
 
75
82
  The public CLI remains read-only for target projects unless a specific underlying skill
76
83
  already permits a bounded local validation action. The installed `repo-map`,
77
- `route-trace`, and adapter flows do not:
84
+ `route-trace`, `env-audit`, `secret-audit`, and adapter flows do not:
78
85
 
79
86
  - deploy
80
87
  - run migrations
@@ -2,12 +2,21 @@
2
2
 
3
3
  ## Audit-Only Rule
4
4
 
5
- `repo-map`, `route-trace`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
5
+ `repo-map`, `route-trace`, `env-audit`, `secret-audit`, `git-preflight`, `runtime-truth`, and `llm-drift-control` must not alter project files, Git state, dependencies, processes, services, databases, remote systems, or deployment state.
6
6
 
7
7
  `route-trace` is static only. It may read bounded non-secret route files and route
8
8
  configuration, but it must not execute app code, run servers, hit URLs, claim runtime
9
9
  truth, or broaden adapter scope when a project adapter is present.
10
10
 
11
+ `env-audit` is value-free. It may read bounded non-secret source, docs, sample, and config
12
+ files, including `.env.example`, but must not read `.env`, print values, validate
13
+ credentials, contact APIs, or inspect secret stores.
14
+
15
+ `secret-audit` is redacted static inspection only. It may read bounded non-secret static
16
+ files and report high-confidence secret-like finding paths, types, and counts, but it must
17
+ not print matched values, read `.env` or secret-bearing files, inspect credential stores,
18
+ validate or rotate credentials, contact APIs, or broaden adapter scope.
19
+
11
20
  `build-verify` may run existing project-native validation commands. Build or test tools may create their normal local artifacts, but the skill must declare observed changes and must reject installation, fix modes, snapshot updates, deployment, migration, or unknown scripts.
12
21
 
13
22
  ## Restricted Categories
@@ -37,6 +37,21 @@ skipped paths, not-verified runtime route classes, and repo-map-only adapter ski
37
37
  Route-trace tests must never run a target project, hit URLs, build, test, deploy, migrate,
38
38
  or read `.env` files.
39
39
 
40
+ ## Env Audit
41
+
42
+ Synthetic env-audit projects cover value-free variable-name detection, `.env` exclusion,
43
+ `.env.example` inspection, adapter-declared scope, and adapter-present-but-not-enabled
44
+ behavior. Env-audit tests must never print values, validate credentials, contact APIs,
45
+ run target projects, build, test, deploy, migrate, or read `.env` files.
46
+
47
+ ## Secret Audit
48
+
49
+ Synthetic secret-audit projects cover high-confidence finding detection, `.env` exclusion,
50
+ matched-value omission, adapter-declared scope, and adapter-present-but-not-enabled
51
+ behavior. Secret-audit tests construct synthetic secret-like values only in temporary
52
+ directories and assert that rendered reports include paths, types, and counts without
53
+ printing matched values.
54
+
40
55
  ## Privacy And Redaction
41
56
 
42
57
  Sensitive shapes are stored as ordered synthetic parts and reconstructed only in memory. Tests verify type detection, redaction, and absence from reusable skill content without printing fixture values.
@@ -6,6 +6,8 @@ Select the least-privileged skill that matches the request:
6
6
  |---|---|
7
7
  | Understand repository identity and structure | `repo-map` |
8
8
  | Trace statically visible route surfaces | `route-trace` |
9
+ | Map environment variable names without values | `env-audit` |
10
+ | Find high-confidence secret exposure risks without values | `secret-audit` |
9
11
  | Run existing local validation checks | `build-verify` |
10
12
  | Assess Git handoff readiness | `git-preflight` |
11
13
  | Determine what is actually running | `runtime-truth` |
@@ -15,11 +17,15 @@ Select the least-privileged skill that matches the request:
15
17
 
16
18
  1. Use `repo-map` when repository identity or boundaries are not established.
17
19
  2. Use `route-trace` when route files or declarations must be mapped from static files.
18
- 3. Perform implementation outside this pilot pack.
19
- 4. Use `build-verify` for approved project-native checks.
20
- 5. Use `git-preflight` before handoff or publication.
21
- 6. Use `runtime-truth` only when live local state matters.
22
- 7. Use `llm-drift-control` when claims and evidence may disagree.
20
+ 3. Use `env-audit` when environment variable names or sample config references must be
21
+ mapped without reading values.
22
+ 4. Use `secret-audit` when high-confidence tracked secret exposure risk must be reported
23
+ by path, type, and count without printing matched values.
24
+ 5. Perform implementation outside this pilot pack.
25
+ 6. Use `build-verify` for approved project-native checks.
26
+ 7. Use `git-preflight` before handoff or publication.
27
+ 8. Use `runtime-truth` only when live local state matters.
28
+ 9. Use `llm-drift-control` when claims and evidence may disagree.
23
29
 
24
30
  Every skill emits an evidence pack. Read `status`, skipped checks, failures, confidence, and changed state before relying on a completion claim.
25
31
 
@@ -51,6 +57,8 @@ coding-agent-skills validate-pack
51
57
  coding-agent-skills validate-project /path/to/project
52
58
  coding-agent-skills repo-map /path/to/project
53
59
  coding-agent-skills route-trace /path/to/project
60
+ coding-agent-skills env-audit /path/to/project
61
+ coding-agent-skills secret-audit /path/to/project
54
62
  coding-agent-skills validate-adapters /path/to/adapter-root
55
63
  ```
56
64
 
@@ -66,6 +74,13 @@ precedence, safe read paths, ignored paths, and required evidence.
66
74
  `route-trace` validates a project adapter when present, uses adapter-declared safe paths
67
75
  when enabled, and statically reports verified route files, inferred route declarations,
68
76
  skipped items, and not-verified runtime-dependent route classes.
77
+ `env-audit` validates a project adapter when present, uses adapter-declared safe paths
78
+ when enabled, and statically reports environment variable names, classifications, sample
79
+ files inspected, skipped secret-bearing paths, and not-verified runtime or credential
80
+ stores without printing values.
81
+ `secret-audit` validates a project adapter when present, uses adapter-declared safe paths
82
+ when enabled, and statically reports high-confidence secret-like finding paths, types, and
83
+ counts without printing matched values or validating credentials.
69
84
 
70
85
  The installed CLI does not run target project builds or tests, perform runtime checks,
71
86
  deploy, migrate, mutate services or processes, or read `.env` files. Project adapters
@@ -80,6 +95,8 @@ bin/coding-agent-skills validate-pack
80
95
  bin/coding-agent-skills validate-project /path/to/project
81
96
  bin/coding-agent-skills repo-map /path/to/project
82
97
  bin/coding-agent-skills route-trace /path/to/project
98
+ bin/coding-agent-skills env-audit /path/to/project
99
+ bin/coding-agent-skills secret-audit /path/to/project
83
100
  bin/coding-agent-skills validate-adapters /path/to/adapter-root
84
101
  ```
85
102
 
@@ -91,6 +108,8 @@ coding-agent-skills validate-pack
91
108
  coding-agent-skills validate-project /path/to/project
92
109
  coding-agent-skills repo-map /path/to/project
93
110
  coding-agent-skills route-trace /path/to/project
111
+ coding-agent-skills env-audit /path/to/project
112
+ coding-agent-skills secret-audit /path/to/project
94
113
  coding-agent-skills validate-adapters /path/to/adapter-root
95
114
  ```
96
115
 
@@ -0,0 +1,73 @@
1
+ {
2
+ "version": "0.2.3",
3
+ "mode": "audit-only",
4
+ "parserPolicy": {
5
+ "inspectEverySegment": true,
6
+ "inspectScriptBodies": true,
7
+ "rejectUnknownExecutables": true,
8
+ "rejectShellWrappers": true,
9
+ "rejectHeredocs": true,
10
+ "rejectRedirection": true,
11
+ "providerSpecificNpx": true,
12
+ "authenticatedCurlRequiresApproval": true,
13
+ "boundedReadsRequired": true,
14
+ "allowedComposition": "read-only"
15
+ },
16
+ "allowedFamilies": [
17
+ {
18
+ "name": "bounded-env-name-inspection",
19
+ "executables": ["pwd", "ls", "rg", "find", "sed", "head"],
20
+ "argumentPolicy": {
21
+ "strategy": "pattern",
22
+ "allowedPatterns": ["bounded repository-local static env-name inspection"],
23
+ "deniedPatterns": ["secret files, values, absolute home paths, app execution, and unbounded traversal"]
24
+ },
25
+ "constraints": [
26
+ "Remain inside the declared project scope.",
27
+ "Bound traversal depth and output.",
28
+ "Exclude .env, secret-bearing, generated, dependency, build, and runtime-output paths.",
29
+ "Report variable names only, never values."
30
+ ]
31
+ },
32
+ {
33
+ "name": "git-identity-inspection",
34
+ "executables": ["git"],
35
+ "argumentPolicy": {
36
+ "strategy": "exact",
37
+ "allowedPatterns": ["rev-parse and status --short --branch"],
38
+ "deniedPatterns": ["all Git mutation and publication subcommands"]
39
+ },
40
+ "constraints": [
41
+ "Allow only read-only repository identity and branch-state inspection."
42
+ ]
43
+ },
44
+ {
45
+ "name": "env-audit-renderer",
46
+ "executables": ["node", "coding-agent-skills"],
47
+ "argumentPolicy": {
48
+ "strategy": "exact",
49
+ "allowedPatterns": ["node scripts/render-env-audit.mjs <project-root>; coding-agent-skills env-audit <project-root>"],
50
+ "deniedPatterns": [".env reads, value printing, credential validation, API calls, builds, tests, deployment, migration, and package installation"]
51
+ },
52
+ "constraints": [
53
+ "The renderer must remain static and read-only.",
54
+ "Do not treat renderer output as credential presence or validity evidence."
55
+ ]
56
+ }
57
+ ],
58
+ "restrictedCategories": [
59
+ "file-write",
60
+ "package-install",
61
+ "deployment",
62
+ "git-mutation",
63
+ "unrestricted-scan",
64
+ "secret-read",
65
+ "process-mutation",
66
+ "service-mutation",
67
+ "migration-apply",
68
+ "privileged-api"
69
+ ],
70
+ "approvalExceptions": [
71
+ "A named-file approval may permit one otherwise excluded non-mutating static read when the file is not secret-bearing."
72
+ ]
73
+ }
@@ -0,0 +1,71 @@
1
+ {
2
+ "version": "0.2.3",
3
+ "mode": "audit-only",
4
+ "parserPolicy": {
5
+ "inspectEverySegment": true,
6
+ "inspectScriptBodies": true,
7
+ "rejectUnknownExecutables": true,
8
+ "rejectShellWrappers": true,
9
+ "rejectHeredocs": true,
10
+ "rejectRedirection": true,
11
+ "providerSpecificNpx": true,
12
+ "authenticatedCurlRequiresApproval": true,
13
+ "boundedReadsRequired": true,
14
+ "allowedComposition": "read-only"
15
+ },
16
+ "allowedFamilies": [
17
+ {
18
+ "name": "bounded-secret-pattern-inspection",
19
+ "executables": ["pwd", "ls", "rg", "find", "sed", "head"],
20
+ "argumentPolicy": {
21
+ "strategy": "pattern",
22
+ "allowedPatterns": ["bounded repository-local path/count secret-pattern inspection"],
23
+ "deniedPatterns": ["secret files, matched values, credential stores, API calls, and unbounded traversal"]
24
+ },
25
+ "constraints": [
26
+ "Remain inside the declared project scope.",
27
+ "Bound traversal depth and output.",
28
+ "Exclude .env, secret-bearing, generated, dependency, build, and runtime-output paths.",
29
+ "Report file paths, finding types, and counts only."
30
+ ]
31
+ },
32
+ {
33
+ "name": "git-identity-inspection",
34
+ "executables": ["git"],
35
+ "argumentPolicy": {
36
+ "strategy": "exact",
37
+ "allowedPatterns": ["rev-parse and status --short --branch"],
38
+ "deniedPatterns": ["all Git mutation and publication subcommands"]
39
+ },
40
+ "constraints": ["Allow only read-only repository identity and branch-state inspection."]
41
+ },
42
+ {
43
+ "name": "secret-audit-renderer",
44
+ "executables": ["node", "coding-agent-skills"],
45
+ "argumentPolicy": {
46
+ "strategy": "exact",
47
+ "allowedPatterns": ["node scripts/render-secret-audit.mjs <project-root>; coding-agent-skills secret-audit <project-root>"],
48
+ "deniedPatterns": [".env reads, matched values, credential validation, rotation, API calls, builds, tests, deployment, migration, and package installation"]
49
+ },
50
+ "constraints": [
51
+ "The renderer must remain static and read-only.",
52
+ "Do not print matched values or treat findings as credential validity evidence."
53
+ ]
54
+ }
55
+ ],
56
+ "restrictedCategories": [
57
+ "file-write",
58
+ "package-install",
59
+ "deployment",
60
+ "git-mutation",
61
+ "unrestricted-scan",
62
+ "secret-read",
63
+ "process-mutation",
64
+ "service-mutation",
65
+ "migration-apply",
66
+ "privileged-api"
67
+ ],
68
+ "approvalExceptions": [
69
+ "A named-file approval may permit one otherwise excluded non-mutating static read when the file is not secret-bearing."
70
+ ]
71
+ }
@@ -0,0 +1,55 @@
1
+ {
2
+ "contractVersion": "1.0.0",
3
+ "skill": {"name": "env-audit", "version": "0.2.3"},
4
+ "invocation": {
5
+ "id": "example-env-audit",
6
+ "startedAt": "2026-07-03T10:00:00Z",
7
+ "endedAt": "2026-07-03T10:01:00Z"
8
+ },
9
+ "repository": {
10
+ "root": "/workspace/example-project",
11
+ "branch": "main",
12
+ "head": "0123456789abcdef",
13
+ "workingTreeState": "clean"
14
+ },
15
+ "userIntent": "Identify environment variable names before updating setup documentation.",
16
+ "declaredScope": ["/workspace/example-project"],
17
+ "projectAdapter": "example-env-adapter",
18
+ "environmentSummary": {"platform": "linux", "shell": "bash"},
19
+ "status": "complete",
20
+ "confidence": {
21
+ "level": "high",
22
+ "reason": "Static env references, sample files, skipped secret paths, and not-verified runtime stores were recorded without values."
23
+ },
24
+ "commands": [
25
+ {
26
+ "command": "coding-agent-skills env-audit /workspace/example-project",
27
+ "family": "env-audit-renderer",
28
+ "workingDirectory": "/workspace/example-project",
29
+ "startedAt": "2026-07-03T10:00:20Z",
30
+ "endedAt": "2026-07-03T10:00:21Z",
31
+ "exitStatus": 0,
32
+ "resultStatus": "success",
33
+ "safetyClass": "allowed",
34
+ "approvalReference": null,
35
+ "purpose": "Render a value-free static env audit report.",
36
+ "outputSummary": "Found env variable names and sample declarations without reading .env files or printing values."
37
+ }
38
+ ],
39
+ "skippedChecks": [],
40
+ "findings": [
41
+ {
42
+ "summary": "Environment variable names were identified from static references and .env.example only.",
43
+ "evidence": ["src/config.ts", ".env.example"]
44
+ }
45
+ ],
46
+ "risks": [],
47
+ "failures": [],
48
+ "unresolvedQuestions": [],
49
+ "changedState": {
50
+ "changed": false,
51
+ "summary": "No project, Git, dependency, runtime, service, or remote state changed."
52
+ },
53
+ "handoffSummary": "Environment variable names are mapped without values; runtime stores remain unverified.",
54
+ "recommendedNextAction": "Review the reported names before updating documentation."
55
+ }