ahmido
332f6325cb
Automated PR provided by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #483
5.5 KiB
TenantPilot Agent Skill Layer v1
This directory contains repository-specific agent skills for TenantPilot/TenantAtlas work. The skills turn validated repo contracts into focused activation checklists for future implementation, review, and audit sessions.
This layer is not a replacement for active specs, tests, code review, current repo truth, or the TenantPilot constitution. If a skill conflicts with the active spec, .specify/memory/constitution.md, current application code, or current tests, current repo truth wins and the skill must be updated.
The corrected Spec 416 skill library lives under .agent/skills/**. .codex/skills/** is not the Spec 416 implementation target.
Progressive Disclosure
Do not load all TenantPilot skills by default. Activate only the skill or skills that match the current task trigger, then read the active spec, plan, tasks, and source evidence named by that skill.
Use this README as an index only. Individual SKILL.md files carry the gate/checklist details.
Maturity Model
| Level | Meaning |
|---|---|
| L0 | Reference note only; never a gate. |
| L1 | Advisory pattern; useful context but not blocking. |
| L2 | Workflow checklist; use for bounded inspection or audit work. |
| L3 | Review checklist gate; complete before claiming readiness. |
| L4 | Hard gate; stop implementation or review when the stop conditions trigger. |
Gate Types
| Gate type | Meaning |
|---|---|
| hard-gate | Blocks unsafe runtime or review work until the issue is resolved or the active spec is amended. |
| checklist | Requires explicit evidence before completion, but may produce documented residual risk. |
| workflow | Guides a bounded audit or non-mutating workflow. |
| temporary-migration-gate | Applies only during a named migration/cutover window and must expire. |
V1 Skill Activation Table
| Skill | Maturity | Gate type | Activate when |
|---|---|---|---|
workflows/spec-readiness-gate |
L3 | checklist | Implementing, reviewing, or validating an active Spec Kit package. |
repo-contracts/workspace-scope-safety |
L4 | hard-gate | Touching workspace, managed environment, provider connection, tenant scope, route binding, queries, exports, downloads, jobs, or data ownership. |
repo-contracts/rbac-action-safety |
L4 | hard-gate | Touching policies, gates, capabilities, Filament actions, destructive/high-impact actions, global search, or hidden/disabled UI affordances. |
repo-contracts/operation-run-truth |
L4 | hard-gate | Creating, updating, reconciling, displaying, linking, deduplicating, retrying, or completing OperationRun records. |
repo-contracts/customer-output-gate |
L4 | hard-gate | Touching review packs, customer/auditor output, report downloads, rendered reports, customer workspaces, or customer-safe labels. |
repo-contracts/evidence-anchor-contract |
L4 | hard-gate | Touching evidence anchors, evidence snapshots, proof currentness, review evidence, baseline evidence, or evidence-backed customer claims. |
repo-contracts/provider-freshness-semantics |
L4 | hard-gate | Touching provider readiness, provider verification, permissions, freshness, provider connection status, consent, credentials, or provider diagnostics. |
repo-contracts/product-surface-gate |
L3 | checklist | Touching rendered UI, routes, navigation, actions, downloads, reports, readiness, evidence, restore flows, customer output, or Product Surface Contract behavior. |
workflows/filament-livewire-v5-change-loop |
L3 | checklist | Touching Laravel 12, Filament v5, Livewire v4, panel providers, resources, pages, widgets, actions, tables, forms, global search, or Filament assets. |
workflows/browser-readonly-audit |
L2/L3 | workflow | Running a read-only browser audit, smoke inspection, product-surface audit, or browser evidence collection without mutating state. |
temporary-migrations/tcm-cutover-guard |
L3 | temporary-migration-gate | Touching Coverage v2, TCM kernel/capture, legacy coverage vocabulary, v1/v2 cutover, or customer/operator coverage claims. |
Quarantined Rules
Do not preserve or reintroduce these historical or unsafe rules:
tenant_idas platform-core ownership truth.- Coverage v1 vocabulary as customer truth.
- v1-v2 adapters.
- fallback readers.
- dual writes.
- fallback-to-latest evidence.
- OperationRun as default customer proof.
- stale provider Healthy/Ready semantics.
- limited customer download vocabulary.
- raw provider/evidence payload default display.
- Product Surface runtime framework.
- historical audits as current truth.
Current repo truth uses workspace, managed environment, provider connection, operation, evidence, and customer-safe output boundaries. Historical specs, audits, and prompts are evidence only when current code, active specs, and the constitution still agree with them.
Currentness
Before relying on a skill, check the active spec package and current source evidence. Skills must be maintained when these change materially:
.specify/memory/constitution.mdAGENTS.mddocs/ai-coding-rules.mddocs/*-guidelines.mddocs/product/standards/product-surface-contract.md- relevant runtime source and tests
- active
specs/<NNN>-<slug>/spec.md,plan.md, andtasks.md
Temporary Skill Warning
tenantpilot-tcm-cutover-guard is temporary. It expires after Coverage v2 / TCM activation and legacy coverage vocabulary cutover are complete. Once expired, replace it with current activation/cutover truth instead of carrying stale migration warnings forward.