| <!-- SPDX-License-Identifier: Apache-2.0 |
| https://www.apache.org/licenses/LICENSE-2.0 --> |
| |
| <!-- START doctoc generated TOC please keep comment here to allow auto update --> |
| <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> |
| **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* |
| |
| - [Contributing](#contributing) |
| - [English as code](#english-as-code) |
| - [What this framework is](#what-this-framework-is) |
| - [Repository layout](#repository-layout) |
| - [Directory tree](#directory-tree) |
| - [Skill families](#skill-families) |
| - [Skill anatomy](#skill-anatomy) |
| - [Tool families](#tool-families) |
| - [Cross-cutting concerns](#cross-cutting-concerns) |
| - [Agent harnesses](#agent-harnesses) |
| - [Code in this repo](#code-in-this-repo) |
| - [Python (uv-managed)](#python-uv-managed) |
| - [Groovy](#groovy) |
| - [Shell scripts](#shell-scripts) |
| - [Getting set up](#getting-set-up) |
| - [Lightening the agent context](#lightening-the-agent-context) |
| - [Making changes](#making-changes) |
| - [Authoring with an agent](#authoring-with-an-agent) |
| - [Running the dev loop](#running-the-dev-loop) |
| - [Opening a pull request](#opening-a-pull-request) |
| - [Your first contribution](#your-first-contribution) |
| - [Confidentiality](#confidentiality) |
| - [Authoritative references](#authoritative-references) |
| |
| <!-- END doctoc generated TOC please keep comment here to allow auto update --> |
| |
| <!-- SPDX-License-Identifier: Apache-2.0 |
| https://www.apache.org/licenses/LICENSE-2.0 --> |
| |
| # Contributing |
| |
| Thanks for helping improve this repository. It is the **generic, |
| project-agnostic framework** for agent-assisted repository |
| maintainership across ASF projects (and equally for any non-ASF |
| open-source community that wants in). The framework is named |
| **Apache Magpie** — see [`MISSION.md`](MISSION.md) for the |
| project's motivation, scope, and design commitments. |
| |
| Before sending a patch, please skim this file end-to-end: it lays |
| out the layering the repository depends on, the cross-cutting |
| concerns every change must respect, and the dev loop CI enforces. |
| A patch that ignores any of these is hard to land no matter how |
| correct it is in isolation. |
| |
| ## English as code |
| |
| The most important thing to understand about this repository, |
| before you make any change, is that **English is the primary |
| programming language here**. Not as metaphor — as engineering. |
| |
| Sixty-some years ago, COBOL was designed around an ambitious idea: |
| let programmers write business logic in something close to plain |
| English (`MULTIPLY HOURS-WORKED BY HOURLY-RATE GIVING GROSS-PAY`), |
| on the theory that the compiler should meet humans halfway. The |
| idea was sound; the implementation wasn't. Compilers of the 1960s |
| could parse the syntax but not the meaning, so COBOL ended up |
| verbose, brittle, and still requiring programmer discipline to |
| write code the compiler could actually run. The full-English |
| vision was abandoned, and for the next half-century, programming |
| languages drifted in the *opposite* direction — more terse, more |
| rigorous, more demanding of the human, on the assumption that the |
| human would always be the one meeting the machine halfway. |
| |
| **We have come full circle.** Today's interpreters can read |
| English. A modern coding agent — Claude Code, Codex, Gemini CLI, |
| any of the runtimes listed in |
| [Agent harnesses](#agent-harnesses) — reads a plain-English |
| description of a workflow (*"sweep the inbox since last week, |
| classify each message against the six triage classes, draft a |
| confirmation reply for each one that needs one"*) and executes |
| it. The compiler is now sophisticated enough that the |
| English-as-code vision actually works. COBOL was right about |
| where things should go; it was sixty years early on the question |
| of what would interpret it. |
| |
| This repository is built on that observation. The skill files |
| under `skills/<name>/SKILL.md` are **programs**. They are |
| written in English. They are executed by an agent. They have |
| inputs, outputs, control flow, error handling, edge cases, and |
| unit tests (the eval suite under [`tools/skill-evals/`](tools/skill-evals/)). |
| A `SKILL.md` is no less code than a `.py` file — it is code at a |
| **higher abstraction level**, interpreted by a more capable |
| interpreter. |
| |
| Traditional programming languages (Python and Groovy in this |
| repo) still have their place. They handle the deterministic |
| pieces where bit-exact output matters more than judgement — CVE |
| JSON emission, OAuth dance, archive parsing, dashboard rendering. |
| Those live under [`tools/`](tools/) as ordinary code with |
| ordinary tests. But they are the *minority* of the surface area. |
| The bulk of what this project does — assess a security report, |
| classify a PR, mentor a contributor, allocate a CVE — is encoded |
| in English-language skill files. That is the project's bet, and |
| it is the bet you need to internalise before contributing. |
| |
| Three practical consequences: |
| |
| - **A change to a skill file is a code change.** Treat it like |
| one. Run the eval suite. Think about boundary conditions. Add |
| the equivalent of a regression test (an eval fixture) for the |
| bug you fixed. The fact that the file ends in `.md` does not |
| make it a doc — it makes it a program with a markdown syntax. |
| - **A change to a tool's `tool.md` is a code change.** Tool |
| contracts in markdown are read by the skills at runtime; |
| rewording the contract is rewording the API. |
| - **You author both layers agentically** — see |
| [Authoring with an agent](#authoring-with-an-agent) below. The |
| loop is the same whether the artefact is an English skill file |
| or a Python bridge, because the meta-level operation (state |
| intent, iterate, probe edges, test) is the same. Only the |
| feedback signal differs — eval suite for the English layer, |
| `pytest` / `mypy` / `ruff` for the traditional-language layer. |
| |
| Read the rest of this guide with that frame in mind. When |
| something looks like "just documentation", check whether it |
| sits under `skills/` or `tools/<system>/tool.md`. If it |
| does, it's code — and the rules for changing code apply. |
| |
| ## What this framework is |
| |
| Four streams of day-to-day work, all built on the same skill + |
| tool + sandbox + HITL substrate: |
| |
| - **Security-issue handling** — inbound triage, deduplication, |
| agent-drafted reporter replies under human review, CVE |
| allocation, audit-logged tracking through publication. |
| - **Issue and PR triage and management** — including audit-tool |
| findings ingested as actionable issues. |
| - **Conversational contributor mentoring** — meeting new |
| contributors where they are; the agent absorbs the mechanical |
| review so the human conversation stays on design. |
| - **Development-cycle skills for committers and contributors** — |
| multi-agent dev workflows, self-review and pre-flight patterns, |
| scoped agent-drafted patches under the developer's seat. |
| |
| The framework is **project-agnostic by design**. Adopters configure |
| their identity, rosters, canned responses, release trains, and |
| security model in their own `<project-config>/` directory in their |
| adopter tracker repo, alongside a gitignored snapshot of this |
| framework managed by the |
| [`setup`](skills/setup/SKILL.md) skill. |
| None of that adopter-side content lives here. |
| |
| The framework's normative commitments are codified in |
| [RFC-AI-0004](docs/rfcs/RFC-AI-0004.md) — six principles |
| (HITL, sandbox, vendor neutrality, conversational + correctable, |
| write-access discipline, privacy by design) that every change |
| must respect. If you only read one document before contributing, |
| read that one. |
| |
| ## Repository layout |
| |
| The tree has four layers, each with a clearly-scoped job. A |
| skill running against an adopter project must be able to resolve |
| every piece of context it needs from some combination of the four |
| — no hard-coded project assumptions anywhere in this repo. |
| |
| - **Root docs** carry the cross-cutting rules every contributor |
| and agent is expected to have read. |
| [`README.md`](README.md) is the framework overview and adoption |
| entry point. [`AGENTS.md`](AGENTS.md) is the editorial contract: |
| tone, brevity, confidentiality, linking conventions, the |
| placeholder substitution rule (`<PROJECT>`, `<tracker>`, |
| `<upstream>`, `<security-list>`). [`MISSION.md`](MISSION.md) is |
| the establishment proposal that explains why the project exists. |
| [`docs/rfcs/`](docs/rfcs/) holds the normative RFCs. |
| - **Skills** live under [`skills/`](skills/). |
| Each is a `SKILL.md` that encodes one workflow. Skills use the |
| `<PROJECT>` / `<tracker>` / `<upstream>` placeholders everywhere |
| and resolve them at runtime; they must not contain project- |
| specific strings. |
| - **Tools** live under [`tools/`](tools/), one subtree per |
| external system the skills talk to. Each subtree is |
| project-agnostic. Adapter-side variables are declared in the |
| subtree and filled in by the adopter's `<project-config>/`. |
| - **Project template** under [`projects/_template/`](projects/_template/) |
| is the bootstrap scaffold for an adopter's `<project-config>/` |
| directory. The adopter clones it into their own tracker repo |
| and fills in the TODOs. |
| |
| ### Directory tree |
| |
| ```text |
| . |
| ├── README.md # Framework overview + adoption entry point |
| ├── MISSION.md # Project-establishment proposal (the why) |
| ├── AGENTS.md # Editorial contract: tone, placeholders, linking |
| ├── CONTRIBUTING.md # This file |
| ├── docs/ |
| │ ├── rfcs/ # Normative RFCs — RFC-AI-0002, 0003, 0004 |
| │ ├── setup/ # Adoption, sandbox, privacy-LLM docs |
| │ ├── security/ # Human-facing security-team docs |
| │ ├── issue-management/ # Issue-* skill docs |
| │ ├── pr-management/ # PR-* skill docs |
| │ ├── mentoring/ # Mentor-skill docs |
| │ ├── modes.md # The A/B/C/D mode model |
| │ └── mode-economics.md # Token-cost calibration for each mode |
| │ |
| ├── .claude/ |
| │ └── skills/ # Agent workflows (invoked via the Skill tool) |
| │ ├── security-*/ # Security-issue lifecycle (10 skills) |
| │ ├── pr-management-*/ # PR triage, review, mentor, stats (4 skills) |
| │ ├── issue-*/ # Issue triage, fix, reassess, reproducer, stats (5 skills) |
| │ ├── setup-*/ # Adoption, sandbox install/verify/update (7 skills) |
| │ ├── contributor-nomination/ |
| │ ├── write-skill/ |
| │ └── list-skills/ |
| │ |
| ├── projects/ |
| │ └── _template/ # Scaffold for an adopter's <project-config>/ |
| │ |
| ├── tools/ # Project-agnostic adapters per external system |
| │ ├── github/ # Forge + tracker bridge (read + write) |
| │ ├── jira/ # Tracker bridge (read-only Groovy; write path = issue #301) |
| │ ├── gmail/ # Mail backend (read + write + drafts) |
| │ ├── ponymail/ # Archive viewer (read-only) |
| │ ├── mail-source/ # Abstract mail-backend contract; imap/ + mbox/ stubs |
| │ ├── vulnogram/ # ASF CVE allocation (Python) |
| │ ├── cve-org/ # MITRE CVE Services v2 (publication check) |
| │ ├── privacy-llm/ # Redactor + checker (per RFC-AI-0004 §6) |
| │ ├── agent-isolation/ # Bubblewrap sandbox + network allowlist |
| │ ├── sandbox-lint/ # Lint settings.json for sandbox correctness |
| │ ├── skill-and-tool-validator/ # Validate SKILL.md frontmatter + links + placeholders |
| │ ├── skill-evals/ # Behavioral eval harness for skill steps |
| │ ├── dashboard-generator/ # HTML dashboard reference impl (Groovy + Python) |
| │ ├── pr-management-stats/ # Maintainer dashboard data layer |
| │ ├── security-tracker-stats-dashboard/ # Security-side stats |
| │ ├── probe-templates/ # Boilerplate for sandbox-probe scripts |
| │ └── dev/ # Local checkers (placeholders, agent pre-commit) |
| │ |
| ├── .pre-commit-config.yaml # prek hook set (see "Running the dev loop") |
| ├── pyproject.toml # Workspace-level Python config |
| ├── uv.lock # Reproducible Python lockfile |
| └── .github/ # CI: pre-commit, zizmor, link-check, ISSUE_TEMPLATE |
| ``` |
| |
| The adopter-side `.apache-magpie/` snapshot, the per-user |
| `user.md`, and the `<project-config>/` directory all live in the |
| **adopter's** tracker repo, not here. The framework never carries |
| those files. |
| |
| ## Skill families |
| |
| A skill is a single workflow the agent runs end-to-end with the |
| maintainer in the loop. Each skill is a markdown file (`SKILL.md`) |
| with YAML frontmatter, often supported by sibling step-detail files |
| and bundled scripts. The skill router reads only the frontmatter |
| `description` field to decide whether to load the skill; the body |
| is loaded only after the decision. |
| |
| | Family | Skills | Purpose | |
| |---|---|---| |
| | `security-*` | `security-issue-import`, `security-issue-import-from-md`, `security-issue-import-from-pr`, `security-issue-triage`, `security-issue-sync`, `security-issue-deduplicate`, `security-cve-allocate`, `security-issue-fix`, `security-issue-invalidate` | Full lifecycle of a security report from arrival on `<security-list>` through CVE publication. | |
| | `pr-management-*` | `pr-management-triage`, `pr-management-code-review`, `pr-management-mentor`, `pr-management-stats` | Maintainer-side PR queue management — sweep, classify, review, mentor first-time contributors, surface backlog trends. | |
| | `issue-*` | `issue-triage`, `issue-fix-workflow`, `issue-reproducer`, `issue-reassess`, `issue-reassess-stats` | Issue-tracker triage, agent-drafted fixes for confirmed bugs, automated reproduction of bug reports, reassessment of EOL backlogs. | |
| | `setup-*` | `setup`, `setup-isolated-setup-install`, `setup-isolated-setup-verify`, `setup-isolated-setup-update`, `setup-isolated-setup-doctor`, `setup-override-upstream`, `setup-shared-config-sync` | Framework adoption, sandbox install + verify + update + diagnostic, override-promotion workflow, shared-config sync. | |
| | `contributor-nomination` | one skill | Build the evidence brief for a committer or PMC nomination. | |
| | Meta-skills | `write-skill`, `list-skills` | Author new skills following framework conventions; print a human-readable skill index. | |
| |
| Each skill's frontmatter `description` is the agent-router contract. |
| Be precise — vague descriptions cause the router to load the wrong |
| skill or miss the right one. The |
| [`skill-and-tool-validator`](tools/skill-and-tool-validator/README.md) catches the |
| common shapes of bad description (action-inventory, distinct-from- |
| sibling-skill, chain-handoff narrative). |
| |
| ### Skill anatomy |
| |
| A skill directory typically contains: |
| |
| - **`SKILL.md`** — the main workflow document. YAML frontmatter |
| (name, description, license) followed by the procedure. |
| - **Step-detail files** — one per substantial step (`step-1-…md`, |
| `step-2-…md`, …) for multi-step skills. |
| - **Bundled scripts** — `tools/<skill>-helpers/` or inline scripts |
| the skill invokes deterministically (these don't need an LLM). |
| - **Fixtures + evals** — under [`tools/skill-evals/evals/<skill>/`](tools/skill-evals/evals/), |
| one fixture directory per step + case combination, each with |
| an `expected.json` the model output must match. |
| |
| Skills must follow the **proposal → confirm → apply** pattern for |
| any mutation: surface the action and the diff, wait for explicit |
| maintainer confirmation, then execute. Read-only inspection is fine |
| without confirmation; anything that writes to a tracker, posts a |
| comment, sends an email, or modifies the filesystem is gated. |
| |
| ## Tool families |
| |
| Tools are project-agnostic adapters to external systems. Each |
| subtree has a `tool.md` or `README.md` documenting the adapter |
| surface and what variables the active project's `<project-config>/` |
| needs to fill in. |
| |
| | Family | Tools | What they bridge to | |
| |---|---|---| |
| | Forge / tracker | `github/`, `jira/` | GitHub Issues + PRs (full); JIRA (read-only Groovy bridge — write path tracked at [#301](https://github.com/apache/magpie/issues/301)) | |
| | Mail | `gmail/`, `ponymail/`, `mail-source/imap/`, `mail-source/mbox/` | Gmail (full); PonyMail archive (read-only); IMAP + mbox stubs | |
| | CVE workflow | `vulnogram/`, `cve-org/` | ASF Vulnogram (CVE allocation + JSON generation); MITRE CVE Services v2 | |
| | Runtime / safety | `agent-isolation/`, `privacy-llm/`, `sandbox-lint/` | Bubblewrap + network-allowlist sandbox; redactor + checker for privacy-LLM gating; settings.json linter | |
| | Dev loop | `skill-and-tool-validator/`, `skill-evals/`, `dev/` | SKILL.md validation; behavioral eval harness; local placeholder + pre-commit checkers | |
| | Reporting | `dashboard-generator/`, `pr-management-stats/`, `security-tracker-stats-dashboard/` | HTML dashboards for maintainer + security review | |
| | Authoring | `probe-templates/` | Boilerplate scaffold for sandbox probes | |
| |
| New tool subtrees follow the same pattern: a `tool.md` or |
| `README.md`, an adapter-surface declaration with variables the |
| adopter fills in, and (for code) a `pyproject.toml` if Python or |
| a self-contained `.groovy` if Groovy. |
| |
| ## Cross-cutting concerns |
| |
| Every change must respect these six principles |
| ([RFC-AI-0004](docs/rfcs/RFC-AI-0004.md)). They cut across all |
| skills and all tools. |
| |
| 1. **Human-in-the-loop on every state change.** Every write, |
| transition, comment, mail send, label flip, or filesystem |
| mutation needs explicit maintainer confirmation. Read-only |
| inspection is fine without confirmation; a skill that auto- |
| applies without confirmation is a bug. |
| 2. **Secure sandbox by default.** Agent processes run inside a |
| `bubblewrap` sandbox with a network allowlist (see |
| [`tools/agent-isolation/`](tools/agent-isolation/) and the |
| [`setup-isolated-setup-*`](skills/) skill family). |
| Skills must not assume unrestricted host access; tools that |
| need network access declare the hosts they reach. |
| 3. **Vendor neutrality.** Skills are markdown-with-YAML, not |
| vendor-specific prompts. Anywhere a project-specific name |
| would go, use the placeholders `<PROJECT>` / `<tracker>` / |
| `<upstream>` / `<security-list>` / `<private-list>` / |
| `<default-branch>` — the `check-placeholders` prek hook |
| catches violations. Per-CLI runtime ports are tracked at |
| issues [#313](https://github.com/apache/magpie/issues/313)–[#322](https://github.com/apache/magpie/issues/322). |
| 4. **Conversational, correctable.** A maintainer override |
| (`.apache-magpie-overrides/<skill>.md` in the adopter repo) |
| modifies skill behaviour without forking the framework. The |
| [`setup-override-upstream`](skills/setup-override-upstream/SKILL.md) |
| skill promotes useful overrides back into the framework as PRs. |
| 5. **Write-access discipline.** Outbound messages (PR comments, |
| reporter emails, mailing-list posts) are *always* drafted for |
| review, never sent autonomously. See AGENTS.md for the draft |
| format and threading rules. |
| 6. **Privacy by design.** Private data goes only to LLMs the |
| adopter's PMC has approved. The |
| [`tools/privacy-llm/`](tools/privacy-llm/) subtree carries the |
| redactor and the per-mailing-list gating contract; reporter PII |
| on `<security-list>` is redacted with a local map, `<private-list>` |
| content never reaches a non-approved LLM. Full design in |
| [`docs/setup/privacy-llm.md`](docs/setup/privacy-llm.md). |
| |
| The placeholder discipline (3) is enforced mechanically: |
| [`tools/dev/check-placeholders.sh`](tools/dev/check-placeholders.sh) |
| fails the commit if it finds hardcoded project names like |
| `apache/airflow` or `Apache Airflow` inside `skills/` or |
| `tools/`. The others are enforced by reviewer taste + skill- |
| validator + eval cases. |
| |
| ## Agent harnesses |
| |
| The framework's reference runtime today is **Claude Code** — skills |
| are loaded from `skills/<name>/SKILL.md`, MCP servers from |
| the user's Claude Code config, and the sandbox from |
| `setup-isolated-setup-install`. |
| |
| RFC-AI-0004 §3 commits the framework to **vendor neutrality across |
| LLM backends**. The current state per harness: |
| |
| | Harness | State | Tracking | |
| |---|---|---| |
| | Claude Code | Primary, fully supported | — | |
| | Codex CLI | Partial — Claude Code plugin delegates rescue + adversarial-review subtasks to Codex | First-class runtime tracked at [#313](https://github.com/apache/magpie/issues/313) | |
| | Gemini CLI | Not yet ported | [#314](https://github.com/apache/magpie/issues/314) | |
| | Local LLM (Ollama / llama.cpp / vLLM) | Not yet ported | [#315](https://github.com/apache/magpie/issues/315) | |
| | Cursor (Composer + Agent CLI) | Not yet ported | [#316](https://github.com/apache/magpie/issues/316) | |
| | Aider | Not yet ported | [#317](https://github.com/apache/magpie/issues/317) | |
| | GitHub Copilot CLI + Coding Agent | Not yet ported | [#318](https://github.com/apache/magpie/issues/318) | |
| | Goose (Block) | Not yet ported | [#319](https://github.com/apache/magpie/issues/319) | |
| | Amazon Q Developer CLI | Not yet ported | [#320](https://github.com/apache/magpie/issues/320) | |
| | JetBrains Junie | Not yet ported | [#321](https://github.com/apache/magpie/issues/321) | |
| | OpenHands | Not yet ported | [#322](https://github.com/apache/magpie/issues/322) | |
| |
| MCP servers used by the Claude Code runtime today: Slack, Gmail, |
| Google Calendar, Google Drive, plus framework-internal ones for |
| the ponymail / incubator-mail / incubator-reports surfaces. MCP- |
| compatible harnesses (Gemini CLI, Goose, Copilot CLI) should pick |
| these up directly once the skill-format adapter lands for that |
| harness. |
| |
| ## Code in this repo |
| |
| The framework's primary programming language is English — skill |
| files under `skills/` and tool contracts under `tools/` |
| are programs executed by the agent (see |
| [English as code](#english-as-code)). Several deterministic |
| operations are also implemented in traditional programming |
| languages where bit-exact output matters more than judgement. |
| This section covers the traditional-language code; the English |
| layer is covered under [Skill families](#skill-families) and |
| [Tool families](#tool-families) above. |
| |
| ### Python (uv-managed) |
| |
| All Python lives under `tools/`, each as its own `uv`-managed |
| package with `pyproject.toml`. The workspace's `uv.lock` at the |
| repo root pins versions across all packages. |
| |
| | Package | Purpose | |
| |---|---| |
| | [`tools/cve-tool-vulnogram/generate-cve-json/`](tools/cve-tool-vulnogram/generate-cve-json/) | Emits paste-ready CVE 5.x JSON from a tracker body. Invoked by `security-issue-sync` and `security-cve-allocate`. | |
| | [`tools/cve-tool-vulnogram/oauth-api/`](tools/cve-tool-vulnogram/oauth-api/) | OAuth helper for Vulnogram API authentication. | |
| | [`tools/gmail/oauth-draft/`](tools/gmail/oauth-draft/) | Gmail OAuth helper for the drafts-only mail-source flow. | |
| | [`tools/skill-and-tool-validator/`](tools/skill-and-tool-validator/) | Validates `SKILL.md` frontmatter, internal links, and placeholder discipline. | |
| | [`tools/skill-evals/`](tools/skill-evals/) | Behavioral eval harness for skill steps. Pure-stdlib runner; no third-party deps. | |
| | [`tools/sandbox-lint/`](tools/sandbox-lint/) | Lints `settings.json` for sandbox-correctness regressions. | |
| | [`tools/privacy-llm/checker/`](tools/privacy-llm/checker/) | Verifies that data destined for an LLM matches the privacy-LLM policy. | |
| | [`tools/privacy-llm/redactor/`](tools/privacy-llm/redactor/) | Redacts reporter PII before content reaches a non-approved LLM. | |
| |
| Common invocation pattern (run from the package directory): |
| |
| ```bash |
| cd tools/cve-tool-vulnogram/generate-cve-json |
| uv run pytest # unit tests |
| uv run ruff check # lint |
| uv run ruff format # auto-format (check-only in CI) |
| uv run mypy # type-check |
| ``` |
| |
| To run a package's CLI from the repo root: |
| |
| ```bash |
| uv run --project tools/cve-tool-vulnogram/generate-cve-json generate-cve-json <N> --attach |
| ``` |
| |
| `skill-evals` is a special case — pure stdlib, no `uv` needed: |
| |
| ```bash |
| PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner \ |
| tools/skill-evals/evals/security-issue-import/ |
| ``` |
| |
| ### Groovy |
| |
| Two Groovy reference implementations live in the tree. Groovy is |
| used where a deterministic CLI is needed but Python's startup cost |
| or async story is awkward — JVM warmup is a one-time cost per |
| invocation, after which HTTP and JSON are fast and stdlib-only. |
| |
| | File | Purpose | |
| |---|---| |
| | [`tools/jira/bridge.groovy`](tools/jira/bridge.groovy) | Read-only JIRA REST bridge — `search <JQL>`, `issue <KEY>`, `projects`. Uses `@Grab` for HTTP deps, no separate install step. | |
| | [`tools/dashboard-generator/reference.groovy`](tools/dashboard-generator/reference.groovy) | Reference impl of the issue-reassess-stats HTML dashboard. Reads `verdict.json` artefacts from a campaign directory and emits HTML. | |
| |
| Install Groovy 3.x or newer on `PATH` — `sdk install groovy` via |
| [SDKMAN!](https://sdkman.io/) or your package manager. Then: |
| |
| ```bash |
| # JIRA bridge — list open issues for a project |
| ISSUE_TRACKER_URL=https://issues.apache.org/jira \ |
| ISSUE_TRACKER_PROJECT=FOO \ |
| groovy tools/jira/bridge.groovy \ |
| search 'project = FOO AND status = Open AND resolution = Unresolved' |
| |
| # Dashboard generator |
| groovy tools/dashboard-generator/reference.groovy \ |
| /path/to/campaign-dir --output dashboard.html |
| ``` |
| |
| The first invocation downloads `@Grab` dependencies into the |
| local Grape cache; subsequent runs are fast. |
| |
| Both Groovy files have parallel Python reference implementations |
| under the same subtree (`reference.py` for the dashboard; |
| [#301](https://github.com/apache/magpie/issues/301) tracks |
| the Python port of the JIRA bridge alongside the write path). |
| **Languages other than Groovy or Python are welcome via PR** — the |
| contract that matters is the CLI surface and the JSON output shape. |
| |
| ### Shell scripts |
| |
| - [`tools/agent-isolation/`](tools/agent-isolation/) holds the |
| shell scripts (`agent-iso.sh`, sandbox status-line helpers, |
| the placeholder pre-commit script) that wire the agent into |
| the bubblewrap sandbox. POSIX bash. |
| - [`tools/dev/`](tools/dev/) holds the local pre-commit checkers |
| invoked from `.pre-commit-config.yaml`. |
| |
| Shell scripts are deterministic — no agent in the execution path |
| — so they are tested by running them and observing the output. |
| |
| ## Getting set up |
| |
| You need these tools on your machine: |
| |
| - **`uv`** — the Python runner for every Python package. |
| `curl -LsSf https://astral.sh/uv/install.sh | sh` or your package |
| manager. |
| - **`prek`** — the `pre-commit`-compatible hook runner. |
| `uv tool install prek` or `pipx install prek`. |
| - **`gh` CLI** — needed to drive tracker reads (and writes) if you |
| run any skill end-to-end. `brew install gh` or equivalent. |
| - **`groovy`** — only if you're working on a Groovy tool. SDKMAN! |
| (`sdk install groovy`) or your package manager. |
| |
| First-time clone: |
| |
| ```bash |
| git clone git@github.com:apache/magpie.git |
| cd magpie |
| uv tool install prek |
| prek install # wire the hooks into .git/hooks |
| prek run --all-files # runs every hook on every file |
| ``` |
| |
| Note that if you are already using `prek` for some other project, you |
| may need to do the following: |
| |
| ```bash |
| git config --local core.hooksPath .git/hooks |
| prek install |
| ``` |
| |
| The hooks are described in detail under [Running the dev loop](#running-the-dev-loop). |
| |
| If you intend to actually run framework skills against an adopter |
| project (not just edit the framework), follow the |
| [`setup-isolated-setup-install`](skills/setup-isolated-setup-install/SKILL.md) |
| skill to install the bubblewrap sandbox and pinned tools, then |
| [`setup-isolated-setup-verify`](skills/setup-isolated-setup-verify/SKILL.md) |
| to confirm the install. The full adoption tutorial lives at |
| [`docs/setup/install-recipes.md`](docs/setup/install-recipes.md). |
| |
| ### Lightening the agent context |
| |
| Many skills in this repository are runtime workflows for adopters |
| (security triage, PR management, CVE allocation). They have no use |
| while you are *editing the framework itself*, but they still load |
| into the agent's context window and crowd out the files you |
| actually need to read. |
| |
| Opt out per skill by adding a `.claude/settings.local.json` to your |
| clone (gitignored) and listing the skills you want disabled: |
| |
| ```json |
| { |
| "$schema": "https://json.schemastore.org/claude-code-settings.json", |
| "skillOverrides": { |
| "magpie-pr-management-code-review": "off", |
| "magpie-pr-management-mentor": "off", |
| "magpie-pr-management-stats": "off", |
| "magpie-pr-management-triage": "off", |
| "magpie-security-cve-allocate": "off", |
| "magpie-security-issue-deduplicate": "off", |
| "magpie-security-issue-fix": "off", |
| "magpie-security-issue-import": "off", |
| "magpie-security-issue-import-from-md": "off", |
| "magpie-security-issue-import-from-pr": "off", |
| "magpie-security-issue-invalidate": "off", |
| "magpie-security-issue-sync": "off", |
| "magpie-setup-isolated-setup-install": "off", |
| "magpie-setup-isolated-setup-update": "off", |
| "magpie-setup-isolated-setup-verify": "off", |
| "magpie-setup-override-upstream": "off", |
| "magpie-setup-shared-config-sync": "off", |
| "magpie-setup": "on", |
| "magpie-write-skill": "on" |
| } |
| } |
| ``` |
| |
| The file is per-clone and per-user; nothing from it gets committed. |
| Flip a skill back to `"on"` (or remove the entry) when you start |
| working on that area. |
| |
| ## Making changes |
| |
| Think about **which layer the change belongs in** before you start |
| editing: |
| |
| | You want to change … | Edit under … | |
| |---|---| |
| | The framework's overall purpose, mission, or scope | [`MISSION.md`](MISSION.md) | |
| | A normative principle that cuts across the framework | [`docs/rfcs/`](docs/rfcs/) (new RFC) | |
| | An editorial / confidentiality / placeholder rule | [`AGENTS.md`](AGENTS.md) | |
| | A skill's workflow | [`skills/<name>/SKILL.md`](skills/) | |
| | An adapter surface for an external system | the matching [`tools/<system>/`](tools/) subtree | |
| | Bootstrap scaffolding for an adopter `<project-config>/` | [`projects/_template/`](projects/_template/) | |
| | Sandbox / privacy-LLM / dev-loop infrastructure | [`tools/agent-isolation/`](tools/agent-isolation/), [`tools/privacy-llm/`](tools/privacy-llm/), [`tools/dev/`](tools/dev/) | |
| | Anything project-specific (canned reply, milestone convention, scope label) | **not in this repo** — that lives in the adopter's `<project-config>/` | |
| |
| Rules of thumb for each layer: |
| |
| - **Root docs, skills, and tool adapters are project-agnostic.** |
| Never paste concrete names into them. Use `<PROJECT>` / |
| `<tracker>` / `<upstream>` / `<security-list>` placeholders. |
| URL targets in markdown links may point at concrete paths so the |
| links stay clickable during review — the placeholder lives in |
| the visible label only. Enforced by the `check-placeholders` |
| prek hook. |
| - **Skills never mutate state without user confirmation.** If you |
| add a new action, write the proposal / confirm / apply shape into |
| the skill and the guardrails into AGENTS.md. See the existing |
| skills for the pattern. The skill-evals suite has explicit |
| guardrail cases that catch unconfirmed mutations. |
| - **Tool adapters declare their adopter-side variables.** If a |
| recipe varies per project (different Gmail domains, different |
| GitHub org, different board node IDs), the adapter declares the |
| variable and the active project's `<project-config>/project.md` |
| fills it in. The adapter does *not* read `<project-config>/` |
| itself — the calling skill resolves the variable and passes it |
| via environment. |
| - **Skill behaviour changes require eval updates.** If you change |
| what a skill should output for a given input, the corresponding |
| eval case under [`tools/skill-evals/evals/<skill>/`](tools/skill-evals/evals/) |
| needs its `expected.json` updated in the same PR. See AGENTS.md |
| *Keeping evals and mode-economics in sync* for the rule. |
| |
| ## Authoring with an agent |
| |
| Most contributions to this repository are authored **agentically**, |
| in a conversation between you and a coding agent (Claude Code today; |
| any of the harnesses tracked in [Agent harnesses](#agent-harnesses) |
| once their adapters land). The loop is different from traditional |
| programming, and worth describing explicitly — getting the rhythm |
| right is the difference between a smooth contribution and a |
| frustrating one. |
| |
| **The framework is code at two abstraction levels.** The bulk — |
| skills, tool contracts, RFCs — is English, executed by an agent |
| (see [English as code](#english-as-code)). The minority — Python |
| and Groovy bridges under [`tools/`](tools/) — is traditional- |
| programming-language code, executed by `python` / `groovy`. Both |
| layers are best authored by describing intent to the agent and |
| reviewing the diff, not by typing each line by hand. The artefact |
| you ship is text; the *method* by which the text gets produced is |
| a conversation. |
| |
| **Lead with intent, not with code.** When you sit down to make a |
| change, open with **what** you want and **why** — not a code |
| snippet, not a file path, not a half-drafted solution. The agent's |
| job is to figure out **how**. Examples of good opening prompts: |
| |
| - *"I want `security-issue-triage` to also flag reports that arrive |
| with a draft GHSA URL in the body. Why: those reports are |
| almost always pre-coordinated by an external CNA, and the |
| current flow treats them as fresh inbound — which wastes a |
| triage cycle. Find the right step and propose the change."* |
| - *"Add a Bugzilla bridge per `tools/<system>/tool.md`. Why: see |
| issue #302 — Apache OpenOffice is blocked on this. Don't write |
| the full implementation yet; first show me the contract surface |
| (subcommand list + flag shapes) and we'll iterate."* |
| - *"The placeholder linter is flagging a false positive on |
| `<security-list>` inside a quoted block. Why: the rule is "no |
| hardcoded project names in skill prose", and quoted examples |
| *are* prose. Trace the rule, propose the narrowest fix that |
| preserves the original intent, and run the existing tests."* |
| |
| Each of these is **intent-first**. You're telling the agent the |
| shape of the answer and the constraint that matters, then handing |
| over the synthesis. The agent will surface decisions you didn't |
| think of (which is exactly what you want it to do) — and you'll |
| correct the ones it gets wrong. |
| |
| **Iterate, don't dictate.** Once the agent proposes a change, treat |
| the proposal as a draft, not a final. The loop is: |
| |
| 1. **Agent proposes** — a diff, a new file, a refactor plan. |
| 2. **You read carefully** — does the change match what you meant? |
| Does it respect the placeholder convention? Does it follow the |
| proposal / confirm / apply pattern? Does it touch files outside |
| the intended layer? |
| 3. **You push back specifically** — *"the variable name should |
| match what `tools/jira/tool.md` calls it"*, *"this needs a |
| guardrail case in the eval suite"*, *"don't add a comment that |
| restates the function name"*. Specific corrections converge fast; |
| vague ones produce mush. |
| 4. **Agent revises** — and the loop repeats. |
| 5. **Tests run** — `prek run --all-files`, `uv run pytest` in the |
| affected Python package, the eval suite for the affected skill. |
| When something fails, the failure is part of the conversation — |
| show the agent the error, let it diagnose. |
| |
| The conversation usually converges in three or four rounds. If |
| it doesn't, the intent was probably under-specified — back up, |
| restate the goal more sharply, and try again from a clean turn. |
| |
| **Probe boundary conditions explicitly.** This is the single |
| highest-leverage habit. After the agent has a working first cut, |
| ask: |
| |
| - *"What happens if the field is empty? If it's malformed JSON? |
| If the upstream API returns a 503? If two skills disagree on the |
| same input?"* |
| - *"What's the smallest input that breaks this?"* |
| - *"What's the existing skill / tool that does something similar — |
| and does this change behave the same way at the edges?"* |
| |
| The agent will often find edge cases it didn't handle, propose |
| fixes, and (importantly) codify the edge cases as eval fixtures |
| or test cases. That codification is what stops the same edge case |
| regressing six months later when somebody else iterates on the |
| same skill. |
| |
| **Author = editor; agent = typist with opinions.** Your job is |
| to know what *should* exist and to recognise when the draft has |
| landed. The agent's job is to type confidently, surface decisions, |
| and push back when your instruction is internally inconsistent. |
| Both jobs are essential — neither side runs the loop alone. When |
| the agent says *"this contradicts the rule in AGENTS.md line 47"* |
| or *"the eval case under `step-3-classify/` will fail with this |
| change"*, listen — that's the agent earning its seat. |
| |
| **Where traditional programming languages enter the picture.** The |
| Python and Groovy bridges under `tools/` are written in lower-level |
| languages with stronger machine-checked feedback than the English |
| layer gets. Both layers are code (see |
| [English as code](#english-as-code)); they differ in what *catches* |
| your mistakes — `pytest` / `mypy` / `ruff` catch syntactic and type |
| bugs deterministically; the eval suite catches semantic regressions |
| in skill behaviour. The loop is the same — intent-first, iterate, |
| probe edges — but for the Python / Groovy pieces the inner-loop |
| feedback is faster. When working on a Python bridge: |
| |
| - Run `uv run pytest` *between every revision*, not just at the |
| end. A failing test halfway through is information; a stack of |
| failing tests at the end is a mess. |
| - `mypy` errors are the agent's responsibility to diagnose, not |
| yours — paste the error back into the conversation and let the |
| agent reason about it. |
| - Resist the temptation to hand-edit the agent's code mid-loop. |
| If something needs to change, *tell the agent what to change* — |
| hand-edits desynchronise the agent's mental model from the |
| actual file and the next iteration drifts. |
| |
| **Concrete first moves.** The framework provides agent entry |
| points for the two most common authoring tasks: |
| |
| - **New skill** — invoke [`/magpie-write-skill`](skills/write-skill/SKILL.md). |
| The meta-skill walks you through the framework's skill shape |
| (frontmatter, resources, placeholder convention, prompt-injection |
| defences, privacy-LLM gate-check), scaffolds the directory, and |
| validates the result via [`skill-and-tool-validator`](tools/skill-and-tool-validator/). |
| - **Modify an existing skill** — open the conversation with the |
| skill's `SKILL.md` in context. State what behaviour should change |
| and why; the agent will propose the diff plus the eval-case |
| updates that go with it. |
| - **New tool bridge** — start from the contract doc (`tools/<system>/tool.md` |
| or [`tools/mail-source/contract.md`](tools/mail-source/contract.md)) |
| and the closest existing bridge as a reference. Ask the agent to |
| draft the subcommand surface first, then the implementation, then |
| the README. |
| - **Documentation change** — quote the existing prose, state what |
| feels wrong, let the agent propose a rewrite. Doc PRs are the |
| fastest agentic loop in the repository. |
| |
| **When the agent gets stuck or goes in circles**, the usual causes: |
| the intent is under-specified (restate it more sharply); the agent |
| is missing context from a file it didn't read (point at the file |
| explicitly); the change spans more than one concern (split the |
| work). Walking away for a minute and coming back with a fresh |
| opening prompt often beats forcing the existing conversation to |
| converge. |
| |
| **The agent is not the reviewer.** Once you're happy with the |
| change, **you** are responsible for the PR — its scope, its |
| commit message, its description, and its correctness. CI, the |
| eval suite, and the human reviewer on the PR are the |
| verification layer. The agentic loop produces the artefact; the |
| PR review process verifies it. Both are necessary; neither |
| substitutes for the other. |
| |
| ## Running the dev loop |
| |
| Every change should pass `prek run --all-files` locally before you |
| open a PR — CI runs the same config. The hook set: |
| |
| - **`doctoc`** — regenerates TOCs on every `.md` file (except |
| skill `SKILL.md` files, which keep YAML frontmatter at the top, |
| and skill-evals fixture/README files). |
| - **`pre-commit-hooks`** — `end-of-file-fixer`, `trailing-whitespace`, |
| `mixed-line-ending`, `check-merge-conflict`, `detect-private-key`. |
| - **`markdownlint-cli2`** — flags structurally bad markdown |
| (broken anchors via MD051, dangling link refs via MD053). |
| Style choices are intentionally left alone. |
| - **`typos`** — fast spell-checker. Allowlist of project-specific |
| terms (`CNA`, `Vulnogram`, `ponymail`, etc.) in `.typos.toml`. |
| - **`check-placeholders`** — local script at |
| [`tools/dev/check-placeholders.sh`](tools/dev/check-placeholders.sh) |
| that refuses hardcoded references like `apache/airflow` or |
| `Apache Airflow` inside `skills/` or `tools/`. The |
| framework convention is the `<PROJECT>` / `<tracker>` / |
| `<upstream>` placeholder set. |
| - **Per-package Python checks** — `ruff check`, `ruff format --check`, |
| `mypy`, `pytest` against each `tools/*/` Python package, scoped |
| to changes inside that package directory via the hook's `files:` |
| pattern. |
| |
| Separate GitHub workflows: |
| |
| - **`pre-commit.yml`** — runs `prek run --all-files` in CI. |
| - **`zizmor.yml`** — lints GitHub Actions workflows for known-bad |
| patterns; runs on every PR. |
| The link check ([lychee](https://lychee.cli.rs/)) is **not** a |
| separate workflow — it runs as the `lychee` hook inside |
| `prek run --all-files` (the `pre-commit.yml` workflow above), and so |
| is part of the required `prek` status check. It is a **hard gate**: a |
| single broken internal link, dead `#anchor` fragment, or unreachable |
| external URL fails `prek` and blocks merge. The hook is |
| `language: rust`, so prek installs lychee itself — `prek run lychee` |
| locally (no separate lychee install needed) catches the same errors |
| before you push. |
| |
| To run a single Python package's tests directly: |
| |
| ```bash |
| cd tools/skill-and-tool-validator |
| uv run pytest |
| ``` |
| |
| To run a Groovy tool directly: |
| |
| ```bash |
| groovy tools/jira/bridge.groovy projects |
| ``` |
| |
| To run skill-evals for one skill: |
| |
| ```bash |
| PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner \ |
| tools/skill-evals/evals/security-issue-import/ |
| ``` |
| |
| See [`tools/skill-evals/README.md`](tools/skill-evals/README.md) |
| for the full eval invocation surface (single step, single case, |
| agent self-eval mode). |
| |
| ## Opening a pull request |
| |
| - **Base branch:** `main`. Do not open PRs against any other branch |
| unless explicitly coordinated. |
| - **Scope:** one concern per PR. A skill change, a tool-adapter |
| addition, and a doc update land as separate PRs. |
| - **Commit message:** Conventional Commits style — `feat(skills): …`, |
| `fix(tools/github): …`, `docs(rfcs): …`, `chore(deps): …`, etc. |
| Imperative-present subject, ≤72 chars, plain prose body |
| explaining *why*. Pass via HEREDOC to preserve formatting: |
| |
| ```bash |
| git commit -m "$(cat <<'EOF' |
| feat(tools/foo): add bar capability |
| |
| Why: skills X and Y need a way to do Z; previously they shelled |
| out to a one-off snippet that didn't survive a sandbox change. |
| |
| EOF |
| )" |
| ``` |
| |
| - **PR description:** one `## Summary` section (1–3 bullets of |
| *what changed and why*) and one `## Test plan` section (how you |
| verified). The `gh pr create` template in this repo matches. |
| - **CI gates:** `prek run --all-files`, `zizmor`, `lychee`, and |
| every entry in the `tests-ok` pytest-matrix umbrella must pass. |
| All gates run automatically on every PR. |
| - **Reviews:** at least one approval from a repo collaborator. Any |
| change that edits [`AGENTS.md`](AGENTS.md), an RFC, or a skill |
| file should get an extra set of eyes because those ripple into |
| every future sync. |
| - **Rebase + prek before push.** Hooks auto-fix many issues; CI |
| rejects unfixed. Standard incantation: |
| |
| ```bash |
| git fetch origin main |
| git rebase origin/main |
| prek run --all-files |
| git push |
| ``` |
| |
| ## Your first contribution |
| |
| Good entry points, in rough order of ramp-up cost: |
| |
| 1. **Pick a [`good first issue`](https://github.com/apache/magpie/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).** |
| The current backlog has 24+ such issues, including 22 net-new |
| tool / adapter bridges and per-CLI runtime ports tracked at |
| [#301–#322](https://github.com/apache/magpie/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22+sort%3Acreated-desc). |
| Before you start work, please leave a comment on the issue so a |
| maintainer can assign it to you. That keeps two people from working |
| on the same issue at the same time. |
| Two clusters: |
| - **Tool bridges** ([#301–#312](https://github.com/apache/magpie/issues/301)) — JIRA write path, Bugzilla, IMAP / mbox concrete wiring, GitLab, Mailman 3 / Hyperkitty, Discourse, Zulip, Matrix, Forgejo, OSV.dev, Pagure. |
| - **Agent-CLI runtime adapters** ([#313–#322](https://github.com/apache/magpie/issues/313)) — Codex, Gemini, local-LLM, Cursor, Aider, gh-copilot, Goose, Amazon Q, Junie, OpenHands. |
| |
| Each issue is self-contained: tool location, suggested |
| capabilities, why-useful context, references to existing tools |
| to mirror the shape of. |
| |
| 2. **Documentation improvements.** Read a skill or a doc, find a |
| gap or a stale reference, fix it. The `docs/setup/`, |
| `docs/security/`, and `docs/pr-management/` trees are all |
| actively curated and welcome refinement. The `link-check` |
| workflow surfaces broken anchors and dead URLs daily — work |
| from that report is high-value. |
| |
| 3. **Eval fixtures.** [`tools/skill-evals/evals/`](tools/skill-evals/evals/) |
| has 380+ cases across 18 skills, but every skill could use more |
| edge cases. A new fixture is a directory with `input.json` + |
| `expected.json` + a `README.md` describing the scenario. |
| Lower friction than skill code changes — no model behaviour |
| change, just better test coverage. See |
| [`tools/skill-evals/README.md`](tools/skill-evals/README.md) |
| for the fixture format. |
| |
| 4. **A new skill via [`/magpie-write-skill`](skills/write-skill/SKILL.md).** |
| The meta-skill walks you through the framework's skill shape |
| (frontmatter, resources, placeholder convention, prompt-injection |
| defences, privacy-LLM gate-check) and validates via |
| [`skill-and-tool-validator`](tools/skill-and-tool-validator/). The scaffold puts |
| you in the right shape from the start. |
| |
| 5. **A tool-bridge implementation** (the hardest of these but the |
| most rewarding for a first contribution if you're comfortable |
| with API design). Pick a `tool/*` stub or a `good first issue` |
| bridge, follow the contract in `tools/<system>/tool.md` (or for |
| mail backends, [`tools/mail-source/contract.md`](tools/mail-source/contract.md)), |
| land a Python or Groovy implementation, document the adapter |
| surface variables, and add eval cases for any new skill steps |
| that depend on it. |
| |
| If you're not sure which is the right fit, open a draft issue |
| describing what you want to try and a maintainer will route you. |
| |
| ## Confidentiality |
| |
| This repository (`apache/magpie`) is **public**. The |
| confidentiality rules in AGENTS.md primarily apply to **adopters' |
| own tracker repositories**, which are private (security tracker |
| contents must never appear on a public surface). But contributors |
| to this framework repo should still know the rules — most skills |
| deal with mail / tracker contents at runtime, and skill prose can |
| inadvertently leak information shape. |
| |
| Practical rules for *this* repo: |
| |
| - **Never paste real reporter PII into a fixture, eval case, or |
| doc example.** Use synthetic names and synthetic emails — the |
| existing fixtures all do. |
| - **Never paste a real security tracker URL or `#NNN` reference |
| into a skill or doc.** Use `<tracker>#NNN` or a synthetic |
| placeholder. |
| - **Never paste real CVE allocation tool URLs that leak |
| pre-publication CVE IDs.** Use `<cve-allocate-url>` or the |
| redacted variant. |
| - **Reporter-supplied CVSS scores are informational only** — never |
| treat them as authoritative in skill prose. Full rationale in |
| [`AGENTS.md`](AGENTS.md). |
| - **Per-user config (`user.md`)** stays in adopter repos, |
| gitignored. It never lives here. |
| |
| Anything you're unsure about, ask in the PR description or open a |
| draft and tag a maintainer. |
| |
| ## Authoritative references |
| |
| When this file and a layer-specific doc disagree, the |
| layer-specific doc wins. Re-read it first: |
| |
| - [`MISSION.md`](MISSION.md) — establishment proposal; the *why*. |
| - [`README.md`](README.md) — framework overview and adoption |
| entry point. |
| - [`AGENTS.md`](AGENTS.md) — editorial and confidentiality rules. |
| - [`docs/rfcs/RFC-AI-0004.md`](docs/rfcs/RFC-AI-0004.md) — the six |
| principles that govern every change. |
| - [`docs/rfcs/`](docs/rfcs/) — full RFC set. |
| - [`docs/setup/`](docs/setup/) — adoption, sandbox, privacy-LLM, |
| override workflow. |
| - [`skills/<name>/SKILL.md`](skills/) — the |
| workflow each skill enforces. |
| - [`tools/<name>/`](tools/) — per-tool adapter contracts. |
| - [`tools/skill-evals/README.md`](tools/skill-evals/README.md) — |
| the eval harness and fixture format. |
| - [`tools/skill-and-tool-validator/README.md`](tools/skill-and-tool-validator/README.md) — |
| the SKILL.md validation contract. |