ma-agents 2.10.0 → 2.11.0

package/.antigravity/skills/.ma-agents.json

@@ -0,0 +1,14 @@
+{
+  "manifestVersion": "1.0.0",
+  "agent": "antigravity",
+  "scope": "project",
+  "skills": {
+    "docker-image-signing": {
+      "version": "1.0.0",
+      "installedAt": "2026-03-01T10:05:53.821Z",
+      "updatedAt": "2026-03-01T10:05:53.821Z",
+      "installerVersion": "2.10.0",
+      "agentVersion": "1.0.0"
+    }
+  }
+}

package/.antigravity/skills/MANIFEST.yaml

@@ -0,0 +1,7 @@
+# skills/MANIFEST.yaml
+
+skills:
+  - id: docker-image-signing
+    file: skills/docker-image-signing/SKILL.md
+    description: Automates the signing of Docker images using certificates and Cosign/Notary.
+

package/.antigravity/skills/docker-image-signing/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: Docker Image Signing
+description: Automates the signing of Docker images using certificates and Cosign/Notary.
+---
+# Docker Image Signing
+
+## Purpose
+Ensure the integrity and authenticity of Docker images by signing them with a cryptographic key/certificate. This prevents unauthorized image substitution and ensures only trusted images are deployed.
+
+## Instructions
+1.  **Tool Selection**: Use `cosign` (recommended) or `notary`.
+2.  **Environment Check**: Verify that the signing tool and Docker/Podman are installed.
+3.  **Signing Process**:
+    - Load the provided certificate/key.
+    - Run the signing command against the target image (using its SHA256 digest for immutability).
+4.  **Verification**: Always run a verification check immediately after signing.
+
+## Rules
+- NEVER sign images by tag alone; use the immutable digest (e.g., `image@sha256:...`).
+- Private keys must be handled as secrets and never stored in the clear.
+- Ensure the certificate provided is valid and not expired.
+
+## Usage
+Run the provided script in `scripts/sign-image.sh` with:
+- `IMAGE`: The image reference with digest.
+- `CERT`: Path to the certificate file.
+- `KEY`: Path to the private key file.
+- `PASSPHRASE`: (Optional) Key passphrase.

package/.antigravity/skills/docker-image-signing/scripts/sign-image.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# sign-image.sh - Part of ma-agents docker-image-signing skill
+
+IMAGE=$1
+CERT=$2
+KEY=$3
+PASSPHRASE=$4
+
+if [ -z "$IMAGE" ] || [ -z "$CERT" ] || [ -z "$KEY" ]; then
+    echo "Usage: $0 <image_digest> <cert_file> <key_file> [passphrase]"
+    exit 1
+fi
+
+echo "Signing image: $IMAGE"
+
+# Check for cosign
+if command -v cosign &> /dev/null; then
+    echo "Using Cosign for signing..."
+    if [ -n "$PASSPHRASE" ]; then
+        export COSIGN_PASSWORD=$PASSPHRASE
+    fi
+    cosign sign --key "$KEY" --cert "$CERT" "$IMAGE"
+else
+    echo "Error: cosign not found. Please install cosign to use this skill."
+    exit 1
+fi
+
+if [ $? -eq 0 ]; then
+    echo "Successfully signed $IMAGE"
+else
+    echo "Failed to sign $IMAGE"
+    exit 1
+fi

package/lib/agents.js

@@ -32,7 +32,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'claude-code',
-    instructionFiles: ['CLAUDE.md']
+    instructionFiles: ['.claude/CLAUDE.md']
   },
   {
     id: 'gemini',
@@ -52,7 +52,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Gemini doesn't have a standard project-level instruction file yet
+    instructionFiles: ['.gemini/gemini.md']
   },
   {
     id: 'copilot',
@@ -72,7 +72,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Copilot uses path-scoped instructions, maybe support .github/instructions/ later
+    instructionFiles: ['.github/copilot/copilot.md']
   },
   {
     id: 'kilocode',
@@ -92,7 +92,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.kilocode/kilocode.md']
   },
   {
     id: 'cline',
@@ -117,7 +117,7 @@ const agents = [
       'references': 'docs',
       'assets': 'templates'
     },
-    instructionFiles: ['.clinerules']
+    instructionFiles: ['.cline/clinerules.md', '.clinerules']
   },
   {
     id: 'cursor',
@@ -137,7 +137,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Cursor uses .cursorrules or individual .mdc files
+    instructionFiles: ['.cursor/cursor.md']
   },
   {
     id: 'bmm-sre',
@@ -157,7 +157,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.sre/sre.md']
   },
   {
     id: 'antigravity',
@@ -177,7 +177,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.antigravity/antigravity.md']
   },
   {
     id: 'bmm-devops',
@@ -197,7 +197,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.devops/devops.md']
   },
   {
     id: 'bmm-cyber',
@@ -217,7 +217,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.cyber/yael.md']
   }
 ];
 

package/lib/installer.js

@@ -125,7 +125,7 @@ Do not load skills that are not relevant to the current task.
       content = wrappedInstruction;
     }
 
-    await fs.writeFile(filePath, content, 'utf-8');
+    await fs.outputFile(filePath, content, 'utf-8');
     console.log(chalk.cyan(`    + Updated ${fileName}`));
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ma-agents",
-  "version": "2.10.0",
+  "version": "2.11.0",
   "description": "NPX tool to install skills for AI coding agents (Claude Code, Gemini, Copilot, Kilocode, Cline, Cursor)",
   "main": "index.js",
   "bin": {