Add local skill bundle registry (Phase 13)

ProfRandom92 · ProfRandom92 · commit 51852c6b1061 · 2026-06-05T08:55:35.000+02:00
diff --git a/.agent/skills/REGISTRY.md b/.agent/skills/REGISTRY.md
@@ -0,0 +1,74 @@
+# Local Skill Bundle Registry
+
+This document serves as the local registry index for all authorized skills in the CompText workspace. 
+
+> [!IMPORTANT]
+> - **Local Scope**: This registry operates strictly as a local repository index. It is **not** a remote, distributed, or cloud-based plugin marketplace.
+> - **Integrity Hashes**: The SHA-256 checksums recorded below are strictly for local change-detection and workspace configuration verification. They do **not** represent cryptographic security proofs or remote package validation.
+
+---
+
+## Skill Index
+
+### 1. `ctxt-antigravity-governance`
+- **Path**: [.agent/skills/ctxt-antigravity-governance/SKILL.md](file:///.agent/skills/ctxt-antigravity-governance/SKILL.md)
+- **Description**: Defines token-efficient governance and operating guidelines for agent runs.
+- **Intended Use**: Auditing agent runs, defining permissions baseline, and selecting model effort.
+- **Allowed Scope**: Reading `AGENTS.md`, `PROJEKT.md`, token docs.
+- **Forbidden Scope**: Reading `.env`, printing env, live network/provider calls, out-of-bounds writes.
+- **Validation Commands**: `cargo test`, `git diff --exit-code`
+- **Local SHA-256 Checksum**: `3BD2A34E74EF24DA0EE871691AFF7528B655D738C3687EBAAA41D8A10CA575EB`
+
+### 2. `ctxt-security-review`
+- **Path**: [.agent/skills/ctxt-security-review/SKILL.md](file:///.agent/skills/ctxt-security-review/SKILL.md)
+- **Description**: Audits repository modifications against safety boundaries, credential safety, and claims hygiene.
+- **Intended Use**: Running security audits on code changes and checking documentation claims before commits.
+- **Allowed Scope**: Scanning repository workspace, adjusting `.gitignore` rules, verifying offline providers.
+- **Forbidden Scope**: Reading `.env`, printing env, live network/provider calls, out-of-bounds writes.
+- **Validation Commands**: `cargo test`
+- **Local SHA-256 Checksum**: `5C2E7E9167EF2532B06212307DD4D7CADAC31509D8855332269FDEF2158DD367`
+
+### 3. `ctxt-ci-diagnoser`
+- **Path**: [.agent/skills/ctxt-ci-diagnoser/SKILL.md](file:///.agent/skills/ctxt-ci-diagnoser/SKILL.md)
+- **Description**: Analyzes Cargo compilation failures, clippy warnings, or test logs to suggest precise repairs.
+- **Intended Use**: Locating and fixing local Cargo build errors, Clippy lint issues, or failing unit/smoke tests.
+- **Allowed Scope**: Modifying Rust source files (`src/**`) and test files (`tests/**`) to fix compilation or lint bugs.
+- **Forbidden Scope**: Suppressing compiler errors, adding new dependencies, live network requests.
+- **Validation Commands**: `cargo check`, `cargo test`, `cargo clippy -- -D warnings`
+- **Local SHA-256 Checksum**: `157A487EF1A349F25A3D37AA73EF52CC0EC3D59375073886673D6AAA8D479E6D`
+
+### 4. `ctxt-docs-consistency-checker`
+- **Path**: [.agent/skills/ctxt-docs-consistency-checker/SKILL.md](file:///.agent/skills/ctxt-docs-consistency-checker/SKILL.md)
+- **Description**: Audits markdown documentation for broken links, file presence, and claims hygiene.
+- **Intended Use**: Verification of markdown integrity, readme references, and documentation locations.
+- **Allowed Scope**: Modifying markdown documents in `docs/`, `reports/`, and repository root.
+- **Forbidden Scope**: Creating/modifying Rust code, adding forbidden readiness/compatibility claims.
+- **Validation Commands**: `git status --porcelain`
+- **Local SHA-256 Checksum**: `C1C7F9751F77F7EB00A103C10468A947CB603E342FC6E00166B6A0B96707ED7B`
+
+### 5. `ctxt-proposal-auditor`
+- **Path**: [.agent/skills/ctxt-proposal-auditor/SKILL.md](file:///.agent/skills/ctxt-proposal-auditor/SKILL.md)
+- **Description**: Reviews proposal JSON files to verify schema shapes and target write path safety.
+- **Intended Use**: Reviewing proposal JSON files under `proposals/` before executing apply operations.
+- **Allowed Scope**: Reading proposal files under `proposals/` and checking write allowed boundaries.
+- **Forbidden Scope**: Executing manual patch applications outside of the `ctxt apply` command.
+- **Validation Commands**: `cargo run --bin ctxt -- validate`
+- **Local SHA-256 Checksum**: `9879D22861B7F4A5438BAF3BBA45C65888F7F42A618C1B6E76AE1A9626246FBF`
+
+### 6. `ctxt-release-packaging`
+- **Path**: [.agent/skills/ctxt-release-packaging/SKILL.md](file:///.agent/skills/ctxt-release-packaging/SKILL.md)
+- **Description**: Audits release checklist, compiles release target binary, and verifies git hygiene.
+- **Intended Use**: Checking release readiness checklists, writing release tags, compiling release build binary.
+- **Allowed Scope**: Compiling release build (`cargo build --release`), updating version tags, editing changelogs.
+- **Forbidden Scope**: Committing temporary `.comptext/` cache directories, force pushes.
+- **Validation Commands**: `cargo build --release`, `git diff --exit-code`
+- **Local SHA-256 Checksum**: `099603E467A7E2EDD7DE82FCE3A453377F980FD8423FFF7FF3CB96164521BE82`
+
+### 7. `ctxt-phase-13-skill-bundle-registry`
+- **Path**: [.agent/skills/ctxt-phase-13-skill-bundle-registry/SKILL.md](file:///.agent/skills/ctxt-phase-13-skill-bundle-registry/SKILL.md)
+- **Description**: Manages the local Skill Bundle Registry files, templates, and integrity check metadata.
+- **Intended Use**: Registering skill capsules, normalizing directory structures, and updating change-detection hashes.
+- **Allowed Scope**: Staging and editing `.agent/skills/REGISTRY.md` or `.agent/skills/registry.json`.
+- **Forbidden Scope**: Implementing remote network registries, distributed downloads, or cryptographic proof logic.
+- **Validation Commands**: `cargo test`, `git status`
+- **Local SHA-256 Checksum**: `7B2F81C2AF5A97B2E0FA8A1243FABA9F605985A2F35E675F4C429DDBAE426B21`
diff --git a/.agent/skills/ctxt-antigravity-governance/SKILL.md b/.agent/skills/ctxt-antigravity-governance/SKILL.md
@@ -21,6 +21,10 @@ Enforce token-efficient context parsing, hook governance, permissions checks, an
 - Defining permissions profiles or subagent boundaries.
 - Refining token usage and model effort guidelines.
 
+## Allowed
+- Reading and verifying configuration and markdown governance documentation.
+- Reviewing token economics and model effort selections.
+
 ## Forbidden
 - Reading `.env` or credentials files.
 - Dumping environment variables.
diff --git a/.agent/skills/ctxt-ci-diagnoser/SKILL.md b/.agent/skills/ctxt-ci-diagnoser/SKILL.md
@@ -0,0 +1,36 @@
+---
+name: ctxt-ci-diagnoser
+description: "Analyzes Cargo compilation failures, clippy warnings, or test logs to suggest precise repairs."
+summary: "Analyzes Cargo compilation failures, clippy warnings, or test logs to suggest precise repairs."
+---
+
+# Skill: ctxt-ci-diagnoser
+
+## Goal
+Diagnose and repair Cargo compilation errors, clippy warnings, or test suite failures in the local workspace.
+
+## Read first
+- PROJEKT.md
+- Cargo.toml
+
+## Use when
+- Local `cargo check`, `cargo build`, or `cargo test` commands fail.
+- Clippy output contains warnings.
+- The CI clean tree check fails.
+
+## Allowed
+- Modifying Rust source files (`src/**`) and test files (`tests/**`) to fix lint, compiler, or test bugs.
+- Running compilation and lint verification suites in the local workspace.
+
+## Forbidden
+- Bypassing compiler warnings or suppressing clippy errors without resolving them.
+- Adding new Rust dependencies without prior approval.
+- Performing live network requests to fetch external crates during diagnosing.
+
+## Validation
+- `cargo check`
+- `cargo test`
+- `cargo clippy -- -D warnings`
+
+## Return
+Standard Phase Return Format.
diff --git a/.agent/skills/ctxt-docs-consistency-checker/SKILL.md b/.agent/skills/ctxt-docs-consistency-checker/SKILL.md
@@ -0,0 +1,34 @@
+---
+name: ctxt-docs-consistency-checker
+description: "Audits markdown documentation for broken links, file presence, and claims hygiene."
+summary: "Audits markdown documentation for broken links, file presence, and claims hygiene."
+---
+
+# Skill: ctxt-docs-consistency-checker
+
+## Goal
+Verify formatting, markdown link integrity, document locations, and claims hygiene across all workspace documentation.
+
+## Read first
+- README.md
+- docs/ROADMAP.md
+
+## Use when
+- Creating or updating files in `docs/` or `reports/`.
+- Auditing navigation links in the README.
+- Validating that no forbidden readiness or compatibility claims exist.
+
+## Allowed
+- Modifying markdown files in `docs/`, `reports/`, and the root directory.
+- Relocating misplaced phase status reports to correct folders.
+
+## Forbidden
+- Adding claims regarding production readiness, enterprise certification, or guaranteed safety.
+- Creating or editing Rust source code.
+- Performing live network connections.
+
+## Validation
+- `git status --porcelain`
+
+## Return
+Standard Phase Return Format.
diff --git a/.agent/skills/ctxt-phase-13-skill-bundle-registry/SKILL.md b/.agent/skills/ctxt-phase-13-skill-bundle-registry/SKILL.md
@@ -0,0 +1,35 @@
+---
+name: ctxt-phase-13-skill-bundle-registry
+description: "Manages the local Skill Bundle Registry files, templates, and integrity check metadata."
+summary: "Manages the local Skill Bundle Registry files, templates, and integrity check metadata."
+---
+
+# Skill: ctxt-phase-13-skill-bundle-registry
+
+## Goal
+Manage the local Skill Bundle Registry, maintain the index, and verify skill integrity hashes for local change detection.
+
+## Read first
+- docs/SKILL_BUNDLE_REGISTRY.md
+- docs/SKILL_AUTHORING_GUIDE.md
+
+## Use when
+- Normalizing folder structures under `.agent/skills/`.
+- Regenerating registry lists or computing file integrity checksums.
+- Adding starter skill templates to the local repository.
+
+## Allowed
+- Staging and editing `.agent/skills/REGISTRY.md` or `.agent/skills/registry.json`.
+- Calculating local checksums for tracking changes.
+
+## Forbidden
+- Implementing distributed registry networking or remote downloads.
+- Adding cryptographic provenance or security proofs to hashes.
+- Mutating core Rust logic.
+
+## Validation
+- `cargo test`
+- `git status`
+
+## Return
+Standard Phase Return Format.
diff --git a/.agent/skills/ctxt-proposal-auditor/SKILL.md b/.agent/skills/ctxt-proposal-auditor/SKILL.md
@@ -0,0 +1,33 @@
+---
+name: ctxt-proposal-auditor
+description: "Reviews proposal JSON files to verify schema shapes and target write path safety."
+summary: "Reviews proposal JSON files to verify schema shapes and target write path safety."
+---
+
+# Skill: ctxt-proposal-auditor
+
+## Goal
+Audit the structure of generated JSON proposals and verify that target paths comply with apply-gate write boundaries.
+
+## Read first
+- docs/APPLY_GATE.md
+- docs/ARTIFACT_POLICY.md
+
+## Use when
+- Reviewing a proposal JSON file before executing `ctxt apply`.
+- Verifying the list of affected files in the proposal schema.
+- Confirming rollback strategy viability.
+
+## Allowed
+- Reading and verifying proposal files under `proposals/`.
+- Checking that target apply paths lie entirely inside allowed write boundaries.
+
+## Forbidden
+- Applying patch changes manually to source code outside the `ctxt apply` flow.
+- Modifying target file permissions.
+
+## Validation
+- `cargo run --bin ctxt -- validate`
+
+## Return
+Standard Phase Return Format.
diff --git a/.agent/skills/ctxt-release-packaging/SKILL.md b/.agent/skills/ctxt-release-packaging/SKILL.md
@@ -0,0 +1,36 @@
+---
+name: ctxt-release-packaging
+description: "Audits release checklist, compiles release target binary, and verifies git hygiene."
+summary: "Audits release checklist, compiles release target binary, and verifies git hygiene."
+---
+
+# Skill: ctxt-release-packaging
+
+## Goal
+Verify the release checklist, edit the changelog, build the production release binary, and ensure Git tree cleanliness.
+
+## Read first
+- docs/RELEASE_CHECKLIST.md
+- CHANGELOG.md
+
+## Use when
+- Compiling a stable local release package of the CLI.
+- Updating release tags and metadata.
+- Validating Git ignore rules before final release commits.
+
+## Allowed
+- Compiling the target binary with release optimization (`cargo build --release`).
+- Modifying version metadata in `Cargo.toml`.
+- Writing release checklists and changelogs.
+
+## Forbidden
+- Committing temporary `.comptext/` cache directories.
+- Rewriting Git history or performing force pushes.
+- Adding unverified or uncompiled files to the release package.
+
+## Validation
+- `cargo build --release`
+- `git diff --exit-code`
+
+## Return
+Standard Phase Return Format.
diff --git a/.agent/skills/ctxt-security-review/SKILL.md b/.agent/skills/ctxt-security-review/SKILL.md
@@ -0,0 +1,36 @@
+---
+name: ctxt-security-review
+description: "Audits repository modifications against safety boundaries, credential safety, and claims hygiene."
+summary: "Audits repository modifications against safety boundaries, credential safety, and claims hygiene."
+---
+
+# Skill: ctxt-security-review
+
+## Goal
+Audit codebase safety, confirm secret redaction, and ensure no forbidden readiness or compliance claims exist in repository files.
+
+## Read first
+- AGENTS.md
+- docs/SECURITY_MODEL.md
+
+## Use when
+- Performing security checks before a git commit.
+- Inspecting files for high-entropy secrets or private keys.
+- Reviewing documentation for forbidden readiness or compliance claims.
+
+## Allowed
+- Reading and scanning files within the repository workspace.
+- Adjusting `.gitignore` files to exclude runtime state.
+- Verifying offline status of providers.
+
+## Forbidden
+- Reading `.env` or configuration files.
+- Printing environment variables.
+- Performing live network calls without explicit phase authorization.
+- Writing outside the repository root.
+
+## Validation
+- `cargo test`
+
+## Return
+Standard Phase Return Format.
diff --git a/PROJEKT.md b/PROJEKT.md
@@ -19,9 +19,9 @@ CompText CLI is an experimental terminal context client for building determinist
 
 ### Current State
 ```text
-CURRENT_PHASE: 12
-CURRENT_TASK: Antigravity CLI Governance & Token Economy
-LAST_GREEN_PHASE: 12
+CURRENT_PHASE: 13
+CURRENT_TASK: Skill Bundle Registry
+LAST_GREEN_PHASE: 13
 STATUS: complete
 ```
 
@@ -87,8 +87,8 @@ git push
 | **Phase 10** | MVP Stabilization & Release Readiness | Audit documentation, verify command flows, safety hygiene checks | **COMPLETE** |
 | **Phase 11** | Release Packaging | Package CLI binary, finalize manifests, release artifact generation | **COMPLETE** |
 | **Phase 12** | Antigravity CLI Governance & Token Economy | Antigravity governance docs, token economy rules, skill/hook/permission target architecture | **COMPLETE** |
-| **Phase 13** | Skill Bundle Registry | Distributed skills indexing and integrity hashing | *NEXT* |
-| **Phase 14** | Hook/Permission Integration | Hook boundaries, dynamic run approvals | *QUEUED* |
+| **Phase 13** | Skill Bundle Registry | Local skill bundle registry and starter skill templates | **COMPLETE** |
+| **Phase 14** | Hook/Permission Integration | Hook boundaries, dynamic run approvals | *NEXT* |
 | **Phase 15** | Cryptographic Provenance Engine | Signed evidence trail generation and cryptographic integrity seals | *QUEUED* |
 
 ---
diff --git a/README.md b/README.md
@@ -23,7 +23,8 @@
   <a href="#why-comptext">Why CompText?</a> ·
   <a href="#artifacts">Artifacts</a> ·
   <a href="#contributing">Contributing</a> ·
-  <a href="assets/README.md">Brand Assets</a>
+  <a href="assets/README.md">Brand Assets</a> ·
+  <a href="docs/SKILL_BUNDLE_REGISTRY.md">Skill Registry</a>
 </p>
 
 CompText CLI (`ctxt`) is an experimental, local-first terminal tool for turning messy repository state into deterministic, reviewable Context Packs before talking to model providers.
diff --git a/docs/SKILL_AUTHORING_GUIDE.md b/docs/SKILL_AUTHORING_GUIDE.md
@@ -28,6 +28,9 @@ List of absolute or workspace-relative file links that the agent must read befor
 ## Use when
 Explicit description of triggers, keywords, or phase constraints under which this skill is active.
 
+## Allowed
+Specific actions, files, or scopes that the agent is authorized to modify or access.
+
 ## Forbidden
 Concrete list of actions, commands, and files that are strictly banned while this skill is active.
 
@@ -64,6 +67,7 @@ To keep the registry consistent, all skill filenames and YAML names must follow
 1. **Goal**: Must be concrete and bounded (no vague goals like *"Improve code"*).
 2. **Read first**: Must list the files representing the source of truth for the task (e.g., `AGENTS.md`, `PROJEKT.md`).
 3. **Use when**: Must describe the precise phase state.
-4. **Forbidden**: Must list global rules (e.g., *no network*, *no .env reads*) and task-specific constraints.
-5. **Validation**: Must include standard local commands (`cargo check`, `cargo test`, etc.).
-6. **Return**: Must match the standard schema declared in `AGENTS.md`.
+4. **Allowed**: Must list specific actions, files, or scopes the agent is authorized to modify or access.
+5. **Forbidden**: Must list global rules (e.g., *no network*, *no .env reads*) and task-specific constraints.
+6. **Validation**: Must include standard local commands (`cargo check`, `cargo test`, etc.).
+7. **Return**: Must match the standard schema declared in `AGENTS.md`.
diff --git a/docs/SKILL_BUNDLE_REGISTRY.md b/docs/SKILL_BUNDLE_REGISTRY.md
@@ -0,0 +1,36 @@
+# Skill Bundle Registry
+
+This document describes the design, directory convention, and change-detection integrity rules of the local **Skill Bundle Registry** for CompText agent workflows.
+
+---
+
+## 1. Local Architectural Scope
+
+The Skill Bundle Registry is a repository-local index designed to compile, catalog, and locate reusable workflow skills.
+
+- **Local Registry Root**: Canonical workspace root lives under `.agent/skills/` at the project root directory. Any `.agents/skills/` directory is treated purely as legacy/compatibility metadata.
+- **Directory Layout**: Every skill registry entry must be structured as a directory containing a `SKILL.md` file (e.g. `.agent/skills/ctxt-security-review/SKILL.md`).
+- **Trigger Properties**: The `description` field in the frontmatter of each `SKILL.md` acts as the primary orchestrator keyword routing trigger.
+- **Registry Index**: The file `.agent/skills/REGISTRY.md` maintains the complete index of authorized skills, scopes, and validation commands.
+
+---
+
+## 2. Integrity and Change-Detection Hashes
+
+To ensure stability during autonomous operations, the local registry compiles SHA-256 integrity hashes for each skill's `SKILL.md` file.
+
+- **Change-Detection Policy**: Checksums are used strictly as local change-detection metadata to verify that a skill's instructions have not been mutated by unapproved tasks.
+- **Not a Cryptographic Proof**: These hashes do **not** represent security proofs, cryptographic provenance, or remote package validation.
+- **Offline Integrity**: Calculations are performed entirely offline using local hashing commands (such as `Get-FileHash` or `sha256sum`).
+
+---
+
+## 3. Safety and Security Rules
+
+All skills managed within the registry must inherit and conform to the following safety constraints:
+- **Default-Deny Provider Socket Access**: Prohibits socket or network requests by default.
+- **No Credentials Access**: Restricts reading private keys, `.env` files, or system credentials.
+- **No System Dumps**: Prohibits printing environment variables.
+- **Sandboxed Write Execution**: Restricts file modifications to paths inside the repository workspace root.
+- **No Autonomous Feature Building**: Bounded execution prohibits subagents or routines from writing core features outside active phase tasks.
+- **No Distributed Networking**: No remote downloads, distributed lookups, or third-party plugin marketplaces are supported.
diff --git a/reports/phase_13_status.md b/reports/phase_13_status.md
