renma 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/CHANGELOG.md +157 -1
  2. package/README.md +219 -748
  3. package/architecture.md +533 -0
  4. package/design.md +469 -0
  5. package/dist/agent-skills.d.ts +1 -1
  6. package/dist/agent-skills.d.ts.map +1 -1
  7. package/dist/agent-skills.js +28 -8
  8. package/dist/agent-skills.js.map +1 -1
  9. package/dist/catalog.d.ts +1 -1
  10. package/dist/catalog.d.ts.map +1 -1
  11. package/dist/catalog.js +120 -12
  12. package/dist/catalog.js.map +1 -1
  13. package/dist/cli-help.d.ts +15 -9
  14. package/dist/cli-help.d.ts.map +1 -1
  15. package/dist/cli-help.js +32 -9
  16. package/dist/cli-help.js.map +1 -1
  17. package/dist/cli.d.ts.map +1 -1
  18. package/dist/cli.js +162 -40
  19. package/dist/cli.js.map +1 -1
  20. package/dist/commands/bom.d.ts +6 -3
  21. package/dist/commands/bom.d.ts.map +1 -1
  22. package/dist/commands/bom.js +27 -7
  23. package/dist/commands/bom.js.map +1 -1
  24. package/dist/commands/catalog.d.ts +1 -1
  25. package/dist/commands/catalog.d.ts.map +1 -1
  26. package/dist/commands/catalog.js +11 -4
  27. package/dist/commands/catalog.js.map +1 -1
  28. package/dist/commands/ci-report.d.ts.map +1 -1
  29. package/dist/commands/ci-report.js +18 -5
  30. package/dist/commands/ci-report.js.map +1 -1
  31. package/dist/commands/diff.js +8 -2
  32. package/dist/commands/diff.js.map +1 -1
  33. package/dist/commands/graph.d.ts +6 -2
  34. package/dist/commands/graph.d.ts.map +1 -1
  35. package/dist/commands/graph.js +30 -14
  36. package/dist/commands/graph.js.map +1 -1
  37. package/dist/commands/inspect.d.ts.map +1 -1
  38. package/dist/commands/inspect.js +2 -0
  39. package/dist/commands/inspect.js.map +1 -1
  40. package/dist/commands/ownership.d.ts +4 -3
  41. package/dist/commands/ownership.d.ts.map +1 -1
  42. package/dist/commands/ownership.js +27 -23
  43. package/dist/commands/ownership.js.map +1 -1
  44. package/dist/commands/readiness.d.ts +2 -1
  45. package/dist/commands/readiness.d.ts.map +1 -1
  46. package/dist/commands/readiness.js +105 -36
  47. package/dist/commands/readiness.js.map +1 -1
  48. package/dist/commands/scaffold.d.ts +3 -0
  49. package/dist/commands/scaffold.d.ts.map +1 -1
  50. package/dist/commands/scaffold.js +28 -2
  51. package/dist/commands/scaffold.js.map +1 -1
  52. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  53. package/dist/commands/suggest-metadata.js +56 -8
  54. package/dist/commands/suggest-metadata.js.map +1 -1
  55. package/dist/commands/suggest-semantic-split.js +3 -3
  56. package/dist/commands/suggest-semantic-split.js.map +1 -1
  57. package/dist/commands/trust-graph.d.ts.map +1 -1
  58. package/dist/commands/trust-graph.js +12 -0
  59. package/dist/commands/trust-graph.js.map +1 -1
  60. package/dist/config.d.ts.map +1 -1
  61. package/dist/config.js +10 -3
  62. package/dist/config.js.map +1 -1
  63. package/dist/dependency-resolution.d.ts +6 -0
  64. package/dist/dependency-resolution.d.ts.map +1 -0
  65. package/dist/dependency-resolution.js +11 -0
  66. package/dist/dependency-resolution.js.map +1 -0
  67. package/dist/diagnostic-ids.d.ts +8 -0
  68. package/dist/diagnostic-ids.d.ts.map +1 -1
  69. package/dist/diagnostic-ids.js +8 -0
  70. package/dist/diagnostic-ids.js.map +1 -1
  71. package/dist/discovery.d.ts +33 -0
  72. package/dist/discovery.d.ts.map +1 -1
  73. package/dist/discovery.js +178 -80
  74. package/dist/discovery.js.map +1 -1
  75. package/dist/markdown.d.ts.map +1 -1
  76. package/dist/markdown.js +15 -0
  77. package/dist/markdown.js.map +1 -1
  78. package/dist/model.d.ts +17 -1
  79. package/dist/model.d.ts.map +1 -1
  80. package/dist/model.js +4 -1
  81. package/dist/model.js.map +1 -1
  82. package/dist/quality-profile.d.ts +91 -0
  83. package/dist/quality-profile.d.ts.map +1 -0
  84. package/dist/quality-profile.js +91 -0
  85. package/dist/quality-profile.js.map +1 -0
  86. package/dist/repeated-context.d.ts.map +1 -1
  87. package/dist/repeated-context.js +38 -83
  88. package/dist/repeated-context.js.map +1 -1
  89. package/dist/repository-boundary.d.ts +30 -0
  90. package/dist/repository-boundary.d.ts.map +1 -0
  91. package/dist/repository-boundary.js +116 -0
  92. package/dist/repository-boundary.js.map +1 -0
  93. package/dist/repository-evidence.d.ts +2 -0
  94. package/dist/repository-evidence.d.ts.map +1 -1
  95. package/dist/repository-evidence.js +6 -4
  96. package/dist/repository-evidence.js.map +1 -1
  97. package/dist/repository-paths.d.ts +19 -2
  98. package/dist/repository-paths.d.ts.map +1 -1
  99. package/dist/repository-paths.js +123 -14
  100. package/dist/repository-paths.js.map +1 -1
  101. package/dist/rules.d.ts +2 -0
  102. package/dist/rules.d.ts.map +1 -1
  103. package/dist/rules.js +322 -256
  104. package/dist/rules.js.map +1 -1
  105. package/dist/scanner.d.ts.map +1 -1
  106. package/dist/scanner.js +5 -1
  107. package/dist/scanner.js.map +1 -1
  108. package/dist/security-diagnostics.d.ts.map +1 -1
  109. package/dist/security-diagnostics.js +95 -30
  110. package/dist/security-diagnostics.js.map +1 -1
  111. package/dist/security-diff.d.ts +5 -2
  112. package/dist/security-diff.d.ts.map +1 -1
  113. package/dist/security-diff.js +20 -4
  114. package/dist/security-diff.js.map +1 -1
  115. package/dist/security-policy-inventory.d.ts +15 -3
  116. package/dist/security-policy-inventory.d.ts.map +1 -1
  117. package/dist/security-policy-inventory.js +123 -26
  118. package/dist/security-policy-inventory.js.map +1 -1
  119. package/dist/security-policy.d.ts +7 -0
  120. package/dist/security-policy.d.ts.map +1 -1
  121. package/dist/security-policy.js +70 -7
  122. package/dist/security-policy.js.map +1 -1
  123. package/dist/security-posture.d.ts.map +1 -1
  124. package/dist/security-posture.js +2 -1
  125. package/dist/security-posture.js.map +1 -1
  126. package/dist/skill-migration.js +2 -0
  127. package/dist/skill-migration.js.map +1 -1
  128. package/dist/static-support.d.ts +13 -0
  129. package/dist/static-support.d.ts.map +1 -0
  130. package/dist/static-support.js +284 -0
  131. package/dist/static-support.js.map +1 -0
  132. package/dist/token-estimator.d.ts +21 -0
  133. package/dist/token-estimator.d.ts.map +1 -0
  134. package/dist/token-estimator.js +84 -0
  135. package/dist/token-estimator.js.map +1 -0
  136. package/dist/trust-graph.d.ts +3 -3
  137. package/dist/trust-graph.d.ts.map +1 -1
  138. package/dist/trust-graph.js +76 -21
  139. package/dist/trust-graph.js.map +1 -1
  140. package/dist/types.d.ts +7 -2
  141. package/dist/types.d.ts.map +1 -1
  142. package/docs/README.md +61 -0
  143. package/docs/advanced-skill-authoring.md +147 -0
  144. package/docs/agent-skills-compatibility.md +508 -0
  145. package/docs/authoring-guide.md +382 -0
  146. package/docs/context-conflict-diagnostics.md +32 -0
  147. package/docs/context-language-diagnostics.md +99 -0
  148. package/docs/context-lens.md +253 -0
  149. package/docs/context-lifecycle-diagnostics.md +55 -0
  150. package/docs/diagnostics.md +406 -0
  151. package/docs/metadata-budget.md +14 -0
  152. package/docs/quality-profile.md +123 -0
  153. package/docs/repository-context-bom.md +172 -0
  154. package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
  155. package/docs/schemas/trust-graph-v2.schema.json +301 -0
  156. package/docs/security-policy.md +354 -0
  157. package/docs/trust-graph.md +47 -0
  158. package/docs/user-manual.md +842 -0
  159. package/examples/context-lens/README.md +101 -0
  160. package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
  161. package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
  162. package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
  163. package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
  164. package/examples/context-repo/README.md +148 -0
  165. package/examples/context-repo/contexts/domain/payment/idempotency.md +27 -0
  166. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +26 -0
  167. package/examples/context-repo/contexts/testing/negative-testing.md +26 -0
  168. package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
  169. package/examples/context-repo/renma.config.json +12 -0
  170. package/examples/context-repo/skills/testing/spec-review/SKILL.md +71 -0
  171. package/examples/context-repo/tools/appium/README.md +14 -0
  172. package/examples/github-actions/renma-ci-report.yml +36 -0
  173. package/examples/interactive-placeholder/README.md +104 -0
  174. package/examples/interactive-placeholder/assets/template.txt +1 -0
  175. package/examples/interactive-placeholder/renma.config.json +6 -0
  176. package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
  177. package/examples/interactive-placeholder/tools/README.md +48 -0
  178. package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
  179. package/package.json +10 -1
  180. package/plan-discovery.md +749 -0
  181. package/plan.md +90 -0
  182. package/scripts/verify-package.mjs +104 -0
@@ -0,0 +1,508 @@
1
+ # Agent Skills Compatibility and Migration
2
+
3
+ This document defines Renma's `SKILL.md` compatibility and migration contract,
4
+ including the 0.18.0 focused-workflow model. [Agent Skills](https://agentskills.io/specification) owns the
5
+ portable Skill format. Renma extends it with deterministic governance evidence,
6
+ without defining a competing Skill format.
7
+
8
+ Compatibility is the portable authoring boundary for Skill entrypoints, not
9
+ Renma's complete repository model. A Renma repository may also contain Context
10
+ Lenses, independently owned Context Assets, references, policies, lifecycle and
11
+ ownership declarations, dependencies, and evidence organized across domains,
12
+ products, teams, or workflows. That flexibility applies to the broader
13
+ repository assets, not to arbitrary Skill roots: canonical Skill entrypoints in
14
+ 0.16.0 are discovered only under `skills/**/SKILL.md` and
15
+ `.agents/skills/**/SKILL.md`. A custom scan glob does not make a path such as
16
+ `docs/skills/demo/SKILL.md` a Skill. Renma is not an Agent Skills registry,
17
+ runtime, or live router, and repository knowledge does not need to be embedded
18
+ inside the supported Skill directories.
19
+
20
+ In this document, “pre-0.16 Renma Skill format” refers to the top-level Renma
21
+ metadata syntax supported before Renma 0.16.0. It is the migration source
22
+ format. The 0.16.0 target uses Agent Skills standard fields plus flat
23
+ `metadata.renma.*` entries.
24
+
25
+ This rollout follows one operating principle:
26
+
27
+ ```text
28
+ LLM proposes. Renma verifies. Human approves.
29
+ ```
30
+
31
+ ## Responsibility Boundary
32
+
33
+ Keep these surfaces separate:
34
+
35
+ ```text
36
+ Agent Skills name, description, body, and references
37
+ -> portable and primarily LLM-facing
38
+
39
+ metadata.renma.*
40
+ -> structured governance evidence for Renma
41
+
42
+ Renma
43
+ -> deterministic validation and migration assistance
44
+
45
+ Human
46
+ -> approves semantic changes
47
+ ```
48
+
49
+ The Markdown body remains the primary instruction surface after a Skill has
50
+ been activated. Generic Agent Skills clients may not send arbitrary metadata
51
+ to a model. Renma metadata therefore does not guarantee model compliance and
52
+ must not replace behavior-critical instructions.
53
+
54
+ Use your platform's standard Skill authoring guidance for the name, trigger
55
+ description, instructions, workflow, constraints, examples, and completion
56
+ criteria. Use Renma for repository-specific governance and validation. The
57
+ [Authoring Guide](authoring-guide.md) owns the general new-Skill and
58
+ existing-Skill workflows; this document owns the canonical format and migration
59
+ contract.
60
+
61
+ ## Canonical 0.16.0 Frontmatter
62
+
63
+ Agent Skills owns the standard top-level fields:
64
+
65
+ - `name`
66
+ - `description`
67
+ - `license`
68
+ - `compatibility`
69
+ - `metadata`
70
+ - `allowed-tools`
71
+
72
+ Renma owns flat metadata keys beginning with `renma.`. Agent Skills metadata
73
+ values are strings, including values that encode lists or booleans:
74
+
75
+ ```yaml
76
+ ---
77
+ name: spec-review
78
+ description: Review specifications before implementation. Use for ambiguity and boundary analysis.
79
+ metadata:
80
+ renma.id: skill.testing.spec-review
81
+ renma.owner: qa-platform
82
+ renma.status: stable
83
+ renma.tags: '["testing","spec-review"]'
84
+ ---
85
+ ```
86
+
87
+ Do not use unprefixed shared keys such as `metadata.owner`. Do not use a nested
88
+ `metadata.renma` mapping. Unknown `renma.*` keys and other vendors' string
89
+ metadata remain valid metadata and are preserved during migration without
90
+ interpretation.
91
+
92
+ ## Operational Renma Metadata
93
+
94
+ Renma 0.16.0 makes these governance keys operational for specification-valid
95
+ Agent Skills:
96
+
97
+ ```text
98
+ renma.id
99
+ renma.title
100
+ renma.version
101
+ renma.owner
102
+ renma.status
103
+ renma.purpose
104
+ renma.last-reviewed-at
105
+ renma.review-cycle
106
+ renma.expires-at
107
+ renma.tags
108
+ renma.when-to-use
109
+ renma.when-not-to-use
110
+ renma.requires-context
111
+ renma.optional-context
112
+ renma.requires-lens
113
+ renma.optional-lens
114
+ renma.conflicts
115
+ renma.superseded-by
116
+ ```
117
+
118
+ For new canonical Skills, `description` is the portable discovery source of
119
+ truth for what the Skill does and when it should be selected. Existing
120
+ `renma.when-to-use` and `renma.when-not-to-use` values remain recognized for
121
+ governance and one-way migration preservation, but are deprecated for new Skill
122
+ authoring because duplicating discovery semantics invites drift. They remain
123
+ appropriate top-level governance fields for shared non-Skill Context Assets.
124
+
125
+ Renma normalizes these values into the existing asset metadata model used by
126
+ scan findings, inspect, catalog, ownership, graph and dependency resolution,
127
+ readiness, BOM, Trust Graph, diff, and CI reporting. This is a serialization
128
+ change, not a second governance model or a change to those consumers'
129
+ semantics.
130
+
131
+ Text values are trimmed strings, and `renma.status` retains the existing
132
+ `experimental`, `stable`, `deprecated`, and `archived` lifecycle values. List
133
+ values are JSON-array strings containing strings only:
134
+
135
+ ```yaml
136
+ metadata:
137
+ renma.tags: '["testing","spec-review"]'
138
+ renma.requires-context: '["context.testing.boundaries"]'
139
+ renma.optional-context: '[]'
140
+ ```
141
+
142
+ Canonical list metadata is not comma-separated. Malformed JSON, non-array
143
+ JSON, and non-string array members are invalid rather than guessed. Diagnostics
144
+ for canonical values retain evidence for the specific child key under
145
+ `metadata`, not just the parent mapping.
146
+
147
+ Empty text, invalid status, and invalid lifecycle or freshness values retain
148
+ their existing operational diagnostic semantics and stable finding IDs where
149
+ applicable.
150
+
151
+ Operational source selection is explicit:
152
+
153
+ ```text
154
+ specification-valid Agent Skill
155
+ -> governance and security metadata comes only from metadata.renma.*
156
+
157
+ invalid, hybrid, or pre-0.16 Skill
158
+ -> no operational Skill metadata; suggest-metadata may use it as migration input
159
+
160
+ non-Skill asset
161
+ -> existing top-level Renma metadata syntax
162
+ ```
163
+
164
+ An Agent Skill must pass the Agent Skills specification checks before any Renma
165
+ metadata becomes operational. Renma authoring warnings do not block operational
166
+ metadata. A Skill never falls back to or merges top-level pre-0.16 equivalents.
167
+ Contexts, context lenses, profiles, references, examples, agents,
168
+ configuration files, and other non-Skill assets keep their existing metadata
169
+ syntax and behavior.
170
+
171
+ These security keys are also operational under `metadata`:
172
+
173
+ ```text
174
+ renma.allowed-data
175
+ renma.network-allowed
176
+ renma.external-upload-allowed
177
+ renma.secrets-allowed
178
+ renma.requires-human-approval
179
+ renma.forbidden-inputs
180
+ renma.approved-network-destinations
181
+ renma.approved-upload-destinations
182
+ renma.security-profile
183
+ ```
184
+
185
+ Boolean values must be the exact strings `"true"` or `"false"`. List values
186
+ must be JSON-array strings containing strings only. Renma does not coerce YAML
187
+ booleans, alternate boolean spellings, comma-separated lists, or non-string
188
+ array members. Canonical child-key evidence is preserved for diagnostics,
189
+ including multiline YAML values.
190
+
191
+ ## Entrypoint Paths
192
+
193
+ Canonical Agent Skills entrypoints use the exact filename:
194
+
195
+ ```text
196
+ skills/**/SKILL.md
197
+ .agents/skills/**/SKILL.md
198
+ ```
199
+
200
+ Renma continues discovering historical `skill.md` and `*.skill.md` spellings
201
+ under those roots so `scan` can report validation and migration diagnostics.
202
+ Discovery does not make those spellings Agent Skills-compatible.
203
+
204
+ The entrypoint migration is explicit:
205
+
206
+ ```text
207
+ skills/demo/skill.md
208
+ -> skills/demo/SKILL.md
209
+
210
+ skills/testing/spec-review.skill.md
211
+ -> skills/testing/spec-review/SKILL.md
212
+ ```
213
+
214
+ The same mappings apply under `.agents/skills/**`. A lowercase `skill.md`
215
+ requires a rename. A flat `*.skill.md` requires a move into the filename-derived
216
+ directory plus a rename. Structured `suggest-metadata` output reports
217
+ `sourcePath`, `targetPath`, and `entrypointMigration` (`none`, `rename`, or
218
+ `move-and-rename`) so the path change cannot be mistaken for an apply-ready
219
+ frontmatter-only result.
220
+
221
+ Repository discovery recognizes these roots only at the beginning of a
222
+ repository-relative path. A nested path such as `docs/skills/demo/SKILL.md` is
223
+ not a repository Skill, and a later `skills` segment cannot escape a reserved
224
+ `references` or `examples` directory. For absolute `suggest-metadata` targets,
225
+ Renma requires one unambiguous Skill root and rejects paths with multiple
226
+ possible roots.
227
+
228
+ Repository-relative classification normalizes leading and internal `.` segments
229
+ and safe `..` segments before checking the root. A path is rejected if `..`
230
+ escapes its original `skills/` or `.agents/skills/` root, even if a later segment
231
+ would appear to re-enter it. User-facing structured command argv retains the
232
+ exact path discovered by `scan` or supplied by the user.
233
+
234
+ Inside an Agent Skill directory, `assets/`, `scripts/`, and `references/`
235
+ contain Skill-local support material and are not treated as nested Skill roots.
236
+ Renma also reserves its existing `examples/` and `profiles/` support
237
+ directories. The same reserved names cannot be used as top-level Skill names
238
+ under `skills/` or `.agents/skills/` without reserved-name guidance.
239
+
240
+ ## Validation During Scan
241
+
242
+ Agent Skills validation is part of the existing scan workflow:
243
+
244
+ ```bash
245
+ renma scan .
246
+ renma scan . --format json
247
+ ```
248
+
249
+ The JSON report includes a dedicated `agentSkills` summary and per-Skill
250
+ results. Text output includes a concise valid/invalid summary, structural issues,
251
+ authoring warnings, and a `suggest-metadata` migration command when pre-0.16
252
+ Renma Skill fields or a historical entrypoint spelling are present.
253
+
254
+ In JSON, `migrationCommand` contains structured `command` and `args` fields plus
255
+ a display string. The argv fields preserve the exact path and are the source of
256
+ truth for tools. Text output uses POSIX shell quoting when a path contains
257
+ spaces or shell metacharacters.
258
+
259
+ The locally versioned validation profile uses the maintained `yaml` package in
260
+ YAML 1.2 mode. It validates:
261
+
262
+ - the exact `SKILL.md` filename;
263
+ - frontmatter presence and closure;
264
+ - YAML syntax and mapping shape;
265
+ - duplicate top-level and `metadata` keys;
266
+ - the allowed Agent Skills top-level fields;
267
+ - required, non-empty string `name` and `description` values;
268
+ - NFKC-normalized name length, Unicode letters/digits, lowercase and hyphen
269
+ rules, and normalized immediate-parent match. The YAML field is trimmed, but
270
+ the filesystem directory name is not; leading or trailing directory
271
+ whitespace is invalid rather than normalized away;
272
+ - description and compatibility length limits;
273
+ - optional field types;
274
+ - `metadata` as a string-to-string mapping.
275
+
276
+ The validation profile is local. Renma does not fetch a schema or validation
277
+ rules at runtime.
278
+
279
+ Agent Skills validation does not add a separate validation command or change
280
+ the existing `scan` or `--fail-on` exit contract. Agent Skills results are
281
+ visible in scan output but are not inserted into the existing finding threshold
282
+ path.
283
+
284
+ ## Format Classification
285
+
286
+ Each inspected Skill receives one migration-oriented classification:
287
+
288
+ ```text
289
+ agent-skills
290
+ Agent Skills identity with no pre-0.16 Renma Skill fields
291
+
292
+ renma-legacy
293
+ pre-0.16 Renma Skill fields without Agent Skills identity
294
+
295
+ hybrid
296
+ Agent Skills identity plus pre-0.16 Renma Skill fields
297
+
298
+ unknown
299
+ neither Agent Skills identity nor a recognized migration source
300
+ ```
301
+
302
+ Classification remains migration-oriented. Operational normalization is
303
+ stricter: only a specification-valid `agent-skills` document contributes Skill
304
+ metadata. `renma-legacy`, `hybrid`, `unknown`, and otherwise invalid documents
305
+ remain visible to validation and migration diagnostics but contribute no
306
+ operational Skill metadata.
307
+
308
+ ## Selection Boundaries and Execution Constraints
309
+
310
+ A selection boundary determines whether a Skill should be chosen. If the body
311
+ says `Do not use this skill for test execution`, that exclusion belongs in
312
+ `description` because name and description are the discovery surface.
313
+
314
+ An execution constraint applies after activation. Instructions such as `Do not
315
+ modify production files` or `Never upload secrets` belong in the body under a
316
+ prominent heading such as `Hard Constraints`, `Prohibited Actions`, or `Safety
317
+ Constraints`. A generic execution constraint must not be copied automatically
318
+ into `description` or `metadata.renma.when-not-to-use`.
319
+
320
+ Renma may report conservative authoring warnings for a missing usage boundary,
321
+ an omitted selection exclusion, a buried or scattered execution constraint, or
322
+ a prohibition without a supported alternative or stop behavior. Nested
323
+ subsections under a prominent constraint heading remain prominent. These
324
+ warnings do not make a structurally valid Agent Skill invalid.
325
+
326
+ Agent Skills body inspection and migration description extraction ignore fenced
327
+ examples opened with at least three backticks or at least three tildes. A fence
328
+ closes only with the same character and a marker at least as long as its opener.
329
+ Fence inspection starts at the Markdown body; fence-like text inside YAML block
330
+ scalars does not hide body diagnostics.
331
+
332
+ ## Agent Skills Diagnostic Identifiers
333
+
334
+ Agent Skills diagnostics use stable identifiers in the `agentSkills` portion of
335
+ scan output. `AS-SKILL-*` identifiers are specification errors and make the
336
+ Skill invalid. `RN-SKILL-*` identifiers are Renma authoring warnings and do not
337
+ affect structural validity or the existing `--fail-on` threshold.
338
+
339
+ ### Specification errors
340
+
341
+ | Identifier | Meaning |
342
+ | --- | --- |
343
+ | `AS-SKILL-NONCANONICAL-FILENAME` | The entrypoint filename is not exactly `SKILL.md`. |
344
+ | `AS-SKILL-MISSING-FRONTMATTER` | YAML frontmatter is absent. |
345
+ | `AS-SKILL-UNCLOSED-FRONTMATTER` | The opening frontmatter delimiter has no closing delimiter. |
346
+ | `AS-SKILL-INVALID-YAML` | The frontmatter is not valid YAML. |
347
+ | `AS-SKILL-FRONTMATTER-NOT-MAPPING` | The frontmatter root is not a YAML mapping. |
348
+ | `AS-SKILL-DUPLICATE-FIELD` | A top-level frontmatter field is declared more than once. |
349
+ | `AS-SKILL-DUPLICATE-METADATA-KEY` | A key in `metadata` is declared more than once. |
350
+ | `AS-SKILL-UNEXPECTED-TOP-LEVEL-FIELD` | A top-level field is outside the Agent Skills field set. |
351
+ | `AS-SKILL-MISSING-NAME` | The required `name` field is absent or empty. |
352
+ | `AS-SKILL-INVALID-NAME` | `name` has the wrong type or violates the name rules. |
353
+ | `AS-SKILL-NAME-DIRECTORY-MISMATCH` | The normalized `name` does not match its immediate parent directory. |
354
+ | `AS-SKILL-MISSING-DESCRIPTION` | The required `description` field is absent or empty. |
355
+ | `AS-SKILL-INVALID-DESCRIPTION` | `description` is not a string. |
356
+ | `AS-SKILL-DESCRIPTION-TOO-LONG` | `description` exceeds 1,024 Unicode code points. |
357
+ | `AS-SKILL-INVALID-COMPATIBILITY` | `compatibility` is not a non-empty string. |
358
+ | `AS-SKILL-COMPATIBILITY-TOO-LONG` | `compatibility` exceeds 500 Unicode code points. |
359
+ | `AS-SKILL-INVALID-LICENSE` | `license` is present but is not a string. |
360
+ | `AS-SKILL-INVALID-ALLOWED-TOOLS` | `allowed-tools` is present but is not a string. |
361
+ | `AS-SKILL-INVALID-METADATA` | `metadata` is not a string-to-string mapping. |
362
+
363
+ ### Renma authoring warnings
364
+
365
+ | Identifier | Meaning |
366
+ | --- | --- |
367
+ | `RN-SKILL-DESCRIPTION-MISSING-USAGE-BOUNDARY` | The description does not state when the Skill should be used. |
368
+ | `RN-SKILL-DESCRIPTION-MISSING-CAPABILITY` | The description does not clearly state what the Skill does. This is a Renma authoring warning, not an Agent Skills validity error. |
369
+ | `RN-SKILL-DESCRIPTION-OMITS-SELECTION-BOUNDARY` | A body selection exclusion is absent from the description. |
370
+ | `RN-SKILL-EXECUTION-CONSTRAINT-NOT-PROMINENT` | An execution constraint is outside a prominent constraint section. |
371
+ | `RN-SKILL-EXECUTION-CONSTRAINT-SCATTERED` | Execution constraints are scattered across sections. |
372
+ | `RN-SKILL-EXECUTION-CONSTRAINT-MISSING-ALTERNATIVE` | A prohibition has no nearby supported alternative or stop behavior. |
373
+
374
+ ## One-Way Migration
375
+
376
+ Pre-0.16 Renma Skill fields are migration input only:
377
+
378
+ ```text
379
+ pre-0.16 Renma Skill
380
+ -> Agent Skills identity
381
+ -> metadata.renma.*
382
+ ```
383
+
384
+ Use the existing non-editing command with canonical or non-canonical
385
+ entrypoints:
386
+
387
+ ```bash
388
+ renma scan . --fail-on high
389
+ renma suggest-metadata skills/example/SKILL.md --format prompt
390
+ renma suggest-metadata skills/example/skill.md --format json
391
+ renma suggest-metadata skills/testing/spec-review.skill.md --format prompt
392
+ # apply only an unblocked canonical frontmatter candidate
393
+ renma scan . --fail-on high
394
+ ```
395
+
396
+ For Skill targets, `suggest-metadata` can preserve valid standard Agent Skills
397
+ fields, use a valid immediate parent directory as `name`, preserve an existing
398
+ valid description, conservatively extract description evidence from the body,
399
+ move recognized pre-0.16 Renma Skill fields to
400
+ `metadata.renma.*`, and render canonical frontmatter for human review. It never
401
+ edits the file and never proposes a reverse conversion for a canonical Agent
402
+ Skill.
403
+
404
+ Pre-0.16 security fields migrate in the same one-way proposal. Safe string
405
+ values are preserved, boolean values serialize as exact `"true"` or `"false"`
406
+ strings, and list values serialize as JSON-array strings. Unsafe or ambiguous
407
+ values block canonical frontmatter generation for human review.
408
+
409
+ Before presenting a non-canonical entrypoint migration, Renma renders the candidate
410
+ frontmatter, combines it with the unchanged Markdown body at the target
411
+ `SKILL.md` path, and runs the existing Agent Skills validator on that in-memory
412
+ result. Any specification error blocks the proposal. If the target entrypoint
413
+ already exists as a distinct filesystem entry, migration is also blocked; Renma
414
+ does not propose overwriting, merging, or deleting either file. Case-only
415
+ renames that resolve to the same filesystem entry are not treated as a
416
+ collision.
417
+
418
+ For a specification-valid canonical `SKILL.md`, an explicit `--owner <owner>` instead
419
+ produces a canonical metadata retrofit candidate at `metadata.renma.owner`. An
420
+ identical existing owner is preserved without a rewrite. A different existing
421
+ owner blocks the proposal for human review. Without `--owner`, Renma does not
422
+ invent owner metadata or emit a meaningless canonical rewrite. This retrofit is
423
+ not reverse migration.
424
+
425
+ After generating a suggestion, review the Skill's trigger description,
426
+ instructions, workflow, constraints, and completion criteria using
427
+ platform-native authoring guidance. Review the candidate, apply only intended
428
+ metadata or migration changes, run `renma scan . --fail-on high`, fix relevant
429
+ diagnostics, and rerun validation before human approval.
430
+
431
+ ## Pre-0.16 Value Serialization
432
+
433
+ Migration never converts native YAML numbers into text. Native YAML booleans
434
+ are accepted only for recognized boolean security fields, where the meaning is
435
+ unambiguous.
436
+
437
+ - Text scalar fields (`id`, `title`, `version`, `owner`, `status`, `purpose`,
438
+ `last_reviewed_at`, `review_cycle`, `expires_at`, and `security_profile`)
439
+ require YAML strings.
440
+ - String-list fields accept YAML arrays containing strings only, pre-0.16
441
+ comma-separated strings, or JSON-array strings containing strings only.
442
+ Numeric and boolean elements are blocked.
443
+ - Boolean security fields accept YAML booleans or the exact strings `"true"`
444
+ and `"false"`, then serialize to exact canonical strings.
445
+
446
+ For example, `version: "1.0"` and `tags: ["1.0"]` are safe. `version: 1.0`
447
+ and `tags: [1.0]` block canonical frontmatter generation. Likewise,
448
+ `network_allowed: yes` is blocked rather than guessed.
449
+
450
+ ## Unsafe Migration Blocking
451
+
452
+ Renma does not render canonical frontmatter when migration would be ambiguous
453
+ or lossy. Blocking cases include:
454
+
455
+ - invalid or unclosed YAML frontmatter;
456
+ - a non-mapping frontmatter document;
457
+ - duplicate top-level or metadata keys;
458
+ - non-string metadata values;
459
+ - an invalid Skill directory name or conflicting identity;
460
+ - conflicting Agent Skills and pre-0.16 Renma Skill values;
461
+ - an unknown top-level field;
462
+ - missing evidence for a usable description;
463
+ - duplicate semantic list values or unsupported pre-0.16 value shapes;
464
+ - a candidate that remains invalid at its target `SKILL.md` path;
465
+ - an existing distinct target entrypoint or an unverifiable target collision;
466
+
467
+ Renma reports structured blocked evidence with the field and reason. It never
468
+ selects the last duplicate value, silently deletes an unknown field, or assigns
469
+ an unknown top-level field to a vendor namespace.
470
+
471
+ When blocked, do not apply a candidate. Review the conflict or invalid evidence,
472
+ confirm the Skill's intent using platform-native authoring guidance, correct
473
+ the source evidence, and rerun `suggest-metadata`. After intended corrections,
474
+ run `renma scan . --fail-on high`, fix relevant diagnostics, and rerun the scan.
475
+
476
+ Within a valid `metadata` mapping, Renma distinguishes:
477
+
478
+ ```text
479
+ known renma.* key
480
+ interpret for migration comparison and preserve
481
+
482
+ unknown renma.* key
483
+ preserve without interpretation
484
+
485
+ other vendor metadata
486
+ preserve without interpretation
487
+
488
+ unknown top-level field
489
+ block migration
490
+ ```
491
+
492
+ ## Renma 0.16+ Boundary
493
+
494
+ Renma 0.16.0 completes the repository format migration:
495
+
496
+ - Skills must be specification-valid Agent Skills to contribute operational
497
+ metadata;
498
+ - all Renma Skill governance and security metadata is read from flat
499
+ `metadata.renma.*` string entries;
500
+ - pre-0.16 top-level Skill metadata is migration input only;
501
+ - `suggest-metadata` converts recognized governance and security fields in one
502
+ reviewed proposal;
503
+ - the repository-owned `release-prep` Skill and generated Skill scaffolds are
504
+ fully canonical;
505
+ - non-Skill assets retain their existing top-level metadata behavior.
506
+
507
+ This boundary does not add runtime Skill selection, prompt assembly, context
508
+ injection, execution, or telemetry.