leerness 1.0.0

package/docs/AX_SKILL_LIBRARY_GUIDE.md

@@ -0,0 +1,156 @@
+# Leerness AX Skill Library Guide
+
+AX는 AI eXperience의 약자입니다. 이 문서는 AI 에이전트가 검증된 스킬 데이터를 안전하게 학습, 검증, 빌드, 업로드, 업데이트, 병합, 마이그레이션할 수 있도록 만든 실행 가이드입니다.
+
+## 목표
+
+- 성공한 구현 방식을 재사용 가능한 스킬로 축적한다.
+- 민감정보는 절대 스킬에 저장하지 않는다.
+- 스킬 업로드는 AI 검증 게이트를 통과한 경우에만 허용한다.
+- 각 스킬의 최종 업데이트 날짜, 버전, 검증 상태를 명확히 표시한다.
+- downstream 프로젝트에 병합할 때 `.harness/skills-lock.json`에 출처와 상태를 기록한다.
+
+## 전체 흐름
+
+```text
+검증된 프로젝트 작업
+  -> leerness skill learn
+  -> leerness library validate
+  -> leerness library verify --ai
+  -> leerness library build
+  -> leerness library publish --target npm|git --execute
+  -> 다른 프로젝트에서 library merge/update/migrate
+```
+
+## 스킬에 들어갈 수 있는 데이터
+
+허용:
+
+```text
+반복 가능한 절차
+성공한 구현 순서
+검증 방법
+실패 대응법
+환경변수 이름
+파일 구조
+의사코드와 템플릿
+```
+
+금지:
+
+```text
+실제 토큰
+실제 쿠키
+비밀번호
+운영 고객 데이터
+개인정보가 포함된 API 응답 원문
+비공개 인증 헤더
+```
+
+## 필수 메타데이터
+
+```json
+{
+  "name": "commerce-api-coupang",
+  "version": "1.0.0",
+  "title": "Coupang Commerce API Skill",
+  "category": "commerce-api",
+  "description": "쿠팡 커머스 API 연동을 위한 재사용 가능한 구현 가이드",
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "requiresEnv": [
+    "COUPANG_ACCESS_KEY",
+    "COUPANG_SECRET_KEY"
+  ],
+  "sensitiveDataPolicy": "env-reference-only",
+  "verification": {
+    "status": "passed",
+    "method": "ai-assisted-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability",
+      "migration-readiness"
+    ]
+  }
+}
+```
+
+## 업로드 규칙
+
+업로드 전:
+
+```bash
+leerness library validate ./my-skill --strict-ai
+leerness library verify ./my-skill --ai --reviewer leerness-ai
+leerness library build ./my-skill
+```
+
+npm 업로드:
+
+```bash
+leerness library publish ./my-skill/dist/my-skill --target npm --execute
+```
+
+git 업로드:
+
+```bash
+leerness library publish ./my-skill/dist/my-skill --target git --repo https://github.com/USER/leerness-skill-name.git --execute
+```
+
+`--execute`가 없으면 dry-run입니다. AI 검증 메타데이터가 없거나 `needs-review` 상태이면 업로드가 차단됩니다.
+
+## 업데이트 규칙
+
+```bash
+leerness library update ./my-skill --from ./validated-new-skill --version 1.1.0
+```
+
+업데이트 후에는 검증 상태가 `needs-review`로 돌아갑니다. 다시 AI 검증을 통과해야 업로드할 수 있습니다.
+
+## 병합 규칙
+
+```bash
+leerness library merge ./dist/my-skill --path ./target-project
+```
+
+병합 결과는 아래에 기록됩니다.
+
+```text
+.harness/skills-lock.json
+```
+
+기록 항목:
+
+```json
+{
+  "name": "commerce-api-coupang",
+  "version": "1.0.0",
+  "source": "local-or-package",
+  "lastUpdated": "2026-04-28",
+  "verificationStatus": "passed"
+}
+```
+
+## 마이그레이션 규칙
+
+```bash
+leerness library migrate ./old-skill-folder --version 1.0.0
+```
+
+마이그레이션은 기존 스킬 폴더를 표준 메타데이터 구조로 정규화합니다. 마이그레이션된 스킬은 자동으로 `needs-review`가 되며, 업로드 전 다시 검증해야 합니다.
+
+## AI 에이전트용 체크리스트
+
+- [ ] 스킬 목적과 사용 조건이 명확한가
+- [ ] 구현 절차가 재현 가능한가
+- [ ] 실제 비밀값이 없는가
+- [ ] 환경변수 이름만 기록했는가
+- [ ] lastUpdated, lastUpdatedAt이 있는가
+- [ ] verification.status가 passed인가
+- [ ] 업데이트 후 재검증이 필요한 상태를 표시했는가
+- [ ] 병합 시 skills-lock에 기록되는가
+- [ ] 업로드는 dry-run 후 --execute로만 수행되는가

package/harness.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+require('./bin/harness.js');

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "leerness",
+  "version": "1.0.0",
+  "description": "Leerness: AI 에이전트가 대규모 프로젝트에서도 맥락, 규율, 디자인/기능 일관성, 검증된 스킬 라이브러리를 유지하도록 돕는 AX 최적화 개발 하네스.",
+  "keywords": [
+    "leerness",
+    "ai",
+    "agent",
+    "harness",
+    "harness-engineering",
+    "context-engineering",
+    "skill-library",
+    "ai-verified-skill",
+    "ax-guideline",
+    "skill-migration",
+    "developer-tools"
+  ],
+  "bin": {
+    "leerness": "./bin/harness.js"
+  },
+  "files": [
+    "bin/",
+    "skill-packs/",
+    "docs/",
+    "harness.js",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "node ./bin/harness.js --help && node ./bin/harness.js init --yes --skills office,commerce-api ./tmp-harness-test && node ./bin/harness.js status ./tmp-harness-test && node ./bin/harness.js skill list && node ./bin/harness.js library guide ./tmp-harness-test && node ./bin/harness.js verify ./tmp-harness-test",
+    "prepack": "node ./bin/harness.js --version"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/gugu9999gu/leerness.git"
+  },
+  "bugs": {
+    "url": "https://github.com/gugu9999gu/leerness/issues"
+  },
+  "homepage": "https://github.com/gugu9999gu/leerness#readme",
+  "author": "gugu9999gu",
+  "license": "MIT",
+  "type": "commonjs",
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/skill-packs/ads-analytics/skill.json

@@ -0,0 +1,31 @@
+{
+  "name": "ads-analytics",
+  "version": "1.0.0",
+  "title": "Ads and Analytics Skill Library",
+  "category": "marketing",
+  "description": "GA4, 광고 전환, ROAS, attribution 점검을 위한 스킬입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [
+    "GA4_PROPERTY_ID"
+  ],
+  "files": [
+    "skills/ga4-debugging.md",
+    "skills/conversion-attribution.md",
+    "skills/roas-check.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/ads-analytics/skills/conversion-attribution.md

@@ -0,0 +1,6 @@
+# Skill: Conversion Attribution
+
+## Rules
+- Do not assume ad platform revenue equals store revenue.
+- Check attribution window, deduplication, refund/cancel timing, and cross-device behavior.
+- State uncertainty when platform definitions differ.

package/skill-packs/ads-analytics/skills/ga4-debugging.md

@@ -0,0 +1,7 @@
+# Skill: GA4 Debugging
+
+## Procedure
+1. Identify event name, source, medium, campaign, and conversion mapping.
+2. Compare realtime/debug view, BigQuery/export, and ad platform numbers when available.
+3. Check cross-domain, consent mode, duplicate tags, and server/client duplication.
+4. Record assumptions and unresolved gaps.

package/skill-packs/ads-analytics/skills/roas-check.md

@@ -0,0 +1,7 @@
+# Skill: ROAS Sanity Check
+
+## Procedure
+1. Confirm spend, attributed revenue, attribution window, and conversion action.
+2. Compare with actual order data where possible.
+3. Flag suspiciously high ROAS for duplicate events or cross-store attribution.
+4. Document likely causes and verification steps.

package/skill-packs/appstore-review/skill.json

@@ -0,0 +1,29 @@
+{
+  "name": "appstore-review",
+  "version": "1.0.0",
+  "title": "App Store Review Skill Library",
+  "category": "mobile",
+  "description": "App Store 심사 대응, 개인정보 라벨, 웹뷰 앱 검토를 위한 스킬입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [],
+  "files": [
+    "skills/privacy-labels.md",
+    "skills/review-response.md",
+    "skills/webview-app.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/appstore-review/skills/privacy-labels.md

@@ -0,0 +1,6 @@
+# Skill: App Privacy Labels
+
+## Rules
+- Distinguish data collected by the app from data collected only on the web service.
+- Keep claims aligned with actual SDKs, tracking, analytics, account, and purchase flows.
+- Do not guess; list evidence and uncertainty.

package/skill-packs/appstore-review/skills/review-response.md

@@ -0,0 +1,7 @@
+# Skill: App Store Review Response
+
+## Procedure
+1. Identify guideline, issue description, reviewed version, device, and requested action.
+2. Decide whether to reply, resubmit, or fix in next update.
+3. Write a concise response with exact changes or clarification.
+4. Keep tone factual and cooperative.

package/skill-packs/appstore-review/skills/webview-app.md

@@ -0,0 +1,6 @@
+# Skill: WebView App Review
+
+## Rules
+- Clarify whether data collection happens inside the app, native layer, embedded web view, or external browser.
+- Verify SDKs and tracking permissions.
+- Keep privacy policy and App Store Connect labels consistent.

package/skill-packs/commerce-api/skill.json

@@ -0,0 +1,40 @@
+{
+  "name": "commerce-api",
+  "version": "1.0.0",
+  "title": "Commerce API Integration Skill Library",
+  "category": "commerce",
+  "description": "쿠팡, 롯데온, 스마트스토어 등 커머스 API 연동 패턴과 보안 규칙을 담은 스킬 모음입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [
+    "COMMERCE_API_BASE_URL",
+    "COUPANG_ACCESS_KEY",
+    "COUPANG_SECRET_KEY",
+    "COUPANG_VENDOR_ID",
+    "LOTTEON_CLIENT_ID",
+    "LOTTEON_CLIENT_SECRET",
+    "SMARTSTORE_CLIENT_ID",
+    "SMARTSTORE_CLIENT_SECRET"
+  ],
+  "files": [
+    "skills/common-auth.md",
+    "skills/coupang.md",
+    "skills/lotteon.md",
+    "skills/smartstore.md",
+    "skills/order-sync.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/commerce-api/skills/common-auth.md

@@ -0,0 +1,22 @@
+# Skill: Commerce API Common Auth
+
+## Sensitive data policy
+Do not write access keys, secret keys, refresh tokens, passwords, cookies, or bearer tokens into `.harness/`.
+Only record variable names and where the runtime should read them.
+
+## Required pattern
+- Local development: `.env.local`
+- CI/CD: GitHub Actions Secrets or provider secret manager
+- Server runtime: cloud environment variables or secret manager
+
+## Standard variables
+- `COMMERCE_API_BASE_URL`
+- `COMMERCE_API_TIMEOUT_MS`
+- Provider-specific credentials such as `COUPANG_ACCESS_KEY` or `LOTTEON_CLIENT_SECRET`
+
+## Procedure
+1. Read provider documentation before coding.
+2. Create a typed config loader that validates required env names.
+3. Centralize signing/auth header creation.
+4. Mask sensitive values in logs.
+5. Store request/response examples with fake data only.

package/skill-packs/commerce-api/skills/coupang.md

@@ -0,0 +1,19 @@
+# Skill: Coupang API Integration
+
+## Required env names
+- `COUPANG_ACCESS_KEY`
+- `COUPANG_SECRET_KEY`
+- `COUPANG_VENDOR_ID`
+
+## Rules
+- Do not hardcode keys.
+- Do not log authorization headers.
+- Keep API signing logic isolated in one module.
+- Use fake fixtures for tests.
+
+## Procedure
+1. Create provider config from env.
+2. Implement request signing in a small tested function.
+3. Build API client wrapper with timeout/retry handling.
+4. Normalize external response into internal order/product schema.
+5. Add troubleshooting notes to `task-log.md` after a successful integration.

package/skill-packs/commerce-api/skills/lotteon.md

@@ -0,0 +1,17 @@
+# Skill: LotteON API Integration
+
+## Required env names
+- `LOTTEON_CLIENT_ID`
+- `LOTTEON_CLIENT_SECRET`
+- `LOTTEON_SELLER_ID`
+
+## Rules
+- Keep auth refresh flow separate from business logic.
+- Mask all token values in logs.
+- Record only endpoint names and schema notes in harness files.
+
+## Procedure
+1. Define env config and validation.
+2. Implement token acquisition/refresh module.
+3. Wrap provider API with a stable internal interface.
+4. Add fake fixtures for order/product sync.

package/skill-packs/commerce-api/skills/order-sync.md

@@ -0,0 +1,9 @@
+# Skill: Commerce Order Sync
+
+## Procedure
+1. Define sync cursor: date range, order id, or updated timestamp.
+2. Fetch in pages and save checkpoints.
+3. Normalize provider response into internal schema.
+4. Deduplicate by provider order id.
+5. Log counts, not sensitive values.
+6. Add retry and dead-letter handling for failed items.

package/skill-packs/commerce-api/skills/smartstore.md

@@ -0,0 +1,17 @@
+# Skill: SmartStore API Integration
+
+## Required env names
+- `SMARTSTORE_CLIENT_ID`
+- `SMARTSTORE_CLIENT_SECRET`
+- `SMARTSTORE_ACCOUNT_ID`
+
+## Rules
+- Keep account identifiers configurable.
+- Separate provider DTOs from internal DTOs.
+- Never store API credentials in `.harness/`.
+
+## Procedure
+1. Create provider config schema.
+2. Implement token/auth flow.
+3. Build order/product sync functions.
+4. Validate pagination and rate limits.

package/skill-packs/crawling/skill.json

@@ -0,0 +1,32 @@
+{
+  "name": "crawling",
+  "version": "1.0.0",
+  "title": "Crawling and Browser Automation Skill Library",
+  "category": "automation",
+  "description": "API가 없거나 제한적일 때 브라우저 자동화와 다운로드 자동화를 안전하게 구현하기 위한 스킬입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [
+    "CRAWLER_USER_ID",
+    "CRAWLER_PASSWORD"
+  ],
+  "files": [
+    "skills/browser-automation.md",
+    "skills/download-automation.md",
+    "skills/cloud-runtime.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/crawling/skills/browser-automation.md

@@ -0,0 +1,14 @@
+# Skill: Browser Automation
+
+## Rules
+- Prefer official APIs when available.
+- Respect site terms, robots restrictions, and rate limits.
+- Do not store cookies, passwords, or session tokens in `.harness/`.
+- Keep selectors stable and add screenshots on failure.
+
+## Procedure
+1. Identify whether API exists.
+2. Define login/session handling using runtime secrets.
+3. Use robust selectors and explicit waits.
+4. Add retry, timeout, and failure screenshot capture.
+5. Keep downloaded files in a controlled output path.

package/skill-packs/crawling/skills/cloud-runtime.md

@@ -0,0 +1,7 @@
+# Skill: Cloud Browser Runtime
+
+## Rules
+- Verify browser dependencies in the cloud image.
+- Do not assume persistent disk.
+- Use secret manager or environment variables for login values.
+- Store artifacts in object storage when needed.

package/skill-packs/crawling/skills/download-automation.md

@@ -0,0 +1,9 @@
+# Skill: Download Automation
+
+## Procedure
+1. Prepare output directory.
+2. Trigger download and wait for the browser download event.
+3. Save with deterministic filename.
+4. Validate file extension and size.
+5. Parse and normalize after download.
+6. Record failure reason without sensitive data.

package/skill-packs/firebase/skill.json

@@ -0,0 +1,31 @@
+{
+  "name": "firebase",
+  "version": "1.0.0",
+  "title": "Firebase and Cloud Functions Skill Library",
+  "category": "backend",
+  "description": "Firebase Functions, Firestore, Hosting, Cloud Run 연동 개발을 위한 스킬입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [
+    "FIREBASE_PROJECT_ID"
+  ],
+  "files": [
+    "skills/functions-deploy.md",
+    "skills/firestore-indexes.md",
+    "skills/secrets.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/firebase/skills/firestore-indexes.md

@@ -0,0 +1,6 @@
+# Skill: Firestore Indexes
+
+## Rules
+- Do not delete console-created indexes without confirming usage.
+- Keep `firestore.indexes.json` as the source of truth when possible.
+- Record query patterns that require composite indexes.

package/skill-packs/firebase/skills/functions-deploy.md

@@ -0,0 +1,13 @@
+# Skill: Firebase Functions Deploy
+
+## Rules
+- Check runtime version and function generation before deploy.
+- Keep region, memory, timeout, and invoker settings explicit.
+- Avoid broad public invoker unless required.
+
+## Procedure
+1. Inspect `firebase.json`, `.firebaserc`, and functions package.
+2. Validate environment variables and secrets.
+3. Build and test locally when possible.
+4. Deploy targeted functions first for risky changes.
+5. Record deploy result in `task-log.md`.

package/skill-packs/firebase/skills/secrets.md

@@ -0,0 +1,6 @@
+# Skill: Firebase Secrets
+
+## Rules
+- Use Firebase/Google Secret Manager for sensitive values.
+- Do not store secret values in `.harness/`, source code, or README.
+- Document only secret names and usage locations.

package/skill-packs/office/skill.json

@@ -0,0 +1,29 @@
+{
+  "name": "office",
+  "version": "1.0.0",
+  "title": "Microsoft Office Automation Skill Library",
+  "category": "productivity",
+  "description": "Excel, Word, PowerPoint 문서 자동화와 템플릿 기반 산출물 생성을 위한 스킬 모음입니다.",
+  "compatibleHarness": ">=3.1.0",
+  "sensitiveDataPolicy": "env-reference-only",
+  "requiresEnv": [],
+  "files": [
+    "skills/excel-automation.md",
+    "skills/powerpoint-generation.md",
+    "skills/word-template.md"
+  ],
+  "lastUpdated": "2026-04-28",
+  "lastUpdatedAt": "2026-04-28T00:00:00.000Z",
+  "verification": {
+    "status": "passed",
+    "method": "bundled-ai-review",
+    "verifiedBy": "leerness-ai",
+    "verifiedAt": "2026-04-28T00:00:00.000Z",
+    "checks": [
+      "structure",
+      "secret-scan",
+      "env-reference-only",
+      "reusability"
+    ]
+  }
+}

package/skill-packs/office/skills/excel-automation.md

@@ -0,0 +1,24 @@
+# Skill: Excel Automation
+
+## When to use
+Use this when generating, editing, validating, or summarizing Excel workbooks.
+
+## Rules
+- Never overwrite the original workbook without creating an output copy.
+- Preserve formulas, formatting, merged cells, filters, widths, and hidden sheets unless explicitly asked to change them.
+- For data transformations, keep a clear before/after summary.
+- Do not store personal data or credentials in harness files.
+
+## Procedure
+1. Identify workbook purpose, key sheets, and required output.
+2. Inspect structure before editing.
+3. Apply the minimum necessary transformation.
+4. Validate row counts, formulas, and totals.
+5. Save a new output file.
+6. Update `.harness/session-handoff.md` with what changed.
+
+## Output checklist
+- Changed sheets
+- Added/removed columns
+- Validation result
+- Output filename

package/skill-packs/office/skills/powerpoint-generation.md

@@ -0,0 +1,17 @@
+# Skill: PowerPoint Generation
+
+## When to use
+Use this when creating or modifying slide decks.
+
+## Rules
+- Keep one clear message per slide.
+- Reuse existing theme, fonts, layout, and spacing when editing an existing deck.
+- Avoid dense paragraphs; convert to structured bullets or visuals.
+- Do not embed confidential business data in reusable skill files.
+
+## Procedure
+1. Define audience, purpose, and slide count.
+2. Create outline before slide generation.
+3. Apply consistent title, body, visual hierarchy, and spacing.
+4. Check readability and page overflow.
+5. Export and document the output.