renma 0.15.2 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +54 -1
- package/README.md +216 -655
- package/architecture.md +523 -0
- package/design.md +458 -0
- package/dist/agent-skills.d.ts +77 -0
- package/dist/agent-skills.d.ts.map +1 -0
- package/dist/agent-skills.js +468 -0
- package/dist/agent-skills.js.map +1 -0
- package/dist/catalog.d.ts.map +1 -1
- package/dist/catalog.js +38 -5
- package/dist/catalog.js.map +1 -1
- package/dist/cli-help.d.ts +13 -11
- package/dist/cli-help.d.ts.map +1 -1
- package/dist/cli-help.js +36 -11
- package/dist/cli-help.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +139 -40
- package/dist/cli.js.map +1 -1
- package/dist/commands/catalog.d.ts.map +1 -1
- package/dist/commands/catalog.js +4 -3
- package/dist/commands/catalog.js.map +1 -1
- package/dist/commands/graph.d.ts.map +1 -1
- package/dist/commands/graph.js +7 -12
- package/dist/commands/graph.js.map +1 -1
- package/dist/commands/readiness.d.ts.map +1 -1
- package/dist/commands/readiness.js +7 -6
- package/dist/commands/readiness.js.map +1 -1
- package/dist/commands/scaffold.d.ts.map +1 -1
- package/dist/commands/scaffold.js +59 -16
- package/dist/commands/scaffold.js.map +1 -1
- package/dist/commands/suggest-metadata.d.ts +3 -1
- package/dist/commands/suggest-metadata.d.ts.map +1 -1
- package/dist/commands/suggest-metadata.js +226 -7
- package/dist/commands/suggest-metadata.js.map +1 -1
- package/dist/commands/suggest-semantic-split.js +3 -3
- package/dist/commands/suggest-semantic-split.js.map +1 -1
- package/dist/dependency-resolution.d.ts +6 -0
- package/dist/dependency-resolution.d.ts.map +1 -0
- package/dist/dependency-resolution.js +11 -0
- package/dist/dependency-resolution.js.map +1 -0
- package/dist/diagnostic-ids.d.ts +29 -0
- package/dist/diagnostic-ids.d.ts.map +1 -1
- package/dist/diagnostic-ids.js +28 -0
- package/dist/diagnostic-ids.js.map +1 -1
- package/dist/discovery.d.ts +50 -0
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +183 -25
- package/dist/discovery.js.map +1 -1
- package/dist/metadata.d.ts +3 -1
- package/dist/metadata.d.ts.map +1 -1
- package/dist/metadata.js +166 -29
- package/dist/metadata.js.map +1 -1
- package/dist/model.d.ts +1 -0
- package/dist/model.d.ts.map +1 -1
- package/dist/report.d.ts.map +1 -1
- package/dist/report.js +16 -1
- package/dist/report.js.map +1 -1
- package/dist/repository-paths.d.ts +13 -0
- package/dist/repository-paths.d.ts.map +1 -1
- package/dist/repository-paths.js +60 -2
- package/dist/repository-paths.js.map +1 -1
- package/dist/rules.d.ts.map +1 -1
- package/dist/rules.js +97 -107
- package/dist/rules.js.map +1 -1
- package/dist/scanner.d.ts.map +1 -1
- package/dist/scanner.js +3 -1
- package/dist/scanner.js.map +1 -1
- package/dist/security-diagnostics.d.ts.map +1 -1
- package/dist/security-diagnostics.js +98 -35
- package/dist/security-diagnostics.js.map +1 -1
- package/dist/security-policy-inventory.js +11 -4
- package/dist/security-policy-inventory.js.map +1 -1
- package/dist/security-policy.d.ts +27 -1
- package/dist/security-policy.d.ts.map +1 -1
- package/dist/security-policy.js +247 -34
- package/dist/security-policy.js.map +1 -1
- package/dist/skill-migration.d.ts +30 -0
- package/dist/skill-migration.d.ts.map +1 -0
- package/dist/skill-migration.js +566 -0
- package/dist/skill-migration.js.map +1 -0
- package/dist/trust-graph.d.ts.map +1 -1
- package/dist/trust-graph.js +7 -11
- package/dist/trust-graph.js.map +1 -1
- package/dist/types.d.ts +3 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/yaml-frontmatter.d.ts +26 -0
- package/dist/yaml-frontmatter.d.ts.map +1 -0
- package/dist/yaml-frontmatter.js +114 -0
- package/dist/yaml-frontmatter.js.map +1 -0
- package/docs/README.md +55 -0
- package/docs/advanced-skill-authoring.md +140 -0
- package/docs/agent-skills-compatibility.md +500 -0
- package/docs/authoring-guide.md +324 -0
- package/docs/context-conflict-diagnostics.md +32 -0
- package/docs/context-language-diagnostics.md +99 -0
- package/docs/context-lens.md +253 -0
- package/docs/context-lifecycle-diagnostics.md +55 -0
- package/docs/diagnostics.md +373 -0
- package/docs/metadata-budget.md +14 -0
- package/docs/repository-context-bom.md +113 -0
- package/docs/security-policy.md +338 -0
- package/docs/user-manual.md +813 -0
- package/examples/context-lens/README.md +101 -0
- package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
- package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
- package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
- package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
- package/examples/context-repo/README.md +149 -0
- package/examples/context-repo/contexts/domain/payment/idempotency.md +20 -0
- package/examples/context-repo/contexts/testing/boundary-value-analysis.md +19 -0
- package/examples/context-repo/contexts/testing/negative-testing.md +19 -0
- package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
- package/examples/context-repo/renma.config.json +12 -0
- package/examples/context-repo/skills/testing/spec-review/SKILL.md +66 -0
- package/examples/context-repo/tools/appium/README.md +14 -0
- package/examples/github-actions/renma-ci-report.yml +36 -0
- package/examples/interactive-placeholder/README.md +104 -0
- package/examples/interactive-placeholder/assets/template.txt +1 -0
- package/examples/interactive-placeholder/renma.config.json +6 -0
- package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
- package/examples/interactive-placeholder/tools/README.md +48 -0
- package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
- package/package.json +11 -1
- package/plan-discovery.md +740 -0
- package/plan.md +150 -0
- package/scripts/verify-package.mjs +97 -0
package/architecture.md
ADDED
|
@@ -0,0 +1,523 @@
|
|
|
1
|
+
# Renma Architecture Direction
|
|
2
|
+
|
|
3
|
+
Renma is a Git-native context repository and deterministic governance layer for
|
|
4
|
+
LLM-facing knowledge. It keeps Skills, Context Lenses, Context Assets,
|
|
5
|
+
references, ownership, lifecycle, dependencies, and evidence reviewable as
|
|
6
|
+
maintainable software assets.
|
|
7
|
+
|
|
8
|
+
The current CLI surface covers `scan`, `catalog`, `ownership`, `graph`, focused
|
|
9
|
+
graph views, `trust-graph`, `readiness`, Repository Context BOM reports,
|
|
10
|
+
repeated-context diagnostics, semantic diff, `ci-report`, `inspect`, `scaffold`,
|
|
11
|
+
`suggest-metadata`, and `suggest-semantic-split`. Agent Skills validation and
|
|
12
|
+
security diagnostics are deterministic repository checks; they do not execute
|
|
13
|
+
commands or call external services.
|
|
14
|
+
|
|
15
|
+
Renma sits at the repository governance layer, not the runtime layer.
|
|
16
|
+
|
|
17
|
+
```mermaid
|
|
18
|
+
flowchart TD
|
|
19
|
+
Repository["Git-reviewed repository assets"]
|
|
20
|
+
Renma["Renma: deterministic governance and repository health"]
|
|
21
|
+
Reports["Catalog, graph, diagnostics, Readiness, and BOM"]
|
|
22
|
+
Review["Human or coding-agent review"]
|
|
23
|
+
Runtimes["Agents and runtimes — outside Renma"]
|
|
24
|
+
Producers["External signal producers — outside Renma"]
|
|
25
|
+
Evidence["Separately produced evidence — future input"]
|
|
26
|
+
Repository --> Renma
|
|
27
|
+
Renma --> Reports
|
|
28
|
+
Reports --> Review
|
|
29
|
+
Repository -->|consumed according to runtime behavior| Runtimes
|
|
30
|
+
Producers -.-> Evidence
|
|
31
|
+
Evidence -.-> Renma
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Renma does not select Skills for live tasks, select or inject task Context,
|
|
35
|
+
assemble prompts, or execute workflows. Agents and runtimes decide how to use
|
|
36
|
+
repository assets for a task. Future evidence validation does not make Renma a
|
|
37
|
+
runtime telemetry collector; signal production and collection remain external.
|
|
38
|
+
|
|
39
|
+
Provenance remains repository-level. A Repository Context BOM is a manifest of declared assets, hashes, owners, lifecycle states, dependencies, security posture, diagnostics, and readiness evidence; it is not a report of actual LLM runtime usage. BOM v1 keeps Git revision identity in the surrounding Git/CI/PR artifact context and keeps any future consumed-context evidence separate from the declared repository manifest contract.
|
|
40
|
+
|
|
41
|
+
## Goals
|
|
42
|
+
|
|
43
|
+
- Keep skills and context assets discoverable, owned, and reviewable.
|
|
44
|
+
- Treat shared context as a first-class repository asset outside individual skill directories.
|
|
45
|
+
- Validate references, metadata, lifecycle, and dependency graph health.
|
|
46
|
+
- Detect orphaned, deprecated, conflicting, missing, and repeated context.
|
|
47
|
+
- Provide deterministic catalog and graph snapshots for Git review and CI.
|
|
48
|
+
- Produce repository-level deterministic readiness reports.
|
|
49
|
+
- Allow optional LLM assistance for suggestions and semantic review without making LLMs required for core analysis.
|
|
50
|
+
|
|
51
|
+
## Non-Goals
|
|
52
|
+
|
|
53
|
+
- Task-specific context choice
|
|
54
|
+
- Prompt assembly
|
|
55
|
+
- Agent execution
|
|
56
|
+
- Provider gateways
|
|
57
|
+
- Hosted dashboards
|
|
58
|
+
- Package synchronization
|
|
59
|
+
- Organization-wide distribution transport
|
|
60
|
+
- Runtime telemetry ownership
|
|
61
|
+
|
|
62
|
+
Renma is telemetry-aware, but not telemetry-responsible. It may import external signals later as evidence for repository review.
|
|
63
|
+
|
|
64
|
+
## Source Layout
|
|
65
|
+
|
|
66
|
+
One illustrative repository layout is:
|
|
67
|
+
|
|
68
|
+
```text
|
|
69
|
+
skills/
|
|
70
|
+
testing/
|
|
71
|
+
test-case-generation/
|
|
72
|
+
SKILL.md
|
|
73
|
+
spec-review/
|
|
74
|
+
SKILL.md
|
|
75
|
+
regression-planning/
|
|
76
|
+
SKILL.md
|
|
77
|
+
contexts/
|
|
78
|
+
testing/
|
|
79
|
+
boundary-value-analysis.md
|
|
80
|
+
negative-testing.md
|
|
81
|
+
regression-risk.md
|
|
82
|
+
domain/
|
|
83
|
+
payment/
|
|
84
|
+
idempotency.md
|
|
85
|
+
duplicate-charge.md
|
|
86
|
+
refund-risk.md
|
|
87
|
+
mobile/
|
|
88
|
+
offline-behavior.md
|
|
89
|
+
background-resume.md
|
|
90
|
+
tools/
|
|
91
|
+
appium/
|
|
92
|
+
usage-guideline.md
|
|
93
|
+
limitations.md
|
|
94
|
+
teams/
|
|
95
|
+
checkout/
|
|
96
|
+
payment-api-contracts.md
|
|
97
|
+
known-risk-patterns.md
|
|
98
|
+
metadata/
|
|
99
|
+
graph/
|
|
100
|
+
catalog/
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
This tree is not a required layout for every repository asset. Context Assets,
|
|
104
|
+
Context Lenses, policies, references, and other knowledge may be organized by
|
|
105
|
+
domain, product, team, or workflow. Canonical Skill entrypoints in 0.16.0 are
|
|
106
|
+
nevertheless discovered only under `skills/**/SKILL.md` and
|
|
107
|
+
`.agents/skills/**/SKILL.md`. A custom scan glob does not turn an arbitrary path
|
|
108
|
+
such as `docs/skills/demo/SKILL.md` into a Skill. Renma's normalized repository
|
|
109
|
+
model is broader than the Agent Skills format, but arbitrary Skill roots are not
|
|
110
|
+
implemented.
|
|
111
|
+
|
|
112
|
+
`contexts/` is preferred. `context/` is also scanned for compatibility.
|
|
113
|
+
|
|
114
|
+
Skill-local `assets/`, `profiles/`, `references/`, `examples/`, and `scripts/`
|
|
115
|
+
remain supported. Shared Context Assets should become the durable source of
|
|
116
|
+
truth when knowledge is reused across Skills, teams, tools, or agents; shared
|
|
117
|
+
helper implementations belong under `tools/**`. Location alone does not prove
|
|
118
|
+
that local support should be promoted.
|
|
119
|
+
|
|
120
|
+
## Core Concepts
|
|
121
|
+
|
|
122
|
+
### Skill
|
|
123
|
+
|
|
124
|
+
A Skill is an agent-facing entrypoint, routing contract, and usage guide. It
|
|
125
|
+
tells a consuming agent when and how to use a capability, what preflight
|
|
126
|
+
questions matter, which safety and verification steps apply, and which Context
|
|
127
|
+
Assets or Context Lenses are relevant. Renma recognizes Agent Skills-compatible
|
|
128
|
+
syntax as the portable authoring boundary without reducing its internal model
|
|
129
|
+
to the Agent Skills data model.
|
|
130
|
+
|
|
131
|
+
A skill should not be the only source of truth for reusable expert knowledge.
|
|
132
|
+
|
|
133
|
+
### Context Lens
|
|
134
|
+
|
|
135
|
+
A Context Lens is a purpose-oriented interpretation layer over one or more
|
|
136
|
+
Context Assets. It records a static repository relationship for governance and
|
|
137
|
+
review; Renma does not select a Lens at runtime, automatically load Context, or
|
|
138
|
+
assemble a prompt.
|
|
139
|
+
|
|
140
|
+
### Context Asset
|
|
141
|
+
|
|
142
|
+
A context asset is an independently owned knowledge unit. It may be maintained by QA, domain teams, tooling teams, product teams, or platform teams.
|
|
143
|
+
|
|
144
|
+
Good context assets have:
|
|
145
|
+
|
|
146
|
+
- Stable ID
|
|
147
|
+
- Clear owner
|
|
148
|
+
- Lifecycle status
|
|
149
|
+
- Usage guidance
|
|
150
|
+
- Scope boundaries
|
|
151
|
+
- References or dependencies where needed
|
|
152
|
+
|
|
153
|
+
### Asset
|
|
154
|
+
|
|
155
|
+
An asset is any repository object Renma can catalog, validate, reference, or include in graph checks.
|
|
156
|
+
|
|
157
|
+
Normalized asset kinds:
|
|
158
|
+
|
|
159
|
+
- `skill`
|
|
160
|
+
- `context`
|
|
161
|
+
- `context_lens`
|
|
162
|
+
- `profile`
|
|
163
|
+
- `reference`
|
|
164
|
+
- `example`
|
|
165
|
+
- `agent`
|
|
166
|
+
- `config`
|
|
167
|
+
- `unknown`
|
|
168
|
+
|
|
169
|
+
Shared Markdown under `contexts/` or `context/` uses the dedicated `context` kind. Skill-local supporting material remains `reference`.
|
|
170
|
+
|
|
171
|
+
### Dependency
|
|
172
|
+
|
|
173
|
+
A dependency is a typed edge between assets.
|
|
174
|
+
|
|
175
|
+
Initial edge kinds:
|
|
176
|
+
|
|
177
|
+
- `requires`
|
|
178
|
+
- `optional`
|
|
179
|
+
- `conflicts`
|
|
180
|
+
- `extends`
|
|
181
|
+
- `references`
|
|
182
|
+
|
|
183
|
+
`references` is a declared static repository relationship used for graph analysis and repository validation; it does not mean Renma chooses task context.
|
|
184
|
+
|
|
185
|
+
Edges should carry source evidence: source path, line range, declaration form, and reason where available.
|
|
186
|
+
|
|
187
|
+
Declared reference validation is deterministic. Renma resolves references by exact asset ID or repository-relative path, with only a leading `./` normalized away for path compatibility. Unknown declared references, duplicate asset IDs, references to deprecated or archived assets, and orphaned first-class shared context assets are reported as repository-governance findings. Renma does not use fuzzy matching, semantic search, LLM inference, or runtime context selection for these checks.
|
|
188
|
+
|
|
189
|
+
## Architecture
|
|
190
|
+
|
|
191
|
+
```mermaid
|
|
192
|
+
flowchart TD
|
|
193
|
+
Inputs["Markdown, frontmatter, configuration, and documentation snapshots"]
|
|
194
|
+
Parsers["Importers and parsers"]
|
|
195
|
+
Model["Normalized repository model"]
|
|
196
|
+
Projections["Catalog and graph projections"]
|
|
197
|
+
Analysis["Validation, repeated-context analysis, and semantic diff"]
|
|
198
|
+
Outputs["Reports, Readiness, and repository manifests"]
|
|
199
|
+
Review["Human or coding-agent review"]
|
|
200
|
+
Inputs --> Parsers --> Model --> Projections --> Analysis --> Outputs --> Review
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
The normalized model is the contract between files and higher-level features. Users work with Markdown and small metadata blocks. Renma uses the model internally to keep output deterministic and testable.
|
|
204
|
+
|
|
205
|
+
## LLM-Actionable Diagnostics
|
|
206
|
+
|
|
207
|
+
Renma diagnostics are repository evidence and repair guidance. They should be
|
|
208
|
+
structured enough for humans to review and for LLM coding agents to turn into a
|
|
209
|
+
safe patch. A diagnostic should carry the rule code, severity, source evidence,
|
|
210
|
+
why the issue matters, the recommended repair direction, constraints to
|
|
211
|
+
preserve, and verification steps when available.
|
|
212
|
+
|
|
213
|
+
Renma core remains deterministic: scan, catalog, validate, and emit structured
|
|
214
|
+
findings. Optional helpers may produce LLM-friendly suggestions, but core
|
|
215
|
+
validation does not call an LLM or apply semantic rewrites.
|
|
216
|
+
|
|
217
|
+
## Optional LLM Evaluation Boundary
|
|
218
|
+
|
|
219
|
+
Renma core is deterministic. LLM evaluation is optional and advisory.
|
|
220
|
+
Repository repair remains outside Renma.
|
|
221
|
+
|
|
222
|
+
Core commands such as `scan`, catalog construction, and rule evaluation should
|
|
223
|
+
not require or call an LLM. Given the same repository, configuration, and Renma
|
|
224
|
+
version, core validation should produce the same diagnostics. This keeps Renma
|
|
225
|
+
suitable for CI, code review, reproducible governance checks, and trustable
|
|
226
|
+
repository health reports.
|
|
227
|
+
|
|
228
|
+
Some repository improvement tasks are semantic by nature: finding similar or
|
|
229
|
+
overlapping knowledge across skills and contexts, deciding whether a
|
|
230
|
+
skill-local reference should be promoted to `contexts/`, evaluating whether two
|
|
231
|
+
context assets are duplicates, suggesting context asset names and boundaries, or
|
|
232
|
+
reviewing a semantic split proposal. Renma may support optional LLM-assisted
|
|
233
|
+
evaluation for these tasks, but those workflows should operate on explicit
|
|
234
|
+
inputs such as scan findings, catalog snapshots, selected files, or generated
|
|
235
|
+
review bundles. `suggest-semantic-split` is an example: it prepares a bounded
|
|
236
|
+
review bundle or prompt, does not call a provider, and does not rewrite files.
|
|
237
|
+
|
|
238
|
+
LLM-assisted workflows should produce suggestions, review bundles, or patch
|
|
239
|
+
guidance. They must not silently rewrite the repository, select task context,
|
|
240
|
+
assemble prompt packages, execute tools, orchestrate agents, or become required
|
|
241
|
+
for validation. Diagnostics such as
|
|
242
|
+
`MAINT-SKILL-REUSABLE-CONTEXT-CANDIDATE` and
|
|
243
|
+
`MAINT-SUPPORT-ASSET-SHARED-CONTEXT-CANDIDATE` can guide a calling LLM or human
|
|
244
|
+
toward semantic review, but Renma itself remains the deterministic evaluator.
|
|
245
|
+
|
|
246
|
+
The repair loop stays reviewable: Renma emits evidence, a human or calling
|
|
247
|
+
agent may propose a patch, a human reviews it, and Renma validates the updated
|
|
248
|
+
repository. An LLM is optional throughout this loop.
|
|
249
|
+
|
|
250
|
+
```text
|
|
251
|
+
renma scan/catalog -> deterministic diagnostics or review bundle
|
|
252
|
+
human or calling agent -> proposes a repository patch
|
|
253
|
+
human review -> accepts or edits the patch
|
|
254
|
+
renma scan/catalog -> validates the result deterministically
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
## Metadata
|
|
258
|
+
|
|
259
|
+
Renma validates a small stable metadata subset. Canonical Skills serialize
|
|
260
|
+
Renma fields as flat, string-valued `metadata.renma.*` entries; this top-level
|
|
261
|
+
example is the retained syntax for Context Assets and other non-Skill assets:
|
|
262
|
+
|
|
263
|
+
```yaml
|
|
264
|
+
id: domain.payment.idempotency
|
|
265
|
+
version: 1.0.0
|
|
266
|
+
owner: payments
|
|
267
|
+
status: stable
|
|
268
|
+
tags:
|
|
269
|
+
- payment
|
|
270
|
+
- qa
|
|
271
|
+
when_to_use:
|
|
272
|
+
- Testing payment retry or duplicate-submit behavior
|
|
273
|
+
when_not_to_use:
|
|
274
|
+
- Non-payment checkout UI copy review
|
|
275
|
+
requires_context:
|
|
276
|
+
- testing.negative-testing
|
|
277
|
+
optional_context:
|
|
278
|
+
- testing.regression-risk
|
|
279
|
+
conflicts:
|
|
280
|
+
- archived.payment.retry-v0
|
|
281
|
+
```
|
|
282
|
+
|
|
283
|
+
The parser supports scalar values and YAML-style block lists for selected
|
|
284
|
+
non-Skill metadata fields. Canonical Skill list metadata uses JSON-array
|
|
285
|
+
strings. See `docs/agent-skills-compatibility.md` for the exact 0.16.0 boundary.
|
|
286
|
+
|
|
287
|
+
Status values:
|
|
288
|
+
|
|
289
|
+
- `experimental`
|
|
290
|
+
- `stable`
|
|
291
|
+
- `deprecated`
|
|
292
|
+
- `archived`
|
|
293
|
+
|
|
294
|
+
Fields should be added only when a command or rule uses them.
|
|
295
|
+
|
|
296
|
+
## Catalog Snapshot
|
|
297
|
+
|
|
298
|
+
`renma catalog` should provide deterministic inventory.
|
|
299
|
+
|
|
300
|
+
Catalog entries should include:
|
|
301
|
+
|
|
302
|
+
- ID
|
|
303
|
+
- Kind
|
|
304
|
+
- Source path
|
|
305
|
+
- Content hash
|
|
306
|
+
- Owner
|
|
307
|
+
- Status
|
|
308
|
+
- Tags
|
|
309
|
+
- Declared dependencies
|
|
310
|
+
- Dependents
|
|
311
|
+
- Diagnostics
|
|
312
|
+
|
|
313
|
+
Catalog output should be stable across filesystems and Node versions.
|
|
314
|
+
|
|
315
|
+
## Context Graph Snapshot
|
|
316
|
+
|
|
317
|
+
The graph should represent assets and typed dependencies. It should power:
|
|
318
|
+
|
|
319
|
+
- Missing reference checks
|
|
320
|
+
- Deprecated or archived dependency checks
|
|
321
|
+
- Orphaned context detection
|
|
322
|
+
- Conflict visibility
|
|
323
|
+
- Affected asset reporting
|
|
324
|
+
- Catalog enrichment
|
|
325
|
+
- Semantic diff
|
|
326
|
+
- Future visualization
|
|
327
|
+
|
|
328
|
+
Current commands:
|
|
329
|
+
|
|
330
|
+
```bash
|
|
331
|
+
renma graph . --format json
|
|
332
|
+
renma graph . --format markdown
|
|
333
|
+
renma graph . --format mermaid
|
|
334
|
+
```
|
|
335
|
+
|
|
336
|
+
The graph is not a runtime selection engine. It is repository evidence.
|
|
337
|
+
|
|
338
|
+
## Validation
|
|
339
|
+
|
|
340
|
+
Validation should combine local file checks and graph-backed checks.
|
|
341
|
+
|
|
342
|
+
Rule areas:
|
|
343
|
+
|
|
344
|
+
- Repeated context maintenance:
|
|
345
|
+
- `MAINT-REPEATED-SECTION` detects exact repeated sections after whitespace normalization.
|
|
346
|
+
- `MAINT-REPEATED-HEADING` detects repeated non-generic headings across files.
|
|
347
|
+
- `MAINT-REPEATED-CODE-BLOCK` detects substantial repeated fenced code blocks.
|
|
348
|
+
- `MAINT-REPEATED-LINK` detects repeated repository context link targets.
|
|
349
|
+
- `MAINT-REPEATED-CONTEXT-PATTERN` detects repeated token shingles as deterministic consolidation evidence.
|
|
350
|
+
- These findings do not decide semantic source of truth. They provide stable evidence so an LLM or maintainer can propose a consolidation and a human can approve it.
|
|
351
|
+
|
|
352
|
+
- Missing or weak skill description
|
|
353
|
+
- Missing negative routing
|
|
354
|
+
- Missing usage guidance
|
|
355
|
+
- Missing preflight guidance
|
|
356
|
+
- Missing verification guidance
|
|
357
|
+
- Oversized skills or context assets
|
|
358
|
+
- Reusable context candidates inside SKILL.md files
|
|
359
|
+
- Missing shared context owner or ID
|
|
360
|
+
- Invalid status values
|
|
361
|
+
- Unknown dependencies
|
|
362
|
+
- Deprecated or archived referenced context
|
|
363
|
+
- Orphaned context assets
|
|
364
|
+
- Conflicting context declarations
|
|
365
|
+
- Repeated or duplicate knowledge
|
|
366
|
+
- Secret-like literal values
|
|
367
|
+
- Private key material
|
|
368
|
+
- Destructive commands without confirmation or recovery context
|
|
369
|
+
- Risky remote defaults
|
|
370
|
+
- Broad environment copying into subprocesses
|
|
371
|
+
- Hardcoded user-local paths
|
|
372
|
+
|
|
373
|
+
Static checks are evidence. Passing a scan does not prove an agent workflow is safe.
|
|
374
|
+
|
|
375
|
+
## Repeated Context Discovery
|
|
376
|
+
|
|
377
|
+
Repeated context discovery is a bridge from "what exists" to "what should become shared context."
|
|
378
|
+
|
|
379
|
+
Deterministic signals:
|
|
380
|
+
|
|
381
|
+
- Normalized section hashes
|
|
382
|
+
- Token shingles
|
|
383
|
+
- Repeated headings
|
|
384
|
+
- Repeated command blocks
|
|
385
|
+
- Repeated links
|
|
386
|
+
- Repeated tool, domain, path, or product terms
|
|
387
|
+
- Similar workflow skeletons
|
|
388
|
+
|
|
389
|
+
Output should be a human-reviewable set of candidates with source paths, line ranges, signal kinds, confidence, and suggested context boundaries.
|
|
390
|
+
|
|
391
|
+
Optional LLM support may label clusters or draft refactors, but deterministic evidence remains authoritative.
|
|
392
|
+
|
|
393
|
+
## Semantic Diff
|
|
394
|
+
|
|
395
|
+
Semantic diff should explain repository-health changes that normal Git diffs make hard to see.
|
|
396
|
+
|
|
397
|
+
Categories:
|
|
398
|
+
|
|
399
|
+
- Ownership changes
|
|
400
|
+
- Lifecycle status changes
|
|
401
|
+
- Dependency changes
|
|
402
|
+
- Conflict changes
|
|
403
|
+
- Missing reference changes
|
|
404
|
+
- Orphaned context changes
|
|
405
|
+
- Repeated-context candidate changes
|
|
406
|
+
- Safety and risk changes
|
|
407
|
+
|
|
408
|
+
Current command:
|
|
409
|
+
|
|
410
|
+
```bash
|
|
411
|
+
renma diff . --from main --to HEAD
|
|
412
|
+
```
|
|
413
|
+
|
|
414
|
+
## Repository Health Reports
|
|
415
|
+
|
|
416
|
+
Readiness v1 is a deterministic static report that describes whether a repository is healthy enough for agents to consume.
|
|
417
|
+
|
|
418
|
+
Current v1 command:
|
|
419
|
+
|
|
420
|
+
```bash
|
|
421
|
+
renma readiness [path] [--format json|markdown]
|
|
422
|
+
```
|
|
423
|
+
|
|
424
|
+
The report summarizes level, score, workflow readiness, graph resolution, ownership coverage, diagnostics, and layout status. Markdown output is intentionally compact for PR descriptions, while JSON output keeps the same deterministic data available for CI.
|
|
425
|
+
|
|
426
|
+
The v1 report includes:
|
|
427
|
+
|
|
428
|
+
- Broken references
|
|
429
|
+
- Missing owners
|
|
430
|
+
- Missing usage boundaries
|
|
431
|
+
- Deprecated or archived reachable context
|
|
432
|
+
- Orphaned context
|
|
433
|
+
- Oversized assets
|
|
434
|
+
- Repeated knowledge
|
|
435
|
+
- Risk findings
|
|
436
|
+
- Affected skills and context assets
|
|
437
|
+
|
|
438
|
+
It should not choose task context for an agent run.
|
|
439
|
+
|
|
440
|
+
It does not call an LLM, select runtime context, assemble prompts, auto-repair files, perform cross-document semantic consistency analysis, score repairability, or plan per-skill patches.
|
|
441
|
+
|
|
442
|
+
## External Signals
|
|
443
|
+
|
|
444
|
+
External tools may later emit signals into Renma:
|
|
445
|
+
|
|
446
|
+
- Context assets loaded by agents
|
|
447
|
+
- Context assets ignored by agents
|
|
448
|
+
- Repeated confusion around an asset
|
|
449
|
+
- Runtime failures mapped back to source paths
|
|
450
|
+
- CI findings attached to owners
|
|
451
|
+
|
|
452
|
+
Renma may later import these as repository evidence. Ownership of telemetry collection, storage, runtime tracing, and dashboards remains outside Renma.
|
|
453
|
+
|
|
454
|
+
Consumed-context evidence from external agents, editor integrations, prompt wrappers, or CI tools may be useful later, but it should be a separate artifact or explicitly separate attachment. It should relate back to declared repository evidence using stable values such as BOM digest or snapshot identity, asset ID, asset content hash, producer identity/version, and observation timestamp. Renma should validate that evidence against the catalog, graph, readiness, and security model instead of becoming the telemetry producer.
|
|
455
|
+
|
|
456
|
+
## Architecture Stability
|
|
457
|
+
|
|
458
|
+
The scanner, normalized asset model, graph-backed governance, ownership,
|
|
459
|
+
Readiness, repeated-context evidence, semantic diff, security diagnostics,
|
|
460
|
+
Trust Graph, and Repository Context BOM v1 are implemented architecture. New
|
|
461
|
+
projections should reuse the shared repository-evidence snapshot and remain
|
|
462
|
+
additive unless a separately versioned contract requires a breaking change.
|
|
463
|
+
|
|
464
|
+
Release sequencing belongs in [plan.md](plan.md). Proposed Skill discovery is
|
|
465
|
+
isolated in [plan-discovery.md](plan-discovery.md) and is not implemented by the
|
|
466
|
+
current processing pipeline.
|
|
467
|
+
|
|
468
|
+
## Implementation Notes
|
|
469
|
+
|
|
470
|
+
Representative current CLI commands:
|
|
471
|
+
|
|
472
|
+
```bash
|
|
473
|
+
renma scan [path]
|
|
474
|
+
renma bom [path]
|
|
475
|
+
renma catalog [path]
|
|
476
|
+
renma graph [path]
|
|
477
|
+
renma trust-graph [path]
|
|
478
|
+
renma ownership [path]
|
|
479
|
+
renma readiness [path]
|
|
480
|
+
renma diff [path] --from <ref> --to <ref>
|
|
481
|
+
renma ci-report [path] --from <ref> --to <ref>
|
|
482
|
+
renma inspect <file>
|
|
483
|
+
renma scaffold <skill|context|context_lens> <path>
|
|
484
|
+
renma suggest-metadata <file>
|
|
485
|
+
renma suggest-semantic-split <file>
|
|
486
|
+
```
|
|
487
|
+
|
|
488
|
+
`renma readiness` summarizes static repository health for human and external-agent review. It composes the graph/catalog model into deterministic score, level, metric, check, and diagnostic output; it does not call LLMs, select runtime context, assemble prompts, or repair files.
|
|
489
|
+
|
|
490
|
+
`renma inspect` inspects repository files and context assets by outline or line range. It does not choose task context or assemble prompts.
|
|
491
|
+
|
|
492
|
+
Baseline now in place:
|
|
493
|
+
|
|
494
|
+
- Dedicated `context` artifact kind.
|
|
495
|
+
- Default discovery for top-level `contexts/**/*.md` and `context/**/*.md`.
|
|
496
|
+
- Skill-local `references/` remain distinct from shared context assets.
|
|
497
|
+
- `SupportAsset` names non-skill catalog assets.
|
|
498
|
+
- `skill-local-support-reachability` validates static skill-local support files.
|
|
499
|
+
- `renma inspect` provides repository file inspection by outline or line range.
|
|
500
|
+
- Basic shared context metadata diagnostics.
|
|
501
|
+
- Duplicate asset ID detection.
|
|
502
|
+
- Unknown dependency and reference detection.
|
|
503
|
+
- Deprecated or archived dependency validation.
|
|
504
|
+
- Orphaned context asset detection.
|
|
505
|
+
- Readiness v1 repository-health report.
|
|
506
|
+
- Repeated context discovery across shared contexts, Skills, agents,
|
|
507
|
+
references, profiles, and examples.
|
|
508
|
+
- Security diagnostics, security posture summaries, and effective policy
|
|
509
|
+
inventory for agent-facing repository content.
|
|
510
|
+
- Trust Graph evidence and Repository Context BOM v1.
|
|
511
|
+
- CI integration examples and optional LLM-assisted review bundles.
|
|
512
|
+
|
|
513
|
+
Future work may add imported external evidence after its contract is defined;
|
|
514
|
+
that does not move runtime selection, execution, or telemetry collection into
|
|
515
|
+
Renma.
|
|
516
|
+
|
|
517
|
+
## Principle
|
|
518
|
+
|
|
519
|
+
```text
|
|
520
|
+
LLM proposes. Renma verifies. Human approves.
|
|
521
|
+
```
|
|
522
|
+
|
|
523
|
+
No-LLM workflows stay first-class. Renma's core value is deterministic repository evidence.
|