renma 0.15.2 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. package/CHANGELOG.md +54 -1
  2. package/README.md +216 -655
  3. package/architecture.md +523 -0
  4. package/design.md +458 -0
  5. package/dist/agent-skills.d.ts +77 -0
  6. package/dist/agent-skills.d.ts.map +1 -0
  7. package/dist/agent-skills.js +468 -0
  8. package/dist/agent-skills.js.map +1 -0
  9. package/dist/catalog.d.ts.map +1 -1
  10. package/dist/catalog.js +38 -5
  11. package/dist/catalog.js.map +1 -1
  12. package/dist/cli-help.d.ts +13 -11
  13. package/dist/cli-help.d.ts.map +1 -1
  14. package/dist/cli-help.js +36 -11
  15. package/dist/cli-help.js.map +1 -1
  16. package/dist/cli.d.ts.map +1 -1
  17. package/dist/cli.js +139 -40
  18. package/dist/cli.js.map +1 -1
  19. package/dist/commands/catalog.d.ts.map +1 -1
  20. package/dist/commands/catalog.js +4 -3
  21. package/dist/commands/catalog.js.map +1 -1
  22. package/dist/commands/graph.d.ts.map +1 -1
  23. package/dist/commands/graph.js +7 -12
  24. package/dist/commands/graph.js.map +1 -1
  25. package/dist/commands/readiness.d.ts.map +1 -1
  26. package/dist/commands/readiness.js +7 -6
  27. package/dist/commands/readiness.js.map +1 -1
  28. package/dist/commands/scaffold.d.ts.map +1 -1
  29. package/dist/commands/scaffold.js +59 -16
  30. package/dist/commands/scaffold.js.map +1 -1
  31. package/dist/commands/suggest-metadata.d.ts +3 -1
  32. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  33. package/dist/commands/suggest-metadata.js +226 -7
  34. package/dist/commands/suggest-metadata.js.map +1 -1
  35. package/dist/commands/suggest-semantic-split.js +3 -3
  36. package/dist/commands/suggest-semantic-split.js.map +1 -1
  37. package/dist/dependency-resolution.d.ts +6 -0
  38. package/dist/dependency-resolution.d.ts.map +1 -0
  39. package/dist/dependency-resolution.js +11 -0
  40. package/dist/dependency-resolution.js.map +1 -0
  41. package/dist/diagnostic-ids.d.ts +29 -0
  42. package/dist/diagnostic-ids.d.ts.map +1 -1
  43. package/dist/diagnostic-ids.js +28 -0
  44. package/dist/diagnostic-ids.js.map +1 -1
  45. package/dist/discovery.d.ts +50 -0
  46. package/dist/discovery.d.ts.map +1 -1
  47. package/dist/discovery.js +183 -25
  48. package/dist/discovery.js.map +1 -1
  49. package/dist/metadata.d.ts +3 -1
  50. package/dist/metadata.d.ts.map +1 -1
  51. package/dist/metadata.js +166 -29
  52. package/dist/metadata.js.map +1 -1
  53. package/dist/model.d.ts +1 -0
  54. package/dist/model.d.ts.map +1 -1
  55. package/dist/report.d.ts.map +1 -1
  56. package/dist/report.js +16 -1
  57. package/dist/report.js.map +1 -1
  58. package/dist/repository-paths.d.ts +13 -0
  59. package/dist/repository-paths.d.ts.map +1 -1
  60. package/dist/repository-paths.js +60 -2
  61. package/dist/repository-paths.js.map +1 -1
  62. package/dist/rules.d.ts.map +1 -1
  63. package/dist/rules.js +97 -107
  64. package/dist/rules.js.map +1 -1
  65. package/dist/scanner.d.ts.map +1 -1
  66. package/dist/scanner.js +3 -1
  67. package/dist/scanner.js.map +1 -1
  68. package/dist/security-diagnostics.d.ts.map +1 -1
  69. package/dist/security-diagnostics.js +98 -35
  70. package/dist/security-diagnostics.js.map +1 -1
  71. package/dist/security-policy-inventory.js +11 -4
  72. package/dist/security-policy-inventory.js.map +1 -1
  73. package/dist/security-policy.d.ts +27 -1
  74. package/dist/security-policy.d.ts.map +1 -1
  75. package/dist/security-policy.js +247 -34
  76. package/dist/security-policy.js.map +1 -1
  77. package/dist/skill-migration.d.ts +30 -0
  78. package/dist/skill-migration.d.ts.map +1 -0
  79. package/dist/skill-migration.js +566 -0
  80. package/dist/skill-migration.js.map +1 -0
  81. package/dist/trust-graph.d.ts.map +1 -1
  82. package/dist/trust-graph.js +7 -11
  83. package/dist/trust-graph.js.map +1 -1
  84. package/dist/types.d.ts +3 -1
  85. package/dist/types.d.ts.map +1 -1
  86. package/dist/yaml-frontmatter.d.ts +26 -0
  87. package/dist/yaml-frontmatter.d.ts.map +1 -0
  88. package/dist/yaml-frontmatter.js +114 -0
  89. package/dist/yaml-frontmatter.js.map +1 -0
  90. package/docs/README.md +55 -0
  91. package/docs/advanced-skill-authoring.md +140 -0
  92. package/docs/agent-skills-compatibility.md +500 -0
  93. package/docs/authoring-guide.md +324 -0
  94. package/docs/context-conflict-diagnostics.md +32 -0
  95. package/docs/context-language-diagnostics.md +99 -0
  96. package/docs/context-lens.md +253 -0
  97. package/docs/context-lifecycle-diagnostics.md +55 -0
  98. package/docs/diagnostics.md +373 -0
  99. package/docs/metadata-budget.md +14 -0
  100. package/docs/repository-context-bom.md +113 -0
  101. package/docs/security-policy.md +338 -0
  102. package/docs/user-manual.md +813 -0
  103. package/examples/context-lens/README.md +101 -0
  104. package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
  105. package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
  106. package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
  107. package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
  108. package/examples/context-repo/README.md +149 -0
  109. package/examples/context-repo/contexts/domain/payment/idempotency.md +20 -0
  110. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +19 -0
  111. package/examples/context-repo/contexts/testing/negative-testing.md +19 -0
  112. package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
  113. package/examples/context-repo/renma.config.json +12 -0
  114. package/examples/context-repo/skills/testing/spec-review/SKILL.md +66 -0
  115. package/examples/context-repo/tools/appium/README.md +14 -0
  116. package/examples/github-actions/renma-ci-report.yml +36 -0
  117. package/examples/interactive-placeholder/README.md +104 -0
  118. package/examples/interactive-placeholder/assets/template.txt +1 -0
  119. package/examples/interactive-placeholder/renma.config.json +6 -0
  120. package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
  121. package/examples/interactive-placeholder/tools/README.md +48 -0
  122. package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
  123. package/package.json +11 -1
  124. package/plan-discovery.md +740 -0
  125. package/plan.md +150 -0
  126. package/scripts/verify-package.mjs +97 -0
@@ -0,0 +1,500 @@
1
+ # Agent Skills Compatibility and Migration
2
+
3
+ This document defines Renma's target `SKILL.md` format for the breaking 0.16.0
4
+ transition. [Agent Skills](https://agentskills.io/specification) owns the
5
+ portable Skill format. Renma extends it with deterministic governance evidence,
6
+ without defining a competing Skill format.
7
+
8
+ Compatibility is the portable authoring boundary for Skill entrypoints, not
9
+ Renma's complete repository model. A Renma repository may also contain Context
10
+ Lenses, independently owned Context Assets, references, policies, lifecycle and
11
+ ownership declarations, dependencies, and evidence organized across domains,
12
+ products, teams, or workflows. That flexibility applies to the broader
13
+ repository assets, not to arbitrary Skill roots: canonical Skill entrypoints in
14
+ 0.16.0 are discovered only under `skills/**/SKILL.md` and
15
+ `.agents/skills/**/SKILL.md`. A custom scan glob does not make a path such as
16
+ `docs/skills/demo/SKILL.md` a Skill. Renma is not an Agent Skills registry,
17
+ runtime, or live router, and repository knowledge does not need to be embedded
18
+ inside the supported Skill directories.
19
+
20
+ In this document, “pre-0.16 Renma Skill format” refers to the top-level Renma
21
+ metadata syntax supported before Renma 0.16.0. It is the migration source
22
+ format. The 0.16.0 target uses Agent Skills standard fields plus flat
23
+ `metadata.renma.*` entries.
24
+
25
+ This rollout follows one operating principle:
26
+
27
+ ```text
28
+ LLM proposes. Renma verifies. Human approves.
29
+ ```
30
+
31
+ ## Responsibility Boundary
32
+
33
+ Keep these surfaces separate:
34
+
35
+ ```text
36
+ Agent Skills name, description, body, and references
37
+ -> portable and primarily LLM-facing
38
+
39
+ metadata.renma.*
40
+ -> structured governance evidence for Renma
41
+
42
+ Renma
43
+ -> deterministic validation and migration assistance
44
+
45
+ Human
46
+ -> approves semantic changes
47
+ ```
48
+
49
+ The Markdown body remains the primary instruction surface after a Skill has
50
+ been activated. Generic Agent Skills clients may not send arbitrary metadata
51
+ to a model. Renma metadata therefore does not guarantee model compliance and
52
+ must not replace behavior-critical instructions.
53
+
54
+ Use your platform's standard Skill authoring guidance for the name, trigger
55
+ description, instructions, workflow, constraints, examples, and completion
56
+ criteria. Use Renma for repository-specific governance and validation. The
57
+ [Authoring Guide](authoring-guide.md) owns the general new-Skill and
58
+ existing-Skill workflows; this document owns the canonical format and migration
59
+ contract.
60
+
61
+ ## Canonical 0.16.0 Frontmatter
62
+
63
+ Agent Skills owns the standard top-level fields:
64
+
65
+ - `name`
66
+ - `description`
67
+ - `license`
68
+ - `compatibility`
69
+ - `metadata`
70
+ - `allowed-tools`
71
+
72
+ Renma owns flat metadata keys beginning with `renma.`. Agent Skills metadata
73
+ values are strings, including values that encode lists or booleans:
74
+
75
+ ```yaml
76
+ ---
77
+ name: spec-review
78
+ description: Review specifications before implementation. Use for ambiguity and boundary analysis.
79
+ metadata:
80
+ renma.id: skill.testing.spec-review
81
+ renma.owner: qa-platform
82
+ renma.status: stable
83
+ renma.tags: '["testing","spec-review"]'
84
+ ---
85
+ ```
86
+
87
+ Do not use unprefixed shared keys such as `metadata.owner`. Do not use a nested
88
+ `metadata.renma` mapping. Unknown `renma.*` keys and other vendors' string
89
+ metadata remain valid metadata and are preserved during migration without
90
+ interpretation.
91
+
92
+ ## Operational Renma Metadata
93
+
94
+ Renma 0.16.0 makes these governance keys operational for specification-valid
95
+ Agent Skills:
96
+
97
+ ```text
98
+ renma.id
99
+ renma.title
100
+ renma.version
101
+ renma.owner
102
+ renma.status
103
+ renma.purpose
104
+ renma.last-reviewed-at
105
+ renma.review-cycle
106
+ renma.expires-at
107
+ renma.tags
108
+ renma.when-to-use
109
+ renma.when-not-to-use
110
+ renma.requires-context
111
+ renma.optional-context
112
+ renma.requires-lens
113
+ renma.optional-lens
114
+ renma.conflicts
115
+ renma.superseded-by
116
+ ```
117
+
118
+ Renma normalizes these values into the existing asset metadata model used by
119
+ scan findings, inspect, catalog, ownership, graph and dependency resolution,
120
+ readiness, BOM, Trust Graph, diff, and CI reporting. This is a serialization
121
+ change, not a second governance model or a change to those consumers'
122
+ semantics.
123
+
124
+ Text values are trimmed strings, and `renma.status` retains the existing
125
+ `experimental`, `stable`, `deprecated`, and `archived` lifecycle values. List
126
+ values are JSON-array strings containing strings only:
127
+
128
+ ```yaml
129
+ metadata:
130
+ renma.tags: '["testing","spec-review"]'
131
+ renma.requires-context: '["context.testing.boundaries"]'
132
+ renma.optional-context: '[]'
133
+ ```
134
+
135
+ Canonical list metadata is not comma-separated. Malformed JSON, non-array
136
+ JSON, and non-string array members are invalid rather than guessed. Diagnostics
137
+ for canonical values retain evidence for the specific child key under
138
+ `metadata`, not just the parent mapping.
139
+
140
+ Empty text, invalid status, and invalid lifecycle or freshness values retain
141
+ their existing operational diagnostic semantics and stable finding IDs where
142
+ applicable.
143
+
144
+ Operational source selection is explicit:
145
+
146
+ ```text
147
+ specification-valid Agent Skill
148
+ -> governance and security metadata comes only from metadata.renma.*
149
+
150
+ invalid, hybrid, or pre-0.16 Skill
151
+ -> no operational Skill metadata; suggest-metadata may use it as migration input
152
+
153
+ non-Skill asset
154
+ -> existing top-level Renma metadata syntax
155
+ ```
156
+
157
+ An Agent Skill must pass the Agent Skills specification checks before any Renma
158
+ metadata becomes operational. Renma authoring warnings do not block operational
159
+ metadata. A Skill never falls back to or merges top-level pre-0.16 equivalents.
160
+ Contexts, context lenses, profiles, references, examples, agents,
161
+ configuration files, and other non-Skill assets keep their existing metadata
162
+ syntax and behavior.
163
+
164
+ These security keys are also operational under `metadata`:
165
+
166
+ ```text
167
+ renma.allowed-data
168
+ renma.network-allowed
169
+ renma.external-upload-allowed
170
+ renma.secrets-allowed
171
+ renma.requires-human-approval
172
+ renma.forbidden-inputs
173
+ renma.approved-network-destinations
174
+ renma.approved-upload-destinations
175
+ renma.security-profile
176
+ ```
177
+
178
+ Boolean values must be the exact strings `"true"` or `"false"`. List values
179
+ must be JSON-array strings containing strings only. Renma does not coerce YAML
180
+ booleans, alternate boolean spellings, comma-separated lists, or non-string
181
+ array members. Canonical child-key evidence is preserved for diagnostics,
182
+ including multiline YAML values.
183
+
184
+ ## Entrypoint Paths
185
+
186
+ Canonical Agent Skills entrypoints use the exact filename:
187
+
188
+ ```text
189
+ skills/**/SKILL.md
190
+ .agents/skills/**/SKILL.md
191
+ ```
192
+
193
+ Renma continues discovering historical `skill.md` and `*.skill.md` spellings
194
+ under those roots so `scan` can report validation and migration diagnostics.
195
+ Discovery does not make those spellings Agent Skills-compatible.
196
+
197
+ The entrypoint migration is explicit:
198
+
199
+ ```text
200
+ skills/demo/skill.md
201
+ -> skills/demo/SKILL.md
202
+
203
+ skills/testing/spec-review.skill.md
204
+ -> skills/testing/spec-review/SKILL.md
205
+ ```
206
+
207
+ The same mappings apply under `.agents/skills/**`. A lowercase `skill.md`
208
+ requires a rename. A flat `*.skill.md` requires a move into the filename-derived
209
+ directory plus a rename. Structured `suggest-metadata` output reports
210
+ `sourcePath`, `targetPath`, and `entrypointMigration` (`none`, `rename`, or
211
+ `move-and-rename`) so the path change cannot be mistaken for an apply-ready
212
+ frontmatter-only result.
213
+
214
+ Repository discovery recognizes these roots only at the beginning of a
215
+ repository-relative path. A nested path such as `docs/skills/demo/SKILL.md` is
216
+ not a repository Skill, and a later `skills` segment cannot escape a reserved
217
+ `references` or `examples` directory. For absolute `suggest-metadata` targets,
218
+ Renma requires one unambiguous Skill root and rejects paths with multiple
219
+ possible roots.
220
+
221
+ Repository-relative classification normalizes leading and internal `.` segments
222
+ and safe `..` segments before checking the root. A path is rejected if `..`
223
+ escapes its original `skills/` or `.agents/skills/` root, even if a later segment
224
+ would appear to re-enter it. User-facing structured command argv retains the
225
+ exact path discovered by `scan` or supplied by the user.
226
+
227
+ Inside an Agent Skill directory, `assets/`, `scripts/`, and `references/`
228
+ contain Skill-local support material and are not treated as nested Skill roots.
229
+ Renma also reserves its existing `examples/` and `profiles/` support
230
+ directories. The same reserved names cannot be used as top-level Skill names
231
+ under `skills/` or `.agents/skills/` without reserved-name guidance.
232
+
233
+ ## Validation During Scan
234
+
235
+ Agent Skills validation is part of the existing scan workflow:
236
+
237
+ ```bash
238
+ renma scan .
239
+ renma scan . --format json
240
+ ```
241
+
242
+ The JSON report includes a dedicated `agentSkills` summary and per-Skill
243
+ results. Text output includes a concise valid/invalid summary, structural issues,
244
+ authoring warnings, and a `suggest-metadata` migration command when pre-0.16
245
+ Renma Skill fields or a historical entrypoint spelling are present.
246
+
247
+ In JSON, `migrationCommand` contains structured `command` and `args` fields plus
248
+ a display string. The argv fields preserve the exact path and are the source of
249
+ truth for tools. Text output uses POSIX shell quoting when a path contains
250
+ spaces or shell metacharacters.
251
+
252
+ The locally versioned validation profile uses the maintained `yaml` package in
253
+ YAML 1.2 mode. It validates:
254
+
255
+ - the exact `SKILL.md` filename;
256
+ - frontmatter presence and closure;
257
+ - YAML syntax and mapping shape;
258
+ - duplicate top-level and `metadata` keys;
259
+ - the allowed Agent Skills top-level fields;
260
+ - required, non-empty string `name` and `description` values;
261
+ - NFKC-normalized name length, Unicode letters/digits, lowercase and hyphen
262
+ rules, and normalized immediate-parent match. The YAML field is trimmed, but
263
+ the filesystem directory name is not; leading or trailing directory
264
+ whitespace is invalid rather than normalized away;
265
+ - description and compatibility length limits;
266
+ - optional field types;
267
+ - `metadata` as a string-to-string mapping.
268
+
269
+ The validation profile is local. Renma does not fetch a schema or validation
270
+ rules at runtime.
271
+
272
+ Agent Skills validation does not add a separate validation command or change
273
+ the existing `scan` or `--fail-on` exit contract. Agent Skills results are
274
+ visible in scan output but are not inserted into the existing finding threshold
275
+ path.
276
+
277
+ ## Format Classification
278
+
279
+ Each inspected Skill receives one migration-oriented classification:
280
+
281
+ ```text
282
+ agent-skills
283
+ Agent Skills identity with no pre-0.16 Renma Skill fields
284
+
285
+ renma-legacy
286
+ pre-0.16 Renma Skill fields without Agent Skills identity
287
+
288
+ hybrid
289
+ Agent Skills identity plus pre-0.16 Renma Skill fields
290
+
291
+ unknown
292
+ neither Agent Skills identity nor a recognized migration source
293
+ ```
294
+
295
+ Classification remains migration-oriented. Operational normalization is
296
+ stricter: only a specification-valid `agent-skills` document contributes Skill
297
+ metadata. `renma-legacy`, `hybrid`, `unknown`, and otherwise invalid documents
298
+ remain visible to validation and migration diagnostics but contribute no
299
+ operational Skill metadata.
300
+
301
+ ## Selection Boundaries and Execution Constraints
302
+
303
+ A selection boundary determines whether a Skill should be chosen. If the body
304
+ says `Do not use this skill for test execution`, that exclusion belongs in
305
+ `description` because name and description are the discovery surface.
306
+
307
+ An execution constraint applies after activation. Instructions such as `Do not
308
+ modify production files` or `Never upload secrets` belong in the body under a
309
+ prominent heading such as `Hard Constraints`, `Prohibited Actions`, or `Safety
310
+ Constraints`. A generic execution constraint must not be copied automatically
311
+ into `description` or `metadata.renma.when-not-to-use`.
312
+
313
+ Renma may report conservative authoring warnings for a missing usage boundary,
314
+ an omitted selection exclusion, a buried or scattered execution constraint, or
315
+ a prohibition without a supported alternative or stop behavior. Nested
316
+ subsections under a prominent constraint heading remain prominent. These
317
+ warnings do not make a structurally valid Agent Skill invalid.
318
+
319
+ Agent Skills body inspection and migration description extraction ignore fenced
320
+ examples opened with at least three backticks or at least three tildes. A fence
321
+ closes only with the same character and a marker at least as long as its opener.
322
+ Fence inspection starts at the Markdown body; fence-like text inside YAML block
323
+ scalars does not hide body diagnostics.
324
+
325
+ ## Agent Skills Diagnostic Identifiers
326
+
327
+ Agent Skills diagnostics use stable identifiers in the `agentSkills` portion of
328
+ scan output. `AS-SKILL-*` identifiers are specification errors and make the
329
+ Skill invalid. `RN-SKILL-*` identifiers are Renma authoring warnings and do not
330
+ affect structural validity or the existing `--fail-on` threshold.
331
+
332
+ ### Specification errors
333
+
334
+ | Identifier | Meaning |
335
+ | --- | --- |
336
+ | `AS-SKILL-NONCANONICAL-FILENAME` | The entrypoint filename is not exactly `SKILL.md`. |
337
+ | `AS-SKILL-MISSING-FRONTMATTER` | YAML frontmatter is absent. |
338
+ | `AS-SKILL-UNCLOSED-FRONTMATTER` | The opening frontmatter delimiter has no closing delimiter. |
339
+ | `AS-SKILL-INVALID-YAML` | The frontmatter is not valid YAML. |
340
+ | `AS-SKILL-FRONTMATTER-NOT-MAPPING` | The frontmatter root is not a YAML mapping. |
341
+ | `AS-SKILL-DUPLICATE-FIELD` | A top-level frontmatter field is declared more than once. |
342
+ | `AS-SKILL-DUPLICATE-METADATA-KEY` | A key in `metadata` is declared more than once. |
343
+ | `AS-SKILL-UNEXPECTED-TOP-LEVEL-FIELD` | A top-level field is outside the Agent Skills field set. |
344
+ | `AS-SKILL-MISSING-NAME` | The required `name` field is absent or empty. |
345
+ | `AS-SKILL-INVALID-NAME` | `name` has the wrong type or violates the name rules. |
346
+ | `AS-SKILL-NAME-DIRECTORY-MISMATCH` | The normalized `name` does not match its immediate parent directory. |
347
+ | `AS-SKILL-MISSING-DESCRIPTION` | The required `description` field is absent or empty. |
348
+ | `AS-SKILL-INVALID-DESCRIPTION` | `description` is not a string. |
349
+ | `AS-SKILL-DESCRIPTION-TOO-LONG` | `description` exceeds 1,024 Unicode code points. |
350
+ | `AS-SKILL-INVALID-COMPATIBILITY` | `compatibility` is not a non-empty string. |
351
+ | `AS-SKILL-COMPATIBILITY-TOO-LONG` | `compatibility` exceeds 500 Unicode code points. |
352
+ | `AS-SKILL-INVALID-LICENSE` | `license` is present but is not a string. |
353
+ | `AS-SKILL-INVALID-ALLOWED-TOOLS` | `allowed-tools` is present but is not a string. |
354
+ | `AS-SKILL-INVALID-METADATA` | `metadata` is not a string-to-string mapping. |
355
+
356
+ ### Renma authoring warnings
357
+
358
+ | Identifier | Meaning |
359
+ | --- | --- |
360
+ | `RN-SKILL-DESCRIPTION-MISSING-USAGE-BOUNDARY` | The description does not state when the Skill should be used. |
361
+ | `RN-SKILL-DESCRIPTION-OMITS-SELECTION-BOUNDARY` | A body selection exclusion is absent from the description. |
362
+ | `RN-SKILL-EXECUTION-CONSTRAINT-NOT-PROMINENT` | An execution constraint is outside a prominent constraint section. |
363
+ | `RN-SKILL-EXECUTION-CONSTRAINT-SCATTERED` | Execution constraints are scattered across sections. |
364
+ | `RN-SKILL-EXECUTION-CONSTRAINT-MISSING-ALTERNATIVE` | A prohibition has no nearby supported alternative or stop behavior. |
365
+
366
+ ## One-Way Migration
367
+
368
+ Pre-0.16 Renma Skill fields are migration input only:
369
+
370
+ ```text
371
+ pre-0.16 Renma Skill
372
+ -> Agent Skills identity
373
+ -> metadata.renma.*
374
+ ```
375
+
376
+ Use the existing non-editing command with canonical or non-canonical
377
+ entrypoints:
378
+
379
+ ```bash
380
+ renma scan . --fail-on high
381
+ renma suggest-metadata skills/example/SKILL.md --format prompt
382
+ renma suggest-metadata skills/example/skill.md --format json
383
+ renma suggest-metadata skills/testing/spec-review.skill.md --format prompt
384
+ # apply only an unblocked canonical frontmatter candidate
385
+ renma scan . --fail-on high
386
+ ```
387
+
388
+ For Skill targets, `suggest-metadata` can preserve valid standard Agent Skills
389
+ fields, use a valid immediate parent directory as `name`, preserve an existing
390
+ valid description, conservatively extract description evidence from the body,
391
+ move recognized pre-0.16 Renma Skill fields to
392
+ `metadata.renma.*`, and render canonical frontmatter for human review. It never
393
+ edits the file and never proposes a reverse conversion for a canonical Agent
394
+ Skill.
395
+
396
+ Pre-0.16 security fields migrate in the same one-way proposal. Safe string
397
+ values are preserved, boolean values serialize as exact `"true"` or `"false"`
398
+ strings, and list values serialize as JSON-array strings. Unsafe or ambiguous
399
+ values block canonical frontmatter generation for human review.
400
+
401
+ Before presenting a non-canonical entrypoint migration, Renma renders the candidate
402
+ frontmatter, combines it with the unchanged Markdown body at the target
403
+ `SKILL.md` path, and runs the existing Agent Skills validator on that in-memory
404
+ result. Any specification error blocks the proposal. If the target entrypoint
405
+ already exists as a distinct filesystem entry, migration is also blocked; Renma
406
+ does not propose overwriting, merging, or deleting either file. Case-only
407
+ renames that resolve to the same filesystem entry are not treated as a
408
+ collision.
409
+
410
+ For a specification-valid canonical `SKILL.md`, an explicit `--owner <owner>` instead
411
+ produces a canonical metadata retrofit candidate at `metadata.renma.owner`. An
412
+ identical existing owner is preserved without a rewrite. A different existing
413
+ owner blocks the proposal for human review. Without `--owner`, Renma does not
414
+ invent owner metadata or emit a meaningless canonical rewrite. This retrofit is
415
+ not reverse migration.
416
+
417
+ After generating a suggestion, review the Skill's trigger description,
418
+ instructions, workflow, constraints, and completion criteria using
419
+ platform-native authoring guidance. Review the candidate, apply only intended
420
+ metadata or migration changes, run `renma scan . --fail-on high`, fix relevant
421
+ diagnostics, and rerun validation before human approval.
422
+
423
+ ## Pre-0.16 Value Serialization
424
+
425
+ Migration never converts native YAML numbers into text. Native YAML booleans
426
+ are accepted only for recognized boolean security fields, where the meaning is
427
+ unambiguous.
428
+
429
+ - Text scalar fields (`id`, `title`, `version`, `owner`, `status`, `purpose`,
430
+ `last_reviewed_at`, `review_cycle`, `expires_at`, and `security_profile`)
431
+ require YAML strings.
432
+ - String-list fields accept YAML arrays containing strings only, pre-0.16
433
+ comma-separated strings, or JSON-array strings containing strings only.
434
+ Numeric and boolean elements are blocked.
435
+ - Boolean security fields accept YAML booleans or the exact strings `"true"`
436
+ and `"false"`, then serialize to exact canonical strings.
437
+
438
+ For example, `version: "1.0"` and `tags: ["1.0"]` are safe. `version: 1.0`
439
+ and `tags: [1.0]` block canonical frontmatter generation. Likewise,
440
+ `network_allowed: yes` is blocked rather than guessed.
441
+
442
+ ## Unsafe Migration Blocking
443
+
444
+ Renma does not render canonical frontmatter when migration would be ambiguous
445
+ or lossy. Blocking cases include:
446
+
447
+ - invalid or unclosed YAML frontmatter;
448
+ - a non-mapping frontmatter document;
449
+ - duplicate top-level or metadata keys;
450
+ - non-string metadata values;
451
+ - an invalid Skill directory name or conflicting identity;
452
+ - conflicting Agent Skills and pre-0.16 Renma Skill values;
453
+ - an unknown top-level field;
454
+ - missing evidence for a usable description;
455
+ - duplicate semantic list values or unsupported pre-0.16 value shapes;
456
+ - a candidate that remains invalid at its target `SKILL.md` path;
457
+ - an existing distinct target entrypoint or an unverifiable target collision;
458
+
459
+ Renma reports structured blocked evidence with the field and reason. It never
460
+ selects the last duplicate value, silently deletes an unknown field, or assigns
461
+ an unknown top-level field to a vendor namespace.
462
+
463
+ When blocked, do not apply a candidate. Review the conflict or invalid evidence,
464
+ confirm the Skill's intent using platform-native authoring guidance, correct
465
+ the source evidence, and rerun `suggest-metadata`. After intended corrections,
466
+ run `renma scan . --fail-on high`, fix relevant diagnostics, and rerun the scan.
467
+
468
+ Within a valid `metadata` mapping, Renma distinguishes:
469
+
470
+ ```text
471
+ known renma.* key
472
+ interpret for migration comparison and preserve
473
+
474
+ unknown renma.* key
475
+ preserve without interpretation
476
+
477
+ other vendor metadata
478
+ preserve without interpretation
479
+
480
+ unknown top-level field
481
+ block migration
482
+ ```
483
+
484
+ ## Renma 0.16+ Boundary
485
+
486
+ Renma 0.16.0 completes the repository format migration:
487
+
488
+ - Skills must be specification-valid Agent Skills to contribute operational
489
+ metadata;
490
+ - all Renma Skill governance and security metadata is read from flat
491
+ `metadata.renma.*` string entries;
492
+ - pre-0.16 top-level Skill metadata is migration input only;
493
+ - `suggest-metadata` converts recognized governance and security fields in one
494
+ reviewed proposal;
495
+ - the repository-owned `release-prep` Skill and generated Skill scaffolds are
496
+ fully canonical;
497
+ - non-Skill assets retain their existing top-level metadata behavior.
498
+
499
+ This boundary does not add runtime Skill selection, prompt assembly, context
500
+ injection, execution, or telemetry.