Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/community-integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@ jobs:
$argsList = @(
'scripts/community/validate_integration.py',
'--branch',
'${{ github.head_ref }}'
'${{ github.head_ref }}',
'--repository-full-name',
'${{ github.repository }}'
)
if (Test-Path -LiteralPath .pr-body.md) {
$argsList += @('--pr-body-file', '.pr-body.md')
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
- Update Architecture Workflow extension to v1.2.2 with full-workflow commands and readiness validators.
- Update Spec Kit Preview extension to v1.2.0 with structured IR-backed mid-fidelity previews.
- Update Intake extension to v0.1.3 with HTML SSOT validation and bounded visual inference gates.
- Update bundled Repository Governance extension with SSOT index projections, Zed target mapping, and bounded evidence scanning.
- Update bundled Repository Governance extension to v2.0.2, including the `/speckit.repository-governance.refresh` command, `.specify/memory/repository-governance.md` internal cache, and default bundled installation behavior.
- Update bundled Workflow Preset documentation for v1.3.2 Final Code Review task generation and structured code review receipts.

Expand Down
4 changes: 4 additions & 0 deletions extensions/repository-governance/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
- Restrict custom `context_file` projection targets to safe agent/rules/instructions context paths.
- Tighten generated write-boundary instructions around cache-free active-target generation, `CONTEXT_FILES` legacy cleanup, and protected-write validation gates.
- Rename the public command and packaged script from `refresh` to `generate`.
- Separate generator operations from generated target-file guidance, require clarification for missing vertical SSOT, add explicit Zed target mapping, and bound repository-local skill projection.
- Collapse generated target content into SSOT index entries and remove expanded repository evidence, repository area, skill capability, and development command lists from active targets.
- Keep SSOT index source refs complete while narrowing Agent Harness SSOT refs to explicit governance entrypoints and treating ordinary `SKILL.md` files as evidence only.
- Bound route evidence scanning to cached project files and text candidates, narrow Directory Structure fallback wording, and treat extension metadata as Engineering SSOT only for this extension source repository.

## [3.0.0] - 2026-06-25

Expand Down
51 changes: 29 additions & 22 deletions extensions/repository-governance/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,32 @@ Generate project-governance projections for the active Spec Kit agent platform t

- Active agent platform target from safe `context_file` override or Spec Kit integration metadata.
- Generated `PROJECT GOVERNANCE` projection file.
- Target file content is a runtime project-governance entrypoint for coding agents, not a generator operations manual.

## Scope

- Generate the resolved active agent platform target when missing.
- Update existing active target project-governance projections.
- Distill detected repository areas into action rules.
- Capture repository facts as vertical SSOT evidence and routing input.
- Structure generated instructions with Copilot-like repository-wide, path-scope, and agent-harness layers.
- Scan repository areas as bounded evidence for missing-SSOT fallback.
- Capture repository facts as bounded evidence for gap handling and CLI reporting.
- Structure generated instructions as repository-wide, path-scope, and agent-harness guidance.
- Project agent platform adapter rules from Spec Kit integration metadata.
- Build a scenario capability index for repository-local skills and MCP-backed external tool evidence.
- Analyze repository areas to depth 2 only.
- Include hidden and cache directories in repository area governance.
- Enforce one primary responsibility per directory.
- Index only explicit SSOT content entrypoints in the generated SSOT index.
- Report repository-local skills and MCP config files as evidence candidates only unless an explicit Agent Harness SSOT source names them.
- Analyze repository areas to depth 2 only for evidence and CLI summaries.
- Use Directory Structure fallback only when the Directory Structure SSOT is missing and task scope is explicit.
- Overwrite the active agent platform target on generation.
- Do not generate Copilot `.github/instructions/*.instructions.md` companion files.
- Generate repository evidence from the current repository state on every run.
- Review only the active agent platform target.
- Remove legacy managed sections only from non-active context files enumerated by `CONTEXT_FILES`.
- Missing vertical SSOT is reported as a clarification need for governed changes; generated output must not invent repository policy from descriptive repository evidence.
- Do not project full repository fact inventories, repository area lists, skill capability lists, or development command lists into the active target.

## Install

```bash
specify extension add repository-governance --from https://github.com/bigsmartben/spec-kit-agent-governance/archive/refs/tags/v3.0.1.zip
specify extension add repository-governance --from https://github.com/bigsmartben/spec-kit-agent-governance/archive/42f0cb04891a29a4c05973b7fa5e746a7e0f8dd4.zip
```

Local development:
Expand Down Expand Up @@ -62,34 +65,38 @@ uv run python tools/build_repository_governance_zip.py
- `scripts/generate_repository_governance.py`
- `templates/repository-governance-template.md`

## Vertical SSOT Coverage
## SSOT Index

- Architecture SSOT evidence from source roots, extension source assets, route files, API contracts, and deployment directories.
- Engineering SSOT evidence from CI workflows, release/version files, command/template governance contracts, manifests, lockfiles, task runners, extension assets, build config, runtime config, Docker, and compose files.
- Code Style SSOT evidence from formatter, lint, type-check, and test configuration.
- Directory Structure SSOT evidence from repository areas scanned to depth 2.
- Agent Harness SSOT evidence from active agent context files, Spec Kit metadata, repository-local skills, and MCP config candidates.
- Architecture SSOT index: status, source_refs, and gap code.
- Engineering SSOT index: status, source_refs, and gap code.
- Code Style SSOT index: status, source_refs, and gap code.
- Directory Structure SSOT index: status, source_refs, and gap code.
- Agent Harness SSOT index: status, source_refs, and gap code.
- Repository-level and nested project evidence is scanned through explicit path families with bounded parent depth, but only explicit SSOT content entrypoints become SSOT index source_refs.
- `extension.yml` and `.extensionignore` are Engineering SSOT refs only in this extension source repository; other projects report them as evidence.

## Instruction Layers

- Repository-wide instructions summarize authority, active-target scope, write boundaries, validation commands, and handoff expectations.
- SSOT index maps Architecture, Engineering, Code Style, Directory Structure, and Agent Harness categories to source_refs and gap codes.
- SSOT routing maps task types and path families to Architecture, Engineering, Code Style, Directory Structure, and Agent Harness SSOT entries.
- Path and task scope rules keep generated guidance deterministic without expanding the write surface.
- Agent harness instructions cover adapter behavior, repository-local skills, MCP discovery, external tools, permissions, and failure handling.
- Copilot's instruction model is a structural reference only; this extension still emits one active target file.
- The extension emits one active target file and does not generate platform companion instruction files.

## Evidence Coverage
## Evidence Discovery

- Repository fact evidence from README files, project docs, repository policy files, feature specs, source/test paths, and runtime/build configuration.
- Development command evidence from package scripts or Python/uv test conventions.
- Repository facts are scanned from README files, project docs, repository policy files, feature specs, source/test paths, nested manifests, and runtime/build configuration.
- Development command sources are scanned from package scripts or Python/uv test conventions.
- Scanned facts feed missing-SSOT handling and CLI evidence summaries; they are not projected as SSOT source_refs or full content lists into the active target unless they are explicit SSOT content entrypoints.

## Agent Adapter

- Repository Capability: abstract repository-local skill specs and MCP evidence into scenario-level capabilities.
- Spec Kit Agent Adapter: map the active integration to the active agent platform target and supported discovery behavior.
- Platform Projection: emit only rules the active agent platform target can safely apply.
- Repository capability layer: source-backed repository-local skills and MCP candidates only.
- Agent adapter layer: use explicit integration support when available; otherwise use generic fallback rules.
- Platform projection layer: apply only rules supported by the active target file.

Repository-local `SKILL.md` files are indexed by declared name, description, trigger, and source path. MCP config files are reported as candidates and evidence only; active servers, resources, and tools must be enumerated from the agent platform runtime before use.
Repository-local `SKILL.md` files are reported as evidence and read when they match the task; they are not Agent Harness SSOT source_refs unless an explicit Agent Harness SSOT source names them. MCP config files are reported as candidates and evidence only; they are not SSOT source_refs, and active servers, resources, and tools must be enumerated from the agent platform runtime before use.

## Verify

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,57 +12,24 @@ $ARGUMENTS

- Active agent platform target.
- Generated `PROJECT GOVERNANCE` projection file.
- Copilot-like instruction layers inside the single active target.
- Project-governance instructions for the active coding-agent platform.

## Procedure

1. Require `.specify/`.
2. Resolve the active agent platform target:
- `.specify/init-options.json` `context_file` when it is a safe relative agent/rules/instructions context path
- `.specify/integration.json` `default_integration` or `integration`
- default context target from `CONTEXT_FILES`
3. Generate or overwrite the active agent platform target.
4. Reference the Copilot custom-instructions model for projection structure, but emit only the active agent platform target.
- repository-wide instructions
- path and task scope routing
- agent harness guidance
- no `.github/instructions/*.instructions.md` companion files
5. Distill detected repository areas into action rules.
- depth: 2
- include hidden and cache directories
6. Capture repository facts from the current repository state as vertical SSOT evidence and SSOT routing input.
- Architecture evidence
- Engineering evidence
- Code Style evidence
- Directory Structure evidence
- Agent Harness evidence
- README, project docs, repository policy, and Spec Kit metadata
- extension assets, command/template governance contracts, manifests, lockfiles, task runners, build config, and runtime config
- feature specs, API contracts, source paths, and test paths
- development commands from package scripts or Python/uv test conventions
7. Resolve deterministic SSOT routing rules by task type and path family.
- Architecture SSOT for source, route, API, runtime, infra, dependency-boundary, and architecture decision work
- Engineering SSOT for build, release, CI, manifest, lockfile, command, template, package, and runtime configuration work
- Code Style SSOT for formatting, linting, typing, testing, logging, comments, naming, and error-handling work
- Directory Structure SSOT for new files, moved files, generated assets, and directory responsibility work
- Agent Harness SSOT for agent instructions, permissions, MCP, external tools, skills, validation, and failure handling
8. Resolve the Spec Kit Agent Adapter for the active integration.
- active agent platform target
- repository-local skill discovery behavior
- MCP runtime discovery behavior
- repository MCP config candidates as evidence only
9. Project the scenario capability index.
- repository-local skill capabilities from `SKILL.md` name, description, trigger, and source path
- MCP-backed external tool capability with runtime enumeration before use
10. Run:
2. Run the deterministic projection helper:

```bash
uv run python .specify/extensions/repository-governance/scripts/generate_repository_governance.py
```
3. Review only the reported active agent platform target.
4. Treat repository evidence in the report as descriptive source-backed context, not as generated implementation work.

## Report

- active agent platform target
- generated or updated
- review target
- captured evidence from the current repository state
- SSOT content index summary
- descriptive evidence scan summary
- unresolved risks or clarification needs
Loading