renma 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/CHANGELOG.md +35 -1
  2. package/README.md +210 -749
  3. package/architecture.md +523 -0
  4. package/design.md +458 -0
  5. package/dist/cli-help.d.ts +7 -5
  6. package/dist/cli-help.d.ts.map +1 -1
  7. package/dist/cli-help.js +23 -9
  8. package/dist/cli-help.js.map +1 -1
  9. package/dist/cli.d.ts.map +1 -1
  10. package/dist/cli.js +139 -40
  11. package/dist/cli.js.map +1 -1
  12. package/dist/commands/catalog.d.ts.map +1 -1
  13. package/dist/commands/catalog.js +4 -3
  14. package/dist/commands/catalog.js.map +1 -1
  15. package/dist/commands/graph.d.ts.map +1 -1
  16. package/dist/commands/graph.js +7 -12
  17. package/dist/commands/graph.js.map +1 -1
  18. package/dist/commands/readiness.d.ts.map +1 -1
  19. package/dist/commands/readiness.js +7 -6
  20. package/dist/commands/readiness.js.map +1 -1
  21. package/dist/commands/scaffold.d.ts.map +1 -1
  22. package/dist/commands/scaffold.js +14 -2
  23. package/dist/commands/scaffold.js.map +1 -1
  24. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  25. package/dist/commands/suggest-metadata.js +54 -8
  26. package/dist/commands/suggest-metadata.js.map +1 -1
  27. package/dist/commands/suggest-semantic-split.js +3 -3
  28. package/dist/commands/suggest-semantic-split.js.map +1 -1
  29. package/dist/dependency-resolution.d.ts +6 -0
  30. package/dist/dependency-resolution.d.ts.map +1 -0
  31. package/dist/dependency-resolution.js +11 -0
  32. package/dist/dependency-resolution.js.map +1 -0
  33. package/dist/discovery.d.ts +28 -0
  34. package/dist/discovery.d.ts.map +1 -1
  35. package/dist/discovery.js +70 -15
  36. package/dist/discovery.js.map +1 -1
  37. package/dist/repository-paths.d.ts +13 -0
  38. package/dist/repository-paths.d.ts.map +1 -1
  39. package/dist/repository-paths.js +60 -2
  40. package/dist/repository-paths.js.map +1 -1
  41. package/dist/rules.d.ts.map +1 -1
  42. package/dist/rules.js +64 -85
  43. package/dist/rules.js.map +1 -1
  44. package/dist/trust-graph.d.ts.map +1 -1
  45. package/dist/trust-graph.js +7 -11
  46. package/dist/trust-graph.js.map +1 -1
  47. package/dist/types.d.ts +1 -1
  48. package/dist/types.d.ts.map +1 -1
  49. package/docs/README.md +55 -0
  50. package/docs/advanced-skill-authoring.md +140 -0
  51. package/docs/agent-skills-compatibility.md +500 -0
  52. package/docs/authoring-guide.md +324 -0
  53. package/docs/context-conflict-diagnostics.md +32 -0
  54. package/docs/context-language-diagnostics.md +99 -0
  55. package/docs/context-lens.md +253 -0
  56. package/docs/context-lifecycle-diagnostics.md +55 -0
  57. package/docs/diagnostics.md +373 -0
  58. package/docs/metadata-budget.md +14 -0
  59. package/docs/repository-context-bom.md +113 -0
  60. package/docs/security-policy.md +338 -0
  61. package/docs/user-manual.md +813 -0
  62. package/examples/context-lens/README.md +101 -0
  63. package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
  64. package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
  65. package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
  66. package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
  67. package/examples/context-repo/README.md +149 -0
  68. package/examples/context-repo/contexts/domain/payment/idempotency.md +20 -0
  69. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +19 -0
  70. package/examples/context-repo/contexts/testing/negative-testing.md +19 -0
  71. package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
  72. package/examples/context-repo/renma.config.json +12 -0
  73. package/examples/context-repo/skills/testing/spec-review/SKILL.md +66 -0
  74. package/examples/context-repo/tools/appium/README.md +14 -0
  75. package/examples/github-actions/renma-ci-report.yml +36 -0
  76. package/examples/interactive-placeholder/README.md +104 -0
  77. package/examples/interactive-placeholder/assets/template.txt +1 -0
  78. package/examples/interactive-placeholder/renma.config.json +6 -0
  79. package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
  80. package/examples/interactive-placeholder/tools/README.md +48 -0
  81. package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
  82. package/package.json +8 -1
  83. package/plan-discovery.md +740 -0
  84. package/plan.md +150 -0
  85. package/scripts/verify-package.mjs +97 -0
@@ -0,0 +1,523 @@
1
+ # Renma Architecture Direction
2
+
3
+ Renma is a Git-native context repository and deterministic governance layer for
4
+ LLM-facing knowledge. It keeps Skills, Context Lenses, Context Assets,
5
+ references, ownership, lifecycle, dependencies, and evidence reviewable as
6
+ maintainable software assets.
7
+
8
+ The current CLI surface covers `scan`, `catalog`, `ownership`, `graph`, focused
9
+ graph views, `trust-graph`, `readiness`, Repository Context BOM reports,
10
+ repeated-context diagnostics, semantic diff, `ci-report`, `inspect`, `scaffold`,
11
+ `suggest-metadata`, and `suggest-semantic-split`. Agent Skills validation and
12
+ security diagnostics are deterministic repository checks; they do not execute
13
+ commands or call external services.
14
+
15
+ Renma sits at the repository governance layer, not the runtime layer.
16
+
17
+ ```mermaid
18
+ flowchart TD
19
+ Repository["Git-reviewed repository assets"]
20
+ Renma["Renma: deterministic governance and repository health"]
21
+ Reports["Catalog, graph, diagnostics, Readiness, and BOM"]
22
+ Review["Human or coding-agent review"]
23
+ Runtimes["Agents and runtimes — outside Renma"]
24
+ Producers["External signal producers — outside Renma"]
25
+ Evidence["Separately produced evidence — future input"]
26
+ Repository --> Renma
27
+ Renma --> Reports
28
+ Reports --> Review
29
+ Repository -->|consumed according to runtime behavior| Runtimes
30
+ Producers -.-> Evidence
31
+ Evidence -.-> Renma
32
+ ```
33
+
34
+ Renma does not select Skills for live tasks, select or inject task Context,
35
+ assemble prompts, or execute workflows. Agents and runtimes decide how to use
36
+ repository assets for a task. Future evidence validation does not make Renma a
37
+ runtime telemetry collector; signal production and collection remain external.
38
+
39
+ Provenance remains repository-level. A Repository Context BOM is a manifest of declared assets, hashes, owners, lifecycle states, dependencies, security posture, diagnostics, and readiness evidence; it is not a report of actual LLM runtime usage. BOM v1 keeps Git revision identity in the surrounding Git/CI/PR artifact context and keeps any future consumed-context evidence separate from the declared repository manifest contract.
40
+
41
+ ## Goals
42
+
43
+ - Keep skills and context assets discoverable, owned, and reviewable.
44
+ - Treat shared context as a first-class repository asset outside individual skill directories.
45
+ - Validate references, metadata, lifecycle, and dependency graph health.
46
+ - Detect orphaned, deprecated, conflicting, missing, and repeated context.
47
+ - Provide deterministic catalog and graph snapshots for Git review and CI.
48
+ - Produce repository-level deterministic readiness reports.
49
+ - Allow optional LLM assistance for suggestions and semantic review without making LLMs required for core analysis.
50
+
51
+ ## Non-Goals
52
+
53
+ - Task-specific context choice
54
+ - Prompt assembly
55
+ - Agent execution
56
+ - Provider gateways
57
+ - Hosted dashboards
58
+ - Package synchronization
59
+ - Organization-wide distribution transport
60
+ - Runtime telemetry ownership
61
+
62
+ Renma is telemetry-aware, but not telemetry-responsible. It may import external signals later as evidence for repository review.
63
+
64
+ ## Source Layout
65
+
66
+ One illustrative repository layout is:
67
+
68
+ ```text
69
+ skills/
70
+ testing/
71
+ test-case-generation/
72
+ SKILL.md
73
+ spec-review/
74
+ SKILL.md
75
+ regression-planning/
76
+ SKILL.md
77
+ contexts/
78
+ testing/
79
+ boundary-value-analysis.md
80
+ negative-testing.md
81
+ regression-risk.md
82
+ domain/
83
+ payment/
84
+ idempotency.md
85
+ duplicate-charge.md
86
+ refund-risk.md
87
+ mobile/
88
+ offline-behavior.md
89
+ background-resume.md
90
+ tools/
91
+ appium/
92
+ usage-guideline.md
93
+ limitations.md
94
+ teams/
95
+ checkout/
96
+ payment-api-contracts.md
97
+ known-risk-patterns.md
98
+ metadata/
99
+ graph/
100
+ catalog/
101
+ ```
102
+
103
+ This tree is not a required layout for every repository asset. Context Assets,
104
+ Context Lenses, policies, references, and other knowledge may be organized by
105
+ domain, product, team, or workflow. Canonical Skill entrypoints in 0.16.0 are
106
+ nevertheless discovered only under `skills/**/SKILL.md` and
107
+ `.agents/skills/**/SKILL.md`. A custom scan glob does not turn an arbitrary path
108
+ such as `docs/skills/demo/SKILL.md` into a Skill. Renma's normalized repository
109
+ model is broader than the Agent Skills format, but arbitrary Skill roots are not
110
+ implemented.
111
+
112
+ `contexts/` is preferred. `context/` is also scanned for compatibility.
113
+
114
+ Skill-local `assets/`, `profiles/`, `references/`, `examples/`, and `scripts/`
115
+ remain supported. Shared Context Assets should become the durable source of
116
+ truth when knowledge is reused across Skills, teams, tools, or agents; shared
117
+ helper implementations belong under `tools/**`. Location alone does not prove
118
+ that local support should be promoted.
119
+
120
+ ## Core Concepts
121
+
122
+ ### Skill
123
+
124
+ A Skill is an agent-facing entrypoint, routing contract, and usage guide. It
125
+ tells a consuming agent when and how to use a capability, what preflight
126
+ questions matter, which safety and verification steps apply, and which Context
127
+ Assets or Context Lenses are relevant. Renma recognizes Agent Skills-compatible
128
+ syntax as the portable authoring boundary without reducing its internal model
129
+ to the Agent Skills data model.
130
+
131
+ A skill should not be the only source of truth for reusable expert knowledge.
132
+
133
+ ### Context Lens
134
+
135
+ A Context Lens is a purpose-oriented interpretation layer over one or more
136
+ Context Assets. It records a static repository relationship for governance and
137
+ review; Renma does not select a Lens at runtime, automatically load Context, or
138
+ assemble a prompt.
139
+
140
+ ### Context Asset
141
+
142
+ A context asset is an independently owned knowledge unit. It may be maintained by QA, domain teams, tooling teams, product teams, or platform teams.
143
+
144
+ Good context assets have:
145
+
146
+ - Stable ID
147
+ - Clear owner
148
+ - Lifecycle status
149
+ - Usage guidance
150
+ - Scope boundaries
151
+ - References or dependencies where needed
152
+
153
+ ### Asset
154
+
155
+ An asset is any repository object Renma can catalog, validate, reference, or include in graph checks.
156
+
157
+ Normalized asset kinds:
158
+
159
+ - `skill`
160
+ - `context`
161
+ - `context_lens`
162
+ - `profile`
163
+ - `reference`
164
+ - `example`
165
+ - `agent`
166
+ - `config`
167
+ - `unknown`
168
+
169
+ Shared Markdown under `contexts/` or `context/` uses the dedicated `context` kind. Skill-local supporting material remains `reference`.
170
+
171
+ ### Dependency
172
+
173
+ A dependency is a typed edge between assets.
174
+
175
+ Initial edge kinds:
176
+
177
+ - `requires`
178
+ - `optional`
179
+ - `conflicts`
180
+ - `extends`
181
+ - `references`
182
+
183
+ `references` is a declared static repository relationship used for graph analysis and repository validation; it does not mean Renma chooses task context.
184
+
185
+ Edges should carry source evidence: source path, line range, declaration form, and reason where available.
186
+
187
+ Declared reference validation is deterministic. Renma resolves references by exact asset ID or repository-relative path, with only a leading `./` normalized away for path compatibility. Unknown declared references, duplicate asset IDs, references to deprecated or archived assets, and orphaned first-class shared context assets are reported as repository-governance findings. Renma does not use fuzzy matching, semantic search, LLM inference, or runtime context selection for these checks.
188
+
189
+ ## Architecture
190
+
191
+ ```mermaid
192
+ flowchart TD
193
+ Inputs["Markdown, frontmatter, configuration, and documentation snapshots"]
194
+ Parsers["Importers and parsers"]
195
+ Model["Normalized repository model"]
196
+ Projections["Catalog and graph projections"]
197
+ Analysis["Validation, repeated-context analysis, and semantic diff"]
198
+ Outputs["Reports, Readiness, and repository manifests"]
199
+ Review["Human or coding-agent review"]
200
+ Inputs --> Parsers --> Model --> Projections --> Analysis --> Outputs --> Review
201
+ ```
202
+
203
+ The normalized model is the contract between files and higher-level features. Users work with Markdown and small metadata blocks. Renma uses the model internally to keep output deterministic and testable.
204
+
205
+ ## LLM-Actionable Diagnostics
206
+
207
+ Renma diagnostics are repository evidence and repair guidance. They should be
208
+ structured enough for humans to review and for LLM coding agents to turn into a
209
+ safe patch. A diagnostic should carry the rule code, severity, source evidence,
210
+ why the issue matters, the recommended repair direction, constraints to
211
+ preserve, and verification steps when available.
212
+
213
+ Renma core remains deterministic: scan, catalog, validate, and emit structured
214
+ findings. Optional helpers may produce LLM-friendly suggestions, but core
215
+ validation does not call an LLM or apply semantic rewrites.
216
+
217
+ ## Optional LLM Evaluation Boundary
218
+
219
+ Renma core is deterministic. LLM evaluation is optional and advisory.
220
+ Repository repair remains outside Renma.
221
+
222
+ Core commands such as `scan`, catalog construction, and rule evaluation should
223
+ not require or call an LLM. Given the same repository, configuration, and Renma
224
+ version, core validation should produce the same diagnostics. This keeps Renma
225
+ suitable for CI, code review, reproducible governance checks, and trustable
226
+ repository health reports.
227
+
228
+ Some repository improvement tasks are semantic by nature: finding similar or
229
+ overlapping knowledge across skills and contexts, deciding whether a
230
+ skill-local reference should be promoted to `contexts/`, evaluating whether two
231
+ context assets are duplicates, suggesting context asset names and boundaries, or
232
+ reviewing a semantic split proposal. Renma may support optional LLM-assisted
233
+ evaluation for these tasks, but those workflows should operate on explicit
234
+ inputs such as scan findings, catalog snapshots, selected files, or generated
235
+ review bundles. `suggest-semantic-split` is an example: it prepares a bounded
236
+ review bundle or prompt, does not call a provider, and does not rewrite files.
237
+
238
+ LLM-assisted workflows should produce suggestions, review bundles, or patch
239
+ guidance. They must not silently rewrite the repository, select task context,
240
+ assemble prompt packages, execute tools, orchestrate agents, or become required
241
+ for validation. Diagnostics such as
242
+ `MAINT-SKILL-REUSABLE-CONTEXT-CANDIDATE` and
243
+ `MAINT-SUPPORT-ASSET-SHARED-CONTEXT-CANDIDATE` can guide a calling LLM or human
244
+ toward semantic review, but Renma itself remains the deterministic evaluator.
245
+
246
+ The repair loop stays reviewable: Renma emits evidence, a human or calling
247
+ agent may propose a patch, a human reviews it, and Renma validates the updated
248
+ repository. An LLM is optional throughout this loop.
249
+
250
+ ```text
251
+ renma scan/catalog -> deterministic diagnostics or review bundle
252
+ human or calling agent -> proposes a repository patch
253
+ human review -> accepts or edits the patch
254
+ renma scan/catalog -> validates the result deterministically
255
+ ```
256
+
257
+ ## Metadata
258
+
259
+ Renma validates a small stable metadata subset. Canonical Skills serialize
260
+ Renma fields as flat, string-valued `metadata.renma.*` entries; this top-level
261
+ example is the retained syntax for Context Assets and other non-Skill assets:
262
+
263
+ ```yaml
264
+ id: domain.payment.idempotency
265
+ version: 1.0.0
266
+ owner: payments
267
+ status: stable
268
+ tags:
269
+ - payment
270
+ - qa
271
+ when_to_use:
272
+ - Testing payment retry or duplicate-submit behavior
273
+ when_not_to_use:
274
+ - Non-payment checkout UI copy review
275
+ requires_context:
276
+ - testing.negative-testing
277
+ optional_context:
278
+ - testing.regression-risk
279
+ conflicts:
280
+ - archived.payment.retry-v0
281
+ ```
282
+
283
+ The parser supports scalar values and YAML-style block lists for selected
284
+ non-Skill metadata fields. Canonical Skill list metadata uses JSON-array
285
+ strings. See `docs/agent-skills-compatibility.md` for the exact 0.16.0 boundary.
286
+
287
+ Status values:
288
+
289
+ - `experimental`
290
+ - `stable`
291
+ - `deprecated`
292
+ - `archived`
293
+
294
+ Fields should be added only when a command or rule uses them.
295
+
296
+ ## Catalog Snapshot
297
+
298
+ `renma catalog` should provide deterministic inventory.
299
+
300
+ Catalog entries should include:
301
+
302
+ - ID
303
+ - Kind
304
+ - Source path
305
+ - Content hash
306
+ - Owner
307
+ - Status
308
+ - Tags
309
+ - Declared dependencies
310
+ - Dependents
311
+ - Diagnostics
312
+
313
+ Catalog output should be stable across filesystems and Node versions.
314
+
315
+ ## Context Graph Snapshot
316
+
317
+ The graph should represent assets and typed dependencies. It should power:
318
+
319
+ - Missing reference checks
320
+ - Deprecated or archived dependency checks
321
+ - Orphaned context detection
322
+ - Conflict visibility
323
+ - Affected asset reporting
324
+ - Catalog enrichment
325
+ - Semantic diff
326
+ - Future visualization
327
+
328
+ Current commands:
329
+
330
+ ```bash
331
+ renma graph . --format json
332
+ renma graph . --format markdown
333
+ renma graph . --format mermaid
334
+ ```
335
+
336
+ The graph is not a runtime selection engine. It is repository evidence.
337
+
338
+ ## Validation
339
+
340
+ Validation should combine local file checks and graph-backed checks.
341
+
342
+ Rule areas:
343
+
344
+ - Repeated context maintenance:
345
+ - `MAINT-REPEATED-SECTION` detects exact repeated sections after whitespace normalization.
346
+ - `MAINT-REPEATED-HEADING` detects repeated non-generic headings across files.
347
+ - `MAINT-REPEATED-CODE-BLOCK` detects substantial repeated fenced code blocks.
348
+ - `MAINT-REPEATED-LINK` detects repeated repository context link targets.
349
+ - `MAINT-REPEATED-CONTEXT-PATTERN` detects repeated token shingles as deterministic consolidation evidence.
350
+ - These findings do not decide semantic source of truth. They provide stable evidence so an LLM or maintainer can propose a consolidation and a human can approve it.
351
+
352
+ - Missing or weak skill description
353
+ - Missing negative routing
354
+ - Missing usage guidance
355
+ - Missing preflight guidance
356
+ - Missing verification guidance
357
+ - Oversized skills or context assets
358
+ - Reusable context candidates inside SKILL.md files
359
+ - Missing shared context owner or ID
360
+ - Invalid status values
361
+ - Unknown dependencies
362
+ - Deprecated or archived referenced context
363
+ - Orphaned context assets
364
+ - Conflicting context declarations
365
+ - Repeated or duplicate knowledge
366
+ - Secret-like literal values
367
+ - Private key material
368
+ - Destructive commands without confirmation or recovery context
369
+ - Risky remote defaults
370
+ - Broad environment copying into subprocesses
371
+ - Hardcoded user-local paths
372
+
373
+ Static checks are evidence. Passing a scan does not prove an agent workflow is safe.
374
+
375
+ ## Repeated Context Discovery
376
+
377
+ Repeated context discovery is a bridge from "what exists" to "what should become shared context."
378
+
379
+ Deterministic signals:
380
+
381
+ - Normalized section hashes
382
+ - Token shingles
383
+ - Repeated headings
384
+ - Repeated command blocks
385
+ - Repeated links
386
+ - Repeated tool, domain, path, or product terms
387
+ - Similar workflow skeletons
388
+
389
+ Output should be a human-reviewable set of candidates with source paths, line ranges, signal kinds, confidence, and suggested context boundaries.
390
+
391
+ Optional LLM support may label clusters or draft refactors, but deterministic evidence remains authoritative.
392
+
393
+ ## Semantic Diff
394
+
395
+ Semantic diff should explain repository-health changes that normal Git diffs make hard to see.
396
+
397
+ Categories:
398
+
399
+ - Ownership changes
400
+ - Lifecycle status changes
401
+ - Dependency changes
402
+ - Conflict changes
403
+ - Missing reference changes
404
+ - Orphaned context changes
405
+ - Repeated-context candidate changes
406
+ - Safety and risk changes
407
+
408
+ Current command:
409
+
410
+ ```bash
411
+ renma diff . --from main --to HEAD
412
+ ```
413
+
414
+ ## Repository Health Reports
415
+
416
+ Readiness v1 is a deterministic static report that describes whether a repository is healthy enough for agents to consume.
417
+
418
+ Current v1 command:
419
+
420
+ ```bash
421
+ renma readiness [path] [--format json|markdown]
422
+ ```
423
+
424
+ The report summarizes level, score, workflow readiness, graph resolution, ownership coverage, diagnostics, and layout status. Markdown output is intentionally compact for PR descriptions, while JSON output keeps the same deterministic data available for CI.
425
+
426
+ The v1 report includes:
427
+
428
+ - Broken references
429
+ - Missing owners
430
+ - Missing usage boundaries
431
+ - Deprecated or archived reachable context
432
+ - Orphaned context
433
+ - Oversized assets
434
+ - Repeated knowledge
435
+ - Risk findings
436
+ - Affected skills and context assets
437
+
438
+ It should not choose task context for an agent run.
439
+
440
+ It does not call an LLM, select runtime context, assemble prompts, auto-repair files, perform cross-document semantic consistency analysis, score repairability, or plan per-skill patches.
441
+
442
+ ## External Signals
443
+
444
+ External tools may later emit signals into Renma:
445
+
446
+ - Context assets loaded by agents
447
+ - Context assets ignored by agents
448
+ - Repeated confusion around an asset
449
+ - Runtime failures mapped back to source paths
450
+ - CI findings attached to owners
451
+
452
+ Renma may later import these as repository evidence. Ownership of telemetry collection, storage, runtime tracing, and dashboards remains outside Renma.
453
+
454
+ Consumed-context evidence from external agents, editor integrations, prompt wrappers, or CI tools may be useful later, but it should be a separate artifact or explicitly separate attachment. It should relate back to declared repository evidence using stable values such as BOM digest or snapshot identity, asset ID, asset content hash, producer identity/version, and observation timestamp. Renma should validate that evidence against the catalog, graph, readiness, and security model instead of becoming the telemetry producer.
455
+
456
+ ## Architecture Stability
457
+
458
+ The scanner, normalized asset model, graph-backed governance, ownership,
459
+ Readiness, repeated-context evidence, semantic diff, security diagnostics,
460
+ Trust Graph, and Repository Context BOM v1 are implemented architecture. New
461
+ projections should reuse the shared repository-evidence snapshot and remain
462
+ additive unless a separately versioned contract requires a breaking change.
463
+
464
+ Release sequencing belongs in [plan.md](plan.md). Proposed Skill discovery is
465
+ isolated in [plan-discovery.md](plan-discovery.md) and is not implemented by the
466
+ current processing pipeline.
467
+
468
+ ## Implementation Notes
469
+
470
+ Representative current CLI commands:
471
+
472
+ ```bash
473
+ renma scan [path]
474
+ renma bom [path]
475
+ renma catalog [path]
476
+ renma graph [path]
477
+ renma trust-graph [path]
478
+ renma ownership [path]
479
+ renma readiness [path]
480
+ renma diff [path] --from <ref> --to <ref>
481
+ renma ci-report [path] --from <ref> --to <ref>
482
+ renma inspect <file>
483
+ renma scaffold <skill|context|context_lens> <path>
484
+ renma suggest-metadata <file>
485
+ renma suggest-semantic-split <file>
486
+ ```
487
+
488
+ `renma readiness` summarizes static repository health for human and external-agent review. It composes the graph/catalog model into deterministic score, level, metric, check, and diagnostic output; it does not call LLMs, select runtime context, assemble prompts, or repair files.
489
+
490
+ `renma inspect` inspects repository files and context assets by outline or line range. It does not choose task context or assemble prompts.
491
+
492
+ Baseline now in place:
493
+
494
+ - Dedicated `context` artifact kind.
495
+ - Default discovery for top-level `contexts/**/*.md` and `context/**/*.md`.
496
+ - Skill-local `references/` remain distinct from shared context assets.
497
+ - `SupportAsset` names non-skill catalog assets.
498
+ - `skill-local-support-reachability` validates static skill-local support files.
499
+ - `renma inspect` provides repository file inspection by outline or line range.
500
+ - Basic shared context metadata diagnostics.
501
+ - Duplicate asset ID detection.
502
+ - Unknown dependency and reference detection.
503
+ - Deprecated or archived dependency validation.
504
+ - Orphaned context asset detection.
505
+ - Readiness v1 repository-health report.
506
+ - Repeated context discovery across shared contexts, Skills, agents,
507
+ references, profiles, and examples.
508
+ - Security diagnostics, security posture summaries, and effective policy
509
+ inventory for agent-facing repository content.
510
+ - Trust Graph evidence and Repository Context BOM v1.
511
+ - CI integration examples and optional LLM-assisted review bundles.
512
+
513
+ Future work may add imported external evidence after its contract is defined;
514
+ that does not move runtime selection, execution, or telemetry collection into
515
+ Renma.
516
+
517
+ ## Principle
518
+
519
+ ```text
520
+ LLM proposes. Renma verifies. Human approves.
521
+ ```
522
+
523
+ No-LLM workflows stay first-class. Renma's core value is deterministic repository evidence.