ma-agents 2.9.0 → 2.11.0

package/.antigravity/skills/.ma-agents.json

@@ -0,0 +1,14 @@
+{
+  "manifestVersion": "1.0.0",
+  "agent": "antigravity",
+  "scope": "project",
+  "skills": {
+    "docker-image-signing": {
+      "version": "1.0.0",
+      "installedAt": "2026-03-01T10:05:53.821Z",
+      "updatedAt": "2026-03-01T10:05:53.821Z",
+      "installerVersion": "2.10.0",
+      "agentVersion": "1.0.0"
+    }
+  }
+}

package/.antigravity/skills/MANIFEST.yaml

@@ -0,0 +1,7 @@
+# skills/MANIFEST.yaml
+
+skills:
+  - id: docker-image-signing
+    file: skills/docker-image-signing/SKILL.md
+    description: Automates the signing of Docker images using certificates and Cosign/Notary.
+

package/.antigravity/skills/docker-image-signing/SKILL.md

@@ -0,0 +1,28 @@
+---
+name: Docker Image Signing
+description: Automates the signing of Docker images using certificates and Cosign/Notary.
+---
+# Docker Image Signing
+
+## Purpose
+Ensure the integrity and authenticity of Docker images by signing them with a cryptographic key/certificate. This prevents unauthorized image substitution and ensures only trusted images are deployed.
+
+## Instructions
+1.  **Tool Selection**: Use `cosign` (recommended) or `notary`.
+2.  **Environment Check**: Verify that the signing tool and Docker/Podman are installed.
+3.  **Signing Process**:
+    - Load the provided certificate/key.
+    - Run the signing command against the target image (using its SHA256 digest for immutability).
+4.  **Verification**: Always run a verification check immediately after signing.
+
+## Rules
+- NEVER sign images by tag alone; use the immutable digest (e.g., `image@sha256:...`).
+- Private keys must be handled as secrets and never stored in the clear.
+- Ensure the certificate provided is valid and not expired.
+
+## Usage
+Run the provided script in `scripts/sign-image.sh` with:
+- `IMAGE`: The image reference with digest.
+- `CERT`: Path to the certificate file.
+- `KEY`: Path to the private key file.
+- `PASSPHRASE`: (Optional) Key passphrase.

package/.antigravity/skills/docker-image-signing/scripts/sign-image.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# sign-image.sh - Part of ma-agents docker-image-signing skill
+
+IMAGE=$1
+CERT=$2
+KEY=$3
+PASSPHRASE=$4
+
+if [ -z "$IMAGE" ] || [ -z "$CERT" ] || [ -z "$KEY" ]; then
+    echo "Usage: $0 <image_digest> <cert_file> <key_file> [passphrase]"
+    exit 1
+fi
+
+echo "Signing image: $IMAGE"
+
+# Check for cosign
+if command -v cosign &> /dev/null; then
+    echo "Using Cosign for signing..."
+    if [ -n "$PASSPHRASE" ]; then
+        export COSIGN_PASSWORD=$PASSPHRASE
+    fi
+    cosign sign --key "$KEY" --cert "$CERT" "$IMAGE"
+else
+    echo "Error: cosign not found. Please install cosign to use this skill."
+    exit 1
+fi
+
+if [ $? -eq 0 ]; then
+    echo "Successfully signed $IMAGE"
+else
+    echo "Failed to sign $IMAGE"
+    exit 1
+fi

package/bin/cli.js

@@ -281,7 +281,8 @@ async function installWizard(preselectedSkill, preselectedAgents, customPath, fo
 
       if (installBmad) {
         console.log(chalk.cyan('\n Installing BMAD-METHOD...'));
-        const success = await bmad.installBmad(selectedAgentIds);
+        const bmadTools = selectedAgentIds.filter(id => ['claude-code', 'cursor', 'cline', 'gemini', 'antigravity'].includes(id));
+        const success = await bmad.installBmad(['bmm', 'bmb'], bmadTools);
         if (success) {
           console.log(chalk.green(' BMAD-METHOD installed successfully!'));
           console.log(chalk.cyan(' Applying ma-agents customizations...'));
@@ -298,7 +299,8 @@ async function installWizard(preselectedSkill, preselectedAgents, customPath, fo
 
       if (updateBmad) {
         console.log(chalk.cyan('\n Updating BMAD-METHOD...'));
-        const success = await bmad.updateBmad(selectedAgentIds);
+        const bmadTools = selectedAgentIds.filter(id => ['claude-code', 'cursor', 'cline', 'gemini', 'antigravity'].includes(id));
+        const success = await bmad.updateBmad(['bmm', 'bmb'], bmadTools);
         if (success) {
           console.log(chalk.green(' BMAD-METHOD updated successfully!'));
           console.log(chalk.cyan(' Re-applying ma-agents customizations...'));

package/lib/agents.js

@@ -32,7 +32,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'claude-code',
-    instructionFiles: ['CLAUDE.md']
+    instructionFiles: ['.claude/CLAUDE.md']
   },
   {
     id: 'gemini',
@@ -52,7 +52,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Gemini doesn't have a standard project-level instruction file yet
+    instructionFiles: ['.gemini/gemini.md']
   },
   {
     id: 'copilot',
@@ -72,7 +72,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Copilot uses path-scoped instructions, maybe support .github/instructions/ later
+    instructionFiles: ['.github/copilot/copilot.md']
   },
   {
     id: 'kilocode',
@@ -92,7 +92,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.kilocode/kilocode.md']
   },
   {
     id: 'cline',
@@ -117,7 +117,7 @@ const agents = [
       'references': 'docs',
       'assets': 'templates'
     },
-    instructionFiles: ['.clinerules']
+    instructionFiles: ['.cline/clinerules.md', '.clinerules']
   },
   {
     id: 'cursor',
@@ -137,10 +137,10 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: [] // Cursor uses .cursorrules or individual .mdc files
+    instructionFiles: ['.cursor/cursor.md']
   },
   {
-    id: 'sre',
+    id: 'bmm-sre',
     name: 'SRE Agent',
     version: '1.0.0',
     description: 'Specialized SRE Agent for BMAD-METHOD',
@@ -157,7 +157,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.sre/sre.md']
   },
   {
     id: 'antigravity',
@@ -177,10 +177,10 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.antigravity/antigravity.md']
   },
   {
-    id: 'devops',
+    id: 'bmm-devops',
     name: 'DevOps Agent',
     version: '1.0.0',
     description: 'Specialized DevOps Agent for BMAD-METHOD',
@@ -197,10 +197,10 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.devops/devops.md']
   },
   {
-    id: 'cyber',
+    id: 'bmm-cyber',
     name: 'Cyber Analyst',
     version: '1.0.0',
     description: 'Specialized Cyber Security Analyst (Yael) for BMAD-METHOD',
@@ -217,7 +217,7 @@ const agents = [
     },
     fileExtension: '.md',
     template: 'generic',
-    instructionFiles: []
+    instructionFiles: ['.cyber/yael.md']
   }
 ];
 

package/lib/bmad.js

@@ -10,11 +10,15 @@ function isBmadInstalled(projectRoot = process.cwd()) {
     return fs.existsSync(path.join(projectRoot, BMAD_DIR));
 }
 
-async function installBmad(agentIds, projectRoot = process.cwd()) {
+async function installBmad(modules = ['bmm', 'bmb'], tools = [], projectRoot = process.cwd()) {
     let command = 'npx bmad-method install --yes';
 
-    if (agentIds && agentIds.length > 0) {
-        command += ` --tools ${agentIds.join(',')}`;
+    if (modules && modules.length > 0) {
+        command += ` --modules ${modules.join(',')}`;
+    }
+
+    if (tools && tools.length > 0) {
+        command += ` --tools ${tools.join(',')}`;
     } else {
         command += ' --tools none';
     }
@@ -29,11 +33,15 @@ async function installBmad(agentIds, projectRoot = process.cwd()) {
     }
 }
 
-async function updateBmad(agentIds, projectRoot = process.cwd()) {
+async function updateBmad(modules = ['bmm', 'bmb'], tools = [], projectRoot = process.cwd()) {
     let command = 'npx bmad-method install --action update --yes';
 
-    if (agentIds && agentIds.length > 0) {
-        command += ` --tools ${agentIds.join(',')}`;
+    if (modules && modules.length > 0) {
+        command += ` --modules ${modules.join(',')}`;
+    }
+
+    if (tools && tools.length > 0) {
+        command += ` --tools ${tools.join(',')}`;
     }
 
     console.log(chalk.gray(`  Running: ${command}`));

package/lib/installer.js

@@ -125,7 +125,7 @@ Do not load skills that are not relevant to the current task.
       content = wrappedInstruction;
     }
 
-    await fs.writeFile(filePath, content, 'utf-8');
+    await fs.outputFile(filePath, content, 'utf-8');
     console.log(chalk.cyan(`    + Updated ${fileName}`));
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ma-agents",
-  "version": "2.9.0",
+  "version": "2.11.0",
   "description": "NPX tool to install skills for AI coding agents (Claude Code, Gemini, Copilot, Kilocode, Cline, Cursor)",
   "main": "index.js",
   "bin": {