ma-agents 2.10.0 → 2.12.0

package/.antigravity/skills/.ma-agents.json

@@ -0,0 +1,14 @@
+{
+  "manifestVersion": "1.0.0",
+  "agent": "antigravity",
+  "scope": "project",
+  "skills": {
+    "docker-image-signing": {
+      "version": "1.0.0",
+      "installedAt": "2026-03-01T10:05:53.821Z",
+      "updatedAt": "2026-03-01T10:05:53.821Z",
+      "installerVersion": "2.10.0",
+      "agentVersion": "1.0.0"
+    }
+  }
+}

package/.antigravity/skills/MANIFEST.yaml

@@ -0,0 +1,7 @@
+# skills/MANIFEST.yaml
+
+skills:
+  - id: docker-image-signing
+    file: skills/docker-image-signing/SKILL.md
+    description: Automates the signing of Docker images using certificates and Cosign/Notary.
+

package/.antigravity/skills/docker-image-signing/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: Docker Image Signing
+description: Automates the signing of Docker images using certificates and Cosign/Notary.
+---
+# Docker Image Signing
+
+## Purpose
+Ensure the integrity and authenticity of Docker images by signing them with a cryptographic key/certificate. This prevents unauthorized image substitution and ensures only trusted images are deployed.
+
+## Instructions
+1.  **Tool Selection**: Use `cosign` (recommended) or `notary`.
+2.  **Environment Check**: Verify that the signing tool and Docker/Podman are installed.
+3.  **Signing Process**:
+    - Load the provided certificate/key.
+    - Run the signing command against the target image (using its SHA256 digest for immutability).
+4.  **Verification**: Always run a verification check immediately after signing.
+
+## Rules
+- NEVER sign images by tag alone; use the immutable digest (e.g., `image@sha256:...`).
+- Private keys must be handled as secrets and never stored in the clear.
+- Ensure the certificate provided is valid and not expired.
+
+## Usage
+Run the provided script in `scripts/sign-image.sh` with:
+- `IMAGE`: The image reference with digest.
+- `CERT`: Path to the certificate file.
+- `KEY`: Path to the private key file.
+- `PASSPHRASE`: (Optional) Key passphrase.

package/.antigravity/skills/docker-image-signing/scripts/sign-image.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# sign-image.sh - Part of ma-agents docker-image-signing skill
+
+IMAGE=$1
+CERT=$2
+KEY=$3
+PASSPHRASE=$4
+
+if [ -z "$IMAGE" ] || [ -z "$CERT" ] || [ -z "$KEY" ]; then
+    echo "Usage: $0 <image_digest> <cert_file> <key_file> [passphrase]"
+    exit 1
+fi
+
+echo "Signing image: $IMAGE"
+
+# Check for cosign
+if command -v cosign &> /dev/null; then
+    echo "Using Cosign for signing..."
+    if [ -n "$PASSPHRASE" ]; then
+        export COSIGN_PASSWORD=$PASSPHRASE
+    fi
+    cosign sign --key "$KEY" --cert "$CERT" "$IMAGE"
+else
+    echo "Error: cosign not found. Please install cosign to use this skill."
+    exit 1
+fi
+
+if [ $? -eq 0 ]; then
+    echo "Successfully signed $IMAGE"
+else
+    echo "Failed to sign $IMAGE"
+    exit 1
+fi

package/_bmad/bmm/agents/sre.md

@@ -0,0 +1,14 @@
+
+<!-- MA-AGENTS-START -->
+# AI Agent Skills - Planning Instruction
+
+You have access to a library of skills in your skills directory. Before starting any task:
+
+1. Read the skill manifest at _bmad/skills/sre/MANIFEST.yaml
+2. Based on the task description, select which skills are relevant
+3. Read only the selected skill files
+4. Then proceed with the task
+
+Always load skills marked with always_load: true.
+Do not load skills that are not relevant to the current task.
+<!-- MA-AGENTS-END -->

package/_bmad/skills/sre/.ma-agents.json

@@ -0,0 +1,14 @@
+{
+  "manifestVersion": "1.0.0",
+  "agent": "bmm-sre",
+  "scope": "project",
+  "skills": {
+    "docker-image-signing": {
+      "version": "1.0.0",
+      "installedAt": "2026-03-01T10:23:35.941Z",
+      "updatedAt": "2026-03-01T10:23:35.941Z",
+      "installerVersion": "2.11.0",
+      "agentVersion": "1.0.0"
+    }
+  }
+}

package/_bmad/skills/sre/MANIFEST.yaml

@@ -0,0 +1,7 @@
+# skills/MANIFEST.yaml
+
+skills:
+  - id: docker-image-signing
+    file: skills/docker-image-signing/SKILL.md
+    description: Automates the signing of Docker images using certificates and Cosign/Notary.
+

package/_bmad/skills/sre/docker-image-signing/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: Docker Image Signing
+description: Automates the signing of Docker images using certificates and Cosign/Notary.
+---
+# Docker Image Signing
+
+## Purpose
+Ensure the integrity and authenticity of Docker images by signing them with a cryptographic key/certificate. This prevents unauthorized image substitution and ensures only trusted images are deployed.
+
+## Instructions
+1.  **Tool Selection**: Use `cosign` (recommended) or `notary`.
+2.  **Environment Check**: Verify that the signing tool and Docker/Podman are installed.
+3.  **Signing Process**:
+    - Load the provided certificate/key.
+    - Run the signing command against the target image (using its SHA256 digest for immutability).
+4.  **Verification**: Always run a verification check immediately after signing.
+
+## Rules
+- NEVER sign images by tag alone; use the immutable digest (e.g., `image@sha256:...`).
+- Private keys must be handled as secrets and never stored in the clear.
+- Ensure the certificate provided is valid and not expired.
+
+## Usage
+Run the provided script in `scripts/sign-image.sh` with:
+- `IMAGE`: The image reference with digest.
+- `CERT`: Path to the certificate file.
+- `KEY`: Path to the private key file.
+- `PASSPHRASE`: (Optional) Key passphrase.

package/_bmad/skills/sre/docker-image-signing/scripts/sign-image.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# sign-image.sh - Part of ma-agents docker-image-signing skill
+
+IMAGE=$1
+CERT=$2
+KEY=$3
+PASSPHRASE=$4
+
+if [ -z "$IMAGE" ] || [ -z "$CERT" ] || [ -z "$KEY" ]; then
+    echo "Usage: $0 <image_digest> <cert_file> <key_file> [passphrase]"
+    exit 1
+fi
+
+echo "Signing image: $IMAGE"
+
+# Check for cosign
+if command -v cosign &> /dev/null; then
+    echo "Using Cosign for signing..."
+    if [ -n "$PASSPHRASE" ]; then
+        export COSIGN_PASSWORD=$PASSPHRASE
+    fi
+    cosign sign --key "$KEY" --cert "$CERT" "$IMAGE"
+else
+    echo "Error: cosign not found. Please install cosign to use this skill."
+    exit 1
+fi
+
+if [ $? -eq 0 ]; then
+    echo "Successfully signed $IMAGE"
+else
+    echo "Failed to sign $IMAGE"
+    exit 1
+fi

package/lib/agents.js

@@ -32,7 +32,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'claude-code',
-    instructionFiles: ['CLAUDE.md']
+    instructionFiles: ['.claude/CLAUDE.md']
   },
   {
     id: 'gemini',
@@ -52,7 +52,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Gemini doesn't have a standard project-level instruction file yet
+    instructionFiles: ['.gemini/gemini.md']
   },
   {
     id: 'copilot',
@@ -72,7 +72,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Copilot uses path-scoped instructions, maybe support .github/instructions/ later
+    instructionFiles: ['.github/copilot/copilot.md']
   },
   {
     id: 'kilocode',
@@ -92,7 +92,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.kilocode/kilocode.md']
   },
   {
     id: 'cline',
@@ -117,7 +117,7 @@ const agents = [
       'references': 'docs',
       'assets': 'templates'
     },
-    instructionFiles: ['.clinerules']
+    instructionFiles: ['.cline/clinerules.md', '.clinerules']
   },
   {
     id: 'cursor',
@@ -137,14 +137,14 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Cursor uses .cursorrules or individual .mdc files
+    instructionFiles: ['.cursor/cursor.md']
   },
   {
     id: 'bmm-sre',
     name: 'SRE Agent',
     version: '1.0.0',
     description: 'Specialized SRE Agent for BMAD-METHOD',
-    getProjectPath: () => path.join(process.cwd(), '.sre', 'skills'),
+    getProjectPath: () => path.join(process.cwd(), '_bmad', 'skills', 'sre'),
     getGlobalPath: () => {
       const platform = os.platform();
       if (platform === 'win32') {
@@ -157,14 +157,14 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['_bmad/bmm/agents/sre.md']
   },
   {
     id: 'antigravity',
     name: 'Antigravity',
     version: '1.0.0',
     description: 'Google Deepmind Antigravity Agent',
-    getProjectPath: () => path.join(process.cwd(), '.antigravity', 'skills'),
+    getProjectPath: () => path.join(process.cwd(), '_bmad', 'skills', 'antigravity'),
     getGlobalPath: () => {
       const platform = os.platform();
       if (platform === 'win32') {
@@ -177,14 +177,14 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['_bmad/bmm/agents/antigravity.md']
   },
   {
     id: 'bmm-devops',
     name: 'DevOps Agent',
     version: '1.0.0',
     description: 'Specialized DevOps Agent for BMAD-METHOD',
-    getProjectPath: () => path.join(process.cwd(), '.devops', 'skills'),
+    getProjectPath: () => path.join(process.cwd(), '_bmad', 'skills', 'devops'),
     getGlobalPath: () => {
       const platform = os.platform();
       if (platform === 'win32') {
@@ -197,14 +197,14 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['_bmad/bmm/agents/devops.md']
   },
   {
     id: 'bmm-cyber',
     name: 'Cyber Analyst',
     version: '1.0.0',
     description: 'Specialized Cyber Security Analyst (Yael) for BMAD-METHOD',
-    getProjectPath: () => path.join(process.cwd(), '.cyber', 'skills'),
+    getProjectPath: () => path.join(process.cwd(), '_bmad', 'skills', 'yael'),
     getGlobalPath: () => {
       const platform = os.platform();
       if (platform === 'win32') {
@@ -217,7 +217,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['_bmad/bmm/agents/cyber.md']
   }
 ];
 

package/lib/installer.js

@@ -90,12 +90,15 @@ async function generateSkillsManifest(installPath, agent) {
 async function updateAgentInstructions(agent, projectRoot) {
   if (!agent.instructionFiles || agent.instructionFiles.length === 0) return;
 
+  const agentProjectPath = agent.getProjectPath();
+  const relManifestPath = path.relative(process.cwd(), path.join(agentProjectPath, 'MANIFEST.yaml')).replace(/\\/g, '/');
+
   const planningInstruction = `
 # AI Agent Skills - Planning Instruction
 
 You have access to a library of skills in your skills directory. Before starting any task:
 
-1. Read the skill manifest at skills/MANIFEST.yaml
+1. Read the skill manifest at ${relManifestPath}
 2. Based on the task description, select which skills are relevant
 3. Read only the selected skill files
 4. Then proceed with the task
@@ -125,7 +128,7 @@ Do not load skills that are not relevant to the current task.
       content = wrappedInstruction;
     }
 
-    await fs.writeFile(filePath, content, 'utf-8');
+    await fs.outputFile(filePath, content, 'utf-8');
     console.log(chalk.cyan(`    + Updated ${fileName}`));
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ma-agents",
-  "version": "2.10.0",
+  "version": "2.12.0",
   "description": "NPX tool to install skills for AI coding agents (Claude Code, Gemini, Copilot, Kilocode, Cline, Cursor)",
   "main": "index.js",
   "bin": {