renma 0.17.0 → 0.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +152 -1
- package/README.md +11 -1
- package/architecture.md +21 -10
- package/design.md +52 -34
- package/dist/agent-skills.d.ts +1 -1
- package/dist/agent-skills.d.ts.map +1 -1
- package/dist/agent-skills.js +28 -8
- package/dist/agent-skills.js.map +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.d.ts.map +1 -1
- package/dist/catalog.js +120 -12
- package/dist/catalog.js.map +1 -1
- package/dist/cli-help.d.ts +12 -8
- package/dist/cli-help.d.ts.map +1 -1
- package/dist/cli-help.js +23 -1
- package/dist/cli-help.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +23 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/bom.d.ts +6 -3
- package/dist/commands/bom.d.ts.map +1 -1
- package/dist/commands/bom.js +27 -7
- package/dist/commands/bom.js.map +1 -1
- package/dist/commands/catalog.d.ts +1 -1
- package/dist/commands/catalog.d.ts.map +1 -1
- package/dist/commands/catalog.js +7 -1
- package/dist/commands/catalog.js.map +1 -1
- package/dist/commands/ci-report.d.ts.map +1 -1
- package/dist/commands/ci-report.js +18 -5
- package/dist/commands/ci-report.js.map +1 -1
- package/dist/commands/diff.js +8 -2
- package/dist/commands/diff.js.map +1 -1
- package/dist/commands/graph.d.ts +6 -2
- package/dist/commands/graph.d.ts.map +1 -1
- package/dist/commands/graph.js +23 -2
- package/dist/commands/graph.js.map +1 -1
- package/dist/commands/inspect.d.ts.map +1 -1
- package/dist/commands/inspect.js +2 -0
- package/dist/commands/inspect.js.map +1 -1
- package/dist/commands/ownership.d.ts +4 -3
- package/dist/commands/ownership.d.ts.map +1 -1
- package/dist/commands/ownership.js +27 -23
- package/dist/commands/ownership.js.map +1 -1
- package/dist/commands/readiness.d.ts +2 -1
- package/dist/commands/readiness.d.ts.map +1 -1
- package/dist/commands/readiness.js +98 -30
- package/dist/commands/readiness.js.map +1 -1
- package/dist/commands/scaffold.d.ts +3 -0
- package/dist/commands/scaffold.d.ts.map +1 -1
- package/dist/commands/scaffold.js +44 -9
- package/dist/commands/scaffold.js.map +1 -1
- package/dist/commands/suggest-metadata.d.ts.map +1 -1
- package/dist/commands/suggest-metadata.js +2 -0
- package/dist/commands/suggest-metadata.js.map +1 -1
- package/dist/commands/trust-graph.d.ts.map +1 -1
- package/dist/commands/trust-graph.js +12 -0
- package/dist/commands/trust-graph.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +10 -3
- package/dist/config.js.map +1 -1
- package/dist/context-lens.d.ts +1 -0
- package/dist/context-lens.d.ts.map +1 -1
- package/dist/context-lens.js +19 -1
- package/dist/context-lens.js.map +1 -1
- package/dist/diagnostic-ids.d.ts +9 -0
- package/dist/diagnostic-ids.d.ts.map +1 -1
- package/dist/diagnostic-ids.js +9 -0
- package/dist/diagnostic-ids.js.map +1 -1
- package/dist/discovery.d.ts +5 -0
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +108 -65
- package/dist/discovery.js.map +1 -1
- package/dist/markdown.d.ts.map +1 -1
- package/dist/markdown.js +15 -0
- package/dist/markdown.js.map +1 -1
- package/dist/metadata.d.ts +15 -1
- package/dist/metadata.d.ts.map +1 -1
- package/dist/metadata.js +235 -0
- package/dist/metadata.js.map +1 -1
- package/dist/model.d.ts +20 -1
- package/dist/model.d.ts.map +1 -1
- package/dist/model.js +4 -1
- package/dist/model.js.map +1 -1
- package/dist/quality-profile.d.ts +91 -0
- package/dist/quality-profile.d.ts.map +1 -0
- package/dist/quality-profile.js +91 -0
- package/dist/quality-profile.js.map +1 -0
- package/dist/repeated-context.d.ts.map +1 -1
- package/dist/repeated-context.js +38 -83
- package/dist/repeated-context.js.map +1 -1
- package/dist/repository-boundary.d.ts +30 -0
- package/dist/repository-boundary.d.ts.map +1 -0
- package/dist/repository-boundary.js +116 -0
- package/dist/repository-boundary.js.map +1 -0
- package/dist/repository-evidence.d.ts +2 -0
- package/dist/repository-evidence.d.ts.map +1 -1
- package/dist/repository-evidence.js +6 -4
- package/dist/repository-evidence.js.map +1 -1
- package/dist/repository-paths.d.ts +6 -2
- package/dist/repository-paths.d.ts.map +1 -1
- package/dist/repository-paths.js +75 -24
- package/dist/repository-paths.js.map +1 -1
- package/dist/rules.d.ts +2 -0
- package/dist/rules.d.ts.map +1 -1
- package/dist/rules.js +322 -189
- package/dist/rules.js.map +1 -1
- package/dist/scanner.d.ts.map +1 -1
- package/dist/scanner.js +5 -1
- package/dist/scanner.js.map +1 -1
- package/dist/security-diagnostics.d.ts.map +1 -1
- package/dist/security-diagnostics.js +95 -30
- package/dist/security-diagnostics.js.map +1 -1
- package/dist/security-diff.d.ts +5 -2
- package/dist/security-diff.d.ts.map +1 -1
- package/dist/security-diff.js +20 -4
- package/dist/security-diff.js.map +1 -1
- package/dist/security-policy-inventory.d.ts +15 -3
- package/dist/security-policy-inventory.d.ts.map +1 -1
- package/dist/security-policy-inventory.js +123 -26
- package/dist/security-policy-inventory.js.map +1 -1
- package/dist/security-policy.d.ts +7 -0
- package/dist/security-policy.d.ts.map +1 -1
- package/dist/security-policy.js +70 -7
- package/dist/security-policy.js.map +1 -1
- package/dist/security-posture.d.ts.map +1 -1
- package/dist/security-posture.js +2 -1
- package/dist/security-posture.js.map +1 -1
- package/dist/skill-migration.js +2 -0
- package/dist/skill-migration.js.map +1 -1
- package/dist/static-support.d.ts +13 -0
- package/dist/static-support.d.ts.map +1 -0
- package/dist/static-support.js +284 -0
- package/dist/static-support.js.map +1 -0
- package/dist/token-estimator.d.ts +21 -0
- package/dist/token-estimator.d.ts.map +1 -0
- package/dist/token-estimator.js +84 -0
- package/dist/token-estimator.js.map +1 -0
- package/dist/trust-graph.d.ts +3 -3
- package/dist/trust-graph.d.ts.map +1 -1
- package/dist/trust-graph.js +69 -10
- package/dist/trust-graph.js.map +1 -1
- package/dist/types.d.ts +6 -1
- package/dist/types.d.ts.map +1 -1
- package/docs/README.md +15 -8
- package/docs/advanced-skill-authoring.md +16 -9
- package/docs/agent-skills-compatibility.md +10 -2
- package/docs/authoring-guide.md +89 -6
- package/docs/context-lens.md +319 -153
- package/docs/diagnostics.md +46 -11
- package/docs/metadata-budget.md +32 -0
- package/docs/quality-profile.md +135 -0
- package/docs/repository-context-bom.md +67 -8
- package/docs/schemas/repository-context-bom-v2.schema.json +648 -0
- package/docs/schemas/trust-graph-v2.schema.json +301 -0
- package/docs/security-policy.md +21 -5
- package/docs/trust-graph.md +47 -0
- package/docs/user-manual.md +48 -7
- package/examples/context-lens/README.md +8 -3
- package/examples/context-lens/contexts/testing/boundary-value-analysis.md +6 -2
- package/examples/context-lens/lenses/testing/spec-review-boundary-values.md +27 -5
- package/examples/context-lens/lenses/testing/test-design-boundary-values.md +27 -5
- package/examples/context-lens/skills/testing/spec-review/SKILL.md +33 -4
- package/examples/context-repo/README.md +6 -7
- package/examples/context-repo/contexts/domain/payment/idempotency.md +7 -0
- package/examples/context-repo/contexts/testing/boundary-value-analysis.md +7 -0
- package/examples/context-repo/contexts/testing/negative-testing.md +7 -0
- package/examples/context-repo/skills/testing/spec-review/SKILL.md +5 -0
- package/package.json +3 -1
- package/plan-discovery.md +24 -15
- package/plan.md +59 -119
- package/scripts/verify-package.mjs +8 -1
|
@@ -11,8 +11,15 @@ tags:
|
|
|
11
11
|
purpose: test_design
|
|
12
12
|
applies_to:
|
|
13
13
|
- context.testing.boundary-value-analysis
|
|
14
|
-
focus:
|
|
15
|
-
|
|
14
|
+
focus:
|
|
15
|
+
- inclusive limits
|
|
16
|
+
- empty and zero values
|
|
17
|
+
- overflow behavior
|
|
18
|
+
- retry limits
|
|
19
|
+
expected_outputs:
|
|
20
|
+
- test cases
|
|
21
|
+
- edge-case checklist
|
|
22
|
+
- coverage notes
|
|
16
23
|
allowed_data:
|
|
17
24
|
- repo-local-files
|
|
18
25
|
network_allowed: false
|
|
@@ -22,8 +29,23 @@ requires_human_approval: false
|
|
|
22
29
|
---
|
|
23
30
|
# Test Design Lens for Boundary Values
|
|
24
31
|
|
|
25
|
-
|
|
32
|
+
Interpret the applied boundary-value Context for test design that provides
|
|
33
|
+
reviewable evidence of behavior at and around material limits.
|
|
26
34
|
|
|
27
|
-
|
|
35
|
+
## Interpretation Criteria
|
|
28
36
|
|
|
29
|
-
|
|
37
|
+
- Map each declared limit to cases below, at, and above the boundary when those
|
|
38
|
+
states are valid for the system.
|
|
39
|
+
- Distinguish inclusive from exclusive behavior and cover empty input, zero
|
|
40
|
+
values, overflow, maximum retries, and expected failure modes when applicable.
|
|
41
|
+
- Trace each proposed case to a stated requirement and identify any expected
|
|
42
|
+
result that the specification leaves unresolved.
|
|
43
|
+
- Prefer deterministic cases whose setup, assertion, and failure evidence can
|
|
44
|
+
distinguish product behavior from a test defect.
|
|
45
|
+
|
|
46
|
+
## Evidence And Output
|
|
47
|
+
|
|
48
|
+
Produce test cases, an edge-case checklist, and coverage notes with requirement
|
|
49
|
+
citations. Keep unresolved expected results explicit. Do not select runtime
|
|
50
|
+
Context, assemble a prompt, define the Skill workflow, or duplicate the base
|
|
51
|
+
Context.
|
|
@@ -19,7 +19,15 @@ metadata:
|
|
|
19
19
|
|
|
20
20
|
Use this skill to review a specification before implementation or test design.
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
This Skill owns the focused review workflow. The declared Context Asset owns
|
|
23
|
+
reusable boundary-value knowledge, and the declared Lenses own purpose-specific
|
|
24
|
+
interpretation of that knowledge.
|
|
25
|
+
|
|
26
|
+
## Selection Boundaries
|
|
27
|
+
|
|
28
|
+
Use this workflow when a specification needs evidence-backed analysis of
|
|
29
|
+
implementation or test-design boundaries. Do not use it to implement the
|
|
30
|
+
change, approve product decisions, or perform unrelated editorial review.
|
|
23
31
|
|
|
24
32
|
## Required Inputs
|
|
25
33
|
|
|
@@ -28,9 +36,28 @@ The skill stays thin. It declares the reusable base context and the purpose-orie
|
|
|
28
36
|
|
|
29
37
|
## Instructions
|
|
30
38
|
|
|
31
|
-
1.
|
|
32
|
-
|
|
33
|
-
|
|
39
|
+
1. Confirm that the supplied specification and its sources are available. If a
|
|
40
|
+
required source is missing, record the gap rather than inventing behavior.
|
|
41
|
+
2. Read the declared boundary-value Context Asset and the required spec-review
|
|
42
|
+
Lens. Apply the optional test-design Lens only when test coverage is also in
|
|
43
|
+
scope for the requested review.
|
|
44
|
+
3. Extract stated behavior, limits, assumptions, and sources from the supplied
|
|
45
|
+
specification. Keep facts separate from inferences and unresolved questions.
|
|
46
|
+
4. Apply the required Lens's interpretation criteria to the reusable Context.
|
|
47
|
+
Cite the reusable guidance where relevant instead of reproducing it in this
|
|
48
|
+
Skill or output.
|
|
49
|
+
5. Prioritize findings by implementation or release risk. Cite the relevant
|
|
50
|
+
specification section or repository evidence for every finding.
|
|
51
|
+
6. Produce the expected output below and leave decisions with the accountable
|
|
52
|
+
human owner.
|
|
53
|
+
|
|
54
|
+
## Expected Output
|
|
55
|
+
|
|
56
|
+
- A short scope and evidence summary.
|
|
57
|
+
- Prioritized unresolved questions and risk notes.
|
|
58
|
+
- Clarification suggestions tied to cited source gaps.
|
|
59
|
+
- The Context and Lens IDs applied, including why the optional Lens was or was
|
|
60
|
+
not used.
|
|
34
61
|
|
|
35
62
|
## When Not To Use
|
|
36
63
|
|
|
@@ -41,6 +68,8 @@ approval, or an editorial workflow for copy-only review.
|
|
|
41
68
|
|
|
42
69
|
- The output distinguishes known facts from open questions.
|
|
43
70
|
- The output cites the source-of-truth gaps it found.
|
|
71
|
+
- Each finding has an impact or risk and an evidence-backed rationale.
|
|
72
|
+
- Use of the optional Lens matches the requested review scope.
|
|
44
73
|
- The skill does not copy reusable testing guidance into this file.
|
|
45
74
|
|
|
46
75
|
## Completion Criteria
|
|
@@ -85,7 +85,7 @@ Run these commands from the renma repository root after building the CLI:
|
|
|
85
85
|
|
|
86
86
|
```bash
|
|
87
87
|
npm run build
|
|
88
|
-
node dist/index.js scan examples/context-repo
|
|
88
|
+
node dist/index.js scan examples/context-repo --fail-on high
|
|
89
89
|
node dist/index.js catalog examples/context-repo --format markdown
|
|
90
90
|
node dist/index.js ownership examples/context-repo --format markdown
|
|
91
91
|
node dist/index.js graph examples/context-repo --view layered --format mermaid
|
|
@@ -99,7 +99,7 @@ node dist/index.js inspect examples/context-repo/skills/testing/spec-review/SKIL
|
|
|
99
99
|
With an installed CLI, replace `node dist/index.js` with `renma`:
|
|
100
100
|
|
|
101
101
|
```bash
|
|
102
|
-
renma scan examples/context-repo
|
|
102
|
+
renma scan examples/context-repo --fail-on high
|
|
103
103
|
renma catalog examples/context-repo --format markdown
|
|
104
104
|
renma ownership examples/context-repo --format markdown
|
|
105
105
|
renma graph examples/context-repo --view layered --format mermaid
|
|
@@ -118,11 +118,10 @@ evidence into authoritative JSON or a Markdown review projection. `inspect`
|
|
|
118
118
|
shows the structure of the workflow entrypoint.
|
|
119
119
|
|
|
120
120
|
The example is structurally ready: its Skill and Lens validate, every declared
|
|
121
|
-
relationship resolves, and every cataloged asset has an owner.
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
that policy.
|
|
121
|
+
relationship resolves, and every cataloged asset has an owner. Its Skill and
|
|
122
|
+
Context Assets declare a local-only security policy for repository files,
|
|
123
|
+
explicitly disclosed user inputs, and the Context bundled with the Skill, so
|
|
124
|
+
`scan` completes without diagnostics or security findings.
|
|
126
125
|
|
|
127
126
|
## Intentionally Not Demonstrated
|
|
128
127
|
|
|
@@ -11,6 +11,13 @@ when_to_use:
|
|
|
11
11
|
- Reviewing payment write retry behavior or duplicate request handling
|
|
12
12
|
when_not_to_use:
|
|
13
13
|
- Reviewing non-payment retries or read-only request behavior
|
|
14
|
+
allowed_data:
|
|
15
|
+
- repo-local-files
|
|
16
|
+
- disclosed-user-provided-data
|
|
17
|
+
network_allowed: false
|
|
18
|
+
external_upload_allowed: false
|
|
19
|
+
secrets_allowed: false
|
|
20
|
+
requires_human_approval: true
|
|
14
21
|
---
|
|
15
22
|
|
|
16
23
|
# Payment Idempotency
|
|
@@ -10,6 +10,13 @@ when_to_use:
|
|
|
10
10
|
- Designing test cases around numeric, date, count, length, or pagination limits
|
|
11
11
|
when_not_to_use:
|
|
12
12
|
- Testing invalid inputs that are not tied to explicit boundary values
|
|
13
|
+
allowed_data:
|
|
14
|
+
- repo-local-files
|
|
15
|
+
- disclosed-user-provided-data
|
|
16
|
+
network_allowed: false
|
|
17
|
+
external_upload_allowed: false
|
|
18
|
+
secrets_allowed: false
|
|
19
|
+
requires_human_approval: true
|
|
13
20
|
---
|
|
14
21
|
|
|
15
22
|
# Boundary Value Analysis
|
|
@@ -10,6 +10,13 @@ when_to_use:
|
|
|
10
10
|
- Designing validation, unsupported-state, or error-handling test cases
|
|
11
11
|
when_not_to_use:
|
|
12
12
|
- Designing accepted boundary-value cases for valid limits
|
|
13
|
+
allowed_data:
|
|
14
|
+
- repo-local-files
|
|
15
|
+
- disclosed-user-provided-data
|
|
16
|
+
network_allowed: false
|
|
17
|
+
external_upload_allowed: false
|
|
18
|
+
secrets_allowed: false
|
|
19
|
+
requires_human_approval: true
|
|
13
20
|
---
|
|
14
21
|
|
|
15
22
|
# Negative Testing
|
|
@@ -11,6 +11,11 @@ metadata:
|
|
|
11
11
|
renma.requires-context: '["contexts/testing/negative-testing.md"]'
|
|
12
12
|
renma.optional-context: '["context.domain.payment.idempotency"]'
|
|
13
13
|
renma.requires-lens: '["lens.testing.spec-review.boundary-values"]'
|
|
14
|
+
renma.allowed-data: '["repo-local-files","skill-bundled-context","disclosed-user-provided-data"]'
|
|
15
|
+
renma.network-allowed: "false"
|
|
16
|
+
renma.external-upload-allowed: "false"
|
|
17
|
+
renma.secrets-allowed: "false"
|
|
18
|
+
renma.requires-human-approval: "true"
|
|
14
19
|
---
|
|
15
20
|
|
|
16
21
|
# Spec Review
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "renma",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.18.1",
|
|
4
4
|
"description": "Manage human-curated context assets for LLMs and agents in Git.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|
|
@@ -57,6 +57,8 @@
|
|
|
57
57
|
"devDependencies": {
|
|
58
58
|
"@eslint/js": "^10.0.1",
|
|
59
59
|
"@types/node": "^22.15.30",
|
|
60
|
+
"ajv": "^8.20.0",
|
|
61
|
+
"ajv-formats": "^3.0.1",
|
|
60
62
|
"eslint": "^10.5.0",
|
|
61
63
|
"eslint-config-prettier": "10.1.8",
|
|
62
64
|
"prettier": "^3.5.3",
|
package/plan-discovery.md
CHANGED
|
@@ -1,24 +1,26 @@
|
|
|
1
1
|
# Renma Skill Discovery Plan
|
|
2
2
|
|
|
3
|
-
Status:
|
|
3
|
+
Status: deferred exploratory design
|
|
4
4
|
|
|
5
|
-
Target: 0.18.0
|
|
5
|
+
Target: unassigned (post-0.18.0)
|
|
6
6
|
|
|
7
7
|
Scope: optional, backward-compatible skill discovery for large single repositories
|
|
8
8
|
|
|
9
|
-
Only **Current Baseline** describes implemented behavior.
|
|
10
|
-
`skill-index`, discovery
|
|
11
|
-
|
|
12
|
-
|
|
9
|
+
Only **Current Baseline** describes implemented behavior. `routes_to`,
|
|
10
|
+
`skill-index`, discovery aliases, explicit routing entrypoints, generated
|
|
11
|
+
indexes, and related diagnostics are deferred proposals. They are not Renma
|
|
12
|
+
0.18.0 behavior and have no assigned release. Runtime Skill selection remains
|
|
13
|
+
outside Renma.
|
|
13
14
|
|
|
14
15
|
## Summary
|
|
15
16
|
|
|
16
17
|
Renma should add a static skill discovery projection for repositories that have grown beyond the point where an agent can reliably inspect every `SKILL.md` before choosing where to start.
|
|
17
18
|
|
|
18
|
-
|
|
19
|
+
Any future implementation must be reconsidered against Renma's focused-workflow
|
|
20
|
+
model and boundaries:
|
|
19
21
|
|
|
20
22
|
```text
|
|
21
|
-
Skill =
|
|
23
|
+
Skill = focused, bounded workflow entrypoint and usage guide
|
|
22
24
|
Context Lens = purpose-oriented interpretation layer over context assets
|
|
23
25
|
Context Asset = independently owned source-of-truth knowledge
|
|
24
26
|
```
|
|
@@ -43,23 +45,30 @@ LLM proposes. Renma verifies. Human approves.
|
|
|
43
45
|
|
|
44
46
|
## Current Baseline
|
|
45
47
|
|
|
46
|
-
The
|
|
47
|
-
|
|
48
|
-
implementing discovery:
|
|
48
|
+
The implemented 0.18.0 product provides infrastructure that a future design
|
|
49
|
+
could reuse without implementing Skill-to-Skill routing:
|
|
49
50
|
|
|
50
|
-
- Repository discovery for
|
|
51
|
+
- Repository file discovery for Skills, Context Assets, Context Lenses,
|
|
52
|
+
profiles, references, examples, scripts, assets, agents, and config.
|
|
53
|
+
- First-class Skill-local support discovery, static reachability and ownership
|
|
54
|
+
relationships, and no-follow symlink handling.
|
|
51
55
|
- A normalized catalog model with deterministic IDs, paths, hashes, owners, lifecycle metadata, tags, and declared dependencies.
|
|
52
56
|
- A shared `RepositoryEvidence` collection path used by catalog, graph, and Repository Context BOM work.
|
|
53
57
|
- Static graph relationships for required and optional context, required and optional lenses, lens application, conflicts, supersession references, and coverage evidence.
|
|
54
58
|
- Markdown, JSON, and Mermaid reports for human review, CI, and downstream tooling.
|
|
55
|
-
- Readiness, semantic diff, ownership, Trust Graph
|
|
59
|
+
- Readiness, semantic diff, ownership, Trust Graph v2, Repository Context BOM
|
|
60
|
+
v2, diagnostics v2, review bundles, scaffold, and metadata suggestions.
|
|
61
|
+
- Effective security-policy provenance across local metadata, profiles,
|
|
62
|
+
repository configuration, and owning-Skill inheritance.
|
|
56
63
|
- A compact metadata parser that supports scalar values and selected block-list fields while intentionally discouraging large nested frontmatter.
|
|
57
64
|
|
|
58
|
-
Skill discovery
|
|
65
|
+
Deferred Skill-to-Skill discovery is distinct from this implemented repository
|
|
66
|
+
and support-resource discovery. Any future work must not create a parallel
|
|
67
|
+
scanner, second catalog, runtime service, or separate source of truth.
|
|
59
68
|
|
|
60
69
|
## Decision Status
|
|
61
70
|
|
|
62
|
-
|
|
71
|
+
Constraints for any future design are:
|
|
63
72
|
|
|
64
73
|
- Renma remains a deterministic repository-governance layer, not a runtime
|
|
65
74
|
selector.
|
package/plan.md
CHANGED
|
@@ -2,149 +2,89 @@
|
|
|
2
2
|
|
|
3
3
|
## Current Product Definition
|
|
4
4
|
|
|
5
|
-
Renma is a Git-native context repository
|
|
6
|
-
agent-consumable Skills, Context Lenses,
|
|
7
|
-
|
|
5
|
+
Renma 0.18.0 is the current shipped baseline: a Git-native context repository
|
|
6
|
+
and deterministic governance CLI for agent-consumable Skills, Context Lenses,
|
|
7
|
+
Context Assets, local support resources, policies, ownership, lifecycle,
|
|
8
|
+
dependencies, and review evidence.
|
|
8
9
|
|
|
9
10
|
```text
|
|
10
|
-
Skill =
|
|
11
|
+
Skill = focused, bounded workflow entrypoint
|
|
11
12
|
Context Lens = purpose-oriented interpretation over Context Assets
|
|
12
13
|
Context Asset = independently owned source-of-truth knowledge
|
|
13
14
|
```
|
|
14
15
|
|
|
15
|
-
Use platform-native
|
|
16
|
-
|
|
17
|
-
assets discoverable, compatible, owned, linked, validated, reviewable, and
|
|
18
|
-
measurable in Git and CI.
|
|
19
|
-
|
|
20
|
-
Renma's deterministic core follows:
|
|
16
|
+
Use platform-native guidance for general Skill authoring, then use Renma for
|
|
17
|
+
repository-specific governance. Renma follows the deterministic boundary:
|
|
21
18
|
|
|
22
19
|
```text
|
|
23
20
|
LLM proposes. Renma verifies. Human approves.
|
|
24
21
|
```
|
|
25
22
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
## Stable Product Boundaries
|
|
23
|
+
## Implemented 0.18.0 Baseline
|
|
29
24
|
|
|
30
|
-
|
|
25
|
+
The shipped baseline includes:
|
|
31
26
|
|
|
32
|
-
-
|
|
33
|
-
-
|
|
34
|
-
-
|
|
35
|
-
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
-
|
|
27
|
+
- focused workflow Skills with explicit usage boundaries rather than thin
|
|
28
|
+
routing-only entrypoints;
|
|
29
|
+
- progressive disclosure through static, reviewable references;
|
|
30
|
+
- first-class Skill-local `references/`, `profiles/`, `examples/`, `scripts/`,
|
|
31
|
+
and `assets/` resources under `skills/**` and `.agents/skills/**`;
|
|
32
|
+
- deterministic ownership, reachability, helper-command, and static support
|
|
33
|
+
relationships, including ambiguity that fails closed;
|
|
34
|
+
- repository-bounded discovery that never follows leaf or directory symlinks,
|
|
35
|
+
with actionable evidence for referenced unusable paths;
|
|
36
|
+
- canonical Agent Skills compatibility, migration guidance, scaffold, inspect,
|
|
37
|
+
and non-editing suggestion workflows;
|
|
38
|
+
- catalog, graph, ownership, Readiness, semantic diff, CI, diagnostics v2, and
|
|
39
|
+
review-bundle projections;
|
|
40
|
+
- security diagnostics, reusable profiles, effective-policy inventory, and
|
|
41
|
+
deterministic compositional policy provenance; and
|
|
42
|
+
- Repository Context BOM v2 and Trust Graph v2 as the first supported
|
|
43
|
+
long-term contracts and the only emitted BOM/Trust Graph schemas.
|
|
44
|
+
|
|
45
|
+
Repository Context BOM v2 is a declared repository manifest, not a record of
|
|
46
|
+
what an LLM consumed. Trust Graph v2 is deterministic review evidence, not a
|
|
47
|
+
subjective score or runtime enforcement system.
|
|
48
|
+
|
|
49
|
+
Historical release detail belongs in [CHANGELOG.md](CHANGELOG.md). Contract
|
|
50
|
+
details live in [architecture.md](architecture.md), [design.md](design.md), and
|
|
51
|
+
the focused documents under [docs/](docs/README.md).
|
|
40
52
|
|
|
41
|
-
|
|
53
|
+
## Stable Product Boundaries
|
|
42
54
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
- hosted dashboards or provider gateways;
|
|
49
|
-
- automatic semantic rewriting; or
|
|
50
|
-
- automatic policy weakening or suppression creation.
|
|
55
|
+
Renma owns repository discovery and parsing, normalized static evidence,
|
|
56
|
+
validation, deterministic projections, and review-oriented authoring support.
|
|
57
|
+
It does not own live Skill or Context selection, prompt assembly, execution,
|
|
58
|
+
runtime telemetry, hosted gateways, automatic semantic rewriting, or automatic
|
|
59
|
+
policy weakening.
|
|
51
60
|
|
|
52
|
-
|
|
53
|
-
of what an LLM consumed. Trust Graph remains deterministic review evidence, not
|
|
54
|
-
a subjective trust score or runtime enforcement system.
|
|
61
|
+
## Deferred Skill-to-Skill Discovery Design
|
|
55
62
|
|
|
56
|
-
|
|
63
|
+
Graph-based Skill-to-Skill route discovery is not a 0.18.0 feature and has no
|
|
64
|
+
assigned release. The exploratory design in
|
|
65
|
+
[plan-discovery.md](plan-discovery.md) discusses possible `routes_to` metadata,
|
|
66
|
+
discovery aliases, generated routing indexes, and a `skill-index` projection.
|
|
67
|
+
None is an implemented contract.
|
|
57
68
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
- first-class Context Assets and Context Lenses with graph-backed validation;
|
|
63
|
-
- repeated-context and workflow diagnostics;
|
|
64
|
-
- security diagnostics, reusable policy profiles, posture summaries, and
|
|
65
|
-
effective policy inventory;
|
|
66
|
-
- Trust Graph evidence and Repository Context BOM v1;
|
|
67
|
-
- `inspect`, `scaffold`, `suggest-metadata`, and
|
|
68
|
-
`suggest-semantic-split` authoring support;
|
|
69
|
-
- LLM-actionable diagnostics v2 and review bundles; and
|
|
70
|
-
- the canonical Agent Skills-compatible Skill format introduced in 0.16.0,
|
|
71
|
-
with flat string-valued `metadata.renma.*` governance and security fields and
|
|
72
|
-
a conservative one-way migration path.
|
|
73
|
-
|
|
74
|
-
Historical release detail belongs in [CHANGELOG.md](CHANGELOG.md). Authoritative
|
|
75
|
-
technical contracts remain in [architecture.md](architecture.md),
|
|
76
|
-
[design.md](design.md), and the focused documents under [docs/](docs/README.md).
|
|
77
|
-
|
|
78
|
-
## 0.17.0: Usability And Documentation Consolidation
|
|
79
|
-
|
|
80
|
-
Renma 0.17.0 improves the usability and consistency of the authoring and
|
|
81
|
-
governance workflows established in 0.16.0. It clarifies documentation, CLI
|
|
82
|
-
guidance, and the handoff between platform-native Skill authoring and Renma's
|
|
83
|
-
repository-specific validation.
|
|
84
|
-
|
|
85
|
-
The release focuses on:
|
|
86
|
-
|
|
87
|
-
- making the new-Skill authoring → scaffold → scan → refine loop discoverable;
|
|
88
|
-
- making the existing-Skill review → suggest-metadata → scan → refine loop
|
|
89
|
-
discoverable;
|
|
90
|
-
- keeping generic CLI guidance platform-neutral;
|
|
91
|
-
- preserving conservative blocked migration and non-editing behavior;
|
|
92
|
-
- consolidating README, user-manual, authoring, compatibility, architecture,
|
|
93
|
-
design, and roadmap responsibilities; and
|
|
94
|
-
- retaining detailed BOM, security, migration, diagnostic, and repository-model
|
|
95
|
-
contracts in focused documents.
|
|
96
|
-
|
|
97
|
-
This release does not add a major command, new schema, discovery model, runtime
|
|
98
|
-
capability, packaging system, or telemetry import.
|
|
99
|
-
|
|
100
|
-
## 0.18.0: Graph-Based Skill Discovery
|
|
101
|
-
|
|
102
|
-
The next proposed capability is a static Skill discovery projection for large
|
|
103
|
-
single repositories. The target is 0.18.0, not 0.17.0.
|
|
104
|
-
|
|
105
|
-
The proposal may add exact Skill-to-Skill route evidence, a static
|
|
106
|
-
`skill-index` report, conservative entrypoint inference, deterministic
|
|
107
|
-
discovery diagnostics, and later Readiness/diff integrations. It must preserve
|
|
108
|
-
the source `SKILL.md` files, the non-runtime boundary, deterministic outputs,
|
|
109
|
-
and backward compatibility.
|
|
110
|
-
|
|
111
|
-
The design is proposed rather than implemented. See
|
|
112
|
-
[plan-discovery.md](plan-discovery.md) for prototype knowledge, open decisions,
|
|
113
|
-
phases, and non-goals.
|
|
69
|
+
Any future proposal must be reconsidered against the focused-workflow model
|
|
70
|
+
introduced in 0.18.0. It must remain deterministic and static, avoid runtime
|
|
71
|
+
selection, preserve source Skills, and receive an explicit version and contract
|
|
72
|
+
decision before implementation.
|
|
114
73
|
|
|
115
74
|
## Later Candidates
|
|
116
75
|
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
-
|
|
120
|
-
|
|
121
|
-
- additive BOM or Trust Graph projections for stable discovery evidence;
|
|
122
|
-
- optional semantic review helpers that consume explicit deterministic bundles;
|
|
123
|
-
- multi-repository or distribution workflows after the single-repository model
|
|
124
|
-
is stable; and
|
|
125
|
-
- review visualizations derived from versioned report contracts.
|
|
126
|
-
|
|
127
|
-
These candidates require explicit product decisions. They are not commitments
|
|
128
|
-
and must not blur repository governance with runtime execution or telemetry
|
|
129
|
-
ownership.
|
|
76
|
+
Future product decisions may consider imported external consumed-context
|
|
77
|
+
evidence, additive projections over stable evidence, optional semantic-review
|
|
78
|
+
helpers, multi-repository workflows, or review visualizations. These are not
|
|
79
|
+
commitments and have no assigned version.
|
|
130
80
|
|
|
131
81
|
## Explicitly Out Of Scope
|
|
132
82
|
|
|
133
|
-
The current roadmap excludes:
|
|
134
|
-
|
|
135
83
|
- accepting task text and automatically selecting or ranking a Skill;
|
|
136
84
|
- fuzzy, embedding, or LLM-based runtime routing;
|
|
137
|
-
- runtime Context
|
|
138
|
-
- Skill or agent execution and tool orchestration;
|
|
139
|
-
- automatic Skill body rewriting;
|
|
140
|
-
- platform-native authoring logic inside Renma;
|
|
141
|
-
- arbitrary Skill roots without a separately reviewed compatibility decision;
|
|
142
|
-
- package publication, Context materialization, or repository distribution;
|
|
85
|
+
- runtime Context loading, injection, prompt assembly, or execution;
|
|
143
86
|
- runtime telemetry collection or hidden consumed-context import;
|
|
144
|
-
-
|
|
145
|
-
-
|
|
146
|
-
-
|
|
147
|
-
|
|
148
|
-
The roadmap should stay current-facing. Completed behavior belongs in the
|
|
149
|
-
baseline and changelog; detailed semantics belong in their canonical technical
|
|
150
|
-
documents; proposed discovery remains isolated in the 0.18.0 plan.
|
|
87
|
+
- automatic Skill-body rewriting or policy relaxation;
|
|
88
|
+
- arbitrary Skill roots without a reviewed compatibility decision; and
|
|
89
|
+
- advertising deferred `routes_to`, `skill-index`, aliases, or generated
|
|
90
|
+
routing indexes as current behavior.
|
|
@@ -23,7 +23,14 @@ try {
|
|
|
23
23
|
}
|
|
24
24
|
const files = new Set(report.files.map((file) => file.path));
|
|
25
25
|
|
|
26
|
-
for (const required of [
|
|
26
|
+
for (const required of [
|
|
27
|
+
"package.json",
|
|
28
|
+
"README.md",
|
|
29
|
+
"dist/index.js",
|
|
30
|
+
"docs/trust-graph.md",
|
|
31
|
+
"docs/schemas/repository-context-bom-v2.schema.json",
|
|
32
|
+
"docs/schemas/trust-graph-v2.schema.json",
|
|
33
|
+
]) {
|
|
27
34
|
requirePackagedPath(files, required);
|
|
28
35
|
}
|
|
29
36
|
|