renma 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/CHANGELOG.md +157 -1
  2. package/README.md +219 -748
  3. package/architecture.md +533 -0
  4. package/design.md +469 -0
  5. package/dist/agent-skills.d.ts +1 -1
  6. package/dist/agent-skills.d.ts.map +1 -1
  7. package/dist/agent-skills.js +28 -8
  8. package/dist/agent-skills.js.map +1 -1
  9. package/dist/catalog.d.ts +1 -1
  10. package/dist/catalog.d.ts.map +1 -1
  11. package/dist/catalog.js +120 -12
  12. package/dist/catalog.js.map +1 -1
  13. package/dist/cli-help.d.ts +15 -9
  14. package/dist/cli-help.d.ts.map +1 -1
  15. package/dist/cli-help.js +32 -9
  16. package/dist/cli-help.js.map +1 -1
  17. package/dist/cli.d.ts.map +1 -1
  18. package/dist/cli.js +162 -40
  19. package/dist/cli.js.map +1 -1
  20. package/dist/commands/bom.d.ts +6 -3
  21. package/dist/commands/bom.d.ts.map +1 -1
  22. package/dist/commands/bom.js +27 -7
  23. package/dist/commands/bom.js.map +1 -1
  24. package/dist/commands/catalog.d.ts +1 -1
  25. package/dist/commands/catalog.d.ts.map +1 -1
  26. package/dist/commands/catalog.js +11 -4
  27. package/dist/commands/catalog.js.map +1 -1
  28. package/dist/commands/ci-report.d.ts.map +1 -1
  29. package/dist/commands/ci-report.js +18 -5
  30. package/dist/commands/ci-report.js.map +1 -1
  31. package/dist/commands/diff.js +8 -2
  32. package/dist/commands/diff.js.map +1 -1
  33. package/dist/commands/graph.d.ts +6 -2
  34. package/dist/commands/graph.d.ts.map +1 -1
  35. package/dist/commands/graph.js +30 -14
  36. package/dist/commands/graph.js.map +1 -1
  37. package/dist/commands/inspect.d.ts.map +1 -1
  38. package/dist/commands/inspect.js +2 -0
  39. package/dist/commands/inspect.js.map +1 -1
  40. package/dist/commands/ownership.d.ts +4 -3
  41. package/dist/commands/ownership.d.ts.map +1 -1
  42. package/dist/commands/ownership.js +27 -23
  43. package/dist/commands/ownership.js.map +1 -1
  44. package/dist/commands/readiness.d.ts +2 -1
  45. package/dist/commands/readiness.d.ts.map +1 -1
  46. package/dist/commands/readiness.js +105 -36
  47. package/dist/commands/readiness.js.map +1 -1
  48. package/dist/commands/scaffold.d.ts +3 -0
  49. package/dist/commands/scaffold.d.ts.map +1 -1
  50. package/dist/commands/scaffold.js +28 -2
  51. package/dist/commands/scaffold.js.map +1 -1
  52. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  53. package/dist/commands/suggest-metadata.js +56 -8
  54. package/dist/commands/suggest-metadata.js.map +1 -1
  55. package/dist/commands/suggest-semantic-split.js +3 -3
  56. package/dist/commands/suggest-semantic-split.js.map +1 -1
  57. package/dist/commands/trust-graph.d.ts.map +1 -1
  58. package/dist/commands/trust-graph.js +12 -0
  59. package/dist/commands/trust-graph.js.map +1 -1
  60. package/dist/config.d.ts.map +1 -1
  61. package/dist/config.js +10 -3
  62. package/dist/config.js.map +1 -1
  63. package/dist/dependency-resolution.d.ts +6 -0
  64. package/dist/dependency-resolution.d.ts.map +1 -0
  65. package/dist/dependency-resolution.js +11 -0
  66. package/dist/dependency-resolution.js.map +1 -0
  67. package/dist/diagnostic-ids.d.ts +8 -0
  68. package/dist/diagnostic-ids.d.ts.map +1 -1
  69. package/dist/diagnostic-ids.js +8 -0
  70. package/dist/diagnostic-ids.js.map +1 -1
  71. package/dist/discovery.d.ts +33 -0
  72. package/dist/discovery.d.ts.map +1 -1
  73. package/dist/discovery.js +178 -80
  74. package/dist/discovery.js.map +1 -1
  75. package/dist/markdown.d.ts.map +1 -1
  76. package/dist/markdown.js +15 -0
  77. package/dist/markdown.js.map +1 -1
  78. package/dist/model.d.ts +17 -1
  79. package/dist/model.d.ts.map +1 -1
  80. package/dist/model.js +4 -1
  81. package/dist/model.js.map +1 -1
  82. package/dist/quality-profile.d.ts +91 -0
  83. package/dist/quality-profile.d.ts.map +1 -0
  84. package/dist/quality-profile.js +91 -0
  85. package/dist/quality-profile.js.map +1 -0
  86. package/dist/repeated-context.d.ts.map +1 -1
  87. package/dist/repeated-context.js +38 -83
  88. package/dist/repeated-context.js.map +1 -1
  89. package/dist/repository-boundary.d.ts +30 -0
  90. package/dist/repository-boundary.d.ts.map +1 -0
  91. package/dist/repository-boundary.js +116 -0
  92. package/dist/repository-boundary.js.map +1 -0
  93. package/dist/repository-evidence.d.ts +2 -0
  94. package/dist/repository-evidence.d.ts.map +1 -1
  95. package/dist/repository-evidence.js +6 -4
  96. package/dist/repository-evidence.js.map +1 -1
  97. package/dist/repository-paths.d.ts +19 -2
  98. package/dist/repository-paths.d.ts.map +1 -1
  99. package/dist/repository-paths.js +123 -14
  100. package/dist/repository-paths.js.map +1 -1
  101. package/dist/rules.d.ts +2 -0
  102. package/dist/rules.d.ts.map +1 -1
  103. package/dist/rules.js +322 -256
  104. package/dist/rules.js.map +1 -1
  105. package/dist/scanner.d.ts.map +1 -1
  106. package/dist/scanner.js +5 -1
  107. package/dist/scanner.js.map +1 -1
  108. package/dist/security-diagnostics.d.ts.map +1 -1
  109. package/dist/security-diagnostics.js +95 -30
  110. package/dist/security-diagnostics.js.map +1 -1
  111. package/dist/security-diff.d.ts +5 -2
  112. package/dist/security-diff.d.ts.map +1 -1
  113. package/dist/security-diff.js +20 -4
  114. package/dist/security-diff.js.map +1 -1
  115. package/dist/security-policy-inventory.d.ts +15 -3
  116. package/dist/security-policy-inventory.d.ts.map +1 -1
  117. package/dist/security-policy-inventory.js +123 -26
  118. package/dist/security-policy-inventory.js.map +1 -1
  119. package/dist/security-policy.d.ts +7 -0
  120. package/dist/security-policy.d.ts.map +1 -1
  121. package/dist/security-policy.js +70 -7
  122. package/dist/security-policy.js.map +1 -1
  123. package/dist/security-posture.d.ts.map +1 -1
  124. package/dist/security-posture.js +2 -1
  125. package/dist/security-posture.js.map +1 -1
  126. package/dist/skill-migration.js +2 -0
  127. package/dist/skill-migration.js.map +1 -1
  128. package/dist/static-support.d.ts +13 -0
  129. package/dist/static-support.d.ts.map +1 -0
  130. package/dist/static-support.js +284 -0
  131. package/dist/static-support.js.map +1 -0
  132. package/dist/token-estimator.d.ts +21 -0
  133. package/dist/token-estimator.d.ts.map +1 -0
  134. package/dist/token-estimator.js +84 -0
  135. package/dist/token-estimator.js.map +1 -0
  136. package/dist/trust-graph.d.ts +3 -3
  137. package/dist/trust-graph.d.ts.map +1 -1
  138. package/dist/trust-graph.js +76 -21
  139. package/dist/trust-graph.js.map +1 -1
  140. package/dist/types.d.ts +7 -2
  141. package/dist/types.d.ts.map +1 -1
  142. package/docs/README.md +61 -0
  143. package/docs/advanced-skill-authoring.md +147 -0
  144. package/docs/agent-skills-compatibility.md +508 -0
  145. package/docs/authoring-guide.md +382 -0
  146. package/docs/context-conflict-diagnostics.md +32 -0
  147. package/docs/context-language-diagnostics.md +99 -0
  148. package/docs/context-lens.md +253 -0
  149. package/docs/context-lifecycle-diagnostics.md +55 -0
  150. package/docs/diagnostics.md +406 -0
  151. package/docs/metadata-budget.md +14 -0
  152. package/docs/quality-profile.md +123 -0
  153. package/docs/repository-context-bom.md +172 -0
  154. package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
  155. package/docs/schemas/trust-graph-v2.schema.json +301 -0
  156. package/docs/security-policy.md +354 -0
  157. package/docs/trust-graph.md +47 -0
  158. package/docs/user-manual.md +842 -0
  159. package/examples/context-lens/README.md +101 -0
  160. package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
  161. package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
  162. package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
  163. package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
  164. package/examples/context-repo/README.md +148 -0
  165. package/examples/context-repo/contexts/domain/payment/idempotency.md +27 -0
  166. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +26 -0
  167. package/examples/context-repo/contexts/testing/negative-testing.md +26 -0
  168. package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
  169. package/examples/context-repo/renma.config.json +12 -0
  170. package/examples/context-repo/skills/testing/spec-review/SKILL.md +71 -0
  171. package/examples/context-repo/tools/appium/README.md +14 -0
  172. package/examples/github-actions/renma-ci-report.yml +36 -0
  173. package/examples/interactive-placeholder/README.md +104 -0
  174. package/examples/interactive-placeholder/assets/template.txt +1 -0
  175. package/examples/interactive-placeholder/renma.config.json +6 -0
  176. package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
  177. package/examples/interactive-placeholder/tools/README.md +48 -0
  178. package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
  179. package/package.json +10 -1
  180. package/plan-discovery.md +749 -0
  181. package/plan.md +90 -0
  182. package/scripts/verify-package.mjs +104 -0
@@ -0,0 +1,406 @@
1
+ # Diagnostics Reference
2
+
3
+ This page documents diagnostics and finding identifiers emitted by the current renma implementation. It does not list planned diagnostics.
4
+
5
+ Thresholds, units, provenance, and false-positive controls are canonical in the
6
+ [Renma Quality Profile](quality-profile.md). Agent Skills specification
7
+ errors are kept separate from Renma quality advisories.
8
+
9
+ Agent Skills validation also reports authoring-only `RN-SKILL-*` warnings. In
10
+ 0.18.0, `RN-SKILL-DESCRIPTION-MISSING-CAPABILITY` identifies a generic
11
+ description that does not say what the Skill does;
12
+ `RN-SKILL-DESCRIPTION-MISSING-USAGE-BOUNDARY` covers when to use it; and
13
+ `RN-SKILL-DESCRIPTION-OMITS-SELECTION-BOUNDARY` covers an important body
14
+ exclusion missing from discovery metadata. These warnings do not make an
15
+ otherwise specification-valid Skill invalid.
16
+
17
+ ## Diagnostic Types
18
+
19
+ renma uses two severity systems:
20
+
21
+ - Discovery, metadata, catalog, and readiness diagnostics use `info`, `warning`, and `error`.
22
+ - Scan findings use rule severities such as `low`, `medium`, `high`, and `critical`.
23
+
24
+ In JSON output, diagnostics usually appear as structured objects with a `severity`, a `message`, and, when available, a `path`.
25
+
26
+ ## LLM-Actionable Diagnostics V2
27
+
28
+ `renma scan --json` includes an additive `diagnosticsV2` array. Existing
29
+ `findings` and `diagnostics` fields remain compatible; v2 is a normalized view
30
+ for LLM-assisted repair, code review tools, and humans who want explicit repair
31
+ guardrails.
32
+
33
+ Each v2 diagnostic includes:
34
+
35
+ - `version`: currently `2`.
36
+ - `code`: stable diagnostic or finding code.
37
+ - `severity`: `error`, `warning`, or `info`. Scan finding severities are mapped
38
+ into this simpler diagnostic scale, while the original `findingSeverity`
39
+ remains in `details`.
40
+ - `message`: concise human-readable issue summary.
41
+ - `repairPolicy`: currently `preserve_semantics` when repairs must preserve the
42
+ intended behavior rather than merely satisfying the scanner.
43
+ - `location`: repository path, line range, and snippet when available.
44
+ - `repairConstraints`: typed guardrails for what must be preserved, what must
45
+ not change, allowed repair shapes, human decisions, and risks.
46
+ - `verificationSteps`: concrete follow-up checks. When a command is known,
47
+ Renma uses real project commands such as `renma scan`, `renma catalog`,
48
+ `renma readiness`, `renma graph`, or `npm test`.
49
+ - `llmHint`: short practical guidance for an LLM or coding agent. It is not a
50
+ source of truth; the diagnostic evidence and repair constraints remain
51
+ authoritative.
52
+ - `details`: compatibility metadata plus stable structured facts when known,
53
+ such as asset IDs, lens IDs, source paths, targets, duplicate paths, reference
54
+ kinds, and target lifecycle status.
55
+
56
+ Structured facts in `details` are the authoritative inputs for review tooling.
57
+ `llmHint` is guidance only; changing hint wording should not change bundle
58
+ grouping, affected files, affected assets, or repair decisions.
59
+
60
+ Example:
61
+
62
+ ```json
63
+ {
64
+ "version": 2,
65
+ "code": "META-DUPLICATE-ASSET-ID",
66
+ "severity": "warning",
67
+ "message": "Duplicate asset id",
68
+ "repairPolicy": "preserve_semantics",
69
+ "location": {
70
+ "path": "contexts/alpha/overview.md",
71
+ "startLine": 2,
72
+ "endLine": 2,
73
+ "snippet": "id: context.demo.duplicate"
74
+ },
75
+ "repairConstraints": [
76
+ {
77
+ "kind": "must_preserve",
78
+ "text": "Preserve existing references where possible and update only references affected by the chosen canonical id."
79
+ },
80
+ {
81
+ "kind": "must_not_change",
82
+ "text": "Do not rename every duplicate blindly; identify the canonical asset or ask for review when intent is ambiguous."
83
+ }
84
+ ],
85
+ "verificationSteps": [
86
+ {
87
+ "text": "Run renma scan.",
88
+ "command": "renma scan",
89
+ "expected": "No diagnostics with code META-DUPLICATE-ASSET-ID are reported."
90
+ }
91
+ ],
92
+ "llmHint": "Find all assets with id \"context.demo.duplicate\", compare their scope and metadata, and propose a merge/deprecation path or unique replacement ids.",
93
+ "details": {
94
+ "assetId": "context.demo.duplicate",
95
+ "duplicatePaths": [
96
+ "contexts/alpha/overview.md",
97
+ "contexts/beta/overview.md"
98
+ ],
99
+ "sourcePath": "contexts/alpha/overview.md"
100
+ }
101
+ }
102
+ ```
103
+
104
+ `repairConstraints` are deliberately conservative. A `must_preserve` constraint
105
+ names repository intent or content that should survive the repair.
106
+ `must_not_change` names unsafe shortcuts, such as creating fake dependencies or
107
+ deleting orphaned context assets automatically. `allowed_change` describes safe
108
+ edit shapes. `requires_human_decision` marks ambiguity that should not be guessed
109
+ by automation. `risk` highlights security, data-handling, or destructive-action
110
+ concerns.
111
+
112
+ ## Review Bundles
113
+
114
+ `renma scan --json` also includes `reviewBundles`, a deterministic grouping of
115
+ related v2 diagnostics. Bundles help reviewers decide what to inspect together,
116
+ which files or assets are involved, and what order to follow.
117
+
118
+ Renma currently groups duplicate IDs by duplicated id, unresolved references by
119
+ source, orphaned context assets separately from hard validation errors, and
120
+ dependency/reference issues by affected source. Bundles are generated from
121
+ structured `details` facts and source locations first, with human-facing prose
122
+ parsing used only as a legacy fallback. Suppressed findings are omitted from both
123
+ `diagnosticsV2` and `reviewBundles`.
124
+
125
+ Example:
126
+
127
+ ```json
128
+ {
129
+ "id": "duplicate-id:context.demo.duplicate",
130
+ "title": "Duplicate id review: context.demo.duplicate",
131
+ "summary": "2 diagnostics report the same declared id and should be reviewed together before renaming or merging assets.",
132
+ "severity": "warning",
133
+ "diagnosticCodes": ["META-DUPLICATE-ASSET-ID"],
134
+ "affectedAssets": ["context.demo.duplicate"],
135
+ "affectedFiles": ["contexts/alpha/overview.md", "contexts/beta/overview.md"],
136
+ "suggestedReviewOrder": [
137
+ "Inspect duplicate declaration in contexts/alpha/overview.md",
138
+ "Inspect duplicate declaration in contexts/beta/overview.md",
139
+ "Choose canonical id before editing references.",
140
+ "Update references and rerun Renma scan."
141
+ ],
142
+ "llmHint": "Pick one canonical asset id before editing references; do not rename every duplicate in one blind pass."
143
+ }
144
+ ```
145
+
146
+ ## Scan Review Signals
147
+
148
+ Renma scan findings always include `severity` and `confidence`. Security findings may also include `riskClass`, a human security-review interpretation.
149
+
150
+ - `severity`: CI gating, urgency, and impact. Values are `low`, `medium`, `high`, and `critical`.
151
+ - `confidence`: detector certainty. Values are `low`, `medium`, and `high`.
152
+ - `riskClass`: human security-review interpretation for security findings. Values are `violation`, `suspicious`, and `advisory`.
153
+
154
+ `violation` means a rule or safety contract is broken. Examples include unapproved network or upload destinations, policy contradictions, forbidden inputs, literal secrets, private keys, secret exposure, and dangerous commands.
155
+
156
+ `suspicious` means a risky or ambiguous instruction should be reviewed but is not necessarily a direct policy violation. Examples include external upload instructions, cloud upload instructions, broad data sharing, overbroad context collection, unpinned remote scripts, unpinned dependency installs, privileged commands without guardrails, and risky temporary paths.
157
+
158
+ `advisory` means a governance or hardening recommendation. For example, `SEC-MISSING-POLICY-METADATA` advises adding explicit policy metadata.
159
+
160
+ `riskClass` also powers aggregate security posture summaries in readiness and CI reports.
161
+
162
+ `riskClass` does not replace `severity` and does not change `fail_on` behavior. Severity remains the CI threshold signal.
163
+
164
+ Readiness and CI reports may include two security summaries: security posture from static findings, and security policy inventory from effective asset metadata, security profiles, and repository security config. The inventory is reporting-only and does not change scan `fail_on`, readiness scoring, or CI status.
165
+
166
+ Semantic diff and CI reports may include security deltas, including added/resolved security findings grouped by `riskClass` and effective policy inventory count changes. These summaries are reporting-only and do not change scan `fail_on`, readiness scoring, or CI status.
167
+
168
+ ## Discovery Diagnostics
169
+
170
+ These diagnostics are emitted while renma discovers files.
171
+
172
+ | Severity | Message | Meaning | Fix |
173
+ | --------- | ---------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------------------------------- |
174
+ | `error` | `Could not evaluate glob "<pattern>": <error>` | A configured discovery glob could not be evaluated. | Fix or remove the glob pattern in config or CLI input. |
175
+ | `warning` | `Skipping symbolic link; repository discovery never follows symlink targets.` | Renma found a leaf or directory symlink and skipped it without reading or enumerating its target. | Replace it with a regular repository file or directory. A referenced path at or below the symlink also emits `SUPPORT-SYMLINK-PATH`. |
176
+ | `warning` | `Skipping file larger than max_file_size_bytes (<bytes>).` | A file exceeded the configured size limit. | Raise `max_file_size_bytes`, exclude the file, or split the asset. |
177
+ | `error` | `Could not read file: <error>` | The file matched discovery but could not be read. | Fix permissions, remove the bad path, or exclude the file. |
178
+
179
+ ## Metadata And Catalog Diagnostics
180
+
181
+ These diagnostics are emitted after files are parsed into catalog entries. For shared-context wording details, see [Context Language Diagnostics](context-language-diagnostics.md).
182
+
183
+ Owner absence is handled as ownership coverage information. Shared assets
184
+ without `owner` are accepted and reported as unowned by `renma ownership`;
185
+ Renma does not invent an owner. Skill-local support is the exception: it uses
186
+ deterministic effective ownership inherited from its nearest owning Skill and
187
+ reports that provenance separately from declared metadata.
188
+
189
+ | Severity | Message | Meaning | Fix |
190
+ | --------- | ------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------- |
191
+ | `warning` | `Invalid status "<status>". Expected one of: experimental, stable, deprecated, archived.` | An asset status does not match the accepted status values. | Replace the status with a supported value. |
192
+ | `warning` | `Invalid last_reviewed_at "<date>". Expected ISO date YYYY-MM-DD.` | Freshness metadata has an invalid human review date. | Replace it with a real ISO date such as `2026-06-28`. |
193
+ | `warning` | `Invalid expires_at "<date>". Expected ISO date YYYY-MM-DD.` | Freshness metadata has an invalid expiration date. | Replace it with a real ISO date such as `2026-12-31`. |
194
+ | `warning` | `Invalid review_cycle "<duration>". Expected supported ISO 8601 day duration such as P90D.` | Freshness metadata uses a review cycle renma cannot evaluate. | Use a day-based duration such as `P90D` or `P180D`. |
195
+ | `warning` | `Metadata dependency "<to>" from "<from>" does not match a catalog entry.` | A metadata dependency points at an asset renma did not discover. | Correct the reference, add the missing asset, or update include/exclude config. |
196
+ | `warning` | `Metadata dependency "<to>" from "<from>" targets a <status> asset.` | A dependency points at a deprecated or archived catalog target. | Retarget the dependency to a stable replacement or document the migration. |
197
+ | `warning` | `Asset is missing an id.` | A cataloged asset has no stable ID. | Add an `id` metadata field. |
198
+ | `warning` | `Asset is missing an owner.` | A shared catalog asset has no declared owner metadata. Missing owner is allowed and appears as unowned in ownership coverage; nearest-Skill support inheritance does not apply to shared assets. | If ownership matters for this repository, choose an `owner` through human review or team policy. Do not invent one. |
199
+ | `warning` | `Shared context asset is missing when_to_use metadata.` | An active, owned shared context asset has no positive usage boundary. | Add compact `when_to_use` metadata that states when humans or agents should apply the context. |
200
+ | `warning` | `Shared context asset is missing when_not_to_use metadata.` | An active, owned shared context asset has no negative usage boundary. | Add compact `when_not_to_use` metadata so agents do not over-apply the context. |
201
+ | `warning` | `Shared context asset usage-boundary metadata contains placeholder values in <field>.` | Usage-boundary metadata is present but still says TODO, TBD, unknown, none, or similar. | Replace placeholders with reviewed scope boundaries, or remove the field until it can be completed. |
202
+ | `warning` | `Shared context asset contains vague wording "<term>".` | A canonical active shared context uses broad English wording such as usually, often, quickly, soon, as needed, or major. | Replace it with concrete applicability conditions, evidence, thresholds, or explicit uncertainty handling. |
203
+ | `warning` | `Shared context asset contains currentness wording "<term>" without an explicit date or version.` | A canonical active shared context uses relative English currentness wording such as recently, latest, currently, or as of now. | Add an explicit date, version, freshness metadata, or stable wording. |
204
+ | `warning` | `Shared context asset contains prompt or runtime-selection wording "<term>".` | A canonical active shared context looks like a prompt artifact or runtime context-selection rule. | Move prompt assembly, assistant role instructions, and runtime context selection outside shared context assets. |
205
+
206
+ ## Context Lens Diagnostics
207
+
208
+ Context Lens governance diagnostics use stable `code` values in JSON output. `error` diagnostics are blocking for readiness; `warning` diagnostics are reported by default for review.
209
+
210
+ | Code | Severity | Meaning | Fix |
211
+ | ------------------------------------------ | -------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- |
212
+ | `CONTEXT-LENS-DEPRECATED-FIELD` | `warning` | A lens uses an old field alias such as `target`, `targets`, `output`, or `outputs`. | Use `applies_to` or `expected_outputs`. |
213
+ | `CONTEXT-LENS-DUPLICATE-ID` | `error` | Two or more lens definitions declare the same `id`. | Give each lens a unique stable ID and update references. |
214
+ | `CONTEXT-LENS-EMPTY-DEFINITION` | `error` | A discovered lens file is empty. | Add required metadata and body guidance, or remove the file. |
215
+ | `CONTEXT-LENS-GOVERNANCE-MEANINGLESS` | `warning` | A lens has no purpose, target, focus, expected output, or body guidance. | Add compact governance metadata or reviewed interpretation guidance. |
216
+ | `CONTEXT-LENS-MISSING-REQUIRED-FIELD` | `error` | A lens is missing `id`, `owner`, `purpose`, or `applies_to`. | Add the required field in frontmatter. |
217
+ | `CONTEXT-LENS-PATH-NORMALIZATION-MISMATCH` | `warning` | A path target normalizes to a different repository-relative path. | Use the normalized path shown by the diagnostic. |
218
+ | `CONTEXT-LENS-TARGET-NOT-FOUND` | `error` | An `applies_to` target does not resolve to a cataloged asset ID or path. | Correct the target, add the missing context asset, or update discovery config. |
219
+ | `CONTEXT-LENS-UNPARSEABLE-FRONTMATTER` | `error` | A lens frontmatter block starts with `---` but does not close. | Add the closing `---` delimiter or remove malformed frontmatter. |
220
+ | `CONTEXT-LENS-UNSUPPORTED-KIND` | `warning` or `error` | `type: context_lens` appears under an unsupported artifact kind, or a lens file declares an unsupported type. | Store lens definitions under `lenses/**`, `context/**`, or `contexts/**`, and use `type: context_lens`. |
221
+ | `CONTEXT-LENS-UNSUPPORTED-SCOPE` | `error` | A lens declares a value outside the supported `context` scope. | Use `scope: context` or omit the field. |
222
+ | `CONTEXT-LENS-UNSUPPORTED-VERSION` | `error` | A lens declares a value outside supported schema version `1`. | Use `version: 1` or omit the field. |
223
+
224
+ ## Readiness Diagnostics
225
+
226
+ `renma readiness` converts lower-level data into workflow checks. These messages are produced by readiness checks and may wrap discovery, catalog, graph, ownership, status, or scan-finding data.
227
+
228
+ | Severity | Message | Meaning | Fix |
229
+ | -------------------- | ---------------------------------------------------------------- | ------------------------------------------------------ | ---------------------------------------------------- |
230
+ | `error` | discovery or catalog diagnostic message | A lower-level error diagnostic was present. | Fix the original diagnostic first. |
231
+ | `warning` | discovery or catalog diagnostic message | A lower-level warning diagnostic was present. | Review and fix if it affects automation reliability. |
232
+ | `warning` | `Missing owner metadata.` | A catalog asset has no declared owner metadata. | If ownership matters, choose an owner through human review or team policy. |
233
+ | `error` | `<kind> reference "<target>" does not resolve.` | A graph edge points to a missing target. | Correct the reference or add the target asset. |
234
+ | `error` | `Required context reference "<target>" does not resolve.` | A required context reference is missing. | Add the context asset or correct `requires_context`. |
235
+ | `error` | `Required context "<target>" resolves to <status> asset <path>.` | Required context exists but is deprecated or archived. | Move the dependency to a stable context asset. |
236
+ | `warning` | `Optional context reference "<target>" does not resolve.` | An optional context reference is missing. | Correct it or remove it if it is no longer useful. |
237
+ | `warning` | `Optional context "<target>" resolves to <status> asset <path>.` | Optional context exists but is deprecated or archived. | Retarget or remove the optional dependency. |
238
+ | `warning` | `Asset status is <status>.` | A catalog asset is deprecated or archived. | Migrate dependents or update the asset status. |
239
+ | `error` or `warning` | scan finding remediation text | A scan finding is severe enough to affect readiness. | Fix the finding listed in the readiness detail. |
240
+
241
+ ## Scan Finding Identifiers
242
+
243
+ `renma scan` emits finding IDs from the rule engine. A scan finding identifier is a machine-readable label for the kind of issue found during a scan.
244
+
245
+ It is different from:
246
+
247
+ - an asset ID, which identifies a context asset or other catalog entry
248
+ - a file path, which identifies where the issue was found
249
+ - a diagnostic message, which is written for humans and may contain contextual details
250
+
251
+ Finding identifiers are useful when you want to group, filter, document, or automate responses to scan results. CI systems, editor integrations, docs, and LLM-assisted repair workflows can use the identifier to understand the category of problem without relying on the exact wording of the human-readable message.
252
+
253
+ The identifiers below are part of the current scan output. The current implementation does not declare them as a permanent public API, so integrations should avoid assuming stronger stability than the project documents. If renma adopts long-term stability guarantees later, identifier changes should come with documented migrations.
254
+
255
+ Security diagnostics focus on high-signal heuristics for agent-facing or context-bearing artifacts Renma already discovers, such as skills, contexts, `AGENTS.md`, references, profiles, examples, and tool guidance. Defensive wording and nearby human approval, dry-run, backup, or rollback guidance may reduce or avoid command-risk findings when they are local to the risky instruction. When the effective human-approval policy is true, dry-run, backup, rollback, or restore guidance does not replace explicit human approval. Renma does not scan `package.json`, GitHub Actions workflows, Dockerfiles, or repository-wide supply-chain metadata by default.
256
+
257
+ ### Security Policy Metadata
258
+
259
+ Security policy diagnostics use two explicit syntax boundaries. Skills must be
260
+ specification-valid Agent Skills and declare policy through string-valued
261
+ `metadata.renma.*` keys. Contexts and other non-Skill assets retain the
262
+ top-level snake_case syntax.
263
+
264
+ Canonical Skill keys are `renma.allowed-data`, `renma.network-allowed`,
265
+ `renma.external-upload-allowed`, `renma.secrets-allowed`,
266
+ `renma.requires-human-approval`, `renma.forbidden-inputs`,
267
+ `renma.approved-network-destinations`,
268
+ `renma.approved-upload-destinations`, and `renma.security-profile`. Skill
269
+ booleans must be the exact strings `"true"` or `"false"`; Skill lists must be
270
+ JSON-array strings containing strings only. Invalid recognized values emit
271
+ `SEC-INVALID-CANONICAL-POLICY-METADATA` and fail closed. Renma preserves
272
+ already-reviewed restrictive inherited policy while preventing permissive
273
+ inheritance: allowed-data permissions remain unresolved, inherited forbidden
274
+ inputs remain active, and invalid destination allowlists continue reporting
275
+ concrete destinations as unapproved.
276
+
277
+ Non-Skill assets continue to use `allowed_data`, `network_allowed`,
278
+ `external_upload_allowed`, `secrets_allowed`, `requires_human_approval`,
279
+ `forbidden_inputs`, `approved_network_destinations`,
280
+ `approved_upload_destinations`, and `security_profile`. Their existing scalar,
281
+ inline-list, and block-list behavior is unchanged. Pre-0.16 top-level Skill
282
+ security fields are migration input only.
283
+
284
+ Script and asset bytes never declare local policy. They participate in the
285
+ security policy inventory even when they have no effective policy. Local
286
+ support inherits policy only from one unambiguous owning Skill; text scripts
287
+ may be scanned under that inherited policy from line 1. Ordinary assets and
288
+ binary files do not contribute instruction text. Orphan scripts receive no
289
+ policy-dependent repository-config evaluation without traceable ownership.
290
+ The inventory distinguishes local metadata, inherited policy, effective policy,
291
+ and no-effective-policy states. Trust Graph policy edges exist only for
292
+ artifacts with effective policy and list every contributing policy source.
293
+
294
+ Security profiles in `renma.config.json` retain the existing JSON schema.
295
+ Artifact-local explicit denials remain stricter than inherited profile or
296
+ repository allowances, and network approvals remain separate from upload
297
+ approvals. See the [Security Policy Guide](security-policy.md) for complete
298
+ examples by asset kind.
299
+
300
+ | Identifier | Meaning | Typical cause | How to fix |
301
+ | ------------------------------------------------ | ---------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
302
+ | `DOCS-LAYOUT-INCONSISTENT` | Documentation contradicts the supported repository model. | Docs use deprecated roots, old prompt-library framing, or another independently stale statement. | Describe canonical Skill roots and valid local support separately from governed `contexts/**` assets and shared `tools/**` helpers. |
303
+ | `LAYOUT-CONTEXT-LEGACY-ROOT` | Context lives under the legacy `context/**` root. | Shared context is stored under the compatibility root instead of `contexts/**`. | Move the shared Context Asset to `contexts/**` and update its references. |
304
+ | `LAYOUT-CONTEXT-REFERENCE-NON_CANONICAL` | Declared dependency uses a non-canonical reference root. | A declared dependency points outside accepted `contexts/**`, `skills/**`, `.agents/skills/**`, or `tools/**` reference paths. | Rewrite the dependency to an accepted repository-relative asset path or ID. |
305
+ | `LAYOUT-DISALLOWED-SKILL-ASSET` | Compatibility identifier for specific local-policy violations. | Valid Agent Skills support paths do not emit this finding solely because of location. Reusable knowledge is handled by evidence-based maintenance advisories. | Review the specific evidence; keep genuinely local support in place or promote reusable knowledge through human review. |
306
+ | `LAYOUT-HELPER-NON_TOOLS` | Helper file is outside supported helper locations. | A helper script is neither under `tools/**` nor a valid Skill-local `scripts/` directory. | Move shared helper code under `tools/**`, or keep a genuinely Skill-specific helper in local `scripts/`. |
307
+ | `LAYOUT-SKILL-EXECUTABLE-COMMAND` | Removed 0.17 compatibility identifier. | 0.17 treated any command as evidence against a thin router. | No replacement based on command presence; security and helper-path diagnostics remain. |
308
+ | `LAYOUT-SKILL-NOT-THIN` | Removed 0.17 compatibility identifier. | 0.17 treated procedures and word counts as evidence against a thin router. | Review `QUAL-SKILL-MIXED-RESPONSIBILITY` or progressive-disclosure evidence instead. |
309
+ | `MAINT-ASSET-REFERENCES-SUPERSEDED-ASSET` | Asset references superseded context. | Metadata or content points at an asset marked superseded. | Retarget the reference to the stable replacement. |
310
+ | `MAINT-ASSET-EXPIRED` | Asset freshness metadata is expired. | `expires_at` is before today's date. | Review the asset with its owner, then update freshness metadata, status, or references. |
311
+ | `MAINT-CONTEXT-LENS-APPLIES-TO-INACTIVE-CONTEXT` | Context lens applies to inactive context. | An active context lens applies to a deprecated or archived context asset. | Point `applies_to` at an active replacement, or update the lens lifecycle after review. |
312
+ | `MAINT-CONTEXT-PATH-NON-SEMANTIC` | Context path is not semantically grouped. | Context is stored under vague folders such as misc or general. | Move it under a meaningful path such as `contexts/tools/`, `contexts/domain/`, or `contexts/testing/`. |
313
+ | `MAINT-ASSET-REVIEW-OVERDUE` | Asset freshness review is overdue. | `last_reviewed_at + review_cycle` is before today's date. | Revalidate the asset with a human owner, then update `last_reviewed_at` or review cadence. |
314
+ | `MAINT-ORPHANED-CONTEXT-ASSET` | Shared context has no incoming references. | A first-class context asset is not used by skills or other assets. | Link it from consumers, archive it, or remove it after review. |
315
+ | `MAINT-ORPHANED-CONTEXT-LENS` | Context lens has no skill references. | An active context lens is not referenced by any skill through `requires_lens` or `optional_lens`. | Link it from a skill, archive it, or leave it staged with reviewed lifecycle metadata. |
316
+ | `MAINT-REFERENCE-DEPRECATED-ASSET` | Reference targets deprecated context. | Metadata dependency resolves to a deprecated asset. | Point dependents at a stable asset or finish the migration. |
317
+ | `MAINT-REPEATED-CODE-BLOCK` | Duplicate code block appears across assets. | Copy-pasted examples or procedures repeat in multiple files. | Extract shared guidance or consolidate the repeated block. |
318
+ | `MAINT-REPEATED-CONTEXT-PATTERN` | Repeated context-like wording appears. | Multiple assets duplicate the same reusable context pattern. | Promote the shared pattern into a context asset and reference it. |
319
+ | `MAINT-REPEATED-HEADING` | Same heading repeats across assets. | Similar sections are copied through several files. | Consolidate or reference a shared source of truth. |
320
+ | `MAINT-REPEATED-LINK` | Removed from default maintenance findings in 0.18.0. | Repeated links to one official source are normal. | No action based on link equality alone. |
321
+ | `MAINT-REPEATED-SECTION` | Similar section text repeats. | A section has been copied into multiple assets. | Extract common material or reduce duplication. |
322
+ | `MAINT-SKILL-CONTEXT-REFERENCE-NOT-DECLARED` | Skill mentions context without metadata. | Body text references `contexts/...` but `requires_context` omits it. | Add the context to `requires_context` or remove the stale mention. |
323
+ | `MAINT-SKILL-REFERENCES-SUPERSEDED-ASSET` | Skill refers to superseded context. | Skill content names a superseded context asset. | Update the skill to the stable replacement context asset. |
324
+ | `MAINT-SKILL-REUSABLE-CONTEXT-CANDIDATE` | Disabled compatibility identifier. | 0.17 used broad workflow signals for reusable Context candidates. | Review `QUAL-SKILL-MIXED-RESPONSIBILITY`; keep core workflow and Skill-specific detail local. |
325
+ | `MAINT-SUPPORT-ASSET-SHARED-CONTEXT-CANDIDATE` | Support asset looks reusable. | A reference, profile, or example contains content useful beyond one skill. | Promote it to shared context when reuse is intended. |
326
+ | `META-CATALOG-DIAGNOSTIC` | Catalog diagnostic was promoted to a scan finding. | Catalog validation emitted a lower-level diagnostic. | Fix the original catalog diagnostic shown in the finding evidence. |
327
+ | `META-CONTEXT-MISSING-WHEN-TO-USE` | Shared context usage boundary is missing. | An active, owned shared context asset lacks `when_to_use`. | Add compact positive scope guidance. |
328
+ | `META-CONTEXT-MISSING-WHEN-NOT-TO-USE` | Shared context negative boundary is missing. | An active, owned shared context asset lacks `when_not_to_use`. | Add compact exclusions so agents do not over-apply the context. |
329
+ | `META-CONTEXT-PLACEHOLDER-USAGE-BOUNDARY` | Shared context usage boundary contains placeholders. | `when_to_use` or `when_not_to_use` contains TODO, TBD, unknown, none, or similar placeholder text. | Replace placeholders with reviewed boundaries. |
330
+ | `META-DUPLICATE-ASSET-ID` | Asset ID is not unique. | Two catalog entries declare the same ID. | Give each asset a unique ID and update references. |
331
+ | `META-FRONTMATTER-TOO-LARGE` | Frontmatter metadata is too large. | Frontmatter has too many lines or characters to stay a compact index. | Move long prose, examples, procedures, or rationale into the body or referenced context assets. |
332
+ | `META-UNKNOWN-REFERENCE` | Metadata reference does not resolve. | A dependency points to a missing asset ID or path. | Fix the reference, add the missing asset, or remove the dependency. |
333
+ | `PATH-HELPER-COMMAND-NON_TOOLS` | Helper command points outside supported helper locations. | A command references a script that is neither in the owning Skill's `scripts/**` nor under `tools/**`. | Keep a Skill-specific helper local or move a helper shared across workflows to `tools/**`, then update the command. |
334
+ | `PATH-HELPER-COMMAND-SKILL-SCRIPTS` | Compatibility identifier for the former path-only policy. | Valid commands may point to resolvable Skill-local `scripts/`; location alone no longer emits this finding. | Keep Skill-specific helpers local, or move shared helpers to `tools/**` after review. |
335
+ | `PATH-HELPER-COMMAND-UNRESOLVED` | Helper command path is missing or unsafe. | A referenced `tools/**` helper or Skill-local script is missing, or a relative path escapes its owning Skill. | Add the helper, correct the command path, or keep a relative local path inside the owning Skill. |
336
+ | `PROF-MISSING-BASE` | Profile lacks base guidance. | A profile does not clearly relate to base skill behavior. | Add base-profile context or inheritance guidance. |
337
+ | `QUAL-LOW-HEADING-DENSITY` | Asset has too little structure. | Long content has few headings. | Add meaningful headings or split the asset. |
338
+ | `QUAL-MISSING-COMPLETION-CRITERIA` | Completion criteria are missing. | The asset does not say when work is done. | Add explicit completion or acceptance criteria. |
339
+ | `QUAL-MISSING-DESCRIPTION` | Description is missing. | Metadata or introductory purpose is absent. | Add a concise description. |
340
+ | `QUAL-MISSING-EXAMPLES` | Examples are missing. | Instructional content has no concrete example. | Add representative positive examples. |
341
+ | `QUAL-MISSING-NEGATIVE-ROUTING` | Negative routing is missing. | Skill guidance omits when not to use it. | Add exclusions or handoff guidance. |
342
+ | `QUAL-MISSING-PREFLIGHT` | Preflight guidance is missing. | The asset omits checks to run before acting. | Add required inputs, checks, or setup steps. |
343
+ | `QUAL-MISSING-REQUIRED-INPUTS` | Required inputs are unclear. | The asset does not state what information is needed. | Add an explicit required-inputs section. |
344
+ | `QUAL-MISSING-ROUTING-CLARITY` | Routing guidance is unclear. | A skill does not clearly say when to use it. | Clarify triggers, audience, and handoffs. |
345
+ | `QUAL-MISSING-VERIFICATION` | Verification guidance is missing. | The asset lacks checks for validating the result. | Add verification steps or expected evidence. |
346
+ | `QUAL-SHORT-DESCRIPTION` | Disabled compatibility identifier. | 0.17 applied an independent 150-character minimum. | Use Agent Skills validity and selection-boundary diagnostics; short clear descriptions are accepted. |
347
+ | `QUAL-SKILL-MIXED-RESPONSIBILITY` | Skill may mix workflow and reusable knowledge. | A sufficiently large Skill has multiple distinct reusable-knowledge signals. | Promote only independently owned shared knowledge; keep Skill-local workflow and detail local. |
348
+ | `QUAL-SKILL-PROGRESSIVE-DISCLOSURE` | Progressive disclosure needs review. | Reserved 0.18 focused-workflow contract identifier. | Keep read conditions and core workflow in `SKILL.md`; place details by semantic responsibility. |
349
+ | `QUAL-SKILL-TOKEN-BUDGET` | Skill body exceeds an advisory estimate. | Markdown body exceeds 2,000 or 5,000 estimated tokens. | Review progressive disclosure without splitting or moving content by size alone. |
350
+ | `QUAL-SUPPORT-ASSET-TOKEN-BUDGET` | Support asset exceeds an advisory estimate. | A context, reference, profile, or example exceeds its token budget. | Review coherent scope, structure, read conditions, reference depth, responsibility mixing, and duplication; size alone does not require a split. |
351
+ | `QUAL-USER-LOCAL-PATHS` | User-local path appears in content. | Guidance includes machine-specific paths such as home directories. | Replace local paths with repository-relative or configurable paths. |
352
+ | `SEC-DESTRUCTIVE-COMMAND` | Destructive command appears. | Content includes risky commands such as forced deletion or reset. | Remove it, gate it with explicit safety guidance, or use a safer command. |
353
+ | `SEC-ENV-COPY` | Environment copying is suggested. | Content copies broad environment or secret-bearing files. | Narrow the copied data and document secret handling. |
354
+ | `SEC-LITERAL-SECRET` | Literal secret-like value appears. | Content includes token, password, key, or credential patterns. | Remove the secret and replace it with a placeholder. |
355
+ | `SEC-PRIVATE-KEY` | Private key material appears. | Content includes a private key block. | Remove the key and rotate it if it was real. |
356
+ | `SEC-REMOTE-DEFAULT` | Remote command default is unsafe. | Guidance defaults to network commands, prod hosts, or insecure flags. | Use safe examples and require explicit approval for risky remotes. |
357
+ | `SUPPORT-MISSING-REACHABILITY-GUIDANCE` | Local resources are not discoverable. | A Skill has local references, scripts, assets, profiles, or examples without routing guidance. | State when each resource should be read, executed, or used. |
358
+ | `SUPPORT-DEEP-REFERENCE-CHAIN` | Local resource is behind more than two hops. | A resource is reachable only through a deep static chain. | Reference it directly or through one directly referenced index. |
359
+ | `SUPPORT-MISSING-PATH` | Referenced local resource does not exist. | `SKILL.md` names a path under a standard local resource directory that is absent. | Create the intended resource or correct the Skill-root-relative path. |
360
+ | `SUPPORT-SYMLINK-PATH` | A symbolic-link resource is intentionally unusable. | Discovery encountered a symlink, or Skill guidance references a path at or below one. | Replace it with a regular repository file or directory; Renma never follows symlink targets. |
361
+ | `SUPPORT-UNREACHABLE-ASSET` | Local asset is unreachable. | A Skill-local asset has no direct or transitive static reference. | Add an explicit use condition and path from the Skill or its direct index. |
362
+ | `SUPPORT-UNREACHABLE-SCRIPT` | Local script is unreachable. | A Skill-local script has no direct or transitive static reference. | Add an explicit execution condition and path from the Skill or its direct index. |
363
+ | `SUPPORT-UNREACHABLE-EXAMPLE` | Example is unreachable. | A skill-local example is not referenced by the skill. | Link it from the skill or move/remove it. |
364
+ | `SUPPORT-UNREACHABLE-PROFILE` | Profile is unreachable. | A skill-local profile is not referenced by the skill. | Link it from the skill or move/remove it. |
365
+ | `SUPPORT-UNREACHABLE-REFERENCE` | Reference is unreachable. | A skill-local reference is not referenced by the skill. | Link it from the skill or move/remove it. |
366
+ | `META-CATALOG-DIAGNOSTIC` | Catalog diagnostic was promoted to a scan finding. | Catalog validation emitted a lower-level diagnostic. | Fix the original catalog diagnostic shown in the finding evidence. |
367
+ | `META-INACTIVE-DEPENDENCY` | Metadata points to an inactive asset. | A dependency targets a deprecated or archived asset. | Retarget the dependency to a stable asset or update asset status intentionally. |
368
+ | `META-INVALID-EXPIRES-AT` | Freshness expiration date is invalid. | `expires_at` is present but is not a real `YYYY-MM-DD` date. | Replace it with a valid ISO date or remove the field until reviewed. |
369
+ | `META-INVALID-LAST-REVIEWED-AT` | Freshness review date is invalid. | `last_reviewed_at` is present but is not a real `YYYY-MM-DD` date. | Replace it with a valid ISO date or remove the field until reviewed. |
370
+ | `META-INVALID-REVIEW-CYCLE` | Freshness review cycle is unsupported. | `review_cycle` is present but is not a supported day duration. | Use a duration such as `P90D` or `P180D`. |
371
+ | `META-INVALID-STATUS` | Metadata status is invalid. | An asset declares an unsupported status value. | Replace it with a supported lifecycle status. |
372
+ | `META-LIST-ITEM-TOO-LONG` | Metadata list item is too long. | A block-list metadata item contains routing prose or detailed conditions. | Keep the item short and move detailed guidance into body sections or referenced context assets. |
373
+ | `META-MISSING-ID` | Metadata is missing an asset ID. | A cataloged asset has no stable `id`. | Add an `id` metadata field. |
374
+ | `META-UNKNOWN-DEPENDENCY` | Metadata dependency is unresolved. | A dependency points at an asset renma did not discover. | Correct the dependency, add the missing asset, or update discovery config. |
375
+ | `SEC-BODY-POLICY-CONTRADICTION` | Body text contradicts a security policy. | Asset instructions override or weaken policy expectations. | Align the asset content with the active policy profile. |
376
+ | `SEC-BULK-DATA-SHARING-INSTRUCTION` | Instructions allow broad data sharing. | Content tells an agent to share large or sensitive data without bounds. | Narrow the sharing scope and add approval or redaction guidance. |
377
+ | `SEC-CLOUD-UPLOAD-INSTRUCTION` | Instructions allow cloud upload. | Content sends files or data to cloud storage without policy controls. | Add approved destinations, limits, and approval requirements. |
378
+ | `SEC-CREDENTIAL-IN-COMMAND-ARG` | Command embeds a credential-like value. | Example commands include secrets in arguments. | Move credentials to secure environment or secret-management guidance. |
379
+ | `SEC-DANGEROUS-TOOL-INSTRUCTION` | Instructions permit dangerous tool use. | Content allows destructive or high-risk commands without guardrails. | Require review, dry runs, or explicit user approval before execution. |
380
+ | `SEC-EXTERNAL-UPLOAD-INSTRUCTION` | Instructions allow external upload. | Content sends artifacts to external services without controls. | Restrict uploads to approved destinations and document review steps. |
381
+ | `SEC-FORBIDDEN-INPUT-INSTRUCTION` | Instructions request forbidden input. | Content asks for secrets or other disallowed sensitive values. | Remove the request or replace it with safe placeholder guidance. |
382
+ | `SEC-INSTRUCTION-VIOLATES-POLICY` | Instruction conflicts with active policy. | Asset content violates a configured security profile. | Update the instruction or policy metadata so they agree. |
383
+ | `SEC-INVALID-CANONICAL-POLICY-METADATA` | Canonical Skill security metadata is invalid. | A recognized `metadata.renma.*` field has an invalid boolean, list, or profile encoding. | Confirm the intended policy and replace it with the exact documented string encoding; do not guess. |
384
+ | `SEC-MISSING-HUMAN-APPROVAL-GUARD` | High-risk operation lacks approval guidance. | Content describes sensitive actions without human confirmation. | Add explicit approval requirements before the action. |
385
+ | `SEC-MISSING-POLICY-METADATA` | Security policy metadata is missing. | Asset content needs a policy profile but does not declare one. | Add the appropriate security policy metadata. |
386
+ | `SEC-NO-REDACTION-INSTRUCTION` | Sensitive data flow lacks redaction guidance. | Content shares logs, files, or context without redaction steps. | Add instructions to redact or minimize sensitive data before sharing. |
387
+ | `SEC-OVERBROAD-CONTEXT-INSTRUCTION` | Instructions request excessive context. | Content tells an agent to include broad repository or user data. | Scope context collection to the minimum required files and fields. |
388
+ | `SEC-POLICY-CONTRADICTION` | Security policy settings contradict each other. | Profile rules define incompatible requirements. | Resolve the conflicting policy fields. |
389
+ | `SEC-POLICY-OVERRIDE-CONTRADICTION` | Policy override contradicts inherited policy. | An override weakens or conflicts with the base profile. | Adjust the override or split the profile intentionally. |
390
+ | `SEC-POLICY-PROFILE-CYCLE` | Policy profiles form a cycle. | Profile inheritance refers back to itself. | Break the cycle in policy profile inheritance. |
391
+ | `SEC-POLICY-PROFILE-NOT-FOUND` | Referenced policy profile is missing. | Metadata names a profile renma cannot resolve. | Add the profile or correct the reference. |
392
+ | `SEC-PREDICTABLE-TEMP-PATH` | Command uses a predictable temp path. | Examples write to fixed `/tmp` paths or similar locations. | Use a unique temporary directory or safe temp-file helper. |
393
+ | `SEC-PRIVILEGED-COMMAND-WITHOUT-GUARD` | Privileged command lacks guardrails. | Content runs `sudo` or equivalent privileged actions without checks. | Add prerequisites, confirmation, and rollback guidance. |
394
+ | `SEC-SECRET-MATERIAL-INSTRUCTION` | Instructions expose or request secret material. | Content includes or asks for private keys, tokens, or credentials. | Remove secret material and describe secure handling instead. |
395
+ | `SEC-SENSITIVE-FILE-REFERENCE` | Instructions reference sensitive files. | Content points at credentials, keys, or local secret paths. | Replace with safe examples or redacted placeholders. |
396
+ | `SEC-UNAPPROVED-NETWORK-DESTINATION` | Network destination is not approved. | Instructions contact a host outside the allowed list. | Enumerate the actual required domains in approved network destinations after review. |
397
+ | `SEC-UNAPPROVED-UPLOAD-DESTINATION` | Upload destination is not approved. | Instructions upload data to an unapproved service or host. | Use an approved destination or update policy intentionally. |
398
+ | `SEC-UNPINNED-DEPENDENCY-INSTALL` | Dependency install is not pinned. | Examples install packages without exact versions or digests. | Pin package versions or use a reproducible install source. |
399
+ | `SEC-UNPINNED-REMOTE-SCRIPT` | Remote script execution is unpinned. | Commands pipe or execute remote scripts without an immutable reference. | Pin the script source and verify it before execution. |
400
+
401
+ ## How To Fix Results
402
+
403
+ 1. Fix `error` diagnostics first. They usually mean renma could not build a deterministic view of the repository.
404
+ 2. Fix unresolved references before quality findings. Reference failures can hide or distort later reports.
405
+ 3. For scan findings, use the finding ID, evidence path, line number, snippet, and remediation text in the JSON output.
406
+ 4. Re-run the same command with `--format json` when a markdown or text report does not contain enough detail.
@@ -0,0 +1,14 @@
1
+ # Metadata Budget Guidance
2
+
3
+ Renma intentionally keeps asset frontmatter small. Frontmatter should work as a deterministic index for cataloging, graph checks, readiness checks, and security diagnostics. It should not become a second copy of the asset body.
4
+
5
+ Use frontmatter for concise fields such as `id`, `owner`, `status`, `tags`, `when_to_use`, `when_not_to_use`, and declared context relationships. Put detailed guidance, examples, procedures, policy rationale, and long routing prose in the markdown body or in referenced context assets.
6
+
7
+ Current metadata budget diagnostics:
8
+
9
+ | Finding | Meaning | Typical fix |
10
+ | --- | --- | --- |
11
+ | `META-FRONTMATTER-TOO-LARGE` | Frontmatter has grown beyond the compact index budget. | Move long prose, examples, procedures, or rationale into the body or referenced context assets. |
12
+ | `META-LIST-ITEM-TOO-LONG` | A block-list metadata item is too long to serve as concise routing/index metadata. | Keep the list item short and move detailed conditions into body sections. |
13
+
14
+ These diagnostics are intentionally advisory. They should help reduce LLM-facing catalog noise and token usage without deleting substantive knowledge.
@@ -0,0 +1,123 @@
1
+ # Renma Quality Profile
2
+
3
+ `renma-quality` is Renma's internal quality-profile family. Reports identify
4
+ the active profile as `renma-quality@<Renma package version>`, derived from
5
+ `package.json` at build time. The source is `src/quality-profile.ts`. The current
6
+ implementation does not expose quality overrides in `renma.config.json`; fixed
7
+ defaults preserve comparable repository reports. The internal shape is
8
+ versioned so later releases can add reviewed overrides without scattering
9
+ constants across rules.
10
+
11
+ `estimated_tokens` means Renma's deterministic, model-neutral estimate. Latin
12
+ words, identifiers, URLs, and paths are lexical units; consecutive CJK text is
13
+ grouped in two-code-point units; other punctuation is grouped in units of up to
14
+ three code points. It is not an exact token count for any model. Skill budgets
15
+ measure Markdown after frontmatter. Content-asset budgets measure the full file.
16
+
17
+ ## Agent Skills requirements and recommendations
18
+
19
+ | Field | Value | Unit and trigger | Severity | Source | Rationale and false-positive risk | Diagnostic | Reviewed | Configurable later |
20
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
21
+ | `agentSkills.nameMaxChars` | 64 | characters; above is invalid | error | Agent Skills specification | Portable identity limit | `AS-SKILL-INVALID-NAME` | 0.18.0 | no |
22
+ | `agentSkills.descriptionMinChars` | 1 | characters; below is invalid | error | Agent Skills specification | Required discovery metadata | `AS-SKILL-MISSING-DESCRIPTION` / `AS-SKILL-INVALID-DESCRIPTION` | 0.18.0 | no |
23
+ | `agentSkills.descriptionMaxChars` | 1,024 | characters; above is invalid | error | Agent Skills specification | Portable hard limit | `AS-SKILL-DESCRIPTION-TOO-LONG` | 0.18.0 | no |
24
+ | `agentSkills.compatibilityMaxChars` | 500 | characters; above is invalid | error | Agent Skills specification | Keeps optional environment requirements concise | `AS-SKILL-COMPATIBILITY-TOO-LONG` | 0.18.0 | no |
25
+ | `agentSkills.skillBodyRecommendedMaxTokens` | 5,000 | recommended body tokens | medium Renma advisory above | Agent Skills recommendation | Large focused workflows can still be valid | `QUAL-SKILL-TOKEN-BUDGET` | 0.18.0 | no |
26
+ | `agentSkills.skillRecommendedMaxLines` | 500 | recommended `SKILL.md` lines | documented review evidence | Agent Skills recommendation | Line count alone does not prove mixed responsibility | none | 0.18.0 | no |
27
+ | `agentSkills.recommendedReferenceDepth` | 1 | resource hop from `SKILL.md`; Renma accepts one additional index hop | low beyond two static hops | Agent Skills recommendation plus Renma reachability policy | An index may be useful; deep chains are easy to miss | `SUPPORT-DEEP-REFERENCE-CHAIN` | 0.18.0 | possibly |
28
+
29
+ The Agent Skills body has no prescribed format. Step-by-step instructions,
30
+ examples, edge cases, short commands, and the optional `scripts/`, `references/`,
31
+ and `assets/` directories are valid. See the official
32
+ [specification](https://agentskills.io/specification) and
33
+ [description guidance](https://agentskills.io/skill-creation/optimizing-descriptions).
34
+
35
+ ## Renma workflow and content advisories
36
+
37
+ | Field | Value | Unit and trigger | Severity | Source | Rationale and false-positive risk | Diagnostic | Reviewed | Configurable later |
38
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
39
+ | `descriptionMinChars` | 0 | characters; disabled | none | Renma | Length does not establish selection clarity | `QUAL-SHORT-DESCRIPTION` removed from default behavior | 0.18.0 | possibly |
40
+ | `skillTokenWarn` | 2,000 | `estimated_tokens`; body above | low | Renma | Early progressive-disclosure review; focused workflows may exceed it | `QUAL-SKILL-TOKEN-BUDGET` | 0.18.0 | possibly |
41
+ | `skillTokenStrongWarn` | 5,000 | `estimated_tokens`; body above | medium | Agent Skills recommendation with Renma severity | Stronger review, not a required split | `QUAL-SKILL-TOKEN-BUDGET` | 0.18.0 | possibly |
42
+ | `contentTokenWarn.context` | 4,000 | `estimated_tokens`; full file above | low | Renma | Review coherent scope; size alone is insufficient | `QUAL-SUPPORT-ASSET-TOKEN-BUDGET` | 0.18.0 | possibly |
43
+ | `contentTokenWarn.reference` | 5,000 | same | low | Renma | Detailed local references may legitimately be long | same | 0.18.0 | possibly |
44
+ | `contentTokenWarn.profile` | 2,000 | same | low | Renma | Profiles should remain reviewable overlays | same | 0.18.0 | possibly |
45
+ | `contentTokenWarn.example` | 2,500 | same | low | Renma | Complete examples may legitimately be long | same | 0.18.0 | possibly |
46
+ | `lowHeadingDensityMinTokens` | 400 | body `estimated_tokens`, with fewer than 2 headings | low | Renma | Long prose can still be intentionally linear | `QUAL-LOW-HEADING-DENSITY` | 0.18.0 | possibly |
47
+ | `lowHeadingDensityMinHeadings` | 2 | headings | low | Renma | Navigation heuristic only | same | 0.18.0 | possibly |
48
+
49
+ ## Metadata advisories
50
+
51
+ | Field | Value | Unit and trigger | Severity | Source | Rationale and false-positive risk | Diagnostic | Reviewed | Configurable later |
52
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
53
+ | `frontmatterMaxLines` | 48 | lines; above | low | Renma | Metadata should be a compact index | `META-FRONTMATTER-TOO-LARGE` | 0.18.0 | possibly |
54
+ | `frontmatterMaxChars` | 4,096 | characters; above | low | Renma | Separate from Agent Skills validity | same | 0.18.0 | possibly |
55
+ | `metadataListItemMaxChars` | 256 | characters per JSON-array or YAML-list element; above | low | Renma | Tags and prose routing should be compact; IDs, URLs, and paths are exempt where practical | `META-LIST-ITEM-TOO-LONG` | 0.18.0 | possibly |
56
+
57
+ ## Reuse candidate advisories
58
+
59
+ | Detector | Eligibility and evidence | Severity | Source | Rationale and false-positive risk | Diagnostic | Reviewed | Configurable later |
60
+ | --- | --- | --- | --- | --- | --- | --- | --- |
61
+ | `reusableContextCandidate` | 60 lines **or** 800 body `estimated_tokens`; 4 distinct reusable signals; at least one reusable-knowledge signal | low | Renma | Verification, Examples, Edge Cases, Risks, Do not, Always, Never, and procedure headings do not qualify by themselves | `QUAL-SKILL-MIXED-RESPONSIBILITY` | 0.18.0 | possibly |
62
+ | `sharedSupportCandidate` | 80 lines **or** 1,200 full-file `estimated_tokens`; 3 reusable headings; 4 reusable phrases | low | Renma | Promotion still requires cross-Skill use, duplication, independent lifecycle, or source-of-truth evidence | `MAINT-SUPPORT-ASSET-SHARED-CONTEXT-CANDIDATE` | 0.18.0 | possibly |
63
+
64
+ ## Repeated-context evidence
65
+
66
+ | Field | Default | Trigger | Severity | Source | False-positive control | Diagnostic | Reviewed | Configurable later |
67
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
68
+ | `repeatedContext.exactSectionMinTokens` | 40 | normalized section estimated tokens at or above | medium | Renma | combined with character and file floors | `MAINT-REPEATED-SECTION` | 0.18.0 | possibly |
69
+ | `repeatedContext.exactSectionMinChars` | 240 | normalized section characters at or above | medium | Renma | combined with token and file floors | same | 0.18.0 | possibly |
70
+ | `repeatedContext.exactSectionMinFiles` | 2 | files containing the exact section | medium | Renma | requires maintained duplication | same | 0.18.0 | possibly |
71
+ | `repeatedContext.exactCodeMinChars` | 80 | normalized fenced-code characters at or above | medium | Renma | combined with token and file floors | `MAINT-REPEATED-CODE-BLOCK` | 0.18.0 | possibly |
72
+ | `repeatedContext.exactCodeMinTokens` | 10 | normalized fenced-code estimated tokens at or above | medium | Renma | combined with character and file floors | same | 0.18.0 | possibly |
73
+ | `repeatedContext.exactCodeMinFiles` | 2 | files containing the exact block | medium | Renma | requires maintained duplication | same | 0.18.0 | possibly |
74
+ | `repeatedContext.headingMinChars` | 24 | normalized heading characters at or above | low | Renma | excludes short generic headings | `MAINT-REPEATED-HEADING` | 0.18.0 | possibly |
75
+ | `repeatedContext.headingMinTokens` | 3 | normalized heading estimated tokens at or above | low | Renma | excludes terse boilerplate | same | 0.18.0 | possibly |
76
+ | `repeatedContext.headingMinFiles` | 3 | files containing the same heading | low | Renma | heading equality is review evidence only | same | 0.18.0 | possibly |
77
+ | `repeatedContext.tokenShingleTokens` | 40 | estimated tokens in one normalized sequence | medium | Renma | common boilerplate excluded; near duplicates collapsed | `MAINT-REPEATED-CONTEXT-PATTERN` | 0.18.0 | possibly |
78
+ | `repeatedContext.tokenShingleMinFiles` | 3 | files containing the sequence | medium | Renma | requires broader repeated evidence | same | 0.18.0 | possibly |
79
+ | `repeatedContext.tokenShingleNearbyLineWindow` | 8 | source lines | n/a | Renma | collapses overlapping nearby matches from the same repeated passage | same | 0.18.0 | possibly |
80
+ | `repeatedContext.tokenShingleMinUniqueTokens` | 12 | unique estimated-token units | medium | Renma | excludes repetitive boilerplate sequences | same | 0.18.0 | possibly |
81
+ | `repeatedContext.tokenShingleMinUsefulTokens` | 14 | non-boilerplate estimated-token units | medium | Renma | requires meaningful lexical evidence | same | 0.18.0 | possibly |
82
+ | `repeatedContext.tokenShingleMinChars` | 140 | normalized characters | medium | Renma | excludes compact coincidental matches | same | 0.18.0 | possibly |
83
+ | `repeatedContext.findingCap` | 10 | findings per repeated-context category | n/a | Renma | presentation only; prevents category domination | all repeated-context IDs | 0.18.0 | possibly |
84
+ | repeated links | disabled | same target repeated | none | Renma | links to the same official source are normal | `MAINT-REPEATED-LINK` removed from default findings | 0.18.0 | possibly |
85
+
86
+ ## Readiness policy
87
+
88
+ Readiness starts at 100. Specification failures, high or critical security
89
+ findings, diagnostic errors, and unresolved required graph closure remain
90
+ blocking even when the numeric score would otherwise pass. Deprecated or
91
+ archived assets have no existence penalty.
92
+
93
+ | Field | Default | Unit and trigger | Effect | Source | Rationale and false-positive risk | Related check or diagnostic | Reviewed | Configurable later |
94
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
95
+ | `readiness.blockingDiagnosticPenalty` | 40 | points; one or more diagnostic errors | subtract once and fail check | Renma | Structural errors require correction; diagnostic aggregation avoids multiplying one root cause | `diagnostics.errors` | 0.18.0 | possibly |
96
+ | `readiness.unresolvedRequiredGraphPenalty` | 30 | points; one or more unresolved required edges | subtract once and fail check | Renma | Required context closure is operationally necessary; optional edges are excluded | `graph.unresolved_edges` | 0.18.0 | possibly |
97
+ | `readiness.ownershipMaximumPenalty` | 20 | points; proportional to unowned assets | subtract 0-20 | Renma | Ownership supports review, but small or imported repositories may intentionally omit it | `ownership.coverage` | 0.18.0 | possibly |
98
+ | `readiness.emptyInventoryPenalty` | 10 | points; no cataloged assets | subtract once | Renma | Usually signals a wrong root or incomplete repository; an intentionally empty repository can be valid | `assets.minimum_inventory` | 0.18.0 | possibly |
99
+ | `readiness.workflowClarityPenalty` | 10 | points; workflow clarity warning | subtract once | Renma | Missing routing clarity impairs use; prose phrasing may evade static recognition | `workflow.clarity` and related `RN-SKILL-*` diagnostics | 0.18.0 | possibly |
100
+ | `readiness.workflowOptionalContextPenalty` | 5 | points; unusable optional context | subtract once | Renma | Optional context should resolve but does not block the core workflow | `workflow.optional_context` | 0.18.0 | possibly |
101
+ | `readiness.workflowRequiredInputsPenalty` | 5 | points; required inputs are unclear | subtract once | Renma | Review signal only because some Skills require no external inputs | `workflow.required_inputs` | 0.18.0 | possibly |
102
+ | `readiness.workflowCompletionCriteriaPenalty` | 10 | points; completion criteria are unclear | subtract once | Renma | Review signal only because completion language varies by workflow | `workflow.completion_criteria` | 0.18.0 | possibly |
103
+ | `readiness.layoutWarningPenalty` | 5 | points per warning layout/path check | subtract per check | Renma | Keeps resolvable path and layout debt visible without making one advisory blocking | `layout.*` / `paths.helper_commands` | 0.18.0 | possibly |
104
+ | `readiness.layoutFailurePenalty` | 15 | points per failing layout/path check | subtract per check and fail | Renma | Strict layout failures can make repository evidence unusable | `layout.*` / `paths.helper_commands` | 0.18.0 | possibly |
105
+ | `readiness.readyMinimumScore` | 90 | score; at or above with no failing check | `ready` | Renma | Maintains a high bar without making subjective advisories blocking | Readiness `level` | 0.18.0 | possibly |
106
+ | `readiness.needsAttentionMinimumScore` | 70 | score; below | `not_ready`; 70-89 is `needs_attention` | Renma | Separates accumulated review debt from isolated advisories | Readiness `level` | 0.18.0 | possibly |
107
+
108
+ ## Security proximity, scan operations, and presentation
109
+
110
+ | Field | Default | Unit and trigger | Effect | Source | Rationale and false-positive risk | Related check or diagnostic | Reviewed | Configurable later |
111
+ | --- | ---: | --- | --- | --- | --- | --- | --- | --- |
112
+ | `security.precedingLineFastPath` | 2 | preceding source lines | supplements structural guard association | Renma | Preserves nearby-guard detection while headings, paragraphs, and list structure reduce formatting false positives | applicable `SEC-*` command diagnostics | 0.18.0 | no |
113
+ | `scan.defaultMaxFileSizeBytes` | 524,288 | bytes per discovered file | bound reading and hashing work | Renma operational default | Protects scans from unexpectedly large files; larger legitimate files may require existing scan configuration | discovery diagnostic | 0.18.0 | already configurable |
114
+ | `scan.defaultMaxDepth` | 16 | directory levels | bound discovery depth | Renma operational default | Prevents runaway traversal; unusually deep repositories may need existing scan configuration | discovery diagnostic | 0.18.0 | already configurable |
115
+ | `scan.defaultConcurrency` | 16 | concurrent file operations | bound scan concurrency | Renma operational default | Balances throughput and file-descriptor pressure | none | 0.18.0 | already configurable |
116
+ | `presentation.markdownReadinessFindingCap` | 50 | findings in Readiness Markdown | truncate presentation only | Renma | Keeps human reports readable without changing JSON evidence or score | Readiness Markdown | 0.18.0 | possibly |
117
+ | `presentation.topSummaryItemCap` | 10 | items in compact summaries | truncate presentation only | Renma | Avoids unbounded summaries; reviewers can use full reports | report summaries | 0.18.0 | possibly |
118
+
119
+ Structural guard proximity includes the same constraint or safety section, the
120
+ same list item, a directly associated paragraph, or a parent Human Approval,
121
+ Safety, or Constraints heading. Binary snippets are never exposed. Scan
122
+ operational limits retain their existing public config fields; none of the
123
+ quality or Readiness thresholds above are currently configurable.