Skip to content

feat: achieve full compliance with Agent Skills spec#117

Merged
avoidwork merged 8 commits into
mainfrom
impl/fix-skill-spec-compliance
Jun 6, 2026
Merged

feat: achieve full compliance with Agent Skills spec#117
avoidwork merged 8 commits into
mainfrom
impl/fix-skill-spec-compliance

Conversation

@avoidwork
Copy link
Copy Markdown
Owner

@avoidwork avoidwork commented Jun 6, 2026
edited
Loading

Summary

Complete implementation compliant with the Agent Skills specification. Skills are discovered from SKILL.md files using YAML frontmatter parsing, validated against spec constraints, and loaded progressively for minimal token usage.

Spec Compliance

Frontmatter Fields

  • name (required, max 64 chars): lowercase alphanumeric + hyphens only, no consecutive hyphens, no start/end hyphen, must match parent directory
  • description (required, max 1024 chars): non-empty string describing what the skill does and when to use it
  • license (optional): string specifying the skill license
  • compatibility (optional, max 500 chars): environment requirements
  • metadata (optional): arbitrary string-to-string key-value map
  • allowed-tools (optional): space-separated pre-approved tool list

Directory Structure

  • Skills live in skill-name/ directories containing SKILL.md (required)
  • Optional scripts/, references/, assets/ directories supported

Progressive Disclosure

  • Tier 1 (~100 tokens): catalog of name, description, and location loaded at startup
  • Tier 2 (<5000 tokens): full SKILL.md body loaded only when skill is activated
  • Tier 3 (on demand): files in scripts/references/assets loaded as needed

Changes

Core Implementation

  • src/skills/discoverer.js: SKILL.md frontmatter parsing with YAML error recovery, recursive directory scanning, dotfile/node_modules filtering, .agents/skills/ shadow detection
  • src/skills/validator.js: Spec-compliant validation of name, description, and optional fields with lenient warning-based approach
  • src/skills/registry.js: SkillRegistry with getCatalog() for tier 1, getSkillBody() for tier 2, progressive disclosure lifecycle, error logging for silent rejections
  • src/skills/types.js: Zod schemas for metadata, permissions, and execution context

Tool Integration

  • src/tools/skills.js: Updated to use catalog-based API, generates skill catalog prompt for system injection
  • src/tools/index.js: Updated tool factories and permissions

Safety Improvements

  • Removed dead code: the name regex already enforces hyphen rules (no consecutive, no start/end)
  • Added shadow warnings: .agents/skills/ skills that override others produce console.warn
  • Added rejection logging: skills failing validation now log which fields caused rejection

Testing

  • 1016 tests passing
  • Unit tests: 32 tests for frontmatter extraction, YAML parsing, discoverer, validation
  • Tests mirror source structure under tests/unit/

Threat Model

  • Skill files are read-only (no write during discovery)
  • Skills are executed through the sandbox with permission scoping
  • .agents/skills/ shadowing is explicit (warns, does not silently override without notification)
  • All external file access goes through the path resolver

@avoidwork
feat: migrate skills to SKILL.md frontmatter spec
e059d07 
- Replace skill.yaml/skill.json with SKILL.md YAML frontmatter parsing
- Drop inputSchema/outputSchema fields (not part of Agent Skills spec)
- Add license, compatibility, metadata, allowed-tools fields
- Implement progressive disclosure (catalog + getSkillBody)
- Rewrite validator with lenient spec constraint enforcement
- Replace fork with spawn in sandbox runner for cross-language support
- Add cross-client directory scanning (.agents/skills/)
- Remove skills_list from tool permissions, keep skill_view for TUI
- Add trustProjectSkills and skillScanPaths config defaults
- Update full test suite for new skill discovery and validation
@avoidwork avoidwork self-assigned this Jun 6, 2026
avoidwork added 4 commits June 6, 2026 15:40
@avoidwork
fix: ensure skills/ directory is created on app init
a64ab29 
Add ensureSkillsDir() similar to ensureSessionsDir() so the
application creates the skills/ directory on startup, matching
the initialization pattern used for memory/sessions/.
@avoidwork
refactor: rename src/registry to src/skills
7e1c391 
The directory contains only skill-specific modules
(dispatcher, types, validator, permissions, registry).
Renaming to 'skills' matches the naming convention
used for the skills/ directory and is more intuitive.
@avoidwork
fix: export ensureSkillsDir from skills/index barrel
a8a437a 
Fix TypeError: the barrel export (src/skills/index.js) was missing
ensureSkillsDir, so index.js could not call it.
@avoidwork
fix: clarify silent skill rejections and shadow warnings
12f4090 
- Remove dead code from validateSkillName (regex already covers hyphen rules)
- Log reason when skill is rejected for validation failures (name mismatch)
- Emit warning when .agents/skills shadows a previously found skill
@avoidwork avoidwork changed the title feat: migrate skills to SKILL.md frontmatter spec feat: achieve full compliance with Agent Skills spec Jun 6, 2026
avoidwork added 3 commits June 6, 2026 16:16
@avoidwork
feat: inject skills catalog after system prompt
0f7e413 
Prepend generated skill catalog to the system prompt so the model
knows what tools are available for the task. Catalog follows the
system prompt and precedes memory entries.
@avoidwork
docs: mark all tasks complete
068c302 
All incomplete tasks were verified as actually implemented.
Updated tasks.md to reflect reality.
@avoidwork
chore: sync skills-registry spec after archiving fix-skill-spec-compl…
e0aab65 
…iance
@avoidwork avoidwork enabled auto-merge (squash) June 6, 2026 20:28
@avoidwork avoidwork merged commit f57410e into main Jun 6, 2026
2 checks passed
@avoidwork avoidwork deleted the impl/fix-skill-spec-compliance branch June 6, 2026 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@avoidwork avoidwork

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avoidwork