skill-guard 0.4.2__tar.gz

skill_guard-0.4.2/.github/workflows/ci.yml

@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - run: pip install -e ".[dev]"
+      - run: ruff check .
+      - run: ruff format --check .
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    needs: lint
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - run: pip install -e ".[dev]"
+      - run: pytest tests/unit/ -v --cov=skill_guard --cov-report=xml
+
+  integration-tests:
+    runs-on: ubuntu-latest
+    needs: unit-tests
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - run: pip install -e ".[dev]"
+      - name: Run integration tests (mock agent)
+        run: pytest tests/integration/ -v -m integration --no-cov

skill_guard-0.4.2/.github/workflows/publish.yaml

@@ -0,0 +1,46 @@
+name: Publish to PyPI
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  id-token: write   # required for PyPI Trusted Publishing (OIDC)
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build distributions
+        run: python -m build
+
+      - name: Upload dist artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    steps:
+      - name: Download dist artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI (Trusted Publishing)
+        uses: pypa/gh-action-pypi-publish@release/v1

skill_guard-0.4.2/.github/workflows/skill-gate-monitor.yml

@@ -0,0 +1,20 @@
+name: skill-guard Monitor
+
+on:
+  schedule:
+    - cron: "0 9 * * 1"
+  workflow_dispatch:
+
+jobs:
+  monitor:
+    runs-on: ubuntu-latest
+    env:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - run: pip install skill-guard
+      - run: skill-guard monitor --catalog skill-catalog.yaml --format md

skill_guard-0.4.2/.gitignore

@@ -0,0 +1,80 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+pip-log.txt
+pip-delete-this-directory.txt
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+*.mo
+*.pot
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+instance/
+.webassets-cache
+.scrapy
+docs/_build/
+.pybuilder/
+target/
+.ipynb_checkpoints
+profile_default/
+ipython_config.py
+.pdm.toml
+__pypackages__/
+celerybeat-schedule
+celerybeat.pid
+*.sage.py
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.spyderproject.db
+.spyproject
+.rope_project
+/site
+.mypy_cache/
+.dmypy.json
+dmypy.json
+.pyre/
+.pytype/
+cython_debug/
+.idea/
+.vscode/
+*.swp
+*.swo
+.DS_Store
+skill-gate.yaml
+skill-catalog.yaml

skill_guard-0.4.2/CHANGELOG.md

@@ -0,0 +1,63 @@
+# Changelog
+
+## v0.3.0 — 2026-03-05
+
+### Phase 3: Monitoring + Lifecycle
+
+**New:**
+- `skill-guard monitor` — full health check pipeline across all catalog skills
+- `lifecycle.py` — automated stage transitions (production → degraded → deprecated), staleness checks, CODEOWNERS/MAINTAINERS ownership validation
+- `notifier.py` — Slack webhook alerts + GitHub Issues creation (deduplicates open issues)
+- `output/html.py` — HTML health report with inline CSS, color-coded status cards
+- `.github/workflows/skill-guard-monitor.yml` — weekly scheduled monitoring (Monday 9am UTC)
+
+**Tests:** 64 passing, 81.57% coverage
+
+---
+
+## v0.2.0 — 2026-03-05
+
+### Phase 2: Integration Testing + Catalog
+
+**New:**
+- `skill-guard test` — runs evals against real agent via OpenAI Responses API
+- `skill-guard catalog` — register, list, search, stats subcommands
+- `skill-guard check` — full pipeline: validate → secure → conflict → test in one pass
+- `agent_runner.py` — async eval execution, pre/post hook support, health polling
+- `catalog_manager.py` — atomic YAML catalog read/write, stage management
+- `docs/ci-integration.md` — full GitHub Actions integration guide
+- CI: lint → unit-tests → integration-tests pipeline
+
+**Tests:** 50 passing, 80.82% coverage
+
+---
+
+## v0.1.0 — 2026-03-05
+
+### Phase 1: Static Analysis Foundation
+
+**New:**
+- `skill-guard validate` — schema validation, description quality, eval presence checks
+- `skill-guard secure` — prompt injection detection, scope violation scanning
+- `skill-guard conflict` — TF-IDF cosine similarity conflict detection
+- `skill-guard init` — project scaffold (skill-guard.yaml + CI workflow)
+
+## v0.3.2 — 2026-03-05
+
+### Bug fixes & docs
+
+- Fix: wrong Anthropic skill-creator URL in README
+- Fix: README Documentation section linked to non-existent files
+- Docs: add `docs/eval-authoring-guide.md` — eval authoring reference
+- Docs: add `docs/hooks-guide.md` — pre/post hook scripts guide
+- Docs: add `docs/integration-guide.md` — end-to-end setup with real Responses API agent
+
+## v0.4.0 — 2026-03-05
+
+### Project rename: skill-gate → skill-guard
+
+- PyPI package: `skill-guard` (was `agentskill-gate`)
+- CLI command: `skill-guard` (was `skill-gate`)
+- Python package: `skill_guard` (was `skill_gate`)
+- GitHub repo: `vaibhavtupe/skill-guard` (was `skill-gate`)
+- All functionality unchanged — pure rename

skill_guard-0.4.2/CONTRIBUTING.md

@@ -0,0 +1,65 @@
+# Contributing to skill-guard
+
+Thank you for your interest in contributing! skill-guard is an open source project and we welcome contributions of all kinds.
+
+## Getting Started
+
+```bash
+# Clone the repo
+git clone https://github.com/vaibhavtupe/skill-guard.git
+cd skill-guard
+
+# Create a virtual environment
+python -m venv .venv
+source .venv/bin/activate  # On Windows: .venv\Scripts\activate
+
+# Install in development mode with dev dependencies
+pip install -e ".[dev]"
+
+# Run tests
+pytest
+
+# Run linting
+ruff check .
+ruff format .
+```
+
+## Development Workflow
+
+1. Fork the repository
+2. Create a feature branch: `git checkout -b feature/your-feature-name`
+3. Make your changes
+4. Add tests for new functionality
+5. Ensure all tests pass: `pytest`
+6. Ensure linting passes: `ruff check . && ruff format --check .`
+7. Open a Pull Request
+
+## Pull Request Guidelines
+
+- Keep PRs focused — one feature or fix per PR
+- Include tests for any new functionality
+- Update documentation if you're changing behavior
+- The PR description should explain what changed and why
+- All CI checks must pass before merge
+
+## Issue Templates
+
+Use the GitHub issue templates for:
+- **Bug reports** — include the command you ran, the error output, and your environment
+- **Feature requests** — describe the problem you're solving and your proposed solution
+
+## Code Style
+
+- Python 3.11+
+- Formatted with `ruff format` (line length: 100)
+- Linted with `ruff check` 
+- Type hints required for all public functions
+- Docstrings for all public functions and classes
+
+## Good First Issues
+
+Look for issues labeled `good first issue` — these are well-scoped and a great way to get familiar with the codebase.
+
+## Questions?
+
+Open a [GitHub Discussion](https://github.com/vaibhavtupe/skill-guard/discussions) for questions, ideas, or feedback.

skill_guard-0.4.2/LICENSE

@@ -0,0 +1,111 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work.
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship.
+
+      "Contribution" shall mean any work of authorship submitted to the
+      Licensor for inclusion in the Work.
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly perform, publicly display, and distribute the Work and such
+      Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      patent license to make, have made, use, offer to sell, sell, import,
+      and otherwise transfer the Work.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in all form of the Work or Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work; and
+
+      (d) If the Work includes a "NOTICE" text file, you must include a
+          readable copy of the attribution notices contained within such
+          NOTICE file.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution submitted for inclusion in the Work by You shall be
+      under the terms and conditions of this License, without any additional
+      terms or conditions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or agreed
+      to in writing, the software is provided on an "AS IS" BASIS, WITHOUT
+      WARRANTIES OR CONDITIONS OF ANY KIND.
+
+   8. Limitation of Liability. In no event shall any Contributor be liable
+      to You for damages, including any direct, indirect, incidental, special,
+      exemplary, or consequential damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing the
+      Work or Derivative Works thereof, You may choose to offer acceptance
+      of warranty, liability, or other terms and conditions. However, in
+      accepting such obligations, You may offer such obligations only on
+      Your own behalf and on your sole responsibility.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 Vaibhav Tupe
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0

skill_guard-0.4.2/PKG-INFO

@@ -0,0 +1,130 @@
+Metadata-Version: 2.4
+Name: skill-guard
+Version: 0.4.2
+Summary: The quality gate for Agent Skills — validate, secure, conflict-detect, and test skills across their full lifecycle
+Project-URL: Homepage, https://github.com/vaibhavtupe/skill-guard
+Project-URL: Repository, https://github.com/vaibhavtupe/skill-guard
+Project-URL: Issues, https://github.com/vaibhavtupe/skill-guard/issues
+Author-email: Vaibhav Tupe <vaibhav@example.com>
+License: Apache-2.0
+License-File: LICENSE
+Keywords: agent-skills,ai-agents,cli,llm,quality-gate
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.11
+Requires-Dist: httpx>=0.27
+Requires-Dist: pydantic>=2.0
+Requires-Dist: python-levenshtein>=0.25
+Requires-Dist: rich>=13.0
+Requires-Dist: ruamel-yaml>=0.18
+Requires-Dist: scikit-learn>=1.4
+Requires-Dist: typer>=0.12
+Provides-Extra: dev
+Requires-Dist: fastapi>=0.111; extra == 'dev'
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest-cov>=5.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.4; extra == 'dev'
+Requires-Dist: uvicorn>=0.29; extra == 'dev'
+Provides-Extra: embeddings
+Requires-Dist: sentence-transformers>=2.7; extra == 'embeddings'
+Description-Content-Type: text/markdown
+
+# skill-guard
+
+**The quality gate for Agent Skills.**
+
+[![PyPI version](https://badge.fury.io/py/agentskill-guard.svg)](https://badge.fury.io/py/agentskill-guard)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
+
+skill-guard is a CLI tool that validates, secures, and governs [Agent Skills](https://agentskills.io) across their full lifecycle — from contribution to production monitoring.
+
+## The Problem
+
+Agent Skills are powerful. They're also ungoverned. As soon as more than one person contributes skills to a shared agent, things break in hard-to-diagnose ways:
+
+- A new skill's description overlaps with an existing one → agent picks the wrong skill half the time
+- Skills with dangerous scripts get merged because nobody reviewed the `scripts/` directory
+- Nobody knows what skills are installed, who owns them, or whether they still work
+- A skill passes every test in isolation but fails when the real agent uses it with 25 other skills loaded
+
+skill-guard is the quality gate that catches these problems before they reach production.
+
+## What It Does
+
+```
+ONBOARDING (pre-merge, in CI):
+  skill-guard validate   → format compliance + quality scoring
+  skill-guard secure     → scan for dangerous patterns  
+  skill-guard conflict   → detect trigger overlap with existing skills
+  skill-guard test       → inject into staging agent, run evals
+  skill-guard check      → run all four as a single gate
+
+ONGOING (post-merge, scheduled):
+  skill-guard monitor    → re-run evals, detect drift, manage lifecycle
+  skill-guard catalog    → searchable registry of approved skills
+```
+
+## Quick Start
+
+```bash
+pip install agentskill-guard
+
+# Initialize in your skills repo
+skill-guard init
+
+# Validate a skill
+skill-guard validate ./skills/my-skill/
+
+# Check for security issues
+skill-guard secure ./skills/my-skill/
+
+# Check for conflicts with existing skills
+skill-guard conflict ./skills/my-skill/ --against ./skills/
+
+# Run the full gate (validate + secure + conflict)
+skill-guard check ./skills/my-skill/ --against ./skills/
+```
+
+## Installation
+
+```bash
+# Core (static analysis — no agent required)
+pip install agentskill-guard
+
+# With embedding-based conflict detection
+pip install agentskill-guard[embeddings]
+```
+
+Requires Python 3.11+.
+
+## Documentation
+
+- [Getting Started](docs/getting-started.md)
+- [End-to-End Integration Guide](docs/integration-guide.md) ← start here for real agent setup
+- [Writing Evals](docs/eval-authoring-guide.md)
+- [Hook Scripts](docs/hooks-guide.md)
+- [CI/CD Integration](docs/ci-integration.md)
+- [Configuration Reference](docs/configuration-reference.md)
+
+## What skill-guard Does NOT Do
+
+- Does **not** replace [Anthropic's skill-creator](https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md) for writing skills
+- Does **not** host or serve skills — skills live in your repo
+- Does **not** modify skills — it reports issues, authors fix them
+- Does **not** require a database or server — the catalog is a YAML file in your repo
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). We welcome contributions of all kinds.
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE).

skill_guard-0.4.2/PYPI_SETUP.md

@@ -0,0 +1,27 @@
+# PyPI Publishing Setup
+
+skill-guard uses **Trusted Publishing (OIDC)** — no API token needed. One-time setup:
+
+## Steps
+
+1. **Create the PyPI project**
+   - Go to https://pypi.org/manage/account/publishing/
+   - Add a new Trusted Publisher:
+     - PyPI project name: `agentskill-guard`
+     - GitHub owner: `vaibhavtupe`
+     - GitHub repo: `skill-guard`
+     - Workflow filename: `publish.yml`
+     - Environment name: `pypi`
+
+2. **Create the GitHub environment**
+   - Go to https://github.com/vaibhavtupe/skill-guard/settings/environments
+   - Create environment named `pypi`
+   - Optional: add protection rules (required reviewers)
+
+3. **Trigger a publish**
+   - Push a version tag: `git tag v0.3.1 && git push origin v0.3.1`
+   - The `publish.yml` workflow fires automatically, builds, and uploads to PyPI
+
+## That's it
+
+No secrets, no tokens. GitHub's OIDC identity is used to authenticate with PyPI directly.

skill_guard-0.4.2/README.md

@@ -0,0 +1,92 @@
+# skill-guard
+
+**The quality gate for Agent Skills.**
+
+[![PyPI version](https://badge.fury.io/py/agentskill-guard.svg)](https://badge.fury.io/py/agentskill-guard)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
+
+skill-guard is a CLI tool that validates, secures, and governs [Agent Skills](https://agentskills.io) across their full lifecycle — from contribution to production monitoring.
+
+## The Problem
+
+Agent Skills are powerful. They're also ungoverned. As soon as more than one person contributes skills to a shared agent, things break in hard-to-diagnose ways:
+
+- A new skill's description overlaps with an existing one → agent picks the wrong skill half the time
+- Skills with dangerous scripts get merged because nobody reviewed the `scripts/` directory
+- Nobody knows what skills are installed, who owns them, or whether they still work
+- A skill passes every test in isolation but fails when the real agent uses it with 25 other skills loaded
+
+skill-guard is the quality gate that catches these problems before they reach production.
+
+## What It Does
+
+```
+ONBOARDING (pre-merge, in CI):
+  skill-guard validate   → format compliance + quality scoring
+  skill-guard secure     → scan for dangerous patterns  
+  skill-guard conflict   → detect trigger overlap with existing skills
+  skill-guard test       → inject into staging agent, run evals
+  skill-guard check      → run all four as a single gate
+
+ONGOING (post-merge, scheduled):
+  skill-guard monitor    → re-run evals, detect drift, manage lifecycle
+  skill-guard catalog    → searchable registry of approved skills
+```
+
+## Quick Start
+
+```bash
+pip install agentskill-guard
+
+# Initialize in your skills repo
+skill-guard init
+
+# Validate a skill
+skill-guard validate ./skills/my-skill/
+
+# Check for security issues
+skill-guard secure ./skills/my-skill/
+
+# Check for conflicts with existing skills
+skill-guard conflict ./skills/my-skill/ --against ./skills/
+
+# Run the full gate (validate + secure + conflict)
+skill-guard check ./skills/my-skill/ --against ./skills/
+```
+
+## Installation
+
+```bash
+# Core (static analysis — no agent required)
+pip install agentskill-guard
+
+# With embedding-based conflict detection
+pip install agentskill-guard[embeddings]
+```
+
+Requires Python 3.11+.
+
+## Documentation
+
+- [Getting Started](docs/getting-started.md)
+- [End-to-End Integration Guide](docs/integration-guide.md) ← start here for real agent setup
+- [Writing Evals](docs/eval-authoring-guide.md)
+- [Hook Scripts](docs/hooks-guide.md)
+- [CI/CD Integration](docs/ci-integration.md)
+- [Configuration Reference](docs/configuration-reference.md)
+
+## What skill-guard Does NOT Do
+
+- Does **not** replace [Anthropic's skill-creator](https://github.com/anthropics/skills/blob/main/skills/skill-creator/SKILL.md) for writing skills
+- Does **not** host or serve skills — skills live in your repo
+- Does **not** modify skills — it reports issues, authors fix them
+- Does **not** require a database or server — the catalog is a YAML file in your repo
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md). We welcome contributions of all kinds.
+
+## License
+
+Apache 2.0. See [LICENSE](LICENSE).