renma 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/CHANGELOG.md +157 -1
  2. package/README.md +219 -748
  3. package/architecture.md +533 -0
  4. package/design.md +469 -0
  5. package/dist/agent-skills.d.ts +1 -1
  6. package/dist/agent-skills.d.ts.map +1 -1
  7. package/dist/agent-skills.js +28 -8
  8. package/dist/agent-skills.js.map +1 -1
  9. package/dist/catalog.d.ts +1 -1
  10. package/dist/catalog.d.ts.map +1 -1
  11. package/dist/catalog.js +120 -12
  12. package/dist/catalog.js.map +1 -1
  13. package/dist/cli-help.d.ts +15 -9
  14. package/dist/cli-help.d.ts.map +1 -1
  15. package/dist/cli-help.js +32 -9
  16. package/dist/cli-help.js.map +1 -1
  17. package/dist/cli.d.ts.map +1 -1
  18. package/dist/cli.js +162 -40
  19. package/dist/cli.js.map +1 -1
  20. package/dist/commands/bom.d.ts +6 -3
  21. package/dist/commands/bom.d.ts.map +1 -1
  22. package/dist/commands/bom.js +27 -7
  23. package/dist/commands/bom.js.map +1 -1
  24. package/dist/commands/catalog.d.ts +1 -1
  25. package/dist/commands/catalog.d.ts.map +1 -1
  26. package/dist/commands/catalog.js +11 -4
  27. package/dist/commands/catalog.js.map +1 -1
  28. package/dist/commands/ci-report.d.ts.map +1 -1
  29. package/dist/commands/ci-report.js +18 -5
  30. package/dist/commands/ci-report.js.map +1 -1
  31. package/dist/commands/diff.js +8 -2
  32. package/dist/commands/diff.js.map +1 -1
  33. package/dist/commands/graph.d.ts +6 -2
  34. package/dist/commands/graph.d.ts.map +1 -1
  35. package/dist/commands/graph.js +30 -14
  36. package/dist/commands/graph.js.map +1 -1
  37. package/dist/commands/inspect.d.ts.map +1 -1
  38. package/dist/commands/inspect.js +2 -0
  39. package/dist/commands/inspect.js.map +1 -1
  40. package/dist/commands/ownership.d.ts +4 -3
  41. package/dist/commands/ownership.d.ts.map +1 -1
  42. package/dist/commands/ownership.js +27 -23
  43. package/dist/commands/ownership.js.map +1 -1
  44. package/dist/commands/readiness.d.ts +2 -1
  45. package/dist/commands/readiness.d.ts.map +1 -1
  46. package/dist/commands/readiness.js +105 -36
  47. package/dist/commands/readiness.js.map +1 -1
  48. package/dist/commands/scaffold.d.ts +3 -0
  49. package/dist/commands/scaffold.d.ts.map +1 -1
  50. package/dist/commands/scaffold.js +28 -2
  51. package/dist/commands/scaffold.js.map +1 -1
  52. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  53. package/dist/commands/suggest-metadata.js +56 -8
  54. package/dist/commands/suggest-metadata.js.map +1 -1
  55. package/dist/commands/suggest-semantic-split.js +3 -3
  56. package/dist/commands/suggest-semantic-split.js.map +1 -1
  57. package/dist/commands/trust-graph.d.ts.map +1 -1
  58. package/dist/commands/trust-graph.js +12 -0
  59. package/dist/commands/trust-graph.js.map +1 -1
  60. package/dist/config.d.ts.map +1 -1
  61. package/dist/config.js +10 -3
  62. package/dist/config.js.map +1 -1
  63. package/dist/dependency-resolution.d.ts +6 -0
  64. package/dist/dependency-resolution.d.ts.map +1 -0
  65. package/dist/dependency-resolution.js +11 -0
  66. package/dist/dependency-resolution.js.map +1 -0
  67. package/dist/diagnostic-ids.d.ts +8 -0
  68. package/dist/diagnostic-ids.d.ts.map +1 -1
  69. package/dist/diagnostic-ids.js +8 -0
  70. package/dist/diagnostic-ids.js.map +1 -1
  71. package/dist/discovery.d.ts +33 -0
  72. package/dist/discovery.d.ts.map +1 -1
  73. package/dist/discovery.js +178 -80
  74. package/dist/discovery.js.map +1 -1
  75. package/dist/markdown.d.ts.map +1 -1
  76. package/dist/markdown.js +15 -0
  77. package/dist/markdown.js.map +1 -1
  78. package/dist/model.d.ts +17 -1
  79. package/dist/model.d.ts.map +1 -1
  80. package/dist/model.js +4 -1
  81. package/dist/model.js.map +1 -1
  82. package/dist/quality-profile.d.ts +91 -0
  83. package/dist/quality-profile.d.ts.map +1 -0
  84. package/dist/quality-profile.js +91 -0
  85. package/dist/quality-profile.js.map +1 -0
  86. package/dist/repeated-context.d.ts.map +1 -1
  87. package/dist/repeated-context.js +38 -83
  88. package/dist/repeated-context.js.map +1 -1
  89. package/dist/repository-boundary.d.ts +30 -0
  90. package/dist/repository-boundary.d.ts.map +1 -0
  91. package/dist/repository-boundary.js +116 -0
  92. package/dist/repository-boundary.js.map +1 -0
  93. package/dist/repository-evidence.d.ts +2 -0
  94. package/dist/repository-evidence.d.ts.map +1 -1
  95. package/dist/repository-evidence.js +6 -4
  96. package/dist/repository-evidence.js.map +1 -1
  97. package/dist/repository-paths.d.ts +19 -2
  98. package/dist/repository-paths.d.ts.map +1 -1
  99. package/dist/repository-paths.js +123 -14
  100. package/dist/repository-paths.js.map +1 -1
  101. package/dist/rules.d.ts +2 -0
  102. package/dist/rules.d.ts.map +1 -1
  103. package/dist/rules.js +322 -256
  104. package/dist/rules.js.map +1 -1
  105. package/dist/scanner.d.ts.map +1 -1
  106. package/dist/scanner.js +5 -1
  107. package/dist/scanner.js.map +1 -1
  108. package/dist/security-diagnostics.d.ts.map +1 -1
  109. package/dist/security-diagnostics.js +95 -30
  110. package/dist/security-diagnostics.js.map +1 -1
  111. package/dist/security-diff.d.ts +5 -2
  112. package/dist/security-diff.d.ts.map +1 -1
  113. package/dist/security-diff.js +20 -4
  114. package/dist/security-diff.js.map +1 -1
  115. package/dist/security-policy-inventory.d.ts +15 -3
  116. package/dist/security-policy-inventory.d.ts.map +1 -1
  117. package/dist/security-policy-inventory.js +123 -26
  118. package/dist/security-policy-inventory.js.map +1 -1
  119. package/dist/security-policy.d.ts +7 -0
  120. package/dist/security-policy.d.ts.map +1 -1
  121. package/dist/security-policy.js +70 -7
  122. package/dist/security-policy.js.map +1 -1
  123. package/dist/security-posture.d.ts.map +1 -1
  124. package/dist/security-posture.js +2 -1
  125. package/dist/security-posture.js.map +1 -1
  126. package/dist/skill-migration.js +2 -0
  127. package/dist/skill-migration.js.map +1 -1
  128. package/dist/static-support.d.ts +13 -0
  129. package/dist/static-support.d.ts.map +1 -0
  130. package/dist/static-support.js +284 -0
  131. package/dist/static-support.js.map +1 -0
  132. package/dist/token-estimator.d.ts +21 -0
  133. package/dist/token-estimator.d.ts.map +1 -0
  134. package/dist/token-estimator.js +84 -0
  135. package/dist/token-estimator.js.map +1 -0
  136. package/dist/trust-graph.d.ts +3 -3
  137. package/dist/trust-graph.d.ts.map +1 -1
  138. package/dist/trust-graph.js +76 -21
  139. package/dist/trust-graph.js.map +1 -1
  140. package/dist/types.d.ts +7 -2
  141. package/dist/types.d.ts.map +1 -1
  142. package/docs/README.md +61 -0
  143. package/docs/advanced-skill-authoring.md +147 -0
  144. package/docs/agent-skills-compatibility.md +508 -0
  145. package/docs/authoring-guide.md +382 -0
  146. package/docs/context-conflict-diagnostics.md +32 -0
  147. package/docs/context-language-diagnostics.md +99 -0
  148. package/docs/context-lens.md +253 -0
  149. package/docs/context-lifecycle-diagnostics.md +55 -0
  150. package/docs/diagnostics.md +406 -0
  151. package/docs/metadata-budget.md +14 -0
  152. package/docs/quality-profile.md +123 -0
  153. package/docs/repository-context-bom.md +172 -0
  154. package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
  155. package/docs/schemas/trust-graph-v2.schema.json +301 -0
  156. package/docs/security-policy.md +354 -0
  157. package/docs/trust-graph.md +47 -0
  158. package/docs/user-manual.md +842 -0
  159. package/examples/context-lens/README.md +101 -0
  160. package/examples/context-lens/contexts/testing/boundary-value-analysis.md +23 -0
  161. package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +29 -0
  162. package/examples/context-lens/lenses/testing/test-design-boundary-values.md +29 -0
  163. package/examples/context-lens/skills/testing/spec-review/SKILL.md +49 -0
  164. package/examples/context-repo/README.md +148 -0
  165. package/examples/context-repo/contexts/domain/payment/idempotency.md +27 -0
  166. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +26 -0
  167. package/examples/context-repo/contexts/testing/negative-testing.md +26 -0
  168. package/examples/context-repo/lenses/testing/spec-review-boundary-values.md +35 -0
  169. package/examples/context-repo/renma.config.json +12 -0
  170. package/examples/context-repo/skills/testing/spec-review/SKILL.md +71 -0
  171. package/examples/context-repo/tools/appium/README.md +14 -0
  172. package/examples/github-actions/renma-ci-report.yml +36 -0
  173. package/examples/interactive-placeholder/README.md +104 -0
  174. package/examples/interactive-placeholder/assets/template.txt +1 -0
  175. package/examples/interactive-placeholder/renma.config.json +6 -0
  176. package/examples/interactive-placeholder/skills/replace-placeholder/SKILL.md +54 -0
  177. package/examples/interactive-placeholder/tools/README.md +48 -0
  178. package/examples/interactive-placeholder/tools/placeholder-demo.mjs +99 -0
  179. package/package.json +10 -1
  180. package/plan-discovery.md +749 -0
  181. package/plan.md +90 -0
  182. package/scripts/verify-package.mjs +104 -0
package/design.md ADDED
@@ -0,0 +1,469 @@
1
+ # Renma Product Design
2
+
3
+ Renma is a Git-native context repository and deterministic governance CLI for
4
+ repositories that hold LLM-facing knowledge.
5
+
6
+ Current product surface includes `scan`, `catalog`, `ownership`, `graph`,
7
+ focused graph views, `trust-graph`, `readiness`, Repository Context BOM reports,
8
+ repeated-context diagnostics, semantic diff, `ci-report`, `inspect`, `scaffold`,
9
+ `suggest-metadata`, `suggest-semantic-split`, Agent Skills validation, and
10
+ security diagnostics for agent-facing operational instructions.
11
+
12
+ Focused graph views are inspection tools; they do not choose, inject, or load runtime context for an agent.
13
+
14
+ Renma prepares deterministic repository evidence. Agents operate outside Renma
15
+ and decide how to consume repository assets according to their own runtime
16
+ behavior.
17
+
18
+ Renma helps teams keep shared knowledge discoverable, owned, validated,
19
+ reviewable, and reusable in Git. It is not an agent runtime and does not decide
20
+ what context an agent should load at task time.
21
+
22
+ ## Core Distinction
23
+
24
+ ```mermaid
25
+ flowchart LR
26
+ Skill["Skill: agent-facing entrypoint, routing contract, usage guide"]
27
+ Lens["Context Lens: purpose-oriented interpretation"]
28
+ Asset["Context Asset: independently owned source-of-truth knowledge"]
29
+ Skill -->|may reference| Lens
30
+ Skill -->|may reference directly| Asset
31
+ Lens -->|interprets| Asset
32
+ ```
33
+
34
+ Skills tell an agent when and how to use a capability. They can reference
35
+ context assets, ask preflight questions, describe safety gates, and define
36
+ verification expectations.
37
+
38
+ Context assets hold reusable expertise. They should be maintainable outside a
39
+ single skill, owned by the right team, versioned, reviewed, and reused across
40
+ skills, agents, tools, and future agent runtimes.
41
+
42
+ Context Lenses describe how one or more Context Assets should be interpreted for
43
+ a purpose. They are repository governance metadata, not runtime lens selection
44
+ or prompt assembly.
45
+
46
+ These arrows are declared repository relationships, not a runtime loading
47
+ pipeline. Renma validates them but does not select a Lens, choose task-specific
48
+ Context, or inject either asset into an agent session.
49
+
50
+ ## Product Boundary
51
+
52
+ Renma owns repository quality and governance:
53
+
54
+ - Asset discovery and classification
55
+ - Owner, status, lifecycle, and metadata checks
56
+ - Broken reference and dependency checks
57
+ - Catalog and graph snapshots
58
+ - Orphaned, deprecated, archived, conflicting, and missing asset diagnostics
59
+ - Deterministic evidence for repeated or duplicated knowledge
60
+ - Deterministic readiness reports for repository maintainers
61
+
62
+ Renma does not own runtime behavior:
63
+
64
+ - No skill selection for a user task
65
+ - No prompt construction or context bundling
66
+ - No context injection into an agent
67
+ - No task-specific context choice service
68
+ - No tool execution on behalf of an agent
69
+ - No provider gateway or agent coordination layer
70
+ - No telemetry collection responsibility
71
+
72
+ Any future import of external signals from CI, IDE wrappers, agent plugins, or
73
+ other integrations must treat those signals as separately produced offline
74
+ review evidence. Renma itself is not telemetry-responsible.
75
+
76
+ ## LLM-Actionable Diagnostics
77
+
78
+ Security diagnostics focus on conservative operational-instruction risks,
79
+ policy metadata, security profile resolution, approved network and upload
80
+ destination checks, and explicit human approval guards. They remain
81
+ deterministic repository checks, not runtime enforcement.
82
+
83
+ Security diagnostics are deterministic review guardrails for LLM-facing operational instructions. They flag patterns such as unpinned remote shell execution, unpinned dependency installs, privileged commands without nearby guardrails, predictable temporary paths, and credential-like command arguments; they do not replace SAST, secret scanning, dependency scanning, or human security review.
84
+
85
+ Security posture summaries in Readiness and CI reports describe effective
86
+ policy, security profile resolution, allowed data, forbidden inputs, approved
87
+ network and upload destinations, human approval requirements, and high-risk
88
+ findings without enforcing runtime behavior.
89
+
90
+ Trust Graph v2 is a deterministic interpretation of existing catalog, graph, scan, and security evidence. It exposes stable asset, owner, lifecycle, dependency, security profile, compositional effective-policy provenance, and diagnostic evidence, but it does not introduce subjective trust scores or a separate runtime system. `scan` lists concrete problems, `graph` shows structural relationships, `trust-graph` connects trust-relevant evidence, and `readiness` summarizes repository-level preparedness.
91
+
92
+ Repository Context BOM v2 is a declared repository evidence snapshot: assets, hashes, owners, lifecycle states, dependencies, security posture, diagnostics, and readiness evidence. Snapshot consistency comes from one in-memory repository snapshot per BOM execution, not output formatting flags. `--omit-generated-at` only removes run-time generation timestamp noise; it does not ignore repository metadata timestamps such as `lastReviewedAt` or `expiresAt`, suppress freshness diagnostics, normalize environment-dependent absolute paths such as `root` or `configPath`, hide file moves, or provide portable byte-for-byte output across runners. The BOM does not claim actual LLM runtime usage. Actual consumed-context evidence remains a future separate artifact or attachment that external agents or wrappers may produce and Renma may later validate against the repository model. See `docs/repository-context-bom.md` for the v2 contract.
93
+
94
+ Renma findings should be useful not only to humans, but also to LLM coding
95
+ agents. A good Renma diagnostic should explain what is wrong, why it matters for
96
+ repository governance, where the evidence is, what direction a safe fix should
97
+ take, what constraints must be preserved, and how to verify the fix.
98
+
99
+ Renma should not apply large semantic rewrites by itself. It should produce
100
+ structured diagnostics that can be pasted into Codex, Claude, Cursor, or another
101
+ agent to guide a reviewable repository patch.
102
+
103
+ Current diagnostics include evidence, `whyItMatters`, remediation, typed repair
104
+ constraints, verification steps, and LLM-facing hints where applicable. These
105
+ fields remain deterministic rule output, not LLM-generated validation.
106
+
107
+ Example diagnostic shape:
108
+
109
+ ```json
110
+ {
111
+ "id": "RMA-SKILL-TOO-MONOLITHIC",
112
+ "severity": "medium",
113
+ "category": "structure",
114
+ "title": "Skill mixes reusable knowledge with usage guidance",
115
+ "evidence": {
116
+ "path": "skills/testing/test-case-generation/SKILL.md",
117
+ "startLine": 42,
118
+ "endLine": 78,
119
+ "snippet": "boundary value analysis"
120
+ },
121
+ "whyItMatters": "Reusable QA and domain knowledge should be owned, reviewed, and reused as shared context assets instead of being buried in one skill.",
122
+ "remediation": "Split reusable knowledge into first-class shared context assets and keep the skill as an LLM-facing usage guide.",
123
+ "constraints": [
124
+ "Do not introduce task context selection.",
125
+ "Do not create prompt packages.",
126
+ "Keep the skill as a routing contract / usage guide.",
127
+ "Each context asset should have id, owner, status, and short scope."
128
+ ],
129
+ "verificationSteps": [
130
+ "Run renma scan.",
131
+ "Run any project-specific validation checks that apply to this repository.",
132
+ "Ensure the skill no longer mixes reusable domain knowledge with usage guidance."
133
+ ],
134
+ "llmHint": "Create shared context assets for reusable QA knowledge, update skill metadata, and preserve the skill as a concise usage guide."
135
+ }
136
+ ```
137
+
138
+ Central repair workflow:
139
+
140
+ 1. A single `SKILL.md` contains reusable domain knowledge, tool guidance, and
141
+ QA heuristics.
142
+ 2. Renma emits structured findings explaining that the skill is too monolithic
143
+ and mixes usage guidance with reusable context.
144
+ 3. Codex or Claude reads the diagnostics and proposes a patch that moves
145
+ reusable knowledge into first-class context assets under `contexts/`, keeps
146
+ the skill concise, adds metadata, and updates declared context references.
147
+ 4. A human reviews the patch.
148
+ 5. Renma scans the repository again and confirms the skill/context separation is
149
+ healthier.
150
+
151
+ Optional LLM-assisted evaluation is advisory and outside core validation. See
152
+ `architecture.md` section `Optional LLM Evaluation Boundary` for the rule:
153
+ `scan`, catalog construction, and deterministic rule evaluation do not call an
154
+ LLM; optional helpers may prepare review bundles or suggestions for a human or
155
+ calling agent to apply.
156
+
157
+ ## Repository Model
158
+
159
+ An illustrative repository shape gives shared Context Assets first-class space:
160
+
161
+ ```text
162
+ skills/
163
+ testing/
164
+ test-case-generation/
165
+ SKILL.md
166
+ spec-review/
167
+ SKILL.md
168
+ regression-planning/
169
+ SKILL.md
170
+
171
+ contexts/
172
+ testing/
173
+ boundary-value-analysis.md
174
+ negative-testing.md
175
+ regression-risk.md
176
+ domain/
177
+ payment/
178
+ idempotency.md
179
+ duplicate-charge.md
180
+ refund-risk.md
181
+ mobile/
182
+ offline-behavior.md
183
+ background-resume.md
184
+ tools/
185
+ appium/
186
+ usage-guideline.md
187
+ limitations.md
188
+ teams/
189
+ checkout/
190
+ payment-api-contracts.md
191
+ known-risk-patterns.md
192
+
193
+ lenses/
194
+ testing/
195
+ spec-review-boundary-values.md
196
+
197
+ metadata/
198
+ graph/
199
+ catalog/
200
+ ```
201
+
202
+ This is not a required layout for every repository asset. A repository may
203
+ organize Context Assets, Context Lenses, policies, references, evidence, and
204
+ other knowledge by domain, product, team, workflow, or a combination of those
205
+ dimensions. Canonical Skill entrypoints in 0.16.0 remain under
206
+ `skills/**/SKILL.md` and `.agents/skills/**/SKILL.md`; arbitrary Skill roots and
207
+ domain-local `*/skills/**/SKILL.md` layouts are not implemented. Renma's broader
208
+ model means repository knowledge need not be embedded inside those Skill
209
+ directories.
210
+
211
+ `contexts/` is preferred for shared context assets. `context/` remains supported
212
+ as a compatibility alias. Files under either root are classified as the
213
+ `context` artifact kind, not as `reference`. Experimental `context_lens` assets
214
+ can live under `lenses/`, or context files can opt in with `type: context_lens`.
215
+
216
+ Skill-local `assets/`, `profiles/`, `references/`, `examples/`, and `scripts/`
217
+ remain supported. They are useful for local routing variants, nearby examples,
218
+ Skill-specific supporting text, fixtures, and helpers. When evidence shows that
219
+ knowledge is reusable across Skills, teams, tools, or agents, it should move
220
+ into `contexts/` as an owned Context Asset. Shared helper implementations may
221
+ move to `tools/**`; location alone does not require either promotion.
222
+
223
+ Renma can also flag large skill-local support files as shared-context candidates when they contain generic source-of-truth structure such as setup, decision logic, troubleshooting, validation, constraints, policy, or procedure guidance. This advisory does not decide semantic reuse itself. It surfaces structurally broad support files and asks the calling LLM or human to inspect the repository for similar concepts, overlapping guidance, and reuse opportunities before making a reviewable patch.
224
+
225
+ Shared context assets should be organized by semantic scope, not migration state. Folders such as `contexts/promoted/` or `contexts/generated/` can be useful temporary staging concepts, but final context assets should live under meaning-oriented paths such as `contexts/tools/...`, `contexts/domain/...`, `contexts/testing/...`, `contexts/teams/...`, `contexts/policies/...`, or `contexts/platform/...`.
226
+
227
+ ## Artifact Kinds
228
+
229
+ Renma normalizes scanned files into asset kinds:
230
+
231
+ - `skill`: LLM-facing entrypoint, routing contract, and usage guide
232
+ - `context`: shared source-of-truth knowledge asset under `contexts/` or
233
+ `context/`
234
+ - `context_lens`: purpose-oriented interpretation layer over context assets
235
+ - `profile`: skill-local overlay or variant
236
+ - `reference`: skill-local supporting material
237
+ - `example`: skill-local example or fixture text
238
+ - `script`: Skill-local deterministic executable implementation
239
+ - `asset`: Skill-local template, image, data, font, PDF, or output resource
240
+ - `agent`: repository or agent instruction file
241
+ - `config`: Renma configuration
242
+ - `unknown`: scanned file that does not match a known kind
243
+
244
+ Catalog, graph, Trust Graph, and BOM output include script and asset inventory.
245
+ Each cataloged asset records original-byte size and hash, text/binary
246
+ classification, and Markdown-parser eligibility. Binary assets remain opaque;
247
+ Renma does not decode them as UTF-8 or expose their bytes in snippets.
248
+ Non-Markdown text remains available to dedicated path and security analysis but
249
+ cannot declare catalog metadata or contribute Markdown structure. Skill-local
250
+ support without a local owner inherits effective ownership from the nearest
251
+ Skill, with inherited provenance exposed in normalized reports.
252
+
253
+ The dedicated `context` kind is central to the product model. It lets catalog,
254
+ graph, and validation output distinguish reusable team-owned knowledge from
255
+ skill-local reference material.
256
+
257
+ ## Context Asset Metadata
258
+
259
+ Context assets should use small, reviewable metadata blocks:
260
+
261
+ ```yaml
262
+ ---
263
+ id: context.testing.boundary-value-analysis-v2
264
+ title: Boundary Value Analysis
265
+ owner: qa-platform
266
+ status: stable
267
+ version: 1.0.0
268
+ tags:
269
+ - testing
270
+ - qa
271
+ when_to_use:
272
+ - Designing tests around numeric, date, quantity, or limit boundaries
273
+ when_not_to_use:
274
+ - Exploratory testing notes that do not depend on boundaries
275
+ requires_context:
276
+ - testing.negative-testing
277
+ optional_context:
278
+ - context.domain.payment.duplicate-charge
279
+ conflicts:
280
+ - context.testing.boundary-value-analysis-v1
281
+ superseded_by:
282
+ - context.testing.boundary-value-analysis-v3
283
+ ---
284
+ ```
285
+
286
+ The current parser supports YAML-style block lists for selected deterministic metadata fields. Supported block-list fields are `tags`, `when_to_use`, `when_not_to_use`, `requires_context`, `optional_context`, `conflicts`, and `superseded_by`; arbitrary nested maps are not metadata.
287
+
288
+ Initial status values:
289
+
290
+ - `experimental`
291
+ - `stable`
292
+ - `deprecated`
293
+ - `archived`
294
+
295
+ `status` describes lifecycle only. It should not be used for replacement,
296
+ delegation, migration provenance, or canonical-source relationships. For
297
+ example, a skill-local reference replaced by a shared context asset should use a
298
+ valid lifecycle status such as `deprecated`, plus a separate relationship field
299
+ such as `superseded_by: contexts/tools/example/setup.md` when the repository
300
+ needs to preserve that link. Renma may catalog `superseded_by` as a static
301
+ reference relationship, but it should not treat values such as `active` or
302
+ `delegated` as valid lifecycle statuses.
303
+
304
+ When reusable knowledge is promoted from a skill-local support file into
305
+ `contexts/`, the original `skills/*/references/` file may remain temporarily as
306
+ a compatibility shim. Renma can warn when a skill still routes readers through a
307
+ deprecated or superseded local support asset instead of referencing the
308
+ canonical shared context directly.
309
+
310
+ Renma can also warn when other repository assets continue to reference a
311
+ deprecated or superseded support file instead of the canonical shared context.
312
+ This broader advisory helps remove hidden indirection after context promotion
313
+ while preserving compatibility shims when they are intentionally needed.
314
+
315
+ Renma starts deterministic validation for fields it actually uses: duplicate IDs,
316
+ invalid statuses, missing owner or ID on published shared context, unknown
317
+ declared references, dependencies on deprecated or archived assets, and orphaned
318
+ first-class shared context assets. Declared references resolve by exact asset ID
319
+ or repository-relative path, with a leading `./` normalized away. Renma does not
320
+ use fuzzy matching, semantic search, LLM inference, or runtime context selection
321
+ for these checks.
322
+
323
+ ## Dependency Model
324
+
325
+ Dependencies are typed relationships between assets:
326
+
327
+ - `requires`: the target asset is needed for the source asset to be complete
328
+ - `optional`: useful context that is not always required
329
+ - `applies_to`: context asset interpreted by a context lens
330
+ - `conflicts`: assets that should not both be active without human review
331
+ - `extends`: overlay or profile relationship
332
+ - `references`: declared static relationship from a skill or support asset toward a context asset or local file
333
+ - `covered_by`: evaluation or evidence coverage relationship
334
+
335
+ Edges should carry source evidence: path, range when available, declaration
336
+ form, and enough snippet text for review.
337
+
338
+ The graph is repository evidence. It must not become a task-specific context selector.
339
+
340
+ ## Core Workflow
341
+
342
+ Renma should keep the deterministic path boring and reliable:
343
+
344
+ 1. Load configuration from defaults, config files, and CLI flags.
345
+ 2. Discover bounded repository files with stable POSIX-style paths.
346
+ 3. Classify artifacts into normalized kinds, including first-class `context`.
347
+ 4. Parse Markdown, frontmatter, headings, links, code fences, and metadata.
348
+ 5. Build catalog entries with IDs, kind, source path, content hash, owner,
349
+ status, tags, declared dependencies, dependents, and diagnostics.
350
+ 6. Build graph snapshots from declared references and dependency metadata.
351
+ 7. Run deterministic rules over parsed files and graph evidence.
352
+ 8. Emit the command's documented text, JSON, Markdown, or Mermaid projection
353
+ for Git review and CI.
354
+
355
+ Optional LLM assistance may help with semantic split suggestions, duplicate
356
+ labeling, or review summaries. LLM output is advisory. Deterministic evidence is
357
+ the authority.
358
+
359
+ ## Rules
360
+
361
+ Implemented deterministic rules focus on repository health:
362
+
363
+ - Missing context asset ID
364
+ - Missing owner on shared context assets
365
+ - Invalid lifecycle status
366
+ - Duplicate asset IDs
367
+ - Unknown declared references
368
+ - Declared dependency on deprecated or archived context
369
+ - Orphaned shared context asset
370
+ - Superseded local support asset reference advisories
371
+ - Oversized skill entrypoint
372
+ - Skill may contain reusable context worth extracting
373
+ - Oversized context or skill-local support file
374
+ - Missing skill routing guidance
375
+ - Missing negative routing guidance
376
+ - Missing preflight or verification guidance
377
+ - Unused skill-local profile, reference, or example
378
+ - Literal secret-like values
379
+ - Destructive commands without nearby confirmation or recovery guidance
380
+ - Risky remote defaults
381
+ - Broad environment copying into subprocesses
382
+ - Hardcoded user-local paths in reusable guidance
383
+
384
+ Current reporting includes deterministic Readiness output, ownership coverage,
385
+ graph snapshots, repeated-context diagnostics, semantic diff, Trust Graph,
386
+ Repository Context BOM, security posture summaries, CI reports, and optional
387
+ LLM-friendly review bundles. These are repository projections and evidence, not
388
+ runtime selection or execution services.
389
+
390
+ Passing Renma checks does not prove a workflow is safe. It means the repository
391
+ met the deterministic governance checks that were enabled.
392
+
393
+ ## QA And Testing Focus
394
+
395
+ QA/testing is the first strong product focus because teams often ask agents to
396
+ generate tests while the real expertise lives in scattered documents or senior
397
+ engineers' heads.
398
+
399
+ Good context assets in this domain include:
400
+
401
+ - Boundary value analysis
402
+ - Negative testing heuristics
403
+ - Regression risk models
404
+ - Payment idempotency and duplicate-charge risk
405
+ - Refund edge cases
406
+ - Mobile offline and background-resume behavior
407
+ - Appium usage limits
408
+ - Team-specific test strategy
409
+ - Known checkout or payment contract risks
410
+
411
+ Skills can reference those assets for tasks such as test-case generation, spec
412
+ review, regression planning, or release readiness. The context assets remain
413
+ the source of truth.
414
+
415
+ ## Catalog Output
416
+
417
+ `renma catalog` should provide deterministic inventory:
418
+
419
+ - ID
420
+ - Kind
421
+ - Source path
422
+ - Content hash
423
+ - Owner
424
+ - Status
425
+ - Tags
426
+ - Declared dependencies
427
+ - Dependents
428
+ - Diagnostics
429
+
430
+ Catalog output should be stable across filesystems and Node versions so diffs
431
+ are useful in pull requests.
432
+
433
+ ## Repository Health Readiness
434
+
435
+ Readiness v1 is a deterministic static repository-health report for maintainers:
436
+
437
+ ```bash
438
+ renma readiness [path] [--format json|markdown]
439
+ ```
440
+
441
+ It answers repository-level questions:
442
+
443
+ - Are shared context assets identifiable and owned?
444
+ - Are lifecycle states explicit?
445
+ - Are skills clear entrypoints rather than overloaded knowledge dumps?
446
+ - Are dependency declarations resolvable?
447
+ - Are deprecated or archived assets still reachable?
448
+ - Are important context assets orphaned?
449
+ - Is repeated knowledge visible enough for maintainers to consolidate it?
450
+ - Which changed assets affect which skills or teams?
451
+
452
+ Readiness is about preparing the repository for agents. It is not a guarantee
453
+ about any particular agent run.
454
+
455
+ The Markdown report is intentionally compact for PR review: level, score, workflow readiness, graph resolution, ownership coverage, diagnostics, and layout status. The JSON report exposes the same deterministic facts for CI.
456
+
457
+ Readiness does not call an LLM, select runtime context, assemble prompts, auto-repair files, perform cross-document semantic consistency analysis, score repairability, or plan per-skill patches.
458
+
459
+ ## Implementation Principles
460
+
461
+ - Prefer deterministic analysis over hidden inference.
462
+ - Keep the CLI minimal-dependency and Git-friendly.
463
+ - Keep repository paths stable and portable.
464
+ - Parse structured metadata instead of relying on ad hoc text matching where
465
+ reasonable.
466
+ - Preserve human ownership and review.
467
+ - Treat existing documents as changeable product design, not sacred API.
468
+ - Make shared context first-class before adding external signal features.
469
+ - Design for gradual adoption in repositories that already have skill debt.
@@ -2,7 +2,7 @@ import { type AgentSkillDiagnosticId } from "./diagnostic-ids.js";
2
2
  import type { ParsedDocument } from "./types.js";
3
3
  import { type ParsedYamlFrontmatter } from "./yaml-frontmatter.js";
4
4
  export declare const AGENT_SKILLS_SPECIFICATION = "https://agentskills.io/specification";
5
- export declare const AGENT_SKILLS_VALIDATION_PROFILE = "agentskills.io/specification@2026-07-11";
5
+ export declare const AGENT_SKILLS_VALIDATION_PROFILE = "agentskills.io/specification@2026-07-12";
6
6
  export declare const AGENT_SKILLS_TOP_LEVEL_FIELDS: readonly ["name", "description", "license", "compatibility", "metadata", "allowed-tools"];
7
7
  export declare const LEGACY_RENMA_SKILL_FIELDS: readonly ["id", "title", "version", "owner", "status", "purpose", "last_reviewed_at", "review_cycle", "expires_at", "tags", "when_to_use", "when_not_to_use", "requires_context", "optional_context", "requires_lens", "optional_lens", "conflicts", "superseded_by", "allowed_data", "network_allowed", "external_upload_allowed", "secrets_allowed", "requires_human_approval", "forbidden_inputs", "approved_network_destinations", "approved_upload_destinations", "security_profile"];
8
8
  export type AgentSkillFormat = "agent-skills" | "renma-legacy" | "hybrid" | "unknown";
@@ -1 +1 @@
1
- {"version":3,"file":"agent-skills.d.ts","sourceRoot":"","sources":["../src/agent-skills.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAEL,KAAK,qBAAqB,EAE3B,MAAM,uBAAuB,CAAC;AAE/B,eAAO,MAAM,0BAA0B,yCACC,CAAC;AACzC,eAAO,MAAM,+BAA+B,4CACD,CAAC;AAE5C,eAAO,MAAM,6BAA6B,2FAOhC,CAAC;AAEX,eAAO,MAAM,yBAAyB,4dA4B5B,CAAC;AAQX,MAAM,MAAM,gBAAgB,GACxB,cAAc,GACd,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAC;IAC9B,QAAQ,EAAE,eAAe,GAAG,iBAAiB,CAAC;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,gBAAgB,CAAC;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,wBAAwB,CAAC;IAC9C,gBAAgB,CAAC,EAAE,0BAA0B,CAAC;IAC9C,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,yBAAyB,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,qBAAqB,CAAC;IACnC,UAAU,EAAE,0BAA0B,CAAC;CACxC;AAED,MAAM,WAAW,0BAA0B;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,0BAA0B,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,wFAAwF;AACxF,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,cAAc,EAAE,GAC1B,4BAA4B,CA0B9B;AAED,sFAAsF;AACtF,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,cAAc,GACvB,0BAA0B,CAG5B;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,cAAc,GACvB,oBAAoB,CAMtB;AAED,sEAAsE;AACtE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,cAAc,GACvB,MAAM,GAAG,SAAS,CAKpB;AA0LD,8DAA8D;AAC9D,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AAED,0FAA0F;AAC1F,wBAAgB,gCAAgC,CAC9C,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AAED,+EAA+E;AAC/E,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AA+BD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAIxE;AAsXD,6EAA6E;AAC7E,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,GACpB,GAAG,CAAC,MAAM,CAAC,CAgCb"}
1
+ {"version":3,"file":"agent-skills.d.ts","sourceRoot":"","sources":["../src/agent-skills.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAEL,KAAK,qBAAqB,EAE3B,MAAM,uBAAuB,CAAC;AAG/B,eAAO,MAAM,0BAA0B,yCACC,CAAC;AACzC,eAAO,MAAM,+BAA+B,4CACD,CAAC;AAE5C,eAAO,MAAM,6BAA6B,2FAOhC,CAAC;AAEX,eAAO,MAAM,yBAAyB,4dA4B5B,CAAC;AASX,MAAM,MAAM,gBAAgB,GACxB,cAAc,GACd,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAC;IAC9B,QAAQ,EAAE,eAAe,GAAG,iBAAiB,CAAC;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,gBAAgB,CAAC;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,wBAAwB,CAAC;IAC9C,gBAAgB,CAAC,EAAE,0BAA0B,CAAC;IAC9C,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,yBAAyB,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,qBAAqB,CAAC;IACnC,UAAU,EAAE,0BAA0B,CAAC;CACxC;AAED,MAAM,WAAW,0BAA0B;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,0BAA0B,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,wFAAwF;AACxF,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,cAAc,EAAE,GAC1B,4BAA4B,CA0B9B;AAED,sFAAsF;AACtF,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,cAAc,GACvB,0BAA0B,CAG5B;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,cAAc,GACvB,oBAAoB,CAMtB;AAED,sEAAsE;AACtE,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,cAAc,GACvB,MAAM,GAAG,SAAS,CAKpB;AA0LD,8DAA8D;AAC9D,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AAED,0FAA0F;AAC1F,wBAAgB,gCAAgC,CAC9C,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AAED,+EAA+E;AAC/E,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,OAAO,GACb,wBAAwB,CAE1B;AA+BD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAIxE;AAwYD,6EAA6E;AAC7E,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,GACpB,GAAG,CAAC,MAAM,CAAC,CAgCb"}
@@ -1,9 +1,11 @@
1
1
  import path from "node:path";
2
+ import { logicalSkillDirectory } from "./discovery.js";
2
3
  import { AGENT_SKILL_DIAGNOSTIC_IDS as IDS, } from "./diagnostic-ids.js";
3
4
  import { classifyRepositorySkillEntrypointPath } from "./discovery.js";
4
5
  import { parseAgentSkillFrontmatter, } from "./yaml-frontmatter.js";
6
+ import { DEFAULT_QUALITY_PROFILE } from "./quality-profile.js";
5
7
  export const AGENT_SKILLS_SPECIFICATION = "https://agentskills.io/specification";
6
- export const AGENT_SKILLS_VALIDATION_PROFILE = "agentskills.io/specification@2026-07-11";
8
+ export const AGENT_SKILLS_VALIDATION_PROFILE = "agentskills.io/specification@2026-07-12";
7
9
  export const AGENT_SKILLS_TOP_LEVEL_FIELDS = [
8
10
  "name",
9
11
  "description",
@@ -43,9 +45,10 @@ export const LEGACY_RENMA_SKILL_FIELDS = [
43
45
  ];
44
46
  const ALLOWED_TOP_LEVEL_FIELDS = new Set(AGENT_SKILLS_TOP_LEVEL_FIELDS);
45
47
  const LEGACY_FIELDS = new Set(LEGACY_RENMA_SKILL_FIELDS);
46
- const MAX_NAME_LENGTH = 64;
47
- const MAX_DESCRIPTION_LENGTH = 1024;
48
- const MAX_COMPATIBILITY_LENGTH = 500;
48
+ const AGENT_SKILLS_LIMITS = DEFAULT_QUALITY_PROFILE.agentSkills;
49
+ const MAX_NAME_LENGTH = AGENT_SKILLS_LIMITS.nameMaxChars;
50
+ const MAX_DESCRIPTION_LENGTH = AGENT_SKILLS_LIMITS.descriptionMaxChars;
51
+ const MAX_COMPATIBILITY_LENGTH = AGENT_SKILLS_LIMITS.compatibilityMaxChars;
49
52
  /** Validate every discovered Skill using one locally versioned Agent Skills profile. */
50
53
  export function validateAgentSkills(documents) {
51
54
  const results = documents
@@ -231,10 +234,16 @@ function validateName(document, frontmatter, issues) {
231
234
  if (nameValidation.problems.length > 0) {
232
235
  issues.push(createIssue(document, IDS.AS_INVALID_NAME, "error", "specification", `Invalid Agent Skills name "${rawName}": ${nameValidation.problems.join("; ")}.`, field?.startLine ?? 1, "name"));
233
236
  }
234
- const parent = path.posix.basename(path.posix.dirname(document.artifact.path));
235
- const parentValidation = normalizeAgentSkillDirectoryName(parent);
236
- if (nameValidation.normalized !== undefined &&
237
- parentValidation.normalized !== nameValidation.normalized) {
237
+ const logicalDirectory = logicalSkillDirectory(document.artifact.path);
238
+ const parent = logicalDirectory
239
+ ? path.posix.basename(logicalDirectory)
240
+ : undefined;
241
+ const parentValidation = parent
242
+ ? normalizeAgentSkillDirectoryName(parent)
243
+ : undefined;
244
+ if (parent !== undefined &&
245
+ nameValidation.normalized !== undefined &&
246
+ parentValidation?.normalized !== nameValidation.normalized) {
238
247
  issues.push({
239
248
  ...createIssue(document, IDS.AS_NAME_DIRECTORY_MISMATCH, "error", "specification", `Agent Skills name "${rawName}" must match parent directory "${parent}".`, field?.startLine ?? 1, "name"),
240
249
  details: { name: rawName, parentDirectory: parent },
@@ -294,6 +303,9 @@ function authoringIssues(document, frontmatter, description) {
294
303
  const issues = [];
295
304
  const bodyLines = collectBodyLines(document, frontmatter);
296
305
  const descriptionLine = firstField(frontmatter, "description")?.startLine ?? 1;
306
+ if (!descriptionCapabilityPattern().test(description)) {
307
+ issues.push(createIssue(document, IDS.RN_DESCRIPTION_MISSING_CAPABILITY, "warning", "renma-authoring", "Description should state what the skill does, not only that it should be used.", descriptionLine, "description"));
308
+ }
297
309
  if (!usageBoundaryPattern().test(description)) {
298
310
  issues.push(createIssue(document, IDS.RN_DESCRIPTION_MISSING_USAGE_BOUNDARY, "warning", "renma-authoring", "Description should state when the agent should use this skill.", descriptionLine, "description"));
299
311
  }
@@ -447,6 +459,14 @@ function characterLength(value) {
447
459
  function usageBoundaryPattern() {
448
460
  return /\b(?:use(?: this skill)? (?:when|for|to)|when (?:a|an|the|you|reviewing|working|handling))\b/i;
449
461
  }
462
+ /**
463
+ * Conservative English capability evidence for the Agent Skills "what" clause.
464
+ * Non-ASCII descriptions are accepted because Renma cannot reliably infer
465
+ * capability semantics across languages with a deterministic word list.
466
+ */
467
+ function descriptionCapabilityPattern() {
468
+ return /[^\p{ASCII}]|\b(?:address(?:es|ing)?|analy[sz](?:e|es|ing)|analysis|automat(?:e|es|ing|ion)|build(?:s|ing)?|calculat(?:e|es|ing|ion)|compar(?:e|es|ing|ison)|configur(?:e|es|ing|ation)|convert(?:s|ing)?|creat(?:e|es|ing|ion)|debug(?:s|ging)?|deploy(?:s|ing|ment)?|design(?:s|ing)?|diagnos(?:e|es|ing|is)|document(?:s|ing|ation)?|edit(?:s|ing)?|evaluat(?:e|es|ing|ion)|extract(?:s|ing|ion)?|find(?:s|ing)?|fix(?:es|ing)?|generat(?:e|es|ing|ion)|guid(?:e|es|ing|ance)|implement(?:s|ing|ation)?|inspect(?:s|ing|ion)?|install(?:s|ing|ation)?|manage(?:s|ment|ing)?|migrat(?:e|es|ing|ion)|monitor(?:s|ing)?|organiz(?:e|es|ing|ation)|plan(?:s|ning)?|prepar(?:e|es|ing|ation)|produc(?:e|es|ing|tion)|publish(?:es|ing)?|read(?:s|ing)?|releas(?:e|es|ing)|render(?:s|ing)?|review(?:s|ing)?|rout(?:e|es|ing)|scaffold(?:s|ing)?|search(?:es|ing)?|summari[sz](?:e|es|ing|ation)|test(?:s|ing)?|transform(?:s|ing|ation)?|triag(?:e|es|ing)|updat(?:e|es|ing)|validat(?:e|es|ing|ion)|verif(?:y|ies|ying|ication)|writ(?:e|es|ing))\b/iu;
469
+ }
450
470
  function explicitSelectionBoundaryPattern() {
451
471
  return /\b(?:do not use (?:this|the) skill|do not select (?:this|the) skill|use another skill|when not to use (?:this|the) skill)\b/i;
452
472
  }