renma 0.17.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (156) hide show
  1. package/CHANGELOG.md +123 -1
  2. package/README.md +11 -1
  3. package/architecture.md +14 -4
  4. package/design.md +13 -2
  5. package/dist/agent-skills.d.ts +1 -1
  6. package/dist/agent-skills.d.ts.map +1 -1
  7. package/dist/agent-skills.js +28 -8
  8. package/dist/agent-skills.js.map +1 -1
  9. package/dist/catalog.d.ts +1 -1
  10. package/dist/catalog.d.ts.map +1 -1
  11. package/dist/catalog.js +120 -12
  12. package/dist/catalog.js.map +1 -1
  13. package/dist/cli-help.d.ts +9 -5
  14. package/dist/cli-help.d.ts.map +1 -1
  15. package/dist/cli-help.js +9 -0
  16. package/dist/cli-help.js.map +1 -1
  17. package/dist/cli.d.ts.map +1 -1
  18. package/dist/cli.js +23 -0
  19. package/dist/cli.js.map +1 -1
  20. package/dist/commands/bom.d.ts +6 -3
  21. package/dist/commands/bom.d.ts.map +1 -1
  22. package/dist/commands/bom.js +27 -7
  23. package/dist/commands/bom.js.map +1 -1
  24. package/dist/commands/catalog.d.ts +1 -1
  25. package/dist/commands/catalog.d.ts.map +1 -1
  26. package/dist/commands/catalog.js +7 -1
  27. package/dist/commands/catalog.js.map +1 -1
  28. package/dist/commands/ci-report.d.ts.map +1 -1
  29. package/dist/commands/ci-report.js +18 -5
  30. package/dist/commands/ci-report.js.map +1 -1
  31. package/dist/commands/diff.js +8 -2
  32. package/dist/commands/diff.js.map +1 -1
  33. package/dist/commands/graph.d.ts +6 -2
  34. package/dist/commands/graph.d.ts.map +1 -1
  35. package/dist/commands/graph.js +23 -2
  36. package/dist/commands/graph.js.map +1 -1
  37. package/dist/commands/inspect.d.ts.map +1 -1
  38. package/dist/commands/inspect.js +2 -0
  39. package/dist/commands/inspect.js.map +1 -1
  40. package/dist/commands/ownership.d.ts +4 -3
  41. package/dist/commands/ownership.d.ts.map +1 -1
  42. package/dist/commands/ownership.js +27 -23
  43. package/dist/commands/ownership.js.map +1 -1
  44. package/dist/commands/readiness.d.ts +2 -1
  45. package/dist/commands/readiness.d.ts.map +1 -1
  46. package/dist/commands/readiness.js +98 -30
  47. package/dist/commands/readiness.js.map +1 -1
  48. package/dist/commands/scaffold.d.ts +3 -0
  49. package/dist/commands/scaffold.d.ts.map +1 -1
  50. package/dist/commands/scaffold.js +14 -0
  51. package/dist/commands/scaffold.js.map +1 -1
  52. package/dist/commands/suggest-metadata.d.ts.map +1 -1
  53. package/dist/commands/suggest-metadata.js +2 -0
  54. package/dist/commands/suggest-metadata.js.map +1 -1
  55. package/dist/commands/trust-graph.d.ts.map +1 -1
  56. package/dist/commands/trust-graph.js +12 -0
  57. package/dist/commands/trust-graph.js.map +1 -1
  58. package/dist/config.d.ts.map +1 -1
  59. package/dist/config.js +10 -3
  60. package/dist/config.js.map +1 -1
  61. package/dist/diagnostic-ids.d.ts +8 -0
  62. package/dist/diagnostic-ids.d.ts.map +1 -1
  63. package/dist/diagnostic-ids.js +8 -0
  64. package/dist/diagnostic-ids.js.map +1 -1
  65. package/dist/discovery.d.ts +5 -0
  66. package/dist/discovery.d.ts.map +1 -1
  67. package/dist/discovery.js +108 -65
  68. package/dist/discovery.js.map +1 -1
  69. package/dist/markdown.d.ts.map +1 -1
  70. package/dist/markdown.js +15 -0
  71. package/dist/markdown.js.map +1 -1
  72. package/dist/model.d.ts +17 -1
  73. package/dist/model.d.ts.map +1 -1
  74. package/dist/model.js +4 -1
  75. package/dist/model.js.map +1 -1
  76. package/dist/quality-profile.d.ts +91 -0
  77. package/dist/quality-profile.d.ts.map +1 -0
  78. package/dist/quality-profile.js +91 -0
  79. package/dist/quality-profile.js.map +1 -0
  80. package/dist/repeated-context.d.ts.map +1 -1
  81. package/dist/repeated-context.js +38 -83
  82. package/dist/repeated-context.js.map +1 -1
  83. package/dist/repository-boundary.d.ts +30 -0
  84. package/dist/repository-boundary.d.ts.map +1 -0
  85. package/dist/repository-boundary.js +116 -0
  86. package/dist/repository-boundary.js.map +1 -0
  87. package/dist/repository-evidence.d.ts +2 -0
  88. package/dist/repository-evidence.d.ts.map +1 -1
  89. package/dist/repository-evidence.js +6 -4
  90. package/dist/repository-evidence.js.map +1 -1
  91. package/dist/repository-paths.d.ts +6 -2
  92. package/dist/repository-paths.d.ts.map +1 -1
  93. package/dist/repository-paths.js +75 -24
  94. package/dist/repository-paths.js.map +1 -1
  95. package/dist/rules.d.ts +2 -0
  96. package/dist/rules.d.ts.map +1 -1
  97. package/dist/rules.js +263 -176
  98. package/dist/rules.js.map +1 -1
  99. package/dist/scanner.d.ts.map +1 -1
  100. package/dist/scanner.js +5 -1
  101. package/dist/scanner.js.map +1 -1
  102. package/dist/security-diagnostics.d.ts.map +1 -1
  103. package/dist/security-diagnostics.js +95 -30
  104. package/dist/security-diagnostics.js.map +1 -1
  105. package/dist/security-diff.d.ts +5 -2
  106. package/dist/security-diff.d.ts.map +1 -1
  107. package/dist/security-diff.js +20 -4
  108. package/dist/security-diff.js.map +1 -1
  109. package/dist/security-policy-inventory.d.ts +15 -3
  110. package/dist/security-policy-inventory.d.ts.map +1 -1
  111. package/dist/security-policy-inventory.js +123 -26
  112. package/dist/security-policy-inventory.js.map +1 -1
  113. package/dist/security-policy.d.ts +7 -0
  114. package/dist/security-policy.d.ts.map +1 -1
  115. package/dist/security-policy.js +70 -7
  116. package/dist/security-policy.js.map +1 -1
  117. package/dist/security-posture.d.ts.map +1 -1
  118. package/dist/security-posture.js +2 -1
  119. package/dist/security-posture.js.map +1 -1
  120. package/dist/skill-migration.js +2 -0
  121. package/dist/skill-migration.js.map +1 -1
  122. package/dist/static-support.d.ts +13 -0
  123. package/dist/static-support.d.ts.map +1 -0
  124. package/dist/static-support.js +284 -0
  125. package/dist/static-support.js.map +1 -0
  126. package/dist/token-estimator.d.ts +21 -0
  127. package/dist/token-estimator.d.ts.map +1 -0
  128. package/dist/token-estimator.js +84 -0
  129. package/dist/token-estimator.js.map +1 -0
  130. package/dist/trust-graph.d.ts +3 -3
  131. package/dist/trust-graph.d.ts.map +1 -1
  132. package/dist/trust-graph.js +69 -10
  133. package/dist/trust-graph.js.map +1 -1
  134. package/dist/types.d.ts +6 -1
  135. package/dist/types.d.ts.map +1 -1
  136. package/docs/README.md +13 -7
  137. package/docs/advanced-skill-authoring.md +16 -9
  138. package/docs/agent-skills-compatibility.md +10 -2
  139. package/docs/authoring-guide.md +62 -4
  140. package/docs/diagnostics.md +44 -11
  141. package/docs/quality-profile.md +123 -0
  142. package/docs/repository-context-bom.md +67 -8
  143. package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
  144. package/docs/schemas/trust-graph-v2.schema.json +301 -0
  145. package/docs/security-policy.md +21 -5
  146. package/docs/trust-graph.md +47 -0
  147. package/docs/user-manual.md +34 -5
  148. package/examples/context-repo/README.md +6 -7
  149. package/examples/context-repo/contexts/domain/payment/idempotency.md +7 -0
  150. package/examples/context-repo/contexts/testing/boundary-value-analysis.md +7 -0
  151. package/examples/context-repo/contexts/testing/negative-testing.md +7 -0
  152. package/examples/context-repo/skills/testing/spec-review/SKILL.md +5 -0
  153. package/package.json +3 -1
  154. package/plan-discovery.md +24 -15
  155. package/plan.md +59 -119
  156. package/scripts/verify-package.mjs +8 -1
@@ -0,0 +1,301 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://github.com/KazuCocoa/renma/blob/main/docs/schemas/trust-graph-v2.schema.json",
4
+ "title": "Renma Trust Graph v2",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": ["schemaVersion", "summary", "nodes", "edges", "findings"],
8
+ "properties": {
9
+ "schemaVersion": { "const": "renma.trustGraph.v2" },
10
+ "summary": { "$ref": "#/$defs/summary" },
11
+ "nodes": { "type": "array", "items": { "$ref": "#/$defs/node" } },
12
+ "edges": { "type": "array", "items": { "$ref": "#/$defs/edge" } },
13
+ "findings": { "type": "array", "items": { "$ref": "#/$defs/finding" } }
14
+ },
15
+ "$defs": {
16
+ "nodeTypes": {
17
+ "enum": [
18
+ "asset",
19
+ "owner",
20
+ "lifecycle_status",
21
+ "security_profile",
22
+ "effective_policy",
23
+ "diagnostic"
24
+ ]
25
+ },
26
+ "edgeTypes": {
27
+ "enum": [
28
+ "owned_by",
29
+ "has_lifecycle_status",
30
+ "declares_dependency",
31
+ "references",
32
+ "owns_local_resource",
33
+ "statically_references",
34
+ "inherits_owner",
35
+ "selects_security_profile",
36
+ "inherits_policy",
37
+ "has_effective_policy",
38
+ "has_diagnostic"
39
+ ]
40
+ },
41
+ "severity": {
42
+ "enum": ["critical", "high", "medium", "low", "error", "warning", "info"]
43
+ },
44
+ "summary": {
45
+ "type": "object",
46
+ "additionalProperties": false,
47
+ "required": [
48
+ "assetCount",
49
+ "nodeCount",
50
+ "edgeCount",
51
+ "findingCount",
52
+ "nodeTypeCounts",
53
+ "edgeTypeCounts",
54
+ "findingSeverityCounts",
55
+ "riskClassCounts"
56
+ ],
57
+ "properties": {
58
+ "assetCount": { "type": "integer", "minimum": 0 },
59
+ "nodeCount": { "type": "integer", "minimum": 0 },
60
+ "edgeCount": { "type": "integer", "minimum": 0 },
61
+ "findingCount": { "type": "integer", "minimum": 0 },
62
+ "nodeTypeCounts": { "$ref": "#/$defs/nodeCounts" },
63
+ "edgeTypeCounts": { "$ref": "#/$defs/edgeCounts" },
64
+ "findingSeverityCounts": { "$ref": "#/$defs/severityCounts" },
65
+ "riskClassCounts": { "$ref": "#/$defs/riskCounts" }
66
+ }
67
+ },
68
+ "nodeCounts": {
69
+ "type": "object",
70
+ "additionalProperties": false,
71
+ "required": [
72
+ "asset",
73
+ "owner",
74
+ "lifecycle_status",
75
+ "security_profile",
76
+ "effective_policy",
77
+ "diagnostic"
78
+ ],
79
+ "properties": {
80
+ "asset": { "type": "integer", "minimum": 0 },
81
+ "owner": { "type": "integer", "minimum": 0 },
82
+ "lifecycle_status": { "type": "integer", "minimum": 0 },
83
+ "security_profile": { "type": "integer", "minimum": 0 },
84
+ "effective_policy": { "type": "integer", "minimum": 0 },
85
+ "diagnostic": { "type": "integer", "minimum": 0 }
86
+ }
87
+ },
88
+ "edgeCounts": {
89
+ "type": "object",
90
+ "additionalProperties": false,
91
+ "required": [
92
+ "owned_by",
93
+ "has_lifecycle_status",
94
+ "declares_dependency",
95
+ "references",
96
+ "owns_local_resource",
97
+ "statically_references",
98
+ "inherits_owner",
99
+ "selects_security_profile",
100
+ "inherits_policy",
101
+ "has_effective_policy",
102
+ "has_diagnostic"
103
+ ],
104
+ "properties": {
105
+ "owned_by": { "type": "integer", "minimum": 0 },
106
+ "has_lifecycle_status": { "type": "integer", "minimum": 0 },
107
+ "declares_dependency": { "type": "integer", "minimum": 0 },
108
+ "references": { "type": "integer", "minimum": 0 },
109
+ "owns_local_resource": { "type": "integer", "minimum": 0 },
110
+ "statically_references": { "type": "integer", "minimum": 0 },
111
+ "inherits_owner": { "type": "integer", "minimum": 0 },
112
+ "selects_security_profile": { "type": "integer", "minimum": 0 },
113
+ "inherits_policy": { "type": "integer", "minimum": 0 },
114
+ "has_effective_policy": { "type": "integer", "minimum": 0 },
115
+ "has_diagnostic": { "type": "integer", "minimum": 0 }
116
+ }
117
+ },
118
+ "severityCounts": {
119
+ "type": "object",
120
+ "additionalProperties": false,
121
+ "required": [
122
+ "critical",
123
+ "high",
124
+ "medium",
125
+ "low",
126
+ "error",
127
+ "warning",
128
+ "info"
129
+ ],
130
+ "properties": {
131
+ "critical": { "type": "integer", "minimum": 0 },
132
+ "high": { "type": "integer", "minimum": 0 },
133
+ "medium": { "type": "integer", "minimum": 0 },
134
+ "low": { "type": "integer", "minimum": 0 },
135
+ "error": { "type": "integer", "minimum": 0 },
136
+ "warning": { "type": "integer", "minimum": 0 },
137
+ "info": { "type": "integer", "minimum": 0 }
138
+ }
139
+ },
140
+ "riskCounts": {
141
+ "type": "object",
142
+ "additionalProperties": false,
143
+ "required": ["violation", "suspicious", "advisory", "unclassified"],
144
+ "properties": {
145
+ "violation": { "type": "integer", "minimum": 0 },
146
+ "suspicious": { "type": "integer", "minimum": 0 },
147
+ "advisory": { "type": "integer", "minimum": 0 },
148
+ "unclassified": { "type": "integer", "minimum": 0 }
149
+ }
150
+ },
151
+ "evidence": {
152
+ "type": "object",
153
+ "required": ["path", "startLine", "endLine", "snippet"],
154
+ "properties": {
155
+ "path": { "type": "string" },
156
+ "startLine": { "type": "integer" },
157
+ "endLine": { "type": "integer" },
158
+ "snippet": { "type": "string" }
159
+ },
160
+ "additionalProperties": false
161
+ },
162
+ "inheritedFrom": {
163
+ "type": "object",
164
+ "additionalProperties": false,
165
+ "required": ["id", "sourcePath"],
166
+ "properties": {
167
+ "id": { "type": "string" },
168
+ "sourcePath": { "type": "string" }
169
+ }
170
+ },
171
+ "edgeProperties": {
172
+ "type": "object",
173
+ "properties": {
174
+ "policySources": {
175
+ "type": "array",
176
+ "minItems": 1,
177
+ "uniqueItems": true,
178
+ "items": {
179
+ "enum": [
180
+ "local",
181
+ "security_profile",
182
+ "repository_config",
183
+ "owning_skill"
184
+ ]
185
+ }
186
+ },
187
+ "ownershipSource": { "enum": ["declared", "inherited"] },
188
+ "inheritedFrom": { "$ref": "#/$defs/inheritedFrom" }
189
+ },
190
+ "additionalProperties": true
191
+ },
192
+ "node": {
193
+ "type": "object",
194
+ "additionalProperties": false,
195
+ "required": ["id", "type", "label"],
196
+ "properties": {
197
+ "id": { "type": "string" },
198
+ "type": { "$ref": "#/$defs/nodeTypes" },
199
+ "label": { "type": "string" },
200
+ "properties": { "type": "object" },
201
+ "evidence": { "type": "array", "items": { "$ref": "#/$defs/evidence" } }
202
+ }
203
+ },
204
+ "edge": {
205
+ "type": "object",
206
+ "additionalProperties": false,
207
+ "required": ["id", "from", "to", "type"],
208
+ "properties": {
209
+ "id": { "type": "string" },
210
+ "from": { "type": "string" },
211
+ "to": { "type": "string" },
212
+ "type": { "$ref": "#/$defs/edgeTypes" },
213
+ "properties": { "$ref": "#/$defs/edgeProperties" },
214
+ "evidence": { "type": "array", "items": { "$ref": "#/$defs/evidence" } }
215
+ },
216
+ "allOf": [
217
+ {
218
+ "if": {
219
+ "properties": { "type": { "const": "owned_by" } },
220
+ "required": ["type"]
221
+ },
222
+ "then": {
223
+ "required": ["properties"],
224
+ "properties": {
225
+ "properties": {
226
+ "type": "object",
227
+ "required": ["ownershipSource"],
228
+ "allOf": [
229
+ {
230
+ "if": {
231
+ "type": "object",
232
+ "properties": {
233
+ "ownershipSource": { "const": "inherited" }
234
+ },
235
+ "required": ["ownershipSource"]
236
+ },
237
+ "then": {
238
+ "type": "object",
239
+ "required": ["inheritedFrom"]
240
+ }
241
+ }
242
+ ]
243
+ }
244
+ }
245
+ }
246
+ },
247
+ {
248
+ "if": {
249
+ "properties": {
250
+ "type": { "const": "has_effective_policy" }
251
+ },
252
+ "required": ["type"]
253
+ },
254
+ "then": {
255
+ "required": ["properties"],
256
+ "properties": {
257
+ "properties": {
258
+ "type": "object",
259
+ "required": ["policySources"],
260
+ "allOf": [
261
+ {
262
+ "if": {
263
+ "type": "object",
264
+ "properties": {
265
+ "policySources": {
266
+ "type": "array",
267
+ "contains": { "const": "owning_skill" }
268
+ }
269
+ },
270
+ "required": ["policySources"]
271
+ },
272
+ "then": {
273
+ "type": "object",
274
+ "required": ["inheritedFrom"]
275
+ }
276
+ }
277
+ ]
278
+ }
279
+ }
280
+ }
281
+ }
282
+ ]
283
+ },
284
+ "finding": {
285
+ "type": "object",
286
+ "additionalProperties": false,
287
+ "required": ["source", "severity", "message"],
288
+ "properties": {
289
+ "source": { "enum": ["finding", "diagnostic"] },
290
+ "severity": { "$ref": "#/$defs/severity" },
291
+ "message": { "type": "string" },
292
+ "path": { "type": "string" },
293
+ "code": { "type": "string" },
294
+ "id": { "type": "string" },
295
+ "title": { "type": "string" },
296
+ "riskClass": { "enum": ["violation", "suspicious", "advisory"] },
297
+ "evidence": { "$ref": "#/$defs/evidence" }
298
+ }
299
+ }
300
+ }
301
+ }
@@ -294,7 +294,7 @@ Security findings may include `riskClass` so reviewers can distinguish clear vio
294
294
 
295
295
  Renma can summarize security posture from existing static security findings. The summary groups findings by `riskClass` (`violation`, `suspicious`, `advisory`, and `unclassified`) and by severity, and reports high/critical security finding counts.
296
296
 
297
- This is reporting-only in v1:
297
+ This is reporting-only in the v2 contract:
298
298
 
299
299
  - it does not add new detectors
300
300
  - it does not change scan `fail_on`
@@ -306,17 +306,33 @@ Runtime enforcement remains outside Renma.
306
306
 
307
307
  ### Effective policy inventory
308
308
 
309
- Renma can also summarize the effective static policy surface across discovered assets. The inventory is derived from asset-local policy metadata, selected security-profile chains, and repository-level `security` config.
309
+ Renma can also summarize the effective static policy surface across discovered assets. The inventory distinguishes assets with local metadata, inherited policy, effective policy, and no effective policy.
310
310
 
311
- The inventory reports policy coverage, network/upload/secrets booleans, human approval requirements, approved destinations, forbidden inputs, disallowed commands, and profile resolution counts. It is reporting-only in v1 and does not enforce runtime behavior.
311
+ Script and asset bytes never declare local policy. Skill-local scripts and
312
+ assets inherit policy only from one unambiguous owning Skill. Text scripts may
313
+ be scanned under that inherited policy from line 1; ordinary output assets and
314
+ binary files never contribute instruction text. Orphan scripts do not receive
315
+ policy-dependent evaluation from repository configuration without an owning
316
+ Skill and traceable inheritance evidence.
312
317
 
313
- `renma trust-graph` also includes effective policy evidence. Each effective policy node uses a deterministic fingerprint over normalized allowed data, forbidden inputs, network/upload/secrets booleans, human approval requirement, approved destinations, and disallowed commands. The graph links assets to selected security-profile values and to their effective policy fingerprint; it does not enforce the policy at runtime.
318
+ The inventory reports local, inherited, effective, and missing-effective coverage; network/upload/secrets booleans; human approval requirements; approved destinations; forbidden inputs; disallowed commands; and profile resolution counts. It is reporting-only in v2 and does not enforce runtime behavior.
319
+
320
+ `renma trust-graph` also includes effective policy evidence. Each effective policy node uses a deterministic fingerprint over normalized allowed data, forbidden inputs, network/upload/secrets booleans, human approval requirement, approved destinations, and disallowed commands. Every `has_effective_policy` edge carries a deterministic `policySources` array containing each source that contributed to the fingerprint: `local`, `security_profile`, `repository_config`, and/or `owning_skill`. Owning-Skill inheritance retains `inheritedFrom`, and selected-profile evidence retains the selected profile and profile chain. The graph does not enforce policy at runtime.
321
+
322
+ Contribution is recorded during effective-policy resolution with the same
323
+ precedence, fail-closed, replacement, accumulation, and deduplication rules. A
324
+ profile scalar overridden by local metadata is not a contribution. For
325
+ accumulating lists, every source that supplies a value is retained even when
326
+ another source supplies the same value and the effective list deduplicates it.
327
+ Source order is always `local`, `security_profile`, `repository_config`,
328
+ `owning_skill`. For inherited support, `local` refers to local metadata on the
329
+ owning Skill, while `owning_skill` identifies the inheritance channel.
314
330
 
315
331
  ### Security-aware semantic diff
316
332
 
317
333
  `renma diff` and `renma ci-report` can summarize how security posture and effective security policy inventory changed between two revisions.
318
334
 
319
- The diff uses existing static findings and existing policy metadata/config summaries. It does not add new detectors, change runtime behavior, change scan `fail_on`, change readiness scoring, or change CI pass/warn/fail status in v1.
335
+ The diff uses existing static findings and existing policy metadata/config summaries. It does not add new detectors, change runtime behavior, change scan `fail_on`, change readiness scoring, or change CI pass/warn/fail status.
320
336
 
321
337
  ## Common Security Diagnostics
322
338
 
@@ -0,0 +1,47 @@
1
+ # Trust Graph v2 Contract
2
+
3
+ Renma 0.18.0 emits only `renma.trustGraph.v2`, the first supported long-term
4
+ Trust Graph contract. The authoritative machine-readable definition is the
5
+ [Trust Graph v2 JSON Schema](schemas/trust-graph-v2.schema.json).
6
+
7
+ The required top-level fields are `schemaVersion`, `summary`, `nodes`, `edges`,
8
+ and `findings`. Node `properties` and node and edge `evidence` are optional.
9
+ Edge `properties` are optional except where an edge-specific provenance rule
10
+ requires them. Finding identity fields (`code`, `id`, `title`, `riskClass`,
11
+ `path`, and `evidence`) appear only when supplied. Missing optional fields are
12
+ omitted, not serialized as `null`.
13
+
14
+ Nodes are ordered by type and stable ID; edges by source, type, target, and ID;
15
+ findings by deterministic review order. Summary maps contain all enum members
16
+ with non-negative integer counts. Asset nodes include normalized ownership and
17
+ first-class support evidence.
18
+ Static support uses `owns_local_resource`, `statically_references`,
19
+ `inherits_owner`, and `inherits_policy`. Every `owned_by` edge declares
20
+ `ownershipSource`; when its value is `inherited`, the edge also retains an
21
+ `inheritedFrom` object with the owning asset ID and source path. Every
22
+ `has_effective_policy` edge has a non-empty, duplicate-free `policySources`
23
+ array. Its values are limited to `local`, `security_profile`,
24
+ `repository_config`, and `owning_skill`, in that generated order. Effective
25
+ policy inherited from an owning Skill retains `inheritedFrom`.
26
+
27
+ Representative complete top-level document:
28
+
29
+ ```json
30
+ {
31
+ "schemaVersion": "renma.trustGraph.v2",
32
+ "summary": {
33
+ "assetCount": 0, "nodeCount": 0, "edgeCount": 0, "findingCount": 0,
34
+ "nodeTypeCounts": { "asset": 0, "owner": 0, "lifecycle_status": 0, "security_profile": 0, "effective_policy": 0, "diagnostic": 0 },
35
+ "edgeTypeCounts": { "owned_by": 0, "has_lifecycle_status": 0, "declares_dependency": 0, "references": 0, "owns_local_resource": 0, "statically_references": 0, "inherits_owner": 0, "selects_security_profile": 0, "inherits_policy": 0, "has_effective_policy": 0, "has_diagnostic": 0 },
36
+ "findingSeverityCounts": { "critical": 0, "high": 0, "medium": 0, "low": 0, "error": 0, "warning": 0, "info": 0 },
37
+ "riskClassCounts": { "violation": 0, "suspicious": 0, "advisory": 0, "unclassified": 0 }
38
+ },
39
+ "nodes": [],
40
+ "edges": [],
41
+ "findings": []
42
+ }
43
+ ```
44
+
45
+ Within v2, evolution is additive and backward-compatible. Removing or changing
46
+ an existing field requires a new schema version. Enum additions are
47
+ consumer-visible and must be documented.
@@ -79,6 +79,17 @@ Context Asset, or a helper shared across workflows to `tools/**`, only when
79
79
  repository evidence supports that change; Renma does not move files
80
80
  automatically.
81
81
 
82
+ Skill-local support belongs only to the nearest Skill directory. When a local
83
+ support artifact does not declare an owner, ownership, Readiness, graph, Trust
84
+ Graph, and BOM reporting use the nearest Skill's owner as deterministic
85
+ effective ownership and mark it as inherited. This does not invent ownership
86
+ for shared Context Assets or unrelated repository files.
87
+
88
+ Only files marked Markdown-parser eligible contribute frontmatter metadata,
89
+ headings, links, code fences, and repeated-context evidence. Text scripts and
90
+ data assets remain raw text for dedicated static path or security analysis;
91
+ binary assets remain opaque.
92
+
82
93
  Avoid using reserved support directory names as skill names. Paths such as
83
94
  `skills/assets/SKILL.md`, `skills/examples/SKILL.md`,
84
95
  `skills/references/SKILL.md`, `skills/scripts/SKILL.md`, and
@@ -233,7 +244,7 @@ renma bom . --format markdown
233
244
  renma bom . --format json
234
245
  ```
235
246
 
236
- The BOM is a declared repository manifest. It combines catalog, graph, diagnostics, readiness, lifecycle, hash, and security posture evidence. It is not a record of actual LLM runtime usage. See the [Repository Context BOM contract](repository-context-bom.md) for the v1 boundaries.
247
+ The BOM is a declared repository manifest. It combines catalog, graph, diagnostics, readiness, lifecycle, hash, and security posture evidence. It is not a record of actual LLM runtime usage. See the [Repository Context BOM contract](repository-context-bom.md) for v2 boundaries.
237
248
 
238
249
  ## User Story: Improve Existing Skills With Diagnostics
239
250
 
@@ -366,7 +377,9 @@ The JSON configuration supports the same names used by the implementation, inclu
366
377
  - `globs`: glob patterns to scan.
367
378
  - `exclude`: paths or path prefixes to skip.
368
379
  - `suppressions`: rule suppressions that remove matching findings from normal reports and failure thresholds.
369
- - `max_file_size_bytes`: largest file renma will read.
380
+ - `max_file_size_bytes`: largest file renma will read for content analysis. A
381
+ larger discovered file remains repository existence evidence, so a valid
382
+ reference is not also reported as missing.
370
383
  - `max_depth`: maximum discovery depth.
371
384
  - `concurrency`: scan concurrency.
372
385
  - `fail_on`: scan exit threshold: `low`, `medium`, `high`, or `critical`.
@@ -388,6 +401,13 @@ against the collected repository snapshot. It validates the declared path but
388
401
  does not execute the command. Non-Skill documents do not receive an inferred
389
402
  Skill-relative base.
390
403
 
404
+ Static support reachability accepts explicit Skill-relative paths, explicit
405
+ basenames, Markdown link targets, quoted/code-form paths, and one additional
406
+ hop through a directly referenced index/reference. Free-prose matches against
407
+ generic filename stems such as `run`, `check`, or `logo` are not evidence.
408
+ Extensionless executables and quoted or linked asset paths with spaces are
409
+ valid; `..` traversal outside the Skill root remains invalid.
410
+
391
411
  Use `exclude` for files Renma should not scan. Use `suppressions` for audited exceptions where Renma should scan the file, detect matching findings internally, then omit those findings from normal reports and failure decisions. A suppression applies only when both `id` and `paths` match. Each suppression includes `id`, `paths`, required `reason`, and optional `expires`; the reason lives in config for auditability.
392
412
 
393
413
  Use a date in `YYYY-MM-DD` for temporary workarounds, or `"never"` when the exception is intentionally permanent. Permanent suppressions should still use narrow path patterns and a clear reason. Suppression path patterns are repository-relative and support exact paths, directory-prefix matches for non-glob patterns, `*` within one path segment, and `**` across directories.
@@ -418,6 +438,12 @@ Other default scan glob families are:
418
438
  - `skills/**/references/**/*.md`
419
439
  - `skills/**/examples/**/*.md`
420
440
  - `skills/**/scripts/**/*`
441
+ - `skills/**/assets/**/*`
442
+ - `.agents/skills/**/profiles/**/*.md`
443
+ - `.agents/skills/**/references/**/*`
444
+ - `.agents/skills/**/examples/**/*.md`
445
+ - `.agents/skills/**/scripts/**/*`
446
+ - `.agents/skills/**/assets/**/*`
421
447
  - `tools/**/*`
422
448
 
423
449
  ## Where To Go Next
@@ -425,6 +451,7 @@ Other default scan glob families are:
425
451
  - New to Renma? Start with [Authoring Guide](authoring-guide.md).
426
452
  - Writing security-sensitive skills or context assets? Read [Security Policy Guide](security-policy.md).
427
453
  - Fixing scan findings? See [Diagnostics Reference](diagnostics.md).
454
+ - Reviewing thresholds? See [Renma Quality Profile](quality-profile.md).
428
455
  - Trying a minimal clarify-before-act Skill interaction? Use
429
456
  [`examples/interactive-placeholder`](../examples/interactive-placeholder).
430
457
  - Trying richer repository-aware Skill, Context Lens, and Context Asset
@@ -525,7 +552,7 @@ renma bom . --format markdown
525
552
  renma bom . --format json --omit-generated-at
526
553
  ```
527
554
 
528
- Use the BOM when reviewers or CI consumers need one repository evidence manifest that combines existing Renma evidence: catalog asset inventory, repository-relative source paths, content hashes, owners, lifecycle metadata, tags, declared dependencies, graph resolution, diagnostics, readiness score and checks, workflow readiness, context lens summary, security posture, and security policy inventory. See the [Repository Context BOM contract](repository-context-bom.md) for the authoritative v1 schema, snapshot, reproducibility, provenance, and future consumed-context evidence boundaries.
555
+ Use the BOM when reviewers or CI consumers need one repository evidence manifest that combines existing Renma evidence. Renma 0.18.0 supports only v2, the first supported long-term BOM contract. It does not provide a v1 compatibility mode. V2 includes normalized declared/effective ownership plus static support relationships. See the [Repository Context BOM contract](repository-context-bom.md).
529
556
 
530
557
  The BOM is not a record of actual LLM runtime usage. Renma does not collect telemetry, assemble prompts, choose task-specific context, inject context into agents, import consumed-context evidence, or claim what an LLM actually consumed.
531
558
 
@@ -597,7 +624,9 @@ Use this when a reviewer or downstream tool needs one stable evidence layer that
597
624
 
598
625
  Trust Graph is repository evidence. It does not compute a trust score, select or inject runtime context, assemble prompts, call an LLM, collect telemetry, or enforce policy at runtime.
599
626
 
600
- Output includes stable node IDs, stable edge IDs, source evidence where parser support exists, normalized effective policy fingerprints, diagnostic links, and compact summary counts. JSON is the source of truth for downstream tools; Markdown is for human review. `scan --format json` includes the same Trust Graph under `trustGraph` so CI consumers can read one scan report when they do not need a separate command.
627
+ Renma 0.18.0 supports only Trust Graph v2, the first supported long-term contract. It includes normalized ownership and static `owns_local_resource`, `statically_references`, `inherits_owner`, and `inherits_policy` evidence. JSON is the source of truth; Markdown is for human review. `scan --format json` includes the same v2 contract under `trustGraph`.
628
+
629
+ Consumers must branch on `schemaVersion`, not on the Renma package version. A future incompatible contract may intentionally introduce v3.
601
630
 
602
631
  Reviewers can use Trust Graph to find assets without owners, find assets without lifecycle status, inspect assets sharing the same effective policy fingerprint, and connect diagnostics back to asset evidence. `trust-graph` exits `0` when the report is generated successfully; use `scan --fail-on` when CI should fail on findings.
603
632
 
@@ -655,7 +684,7 @@ The report summarizes readiness deltas, graph-resolution changes, added and remo
655
684
 
656
685
  Output includes a CI status (`PASS`, `WARN`, or `FAIL`), a summary, readiness changes, graph changes, and review-focused finding changes.
657
686
 
658
- Repository Context BOM artifacts describe declared repository state, not prompt assembly, context injection, agent execution, actual LLM runtime usage, or telemetry. Use `renma bom . --format json` when CI needs a machine-readable manifest and `renma bom . --format markdown` for review comments or artifacts. For v1 compatibility and reproducibility details, see the [Repository Context BOM contract](repository-context-bom.md).
687
+ Repository Context BOM artifacts describe declared repository state, not prompt assembly, context injection, agent execution, actual LLM runtime usage, or telemetry. Use `renma bom . --format json` when CI needs a machine-readable manifest and `renma bom . --format markdown` for review comments or artifacts. For v2 compatibility and reproducibility details, see the [Repository Context BOM contract](repository-context-bom.md).
659
688
 
660
689
  ### `ownership`
661
690
 
@@ -85,7 +85,7 @@ Run these commands from the renma repository root after building the CLI:
85
85
 
86
86
  ```bash
87
87
  npm run build
88
- node dist/index.js scan examples/context-repo
88
+ node dist/index.js scan examples/context-repo --fail-on high
89
89
  node dist/index.js catalog examples/context-repo --format markdown
90
90
  node dist/index.js ownership examples/context-repo --format markdown
91
91
  node dist/index.js graph examples/context-repo --view layered --format mermaid
@@ -99,7 +99,7 @@ node dist/index.js inspect examples/context-repo/skills/testing/spec-review/SKIL
99
99
  With an installed CLI, replace `node dist/index.js` with `renma`:
100
100
 
101
101
  ```bash
102
- renma scan examples/context-repo
102
+ renma scan examples/context-repo --fail-on high
103
103
  renma catalog examples/context-repo --format markdown
104
104
  renma ownership examples/context-repo --format markdown
105
105
  renma graph examples/context-repo --view layered --format mermaid
@@ -118,11 +118,10 @@ evidence into authoritative JSON or a Markdown review projection. `inspect`
118
118
  shows the structure of the workflow entrypoint.
119
119
 
120
120
  The example is structurally ready: its Skill and Lens validate, every declared
121
- relationship resolves, and every cataloged asset has an owner. `scan` also
122
- keeps advisory missing-security-policy findings visible for the fixture's
123
- Skill and Context Assets. The example does not invent security policy merely to
124
- produce an empty finding list; fixture owners would need to review and declare
125
- that policy.
121
+ relationship resolves, and every cataloged asset has an owner. Its Skill and
122
+ Context Assets declare a local-only security policy for repository files,
123
+ explicitly disclosed user inputs, and the Context bundled with the Skill, so
124
+ `scan` completes without diagnostics or security findings.
126
125
 
127
126
  ## Intentionally Not Demonstrated
128
127
 
@@ -11,6 +11,13 @@ when_to_use:
11
11
  - Reviewing payment write retry behavior or duplicate request handling
12
12
  when_not_to_use:
13
13
  - Reviewing non-payment retries or read-only request behavior
14
+ allowed_data:
15
+ - repo-local-files
16
+ - disclosed-user-provided-data
17
+ network_allowed: false
18
+ external_upload_allowed: false
19
+ secrets_allowed: false
20
+ requires_human_approval: true
14
21
  ---
15
22
 
16
23
  # Payment Idempotency
@@ -10,6 +10,13 @@ when_to_use:
10
10
  - Designing test cases around numeric, date, count, length, or pagination limits
11
11
  when_not_to_use:
12
12
  - Testing invalid inputs that are not tied to explicit boundary values
13
+ allowed_data:
14
+ - repo-local-files
15
+ - disclosed-user-provided-data
16
+ network_allowed: false
17
+ external_upload_allowed: false
18
+ secrets_allowed: false
19
+ requires_human_approval: true
13
20
  ---
14
21
 
15
22
  # Boundary Value Analysis
@@ -10,6 +10,13 @@ when_to_use:
10
10
  - Designing validation, unsupported-state, or error-handling test cases
11
11
  when_not_to_use:
12
12
  - Designing accepted boundary-value cases for valid limits
13
+ allowed_data:
14
+ - repo-local-files
15
+ - disclosed-user-provided-data
16
+ network_allowed: false
17
+ external_upload_allowed: false
18
+ secrets_allowed: false
19
+ requires_human_approval: true
13
20
  ---
14
21
 
15
22
  # Negative Testing
@@ -11,6 +11,11 @@ metadata:
11
11
  renma.requires-context: '["contexts/testing/negative-testing.md"]'
12
12
  renma.optional-context: '["context.domain.payment.idempotency"]'
13
13
  renma.requires-lens: '["lens.testing.spec-review.boundary-values"]'
14
+ renma.allowed-data: '["repo-local-files","skill-bundled-context","disclosed-user-provided-data"]'
15
+ renma.network-allowed: "false"
16
+ renma.external-upload-allowed: "false"
17
+ renma.secrets-allowed: "false"
18
+ renma.requires-human-approval: "true"
14
19
  ---
15
20
 
16
21
  # Spec Review
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "renma",
3
- "version": "0.17.0",
3
+ "version": "0.18.0",
4
4
  "description": "Manage human-curated context assets for LLMs and agents in Git.",
5
5
  "license": "MIT",
6
6
  "repository": {
@@ -57,6 +57,8 @@
57
57
  "devDependencies": {
58
58
  "@eslint/js": "^10.0.1",
59
59
  "@types/node": "^22.15.30",
60
+ "ajv": "^8.20.0",
61
+ "ajv-formats": "^3.0.1",
60
62
  "eslint": "^10.5.0",
61
63
  "eslint-config-prettier": "10.1.8",
62
64
  "prettier": "^3.5.3",