create-agdf 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -23,8 +23,13 @@ If the target repository already has an `AGENTS.md`, `create-agdf` preserves it
23
23
 
24
24
  ## Single source of truth
25
25
 
26
- The AGDF skill contracts are maintained in `plugin/skills/`.
27
- The published package assets are generated from the repository sources only at pack/publish time. The package does not keep a second manually maintained template tree.
26
+ The repository-facing AGDF sources are maintained in:
27
+
28
+ - `AGENTS.md`
29
+ - `plugin/skills/`
30
+ - `plugin/meta/agdf-runtime-contract.md`
31
+
32
+ The published package assets are generated from these repository sources only at pack/publish time. The package does not keep a second manually maintained template tree.
28
33
 
29
34
  ```bash
30
35
  npm run sync-package-assets
@@ -18,6 +18,7 @@ const copilotSkillFiles = [
18
18
  join(".github", "skills", "agdf-brownfield-analysis", "SKILL.md"),
19
19
  join(".github", "skills", "agdf-task-plan-review", "SKILL.md"),
20
20
  join(".github", "skills", "agdf-clean-implementation-review", "SKILL.md"),
21
+ join(".github", "skills", "agdf-code-review", "SKILL.md"),
21
22
  join(".github", "skills", "agdf-qa-gate", "SKILL.md"),
22
23
  join(".github", "skills", "agdf-release-or", "SKILL.md"),
23
24
  join(".github", "skills", "agdf-delivery-closeout", "SKILL.md"),
@@ -1,11 +1,12 @@
1
1
  # AGDF repository skills
2
2
 
3
- These repository skills are generated from `plugin/skills/`, which is the single source of truth for the AGDF skill contracts.
3
+ These repository skills were generated from the AGDF source repository and are intended to be checked into this repository.
4
4
 
5
5
  ## Skills
6
6
 
7
7
  - `agdf-brownfield-analysis`
8
8
  - `agdf-clean-implementation-review`
9
+ - `agdf-code-review`
9
10
  - `agdf-delivery-closeout`
10
11
  - `agdf-gate-check`
11
12
  - `agdf-qa-gate`
@@ -14,4 +15,4 @@ These repository skills are generated from `plugin/skills/`, which is the single
14
15
 
15
16
  ## Runtime contract
16
17
 
17
- Shared output and gate rules live in `agdf-runtime-contract.md`.
18
+ Shared output and gate rules for this checkout live in `agdf-runtime-contract.md`.
@@ -49,7 +49,7 @@ Use what is available:
49
49
  - Code Deliverables
50
50
  - changed files
51
51
  - tests and test results
52
- - Code Review Report
52
+ - `agdf-code-review` or Code Review Report
53
53
  - QA Report
54
54
  - Brownfield Analysis findings
55
55
  - PRD or SD architecture notes
@@ -0,0 +1,94 @@
1
+ ---
2
+ name: agdf-code-review
3
+ description: Use this skill after code changes and before QA to produce the mandatory Code Review Report for correctness, regression, security, and maintainability findings in the actual diff. It standardizes the CR step without replacing TP review, clean review, or QA.
4
+ ---
5
+
6
+ # code-review
7
+
8
+ ## Purpose
9
+ Produce the mandatory Code Review Report (CR) for a relevant run.
10
+
11
+ It answers:
12
+
13
+ - whether the changed code shows functional defects, security issues, regression risks, or maintainability problems that matter
14
+ - whether findings are blocking, revisable, or advisory
15
+ - which concrete evidence in files, diffs, tests, or runtime observations supports each finding
16
+ - which issues must be fixed before QA
17
+ - whether Brownfield, TP, or clean-review follow-up remains open
18
+
19
+ ## Runtime Contract
20
+ Use `../agdf-runtime-contract.md` for Quality Contract output, Context Graph fields, gate terms, and non-duplication rules.
21
+
22
+ Code-review-specific output must make actual findings, missing review scope, evidence strength, and the next required step visible.
23
+
24
+ ## Rules
25
+ 1. Review the actual diff and impacted code, not intent alone.
26
+ 2. Findings require concrete evidence.
27
+ 3. Prioritize correctness, safety, data integrity, compatibility, and maintainability over style.
28
+ 4. Do not generate style-only noise.
29
+ 5. Missing review scope or evidence must stay visible.
30
+ 6. Brownfield owners and existing conventions are binding unless deviation is justified.
31
+ 7. Distinguish blocking defects from fixable review findings.
32
+ 8. CR does not grant QA pass.
33
+
34
+ ## When To Use
35
+ - after `CD+Tests`
36
+ - before `QA`
37
+ - when code changes exist
38
+ - when multiple agents or contributors touched the same area
39
+ - when a commit-near change needs explicit review evidence
40
+
41
+ ## Inputs
42
+ Use what is available:
43
+
44
+ - changed files and diff
45
+ - affected neighbouring code
46
+ - test/build results
47
+ - Brownfield Analysis
48
+ - Task Plan and TP Review
49
+ - Clean Implementation Review
50
+ - runtime or UI evidence
51
+ - known risks or follow-up decisions
52
+
53
+ If no code changes are present, do not invent a CR result.
54
+
55
+ ## Workflow
56
+ 1. Inspect the changed files and directly impacted neighbours.
57
+ 2. Check correctness, edge cases, and error paths.
58
+ 3. Check security, data handling, and state ownership risks.
59
+ 4. Check regression and compatibility risks.
60
+ 5. Check maintainability only where it creates real defect or change-risk exposure.
61
+ 6. Classify the overall result:
62
+ - `pass`
63
+ - `revise`
64
+ - `block`
65
+ - `not_applicable`
66
+ 7. Set exactly one required next step.
67
+
68
+ ## Output
69
+ Use this compact structure:
70
+
71
+ ```text
72
+ ## Code Review
73
+ - decision: pass | revise | block | not_applicable
74
+ - findings:
75
+ - [severity] file/path - issue - evidence
76
+ - missing_evidence:
77
+ - risks:
78
+ - required_next_step:
79
+ ```
80
+
81
+ ## Decision Guidance
82
+ - `pass`: no meaningful review finding remains evident in reviewed scope.
83
+ - `revise`: fixable correctness, regression, or maintainability issues remain.
84
+ - `block`: a hard defect, security risk, data-integrity risk, or unresolved critical uncertainty remains.
85
+ - `not_applicable`: no code changes were present for review.
86
+
87
+ ## Forbidden
88
+ This skill must not:
89
+
90
+ - decide final QA
91
+ - accept a green build as sufficient review evidence
92
+ - hide missing review scope
93
+ - generate style-only findings
94
+ - duplicate TP Review or QA as if they were the same step
@@ -40,7 +40,7 @@ QA-specific `decision` is exactly `pass | revise | block`.
40
40
 
41
41
  ## When To Use
42
42
  - after `CD+Tests`
43
- - after Code Review
43
+ - after `agdf-code-review`
44
44
  - after `agdf-task-plan-review`
45
45
  - after `agdf-clean-implementation-review`
46
46
  - before UAT
@@ -58,7 +58,7 @@ Use what is available:
58
58
  - approved TP and TP Review
59
59
  - Brownfield Analysis
60
60
  - Clean Implementation Review
61
- - Code Review Report
61
+ - `agdf-code-review` or Code Review Report
62
62
  - test/build results
63
63
  - documentation impact review
64
64
  - runtime or UI evidence
@@ -46,7 +46,7 @@ OR-specific output must make gate status, delivered and intentionally not delive
46
46
  - after artefact creation
47
47
  - when a gate blocks
48
48
  - after `CD+Tests`
49
- - after CR
49
+ - after `agdf-code-review`
50
50
  - after QA
51
51
  - after UAT
52
52
  - whenever a compact audit closeout is needed
@@ -62,6 +62,7 @@ Use what is available:
62
62
  - `agdf-task-plan-review`
63
63
  - `agdf-brownfield-analysis`
64
64
  - `agdf-clean-implementation-review`
65
+ - `agdf-code-review`
65
66
  - QA Report
66
67
  - UAT Report
67
68
  - documentation impact review
@@ -22,6 +22,7 @@ Structured Delivery must not bypass missing approvals.
22
22
  - Implicit consent is not approval.
23
23
  - The earliest blocking gate wins.
24
24
  - `CD+Tests` is implementation and test status only, not a delivery signal.
25
+ - `agdf-code-review` standardizes the mandatory `CR` step, but does not replace QA.
25
26
  - `agdf-qa-gate` decides final `pass | revise | block`.
26
27
  - `agdf-release-or` reports the run, but does not replace QA.
27
28
 
@@ -44,6 +44,7 @@ Evidence overrides assumptions and memory. If evidence is missing, state the unc
44
44
  | `agdf-brownfield-analysis` | before non-trivial implementation in existing systems | clarifies reuse, owners, risks |
45
45
  | `agdf-task-plan-review` | after implementation and before QA, verify TP coverage | no final QA decision |
46
46
  | `agdf-clean-implementation-review` | inspect workarounds, fallbacks, parallel structures, or symptom fixes | not a TP or QA substitute |
47
+ | `agdf-code-review` | mandatory CR step after code changes, focused on defects, regression, and security findings | does not replace TP review, clean review, or QA |
47
48
  | `agdf-qa-gate` | final QA decision | only instance for `pass | revise | block` |
48
49
  | `agdf-release-or` | auditable closeout for every relevant run | not a QA substitute |
49
50
  | `agdf-delivery-closeout` | commit/PR-near handoff after QA/OR/UAT | never performs VCS actions automatically |
@@ -52,7 +53,7 @@ Select exactly one primary skill first. Add more only when they cover a distinct
52
53
 
53
54
  ## Skill Contract
54
55
  For repeated output, gate, Quality Contract, and Context Graph rules, use:
55
- `plugin/meta/agdf-runtime-contract.md`
56
+ the repository-local `agdf-runtime-contract.md` artifact.
56
57
 
57
58
  Skills may include short runtime reminders, but must not carry a second complete rule or code table.
58
59
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-agdf",
3
- "version": "0.1.1",
3
+ "version": "0.1.2",
4
4
  "description": "Bootstrap AGDF for GitHub Copilot, Claude Code, or both.",
5
5
  "type": "module",
6
6
  "files": [