renma 0.17.0 → 0.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +152 -1
- package/README.md +11 -1
- package/architecture.md +21 -10
- package/design.md +52 -34
- package/dist/agent-skills.d.ts +1 -1
- package/dist/agent-skills.d.ts.map +1 -1
- package/dist/agent-skills.js +28 -8
- package/dist/agent-skills.js.map +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.d.ts.map +1 -1
- package/dist/catalog.js +120 -12
- package/dist/catalog.js.map +1 -1
- package/dist/cli-help.d.ts +12 -8
- package/dist/cli-help.d.ts.map +1 -1
- package/dist/cli-help.js +23 -1
- package/dist/cli-help.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +23 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/bom.d.ts +6 -3
- package/dist/commands/bom.d.ts.map +1 -1
- package/dist/commands/bom.js +27 -7
- package/dist/commands/bom.js.map +1 -1
- package/dist/commands/catalog.d.ts +1 -1
- package/dist/commands/catalog.d.ts.map +1 -1
- package/dist/commands/catalog.js +7 -1
- package/dist/commands/catalog.js.map +1 -1
- package/dist/commands/ci-report.d.ts.map +1 -1
- package/dist/commands/ci-report.js +18 -5
- package/dist/commands/ci-report.js.map +1 -1
- package/dist/commands/diff.js +8 -2
- package/dist/commands/diff.js.map +1 -1
- package/dist/commands/graph.d.ts +6 -2
- package/dist/commands/graph.d.ts.map +1 -1
- package/dist/commands/graph.js +23 -2
- package/dist/commands/graph.js.map +1 -1
- package/dist/commands/inspect.d.ts.map +1 -1
- package/dist/commands/inspect.js +2 -0
- package/dist/commands/inspect.js.map +1 -1
- package/dist/commands/ownership.d.ts +4 -3
- package/dist/commands/ownership.d.ts.map +1 -1
- package/dist/commands/ownership.js +27 -23
- package/dist/commands/ownership.js.map +1 -1
- package/dist/commands/readiness.d.ts +2 -1
- package/dist/commands/readiness.d.ts.map +1 -1
- package/dist/commands/readiness.js +98 -30
- package/dist/commands/readiness.js.map +1 -1
- package/dist/commands/scaffold.d.ts +3 -0
- package/dist/commands/scaffold.d.ts.map +1 -1
- package/dist/commands/scaffold.js +44 -9
- package/dist/commands/scaffold.js.map +1 -1
- package/dist/commands/suggest-metadata.d.ts.map +1 -1
- package/dist/commands/suggest-metadata.js +2 -0
- package/dist/commands/suggest-metadata.js.map +1 -1
- package/dist/commands/trust-graph.d.ts.map +1 -1
- package/dist/commands/trust-graph.js +12 -0
- package/dist/commands/trust-graph.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +10 -3
- package/dist/config.js.map +1 -1
- package/dist/context-lens.d.ts +1 -0
- package/dist/context-lens.d.ts.map +1 -1
- package/dist/context-lens.js +19 -1
- package/dist/context-lens.js.map +1 -1
- package/dist/diagnostic-ids.d.ts +9 -0
- package/dist/diagnostic-ids.d.ts.map +1 -1
- package/dist/diagnostic-ids.js +9 -0
- package/dist/diagnostic-ids.js.map +1 -1
- package/dist/discovery.d.ts +5 -0
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +108 -65
- package/dist/discovery.js.map +1 -1
- package/dist/markdown.d.ts.map +1 -1
- package/dist/markdown.js +15 -0
- package/dist/markdown.js.map +1 -1
- package/dist/metadata.d.ts +15 -1
- package/dist/metadata.d.ts.map +1 -1
- package/dist/metadata.js +235 -0
- package/dist/metadata.js.map +1 -1
- package/dist/model.d.ts +20 -1
- package/dist/model.d.ts.map +1 -1
- package/dist/model.js +4 -1
- package/dist/model.js.map +1 -1
- package/dist/quality-profile.d.ts +91 -0
- package/dist/quality-profile.d.ts.map +1 -0
- package/dist/quality-profile.js +91 -0
- package/dist/quality-profile.js.map +1 -0
- package/dist/repeated-context.d.ts.map +1 -1
- package/dist/repeated-context.js +38 -83
- package/dist/repeated-context.js.map +1 -1
- package/dist/repository-boundary.d.ts +30 -0
- package/dist/repository-boundary.d.ts.map +1 -0
- package/dist/repository-boundary.js +116 -0
- package/dist/repository-boundary.js.map +1 -0
- package/dist/repository-evidence.d.ts +2 -0
- package/dist/repository-evidence.d.ts.map +1 -1
- package/dist/repository-evidence.js +6 -4
- package/dist/repository-evidence.js.map +1 -1
- package/dist/repository-paths.d.ts +6 -2
- package/dist/repository-paths.d.ts.map +1 -1
- package/dist/repository-paths.js +75 -24
- package/dist/repository-paths.js.map +1 -1
- package/dist/rules.d.ts +2 -0
- package/dist/rules.d.ts.map +1 -1
- package/dist/rules.js +322 -189
- package/dist/rules.js.map +1 -1
- package/dist/scanner.d.ts.map +1 -1
- package/dist/scanner.js +5 -1
- package/dist/scanner.js.map +1 -1
- package/dist/security-diagnostics.d.ts.map +1 -1
- package/dist/security-diagnostics.js +95 -30
- package/dist/security-diagnostics.js.map +1 -1
- package/dist/security-diff.d.ts +5 -2
- package/dist/security-diff.d.ts.map +1 -1
- package/dist/security-diff.js +20 -4
- package/dist/security-diff.js.map +1 -1
- package/dist/security-policy-inventory.d.ts +15 -3
- package/dist/security-policy-inventory.d.ts.map +1 -1
- package/dist/security-policy-inventory.js +123 -26
- package/dist/security-policy-inventory.js.map +1 -1
- package/dist/security-policy.d.ts +7 -0
- package/dist/security-policy.d.ts.map +1 -1
- package/dist/security-policy.js +70 -7
- package/dist/security-policy.js.map +1 -1
- package/dist/security-posture.d.ts.map +1 -1
- package/dist/security-posture.js +2 -1
- package/dist/security-posture.js.map +1 -1
- package/dist/skill-migration.js +2 -0
- package/dist/skill-migration.js.map +1 -1
- package/dist/static-support.d.ts +13 -0
- package/dist/static-support.d.ts.map +1 -0
- package/dist/static-support.js +284 -0
- package/dist/static-support.js.map +1 -0
- package/dist/token-estimator.d.ts +21 -0
- package/dist/token-estimator.d.ts.map +1 -0
- package/dist/token-estimator.js +84 -0
- package/dist/token-estimator.js.map +1 -0
- package/dist/trust-graph.d.ts +3 -3
- package/dist/trust-graph.d.ts.map +1 -1
- package/dist/trust-graph.js +69 -10
- package/dist/trust-graph.js.map +1 -1
- package/dist/types.d.ts +6 -1
- package/dist/types.d.ts.map +1 -1
- package/docs/README.md +15 -8
- package/docs/advanced-skill-authoring.md +16 -9
- package/docs/agent-skills-compatibility.md +10 -2
- package/docs/authoring-guide.md +89 -6
- package/docs/context-lens.md +319 -153
- package/docs/diagnostics.md +46 -11
- package/docs/metadata-budget.md +32 -0
- package/docs/quality-profile.md +135 -0
- package/docs/repository-context-bom.md +67 -8
- package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
- package/docs/schemas/trust-graph-v2.schema.json +301 -0
- package/docs/security-policy.md +21 -5
- package/docs/trust-graph.md +47 -0
- package/docs/user-manual.md +48 -7
- package/examples/context-lens/README.md +8 -3
- package/examples/context-lens/contexts/testing/boundary-value-analysis.md +6 -2
- package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +27 -5
- package/examples/context-lens/lenses/testing/test-design-boundary-values.md +27 -5
- package/examples/context-lens/skills/testing/spec-review/SKILL.md +33 -4
- package/examples/context-repo/README.md +6 -7
- package/examples/context-repo/contexts/domain/payment/idempotency.md +7 -0
- package/examples/context-repo/contexts/testing/boundary-value-analysis.md +7 -0
- package/examples/context-repo/contexts/testing/negative-testing.md +7 -0
- package/examples/context-repo/skills/testing/spec-review/SKILL.md +5 -0
- package/package.json +3 -1
- package/plan-discovery.md +24 -15
- package/plan.md +59 -119
- package/scripts/verify-package.mjs +8 -1
|
@@ -0,0 +1,301 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://github.com/KazuCocoa/renma/blob/main/docs/schemas/trust-graph-v2.schema.json",
|
|
4
|
+
"title": "Renma Trust Graph v2",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": ["schemaVersion", "summary", "nodes", "edges", "findings"],
|
|
8
|
+
"properties": {
|
|
9
|
+
"schemaVersion": { "const": "renma.trustGraph.v2" },
|
|
10
|
+
"summary": { "$ref": "#/$defs/summary" },
|
|
11
|
+
"nodes": { "type": "array", "items": { "$ref": "#/$defs/node" } },
|
|
12
|
+
"edges": { "type": "array", "items": { "$ref": "#/$defs/edge" } },
|
|
13
|
+
"findings": { "type": "array", "items": { "$ref": "#/$defs/finding" } }
|
|
14
|
+
},
|
|
15
|
+
"$defs": {
|
|
16
|
+
"nodeTypes": {
|
|
17
|
+
"enum": [
|
|
18
|
+
"asset",
|
|
19
|
+
"owner",
|
|
20
|
+
"lifecycle_status",
|
|
21
|
+
"security_profile",
|
|
22
|
+
"effective_policy",
|
|
23
|
+
"diagnostic"
|
|
24
|
+
]
|
|
25
|
+
},
|
|
26
|
+
"edgeTypes": {
|
|
27
|
+
"enum": [
|
|
28
|
+
"owned_by",
|
|
29
|
+
"has_lifecycle_status",
|
|
30
|
+
"declares_dependency",
|
|
31
|
+
"references",
|
|
32
|
+
"owns_local_resource",
|
|
33
|
+
"statically_references",
|
|
34
|
+
"inherits_owner",
|
|
35
|
+
"selects_security_profile",
|
|
36
|
+
"inherits_policy",
|
|
37
|
+
"has_effective_policy",
|
|
38
|
+
"has_diagnostic"
|
|
39
|
+
]
|
|
40
|
+
},
|
|
41
|
+
"severity": {
|
|
42
|
+
"enum": ["critical", "high", "medium", "low", "error", "warning", "info"]
|
|
43
|
+
},
|
|
44
|
+
"summary": {
|
|
45
|
+
"type": "object",
|
|
46
|
+
"additionalProperties": false,
|
|
47
|
+
"required": [
|
|
48
|
+
"assetCount",
|
|
49
|
+
"nodeCount",
|
|
50
|
+
"edgeCount",
|
|
51
|
+
"findingCount",
|
|
52
|
+
"nodeTypeCounts",
|
|
53
|
+
"edgeTypeCounts",
|
|
54
|
+
"findingSeverityCounts",
|
|
55
|
+
"riskClassCounts"
|
|
56
|
+
],
|
|
57
|
+
"properties": {
|
|
58
|
+
"assetCount": { "type": "integer", "minimum": 0 },
|
|
59
|
+
"nodeCount": { "type": "integer", "minimum": 0 },
|
|
60
|
+
"edgeCount": { "type": "integer", "minimum": 0 },
|
|
61
|
+
"findingCount": { "type": "integer", "minimum": 0 },
|
|
62
|
+
"nodeTypeCounts": { "$ref": "#/$defs/nodeCounts" },
|
|
63
|
+
"edgeTypeCounts": { "$ref": "#/$defs/edgeCounts" },
|
|
64
|
+
"findingSeverityCounts": { "$ref": "#/$defs/severityCounts" },
|
|
65
|
+
"riskClassCounts": { "$ref": "#/$defs/riskCounts" }
|
|
66
|
+
}
|
|
67
|
+
},
|
|
68
|
+
"nodeCounts": {
|
|
69
|
+
"type": "object",
|
|
70
|
+
"additionalProperties": false,
|
|
71
|
+
"required": [
|
|
72
|
+
"asset",
|
|
73
|
+
"owner",
|
|
74
|
+
"lifecycle_status",
|
|
75
|
+
"security_profile",
|
|
76
|
+
"effective_policy",
|
|
77
|
+
"diagnostic"
|
|
78
|
+
],
|
|
79
|
+
"properties": {
|
|
80
|
+
"asset": { "type": "integer", "minimum": 0 },
|
|
81
|
+
"owner": { "type": "integer", "minimum": 0 },
|
|
82
|
+
"lifecycle_status": { "type": "integer", "minimum": 0 },
|
|
83
|
+
"security_profile": { "type": "integer", "minimum": 0 },
|
|
84
|
+
"effective_policy": { "type": "integer", "minimum": 0 },
|
|
85
|
+
"diagnostic": { "type": "integer", "minimum": 0 }
|
|
86
|
+
}
|
|
87
|
+
},
|
|
88
|
+
"edgeCounts": {
|
|
89
|
+
"type": "object",
|
|
90
|
+
"additionalProperties": false,
|
|
91
|
+
"required": [
|
|
92
|
+
"owned_by",
|
|
93
|
+
"has_lifecycle_status",
|
|
94
|
+
"declares_dependency",
|
|
95
|
+
"references",
|
|
96
|
+
"owns_local_resource",
|
|
97
|
+
"statically_references",
|
|
98
|
+
"inherits_owner",
|
|
99
|
+
"selects_security_profile",
|
|
100
|
+
"inherits_policy",
|
|
101
|
+
"has_effective_policy",
|
|
102
|
+
"has_diagnostic"
|
|
103
|
+
],
|
|
104
|
+
"properties": {
|
|
105
|
+
"owned_by": { "type": "integer", "minimum": 0 },
|
|
106
|
+
"has_lifecycle_status": { "type": "integer", "minimum": 0 },
|
|
107
|
+
"declares_dependency": { "type": "integer", "minimum": 0 },
|
|
108
|
+
"references": { "type": "integer", "minimum": 0 },
|
|
109
|
+
"owns_local_resource": { "type": "integer", "minimum": 0 },
|
|
110
|
+
"statically_references": { "type": "integer", "minimum": 0 },
|
|
111
|
+
"inherits_owner": { "type": "integer", "minimum": 0 },
|
|
112
|
+
"selects_security_profile": { "type": "integer", "minimum": 0 },
|
|
113
|
+
"inherits_policy": { "type": "integer", "minimum": 0 },
|
|
114
|
+
"has_effective_policy": { "type": "integer", "minimum": 0 },
|
|
115
|
+
"has_diagnostic": { "type": "integer", "minimum": 0 }
|
|
116
|
+
}
|
|
117
|
+
},
|
|
118
|
+
"severityCounts": {
|
|
119
|
+
"type": "object",
|
|
120
|
+
"additionalProperties": false,
|
|
121
|
+
"required": [
|
|
122
|
+
"critical",
|
|
123
|
+
"high",
|
|
124
|
+
"medium",
|
|
125
|
+
"low",
|
|
126
|
+
"error",
|
|
127
|
+
"warning",
|
|
128
|
+
"info"
|
|
129
|
+
],
|
|
130
|
+
"properties": {
|
|
131
|
+
"critical": { "type": "integer", "minimum": 0 },
|
|
132
|
+
"high": { "type": "integer", "minimum": 0 },
|
|
133
|
+
"medium": { "type": "integer", "minimum": 0 },
|
|
134
|
+
"low": { "type": "integer", "minimum": 0 },
|
|
135
|
+
"error": { "type": "integer", "minimum": 0 },
|
|
136
|
+
"warning": { "type": "integer", "minimum": 0 },
|
|
137
|
+
"info": { "type": "integer", "minimum": 0 }
|
|
138
|
+
}
|
|
139
|
+
},
|
|
140
|
+
"riskCounts": {
|
|
141
|
+
"type": "object",
|
|
142
|
+
"additionalProperties": false,
|
|
143
|
+
"required": ["violation", "suspicious", "advisory", "unclassified"],
|
|
144
|
+
"properties": {
|
|
145
|
+
"violation": { "type": "integer", "minimum": 0 },
|
|
146
|
+
"suspicious": { "type": "integer", "minimum": 0 },
|
|
147
|
+
"advisory": { "type": "integer", "minimum": 0 },
|
|
148
|
+
"unclassified": { "type": "integer", "minimum": 0 }
|
|
149
|
+
}
|
|
150
|
+
},
|
|
151
|
+
"evidence": {
|
|
152
|
+
"type": "object",
|
|
153
|
+
"required": ["path", "startLine", "endLine", "snippet"],
|
|
154
|
+
"properties": {
|
|
155
|
+
"path": { "type": "string" },
|
|
156
|
+
"startLine": { "type": "integer" },
|
|
157
|
+
"endLine": { "type": "integer" },
|
|
158
|
+
"snippet": { "type": "string" }
|
|
159
|
+
},
|
|
160
|
+
"additionalProperties": false
|
|
161
|
+
},
|
|
162
|
+
"inheritedFrom": {
|
|
163
|
+
"type": "object",
|
|
164
|
+
"additionalProperties": false,
|
|
165
|
+
"required": ["id", "sourcePath"],
|
|
166
|
+
"properties": {
|
|
167
|
+
"id": { "type": "string" },
|
|
168
|
+
"sourcePath": { "type": "string" }
|
|
169
|
+
}
|
|
170
|
+
},
|
|
171
|
+
"edgeProperties": {
|
|
172
|
+
"type": "object",
|
|
173
|
+
"properties": {
|
|
174
|
+
"policySources": {
|
|
175
|
+
"type": "array",
|
|
176
|
+
"minItems": 1,
|
|
177
|
+
"uniqueItems": true,
|
|
178
|
+
"items": {
|
|
179
|
+
"enum": [
|
|
180
|
+
"local",
|
|
181
|
+
"security_profile",
|
|
182
|
+
"repository_config",
|
|
183
|
+
"owning_skill"
|
|
184
|
+
]
|
|
185
|
+
}
|
|
186
|
+
},
|
|
187
|
+
"ownershipSource": { "enum": ["declared", "inherited"] },
|
|
188
|
+
"inheritedFrom": { "$ref": "#/$defs/inheritedFrom" }
|
|
189
|
+
},
|
|
190
|
+
"additionalProperties": true
|
|
191
|
+
},
|
|
192
|
+
"node": {
|
|
193
|
+
"type": "object",
|
|
194
|
+
"additionalProperties": false,
|
|
195
|
+
"required": ["id", "type", "label"],
|
|
196
|
+
"properties": {
|
|
197
|
+
"id": { "type": "string" },
|
|
198
|
+
"type": { "$ref": "#/$defs/nodeTypes" },
|
|
199
|
+
"label": { "type": "string" },
|
|
200
|
+
"properties": { "type": "object" },
|
|
201
|
+
"evidence": { "type": "array", "items": { "$ref": "#/$defs/evidence" } }
|
|
202
|
+
}
|
|
203
|
+
},
|
|
204
|
+
"edge": {
|
|
205
|
+
"type": "object",
|
|
206
|
+
"additionalProperties": false,
|
|
207
|
+
"required": ["id", "from", "to", "type"],
|
|
208
|
+
"properties": {
|
|
209
|
+
"id": { "type": "string" },
|
|
210
|
+
"from": { "type": "string" },
|
|
211
|
+
"to": { "type": "string" },
|
|
212
|
+
"type": { "$ref": "#/$defs/edgeTypes" },
|
|
213
|
+
"properties": { "$ref": "#/$defs/edgeProperties" },
|
|
214
|
+
"evidence": { "type": "array", "items": { "$ref": "#/$defs/evidence" } }
|
|
215
|
+
},
|
|
216
|
+
"allOf": [
|
|
217
|
+
{
|
|
218
|
+
"if": {
|
|
219
|
+
"properties": { "type": { "const": "owned_by" } },
|
|
220
|
+
"required": ["type"]
|
|
221
|
+
},
|
|
222
|
+
"then": {
|
|
223
|
+
"required": ["properties"],
|
|
224
|
+
"properties": {
|
|
225
|
+
"properties": {
|
|
226
|
+
"type": "object",
|
|
227
|
+
"required": ["ownershipSource"],
|
|
228
|
+
"allOf": [
|
|
229
|
+
{
|
|
230
|
+
"if": {
|
|
231
|
+
"type": "object",
|
|
232
|
+
"properties": {
|
|
233
|
+
"ownershipSource": { "const": "inherited" }
|
|
234
|
+
},
|
|
235
|
+
"required": ["ownershipSource"]
|
|
236
|
+
},
|
|
237
|
+
"then": {
|
|
238
|
+
"type": "object",
|
|
239
|
+
"required": ["inheritedFrom"]
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
]
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
},
|
|
247
|
+
{
|
|
248
|
+
"if": {
|
|
249
|
+
"properties": {
|
|
250
|
+
"type": { "const": "has_effective_policy" }
|
|
251
|
+
},
|
|
252
|
+
"required": ["type"]
|
|
253
|
+
},
|
|
254
|
+
"then": {
|
|
255
|
+
"required": ["properties"],
|
|
256
|
+
"properties": {
|
|
257
|
+
"properties": {
|
|
258
|
+
"type": "object",
|
|
259
|
+
"required": ["policySources"],
|
|
260
|
+
"allOf": [
|
|
261
|
+
{
|
|
262
|
+
"if": {
|
|
263
|
+
"type": "object",
|
|
264
|
+
"properties": {
|
|
265
|
+
"policySources": {
|
|
266
|
+
"type": "array",
|
|
267
|
+
"contains": { "const": "owning_skill" }
|
|
268
|
+
}
|
|
269
|
+
},
|
|
270
|
+
"required": ["policySources"]
|
|
271
|
+
},
|
|
272
|
+
"then": {
|
|
273
|
+
"type": "object",
|
|
274
|
+
"required": ["inheritedFrom"]
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
]
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
]
|
|
283
|
+
},
|
|
284
|
+
"finding": {
|
|
285
|
+
"type": "object",
|
|
286
|
+
"additionalProperties": false,
|
|
287
|
+
"required": ["source", "severity", "message"],
|
|
288
|
+
"properties": {
|
|
289
|
+
"source": { "enum": ["finding", "diagnostic"] },
|
|
290
|
+
"severity": { "$ref": "#/$defs/severity" },
|
|
291
|
+
"message": { "type": "string" },
|
|
292
|
+
"path": { "type": "string" },
|
|
293
|
+
"code": { "type": "string" },
|
|
294
|
+
"id": { "type": "string" },
|
|
295
|
+
"title": { "type": "string" },
|
|
296
|
+
"riskClass": { "enum": ["violation", "suspicious", "advisory"] },
|
|
297
|
+
"evidence": { "$ref": "#/$defs/evidence" }
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
}
|
package/docs/security-policy.md
CHANGED
|
@@ -294,7 +294,7 @@ Security findings may include `riskClass` so reviewers can distinguish clear vio
|
|
|
294
294
|
|
|
295
295
|
Renma can summarize security posture from existing static security findings. The summary groups findings by `riskClass` (`violation`, `suspicious`, `advisory`, and `unclassified`) and by severity, and reports high/critical security finding counts.
|
|
296
296
|
|
|
297
|
-
This is reporting-only in
|
|
297
|
+
This is reporting-only in the v2 contract:
|
|
298
298
|
|
|
299
299
|
- it does not add new detectors
|
|
300
300
|
- it does not change scan `fail_on`
|
|
@@ -306,17 +306,33 @@ Runtime enforcement remains outside Renma.
|
|
|
306
306
|
|
|
307
307
|
### Effective policy inventory
|
|
308
308
|
|
|
309
|
-
Renma can also summarize the effective static policy surface across discovered assets. The inventory
|
|
309
|
+
Renma can also summarize the effective static policy surface across discovered assets. The inventory distinguishes assets with local metadata, inherited policy, effective policy, and no effective policy.
|
|
310
310
|
|
|
311
|
-
|
|
311
|
+
Script and asset bytes never declare local policy. Skill-local scripts and
|
|
312
|
+
assets inherit policy only from one unambiguous owning Skill. Text scripts may
|
|
313
|
+
be scanned under that inherited policy from line 1; ordinary output assets and
|
|
314
|
+
binary files never contribute instruction text. Orphan scripts do not receive
|
|
315
|
+
policy-dependent evaluation from repository configuration without an owning
|
|
316
|
+
Skill and traceable inheritance evidence.
|
|
312
317
|
|
|
313
|
-
|
|
318
|
+
The inventory reports local, inherited, effective, and missing-effective coverage; network/upload/secrets booleans; human approval requirements; approved destinations; forbidden inputs; disallowed commands; and profile resolution counts. It is reporting-only in v2 and does not enforce runtime behavior.
|
|
319
|
+
|
|
320
|
+
`renma trust-graph` also includes effective policy evidence. Each effective policy node uses a deterministic fingerprint over normalized allowed data, forbidden inputs, network/upload/secrets booleans, human approval requirement, approved destinations, and disallowed commands. Every `has_effective_policy` edge carries a deterministic `policySources` array containing each source that contributed to the fingerprint: `local`, `security_profile`, `repository_config`, and/or `owning_skill`. Owning-Skill inheritance retains `inheritedFrom`, and selected-profile evidence retains the selected profile and profile chain. The graph does not enforce policy at runtime.
|
|
321
|
+
|
|
322
|
+
Contribution is recorded during effective-policy resolution with the same
|
|
323
|
+
precedence, fail-closed, replacement, accumulation, and deduplication rules. A
|
|
324
|
+
profile scalar overridden by local metadata is not a contribution. For
|
|
325
|
+
accumulating lists, every source that supplies a value is retained even when
|
|
326
|
+
another source supplies the same value and the effective list deduplicates it.
|
|
327
|
+
Source order is always `local`, `security_profile`, `repository_config`,
|
|
328
|
+
`owning_skill`. For inherited support, `local` refers to local metadata on the
|
|
329
|
+
owning Skill, while `owning_skill` identifies the inheritance channel.
|
|
314
330
|
|
|
315
331
|
### Security-aware semantic diff
|
|
316
332
|
|
|
317
333
|
`renma diff` and `renma ci-report` can summarize how security posture and effective security policy inventory changed between two revisions.
|
|
318
334
|
|
|
319
|
-
The diff uses existing static findings and existing policy metadata/config summaries. It does not add new detectors, change runtime behavior, change scan `fail_on`, change readiness scoring, or change CI pass/warn/fail status
|
|
335
|
+
The diff uses existing static findings and existing policy metadata/config summaries. It does not add new detectors, change runtime behavior, change scan `fail_on`, change readiness scoring, or change CI pass/warn/fail status.
|
|
320
336
|
|
|
321
337
|
## Common Security Diagnostics
|
|
322
338
|
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# Trust Graph v2 Contract
|
|
2
|
+
|
|
3
|
+
Renma 0.18.0 emits only `renma.trustGraph.v2`, the first supported long-term
|
|
4
|
+
Trust Graph contract. The authoritative machine-readable definition is the
|
|
5
|
+
[Trust Graph v2 JSON Schema](schemas/trust-graph-v2.schema.json).
|
|
6
|
+
|
|
7
|
+
The required top-level fields are `schemaVersion`, `summary`, `nodes`, `edges`,
|
|
8
|
+
and `findings`. Node `properties` and node and edge `evidence` are optional.
|
|
9
|
+
Edge `properties` are optional except where an edge-specific provenance rule
|
|
10
|
+
requires them. Finding identity fields (`code`, `id`, `title`, `riskClass`,
|
|
11
|
+
`path`, and `evidence`) appear only when supplied. Missing optional fields are
|
|
12
|
+
omitted, not serialized as `null`.
|
|
13
|
+
|
|
14
|
+
Nodes are ordered by type and stable ID; edges by source, type, target, and ID;
|
|
15
|
+
findings by deterministic review order. Summary maps contain all enum members
|
|
16
|
+
with non-negative integer counts. Asset nodes include normalized ownership and
|
|
17
|
+
first-class support evidence.
|
|
18
|
+
Static support uses `owns_local_resource`, `statically_references`,
|
|
19
|
+
`inherits_owner`, and `inherits_policy`. Every `owned_by` edge declares
|
|
20
|
+
`ownershipSource`; when its value is `inherited`, the edge also retains an
|
|
21
|
+
`inheritedFrom` object with the owning asset ID and source path. Every
|
|
22
|
+
`has_effective_policy` edge has a non-empty, duplicate-free `policySources`
|
|
23
|
+
array. Its values are limited to `local`, `security_profile`,
|
|
24
|
+
`repository_config`, and `owning_skill`, in that generated order. Effective
|
|
25
|
+
policy inherited from an owning Skill retains `inheritedFrom`.
|
|
26
|
+
|
|
27
|
+
Representative complete top-level document:
|
|
28
|
+
|
|
29
|
+
```json
|
|
30
|
+
{
|
|
31
|
+
"schemaVersion": "renma.trustGraph.v2",
|
|
32
|
+
"summary": {
|
|
33
|
+
"assetCount": 0, "nodeCount": 0, "edgeCount": 0, "findingCount": 0,
|
|
34
|
+
"nodeTypeCounts": { "asset": 0, "owner": 0, "lifecycle_status": 0, "security_profile": 0, "effective_policy": 0, "diagnostic": 0 },
|
|
35
|
+
"edgeTypeCounts": { "owned_by": 0, "has_lifecycle_status": 0, "declares_dependency": 0, "references": 0, "owns_local_resource": 0, "statically_references": 0, "inherits_owner": 0, "selects_security_profile": 0, "inherits_policy": 0, "has_effective_policy": 0, "has_diagnostic": 0 },
|
|
36
|
+
"findingSeverityCounts": { "critical": 0, "high": 0, "medium": 0, "low": 0, "error": 0, "warning": 0, "info": 0 },
|
|
37
|
+
"riskClassCounts": { "violation": 0, "suspicious": 0, "advisory": 0, "unclassified": 0 }
|
|
38
|
+
},
|
|
39
|
+
"nodes": [],
|
|
40
|
+
"edges": [],
|
|
41
|
+
"findings": []
|
|
42
|
+
}
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Within v2, evolution is additive and backward-compatible. Removing or changing
|
|
46
|
+
an existing field requires a new schema version. Enum additions are
|
|
47
|
+
consumer-visible and must be documented.
|
package/docs/user-manual.md
CHANGED
|
@@ -79,6 +79,17 @@ Context Asset, or a helper shared across workflows to `tools/**`, only when
|
|
|
79
79
|
repository evidence supports that change; Renma does not move files
|
|
80
80
|
automatically.
|
|
81
81
|
|
|
82
|
+
Skill-local support belongs only to the nearest Skill directory. When a local
|
|
83
|
+
support artifact does not declare an owner, ownership, Readiness, graph, Trust
|
|
84
|
+
Graph, and BOM reporting use the nearest Skill's owner as deterministic
|
|
85
|
+
effective ownership and mark it as inherited. This does not invent ownership
|
|
86
|
+
for shared Context Assets or unrelated repository files.
|
|
87
|
+
|
|
88
|
+
Only files marked Markdown-parser eligible contribute frontmatter metadata,
|
|
89
|
+
headings, links, code fences, and repeated-context evidence. Text scripts and
|
|
90
|
+
data assets remain raw text for dedicated static path or security analysis;
|
|
91
|
+
binary assets remain opaque.
|
|
92
|
+
|
|
82
93
|
Avoid using reserved support directory names as skill names. Paths such as
|
|
83
94
|
`skills/assets/SKILL.md`, `skills/examples/SKILL.md`,
|
|
84
95
|
`skills/references/SKILL.md`, `skills/scripts/SKILL.md`, and
|
|
@@ -233,7 +244,7 @@ renma bom . --format markdown
|
|
|
233
244
|
renma bom . --format json
|
|
234
245
|
```
|
|
235
246
|
|
|
236
|
-
The BOM is a declared repository manifest. It combines catalog, graph, diagnostics, readiness, lifecycle, hash, and security posture evidence. It is not a record of actual LLM runtime usage. See the [Repository Context BOM contract](repository-context-bom.md) for
|
|
247
|
+
The BOM is a declared repository manifest. It combines catalog, graph, diagnostics, readiness, lifecycle, hash, and security posture evidence. It is not a record of actual LLM runtime usage. See the [Repository Context BOM contract](repository-context-bom.md) for v2 boundaries.
|
|
237
248
|
|
|
238
249
|
## User Story: Improve Existing Skills With Diagnostics
|
|
239
250
|
|
|
@@ -366,7 +377,9 @@ The JSON configuration supports the same names used by the implementation, inclu
|
|
|
366
377
|
- `globs`: glob patterns to scan.
|
|
367
378
|
- `exclude`: paths or path prefixes to skip.
|
|
368
379
|
- `suppressions`: rule suppressions that remove matching findings from normal reports and failure thresholds.
|
|
369
|
-
- `max_file_size_bytes`: largest file renma will read.
|
|
380
|
+
- `max_file_size_bytes`: largest file renma will read for content analysis. A
|
|
381
|
+
larger discovered file remains repository existence evidence, so a valid
|
|
382
|
+
reference is not also reported as missing.
|
|
370
383
|
- `max_depth`: maximum discovery depth.
|
|
371
384
|
- `concurrency`: scan concurrency.
|
|
372
385
|
- `fail_on`: scan exit threshold: `low`, `medium`, `high`, or `critical`.
|
|
@@ -388,6 +401,13 @@ against the collected repository snapshot. It validates the declared path but
|
|
|
388
401
|
does not execute the command. Non-Skill documents do not receive an inferred
|
|
389
402
|
Skill-relative base.
|
|
390
403
|
|
|
404
|
+
Static support reachability accepts explicit Skill-relative paths, explicit
|
|
405
|
+
basenames, Markdown link targets, quoted/code-form paths, and one additional
|
|
406
|
+
hop through a directly referenced index/reference. Free-prose matches against
|
|
407
|
+
generic filename stems such as `run`, `check`, or `logo` are not evidence.
|
|
408
|
+
Extensionless executables and quoted or linked asset paths with spaces are
|
|
409
|
+
valid; `..` traversal outside the Skill root remains invalid.
|
|
410
|
+
|
|
391
411
|
Use `exclude` for files Renma should not scan. Use `suppressions` for audited exceptions where Renma should scan the file, detect matching findings internally, then omit those findings from normal reports and failure decisions. A suppression applies only when both `id` and `paths` match. Each suppression includes `id`, `paths`, required `reason`, and optional `expires`; the reason lives in config for auditability.
|
|
392
412
|
|
|
393
413
|
Use a date in `YYYY-MM-DD` for temporary workarounds, or `"never"` when the exception is intentionally permanent. Permanent suppressions should still use narrow path patterns and a clear reason. Suppression path patterns are repository-relative and support exact paths, directory-prefix matches for non-glob patterns, `*` within one path segment, and `**` across directories.
|
|
@@ -418,6 +438,12 @@ Other default scan glob families are:
|
|
|
418
438
|
- `skills/**/references/**/*.md`
|
|
419
439
|
- `skills/**/examples/**/*.md`
|
|
420
440
|
- `skills/**/scripts/**/*`
|
|
441
|
+
- `skills/**/assets/**/*`
|
|
442
|
+
- `.agents/skills/**/profiles/**/*.md`
|
|
443
|
+
- `.agents/skills/**/references/**/*`
|
|
444
|
+
- `.agents/skills/**/examples/**/*.md`
|
|
445
|
+
- `.agents/skills/**/scripts/**/*`
|
|
446
|
+
- `.agents/skills/**/assets/**/*`
|
|
421
447
|
- `tools/**/*`
|
|
422
448
|
|
|
423
449
|
## Where To Go Next
|
|
@@ -425,6 +451,7 @@ Other default scan glob families are:
|
|
|
425
451
|
- New to Renma? Start with [Authoring Guide](authoring-guide.md).
|
|
426
452
|
- Writing security-sensitive skills or context assets? Read [Security Policy Guide](security-policy.md).
|
|
427
453
|
- Fixing scan findings? See [Diagnostics Reference](diagnostics.md).
|
|
454
|
+
- Reviewing thresholds? See [Renma Quality Profile](quality-profile.md).
|
|
428
455
|
- Trying a minimal clarify-before-act Skill interaction? Use
|
|
429
456
|
[`examples/interactive-placeholder`](../examples/interactive-placeholder).
|
|
430
457
|
- Trying richer repository-aware Skill, Context Lens, and Context Asset
|
|
@@ -525,7 +552,7 @@ renma bom . --format markdown
|
|
|
525
552
|
renma bom . --format json --omit-generated-at
|
|
526
553
|
```
|
|
527
554
|
|
|
528
|
-
Use the BOM when reviewers or CI consumers need one repository evidence manifest that combines existing Renma evidence
|
|
555
|
+
Use the BOM when reviewers or CI consumers need one repository evidence manifest that combines existing Renma evidence. Renma 0.18.0 supports only v2, the first supported long-term BOM contract. It does not provide a v1 compatibility mode. V2 includes normalized declared/effective ownership plus static support relationships. See the [Repository Context BOM contract](repository-context-bom.md).
|
|
529
556
|
|
|
530
557
|
The BOM is not a record of actual LLM runtime usage. Renma does not collect telemetry, assemble prompts, choose task-specific context, inject context into agents, import consumed-context evidence, or claim what an LLM actually consumed.
|
|
531
558
|
|
|
@@ -597,7 +624,9 @@ Use this when a reviewer or downstream tool needs one stable evidence layer that
|
|
|
597
624
|
|
|
598
625
|
Trust Graph is repository evidence. It does not compute a trust score, select or inject runtime context, assemble prompts, call an LLM, collect telemetry, or enforce policy at runtime.
|
|
599
626
|
|
|
600
|
-
|
|
627
|
+
Renma 0.18.0 supports only Trust Graph v2, the first supported long-term contract. It includes normalized ownership and static `owns_local_resource`, `statically_references`, `inherits_owner`, and `inherits_policy` evidence. JSON is the source of truth; Markdown is for human review. `scan --format json` includes the same v2 contract under `trustGraph`.
|
|
628
|
+
|
|
629
|
+
Consumers must branch on `schemaVersion`, not on the Renma package version. A future incompatible contract may intentionally introduce v3.
|
|
601
630
|
|
|
602
631
|
Reviewers can use Trust Graph to find assets without owners, find assets without lifecycle status, inspect assets sharing the same effective policy fingerprint, and connect diagnostics back to asset evidence. `trust-graph` exits `0` when the report is generated successfully; use `scan --fail-on` when CI should fail on findings.
|
|
603
632
|
|
|
@@ -655,7 +684,7 @@ The report summarizes readiness deltas, graph-resolution changes, added and remo
|
|
|
655
684
|
|
|
656
685
|
Output includes a CI status (`PASS`, `WARN`, or `FAIL`), a summary, readiness changes, graph changes, and review-focused finding changes.
|
|
657
686
|
|
|
658
|
-
Repository Context BOM artifacts describe declared repository state, not prompt assembly, context injection, agent execution, actual LLM runtime usage, or telemetry. Use `renma bom . --format json` when CI needs a machine-readable manifest and `renma bom . --format markdown` for review comments or artifacts. For
|
|
687
|
+
Repository Context BOM artifacts describe declared repository state, not prompt assembly, context injection, agent execution, actual LLM runtime usage, or telemetry. Use `renma bom . --format json` when CI needs a machine-readable manifest and `renma bom . --format markdown` for review comments or artifacts. For v2 compatibility and reproducibility details, see the [Repository Context BOM contract](repository-context-bom.md).
|
|
659
688
|
|
|
660
689
|
### `ownership`
|
|
661
690
|
|
|
@@ -682,7 +711,9 @@ Renma does not infer owners automatically. If an asset is unowned, choose an own
|
|
|
682
711
|
|
|
683
712
|
### `scaffold`
|
|
684
713
|
|
|
685
|
-
Creates a
|
|
714
|
+
Creates starter assets with distinct responsibilities: a Skill is a focused
|
|
715
|
+
workflow entrypoint, Context is durable reusable knowledge, and a Context Lens
|
|
716
|
+
is purpose-specific interpretation of one or more declared Context Assets.
|
|
686
717
|
|
|
687
718
|
```bash
|
|
688
719
|
renma scaffold skill skills/testing/spec-review/SKILL.md --owner qa-platform
|
|
@@ -691,7 +722,17 @@ renma scaffold context_lens lenses/testing/spec-review-boundary-values.md --owne
|
|
|
691
722
|
renma scaffold skill skills/testing/spec-review/SKILL.md --owner qa-platform --format prompt
|
|
692
723
|
```
|
|
693
724
|
|
|
694
|
-
`scaffold --format file` writes a starter file, `--format prompt` emits an
|
|
725
|
+
`scaffold --format file` writes a starter file, `--format prompt` emits an
|
|
726
|
+
authoring prompt, and `--format json` emits structured scaffold data. The
|
|
727
|
+
generated content is intentionally minimal; fill in metadata, dependencies, and
|
|
728
|
+
verification steps before depending on it in automation.
|
|
729
|
+
|
|
730
|
+
For a Context Lens, replace every placeholder `purpose`, `applies_to`, `focus`,
|
|
731
|
+
and `expected_outputs` value with repository-grounded content. Every
|
|
732
|
+
`applies_to` target must resolve to a real Context Asset. Do not use a Lens as
|
|
733
|
+
generic persona storage, a prompt template, or a runtime routing rule, and do
|
|
734
|
+
not create one when there is no Context Asset to interpret. See the
|
|
735
|
+
[Context Lens guide](context-lens.md) for the canonical decision model.
|
|
695
736
|
|
|
696
737
|
For a Skill, use platform-native authoring guidance before and after scaffolding.
|
|
697
738
|
File mode prints concise Skill-only next steps after the `Created` line. Prompt
|
|
@@ -15,9 +15,11 @@ It includes:
|
|
|
15
15
|
[`SKILL.md`](skills/testing/spec-review/SKILL.md) with static required and
|
|
16
16
|
optional Lens relationships.
|
|
17
17
|
|
|
18
|
-
The Skill is a
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
The Skill is a complete focused workflow entrypoint: it defines selection
|
|
19
|
+
boundaries, inputs, ordered review steps, output, validation, and completion.
|
|
20
|
+
The Context Asset owns reusable boundary-value knowledge. Each Lens explains
|
|
21
|
+
how to interpret that knowledge for a particular purpose without copying it
|
|
22
|
+
into the Skill.
|
|
21
23
|
|
|
22
24
|
```text
|
|
23
25
|
Skill -> Context Lens -> Context Asset
|
|
@@ -71,6 +73,9 @@ Review the boundary-value Context for ambiguity and missing limits.
|
|
|
71
73
|
```
|
|
72
74
|
|
|
73
75
|
The supported Lens schema version is `1`; the supported scope is `context`.
|
|
76
|
+
Structural validity is only the starting point. A useful Lens also defines
|
|
77
|
+
concrete questions, risks, checks, evidence, and expected outputs. Persona-only
|
|
78
|
+
wording such as “Act as a senior QA engineer” is not sufficient by itself.
|
|
74
79
|
|
|
75
80
|
## Diagnostic Illustration
|
|
76
81
|
|
|
@@ -18,6 +18,10 @@ requires_human_approval: false
|
|
|
18
18
|
---
|
|
19
19
|
# Boundary Value Analysis
|
|
20
20
|
|
|
21
|
-
Boundary value analysis is reusable testing knowledge. It should stay as a base
|
|
21
|
+
Boundary value analysis is reusable testing knowledge. It should stay as a base
|
|
22
|
+
Context Asset because it can support spec review, test design, regression
|
|
23
|
+
planning, onboarding, and other Skills.
|
|
22
24
|
|
|
23
|
-
|
|
25
|
+
When several workflows need reusable purpose-specific interpretation, keep that
|
|
26
|
+
interpretation in Context Lenses instead of copying this knowledge into each
|
|
27
|
+
Skill. A Skill may reference this Context directly when no Lens adds value.
|
|
@@ -11,8 +11,15 @@ tags:
|
|
|
11
11
|
purpose: spec_review
|
|
12
12
|
applies_to:
|
|
13
13
|
- context.testing.boundary-value-analysis
|
|
14
|
-
focus:
|
|
15
|
-
|
|
14
|
+
focus:
|
|
15
|
+
- ambiguity
|
|
16
|
+
- missing boundary
|
|
17
|
+
- source of truth
|
|
18
|
+
- confirmation questions
|
|
19
|
+
expected_outputs:
|
|
20
|
+
- unresolved questions
|
|
21
|
+
- risk notes
|
|
22
|
+
- spec clarification suggestions
|
|
16
23
|
allowed_data:
|
|
17
24
|
- repo-local-files
|
|
18
25
|
network_allowed: false
|
|
@@ -22,8 +29,23 @@ requires_human_approval: false
|
|
|
22
29
|
---
|
|
23
30
|
# Spec Review Lens for Boundary Values
|
|
24
31
|
|
|
25
|
-
|
|
32
|
+
Interpret the applied boundary-value Context from the perspective of an
|
|
33
|
+
experienced QA reviewer responsible for finding specification risk before
|
|
34
|
+
implementation.
|
|
26
35
|
|
|
27
|
-
|
|
36
|
+
## Interpretation Criteria
|
|
28
37
|
|
|
29
|
-
|
|
38
|
+
- Determine whether each material limit has an exact value and an identified
|
|
39
|
+
source of truth.
|
|
40
|
+
- Check whether lower and upper bounds are inclusive or exclusive and whether
|
|
41
|
+
empty, zero, overflow, and retry-limit behavior is specified.
|
|
42
|
+
- Identify conflicting requirements, undefined ownership, and assumptions that
|
|
43
|
+
could lead implementations or tests to disagree.
|
|
44
|
+
- Distinguish documented facts from inferred behavior and unresolved decisions.
|
|
45
|
+
|
|
46
|
+
## Evidence And Output
|
|
47
|
+
|
|
48
|
+
Cite the specification section or repository source behind every conclusion.
|
|
49
|
+
Produce prioritized unresolved questions, risk notes, and clarification
|
|
50
|
+
suggestions. Do not duplicate the base Context, define the Skill workflow, or
|
|
51
|
+
turn this Lens into a prompt template.
|