Skip to content

feat(bundle)!: pivot skill to anc; vendor agentnative-spec; delete duplicate shell checker#4

Merged
brettdavies merged 1 commit into
devfrom
feat/anc-pivot
Apr 27, 2026
Merged

feat(bundle)!: pivot skill to anc; vendor agentnative-spec; delete duplicate shell checker#4
brettdavies merged 1 commit into
devfrom
feat/anc-pivot

Conversation

@brettdavies
Copy link
Copy Markdown
Owner

@brettdavies brettdavies commented Apr 27, 2026
edited
Loading

Summary

The bundle stops reimplementing what anc already does and pivots to a guide that teaches agents how to use anc,
navigate the spec, and apply remediation patterns. Three architectural changes in one commit because they only make
sense together:

  1. Vendor agentnative-spec as the canonical principle source. scripts/sync-spec.sh mirrors agentnative-cli's
    vendoring script, retargeted to bundle/spec/. Pinned at v0.2.0 (matches the agentnative-cli pin at the time of
    this PR). The vendored tree carries machine-readable requirements[] frontmatter — the contract anc reads.
  2. Delete content that duplicates anc. bundle/scripts/check-compliance.sh + 24 check-*.sh files were a
    hand-rolled shell-script reimplementation of a Rust-source-only subset of anc's check matrix. anc supersedes
    them (behavioral + project + source layers, JSON scorecard, requirement_id citations, audit profiles).
    bundle/references/principles-deep-dive.md was a 419-line hand-typed paraphrase of the spec — replaced by the
    vendored bundle/spec/principles/. bundle/checklists/new-tool.md was a pre-anc 4-phase manual checklist whose
    Phase 4 invoked the now-deleted shell scripts — replaced by bundle/getting-started.md.
  3. Pivot SKILL.md and add getting-started.md. SKILL.md drops inline principle prose, points at
    bundle/spec/principles/ for canonical text, links getting-started.md for progressive disclosure, frames the
    three ecosystem artifacts (spec / anc / this skill). getting-started.md covers the agent's three loops
    (existing CLI / new Rust / other language), canonical anc invocations, and a "where things live" map.

Changelog

Added

  • Add vendored bundle/spec/ tree (agentnative-spec @ v0.2.0): VERSION, CHANGELOG.md, README.md, and seven
    principles/p*.md files with machine-readable requirements[] frontmatter — canonical principle text the skill
    now points at instead of paraphrasing.
  • Add bundle/getting-started.md covering three working agent loops (existing CLI / new Rust / other language),
    canonical anc check --output json invocations, and a "where things live" map.
  • Add scripts/sync-spec.sh so the bundle can re-vendor agentnative-spec on demand.

Changed

  • Breaking (install layout): Skill bundle no longer ships bundle/scripts/ or bundle/checklists/. Installers
    and consumers should fetch only the surviving directories: SKILL.md, getting-started.md, spec/, references/,
    templates/. The consumer's installed skill-directory shape (SKILL.md at the root) is unchanged.
  • Rewrite bundle/SKILL.md to drop inline principle prose, link bundle/getting-started.md and
    bundle/spec/principles/ for progressive disclosure, and frame the spec / anc / skill three-artifact ecosystem.
  • Reframe RELEASES.md SemVer guidance around the bundle's actual surface (markdown + templates + vendored spec)
    rather than deleted shell-script exit codes; document the spec-bump-vs-skill-version distinction.

Removed

  • Remove bundle/scripts/check-compliance.sh and 24 bundle/scripts/checks/check-*.sh files (plus _helpers.sh).
    anc check --output json is the canonical replacement.
  • Remove bundle/references/principles-deep-dive.md (419-line hand-typed paraphrase of the spec; canonical text now
    lives at bundle/spec/principles/).
  • Remove bundle/checklists/new-tool.md (pre-anc manual checklist; replaced by bundle/getting-started.md).

Type of Change

  • feat: New feature (non-breaking change which adds functionality)
  • BREAKING CHANGE: Breaking API change (requires major version bump)

(Marked both: pivots are additive at the agent-experience level — the skill now teaches anc — but the install
layout is a breaking change for any consumer who was fetching bundle/scripts/ or bundle/checklists/.)

Related Issues/Stories

  • Story: master plan Unit 1 — ~/dev/agentnative-site/docs/plans/2026-04-24-001-feat-skill-distribution-endpoint-plan.md
  • Issue: pre-release adversarial audit identified two architecture mistakes — (a) the bundle was reimplementing what
    anc already does, (b) the bundle had a hand-typed duplicate of agentnative-spec's principle text. Both
    resolved here.
  • Architecture: aligns this skill with the canonical brettdavies pattern — agentnative-cli vendors the spec via
    the same sync-spec.sh invariant; this PR makes agentnative-skill the third consumer of that pattern.
  • Related PRs: parallel sister PR pending in agentnative-spec to list agentnative-skill as a downstream consumer
    in its top-level AGENTS.md.

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing completed
  • All tests passing

Test Summary:

  • markdownlint-cli2 '**/*.md' — 0 errors across 26 markdown files (vendored bundle/spec/CHANGELOG.md is in
    ignores per upstream-edited content).
  • shellcheck --severity=style scripts/*.sh — exit 0 (only producer scripts remain; bundle has none).
  • actionlint .github/workflows/*.yml — exit 0.
  • scripts/sync-spec.sh — verified end-to-end against ~/dev/agentnative-spec @ v0.2.0; produces the seven
    expected principle files plus VERSION and CHANGELOG.md.
  • scripts/generate-changelog.sh --check — exit 0 (CHANGELOG.md has versioned section).

Files Modified

Modified:

  • .github/CODEOWNERS — drop bundle/scripts/** rule (path deleted); only producer-ops paths gate review.
  • .github/ISSUE_TEMPLATE/bug_report.md — rewrite routing prelude that sends anc bugs to agentnative-cli and
    spec-change requests to agentnative.
  • .github/workflows/ci.yml — shellcheck job now scans only ./scripts/ (the bundle has no shell scripts to lint).
  • .markdownlint-cli2.yaml — ignore bundle/spec/CHANGELOG.md (verbatim upstream content).
  • AGENTS.md, CONTRIBUTING.md, README.md — refresh layout tables, add spec-sync procedure, add issue routing
    table, document what is vendored vs hand-curated.
  • RELEASES.md — SemVer guidance updated to describe the bundle's surface area; spec-bump-vs-skill-version
    distinction documented.
  • bundle/SKILL.md — rewritten (61 added, 242 deleted).

Created:

  • bundle/getting-started.md
  • bundle/spec/{VERSION,CHANGELOG.md,README.md,principles/p1-p7.md} (10 files)
  • scripts/sync-spec.sh
  • .github/ISSUE_TEMPLATE/bundle_proposal.md — replaces principle_proposal.md; explicitly redirects principle-level
    changes to the spec repo and accepts only bundle-shape proposals.

Renamed:

  • .github/ISSUE_TEMPLATE/principle_proposal.md.github/ISSUE_TEMPLATE/bundle_proposal.md (rewritten in place;
    retargets to bundle changes only, redirects principle changes upstream)

Deleted:

  • bundle/checklists/new-tool.md
  • bundle/references/principles-deep-dive.md
  • bundle/scripts/check-compliance.sh
  • bundle/scripts/checks/_helpers.sh and 24 bundle/scripts/checks/check-*.sh files
  • .shellcheckrc (its three disables targeted the deleted bundle scripts; producer scripts pass shellcheck unmodified)

Breaking Changes

  • No breaking changes
  • Breaking changes described below:

The skill-install layout changes for any consumer who previously fetched bundle/scripts/ or bundle/checklists/.
Those paths no longer exist. Replacement workflow:

  • For compliance checking, install anc (brew install brettdavies/tap/agentnative or
    cargo install agentnative) and run anc check --output json. The full agent loop is in
    bundle/getting-started.md.
  • For principle text, read bundle/spec/principles/p<N>-*.md (vendored at the agentnative-spec ref shipping with this
    release).
  • For onboarding flow, read bundle/getting-started.md instead of bundle/checklists/new-tool.md.

Coordinate with the agentnative-site session before tagging v0.2.0 — the install endpoint at anc.dev/install
must adapt to fetch only the surviving bundle paths.

Deployment Notes

  • No special deployment steps required
  • Deployment steps documented below:

This PR lands on dev only. The actual v0.2.0 release follows the release/* flow per RELEASES.md:

  1. Cut release/v0.2.0 from origin/main.
  2. Cherry-pick non-docs commits from dev: this PR's squash commit + 893e253 (chore(repo): add version-controlled rulesets for main, dev, and release tags #1) + 80099fc (chore(repo): add AGENTS.md, PR template, RELEASES.md, guard-main-docs (lightweight release scaffold) #2) + bb5dce9
    (chore(repo): restructure bundle into bundle/, add changelog generator, expand governance #3). Skip the docs(plan): ... commits (632b4d1, e8d46e4, 774f969).
  3. Bump VERSION to 0.2.0. Run scripts/generate-changelog.sh to populate the [0.2.0] section.
  4. Open release/v0.2.0 → main PR; verify guard-docs / check-forbidden-docs passes.
  5. After merge: tag v0.2.0, run gh release create for both v0.1.0 (retroactive) and v0.2.0.
  6. Updated handoff to agentnative-site session: new SHA + bundle/ fetch instruction (only the surviving paths).

Checklist

  • Code follows project conventions and style guidelines
  • Commit messages follow Conventional Commits
  • Self-review of code completed
  • Tests added/updated and passing
  • No new warnings or errors introduced
  • Changes are backward compatible (or breaking changes documented)

@brettdavies
feat(bundle)!: pivot skill to anc; vendor agentnative-spec; delete du…
688ab88 
…plicate shell checker

The bundle stops reimplementing what `anc` already does and pivots to a
guide that teaches agents how to use anc, navigate the spec, and apply
remediation patterns. Three architectural changes in one commit because
they only make sense together.

1. Vendor agentnative-spec as the canonical principle source.
   - scripts/sync-spec.sh mirrors agentnative-cli's vendoring script,
     retargeted to bundle/spec/. Pinned at v0.2.0 (matches the
     agentnative-cli pin).
   - bundle/spec/{VERSION,CHANGELOG.md,README.md,principles/p*.md} —
     7 principle files with machine-readable requirements[]
     frontmatter, the SoT every consumer (anc, the site, this skill)
     reads from.

2. Delete content that duplicates anc.
   - bundle/scripts/check-compliance.sh + 24 check-*.sh files: a
     hand-rolled shell-script reimplementation of a Rust-source-only
     subset of anc's check matrix. anc supersedes them (behavioral +
     project + source layers, JSON scorecard, requirement_id
     citations, audit profiles). Reimplementing them in shell drifts
     silently from spec frontmatter and from anc's behavior.
   - bundle/references/principles-deep-dive.md: 419-line hand-typed
     paraphrase of the spec. Replaced by the vendored bundle/spec/
     principles, which carry the canonical text and frontmatter.
   - bundle/checklists/new-tool.md: pre-anc 4-phase manual checklist
     whose Phase 4 invoked the now-deleted shell scripts. Replaced by
     bundle/getting-started.md.

3. Pivot SKILL.md and add getting-started.md.
   - bundle/SKILL.md: rewritten. Drops inline principle prose, points
     at bundle/spec/principles/ for the canonical text, links
     getting-started.md for progressive disclosure, frames the three
     ecosystem artifacts (spec / anc / this skill).
   - bundle/getting-started.md: three loops (existing CLI / new Rust /
     other language), canonical anc invocations, "where things live"
     map. The agent's first read after SKILL.md.

Cross-ref updates:
   - README.md: layout reflects bundle/spec/ + getting-started; Bundle
     Contents section rewritten; routing table for spec/anc/skill
     issues added under Contributing.
   - AGENTS.md: layout table refreshed; "what an agent should NEVER
     do" gains "do not edit bundle/spec/ by hand" and "do not
     reimplement anc"; spec-sync procedure added.
   - CONTRIBUTING.md: where-to-file table routes principle changes to
     the spec repo, anc bugs to the anc repo, bundle changes here.
     "Touching the bundle" section spells out what's vendored vs
     hand-curated.
   - RELEASES.md: SemVer guidance updated to describe the bundle's
     surface area without referring to deleted shell-script exit
     codes; spec-bump-vs-skill-version distinction documented.
   - .github/CODEOWNERS: bundle/scripts/** rule removed (path gone);
     bundle is markdown-only, so only producer-ops paths gate review.
   - .github/workflows/ci.yml: shellcheck job now scans only ./scripts
     (the bundle has no shell scripts to lint).
   - .github/ISSUE_TEMPLATE/bug_report.md: rewrites the route-check
     prelude — anc bugs to agentnative-cli, spec changes to
     agentnative, bundle bugs here.
   - .github/ISSUE_TEMPLATE/bundle_proposal.md (renamed from
     principle_proposal.md): retargets template content from
     "propose a principle" to "propose a bundle change," with explicit
     redirect to the spec repo for principle changes.
   - .markdownlint-cli2.yaml: ignore bundle/spec/CHANGELOG.md
     (verbatim upstream content, not subject to local lint).
   - .shellcheckrc: removed (its three disables targeted the deleted
     bundle scripts; producer scripts pass shellcheck unmodified).

Out of scope here:
   - VERSION bump and CHANGELOG entry — both happen on release/v0.2.0
     per the cherry-pick flow. CHANGELOG is generated by
     scripts/generate-changelog.sh from this PR's body at release time.
   - Sister PR in agentnative-spec to list this repo as a downstream
     consumer in its top-level AGENTS.md.

BREAKING CHANGE: Skill bundle layout. Installers must fetch bundle/
(only) at a tagged commit SHA. The installed skill directory shape
under ~/.claude/skills/agent-native-cli/ is unchanged — SKILL.md still
at the root — but the producer-side fetch logic must target bundle/
rather than the repo root, and consumers no longer receive
bundle/scripts/ (deleted) or bundle/checklists/ (deleted).
@brettdavies brettdavies merged commit 0647342 into dev Apr 27, 2026
4 checks passed
@brettdavies brettdavies deleted the feat/anc-pivot branch April 27, 2026 23:00
brettdavies added a commit that referenced this pull request Apr 29, 2026
@brettdavies
chore(release): v0.2.0
647a83c 
Bump VERSION to 0.2.0 and regenerate CHANGELOG via
scripts/generate-changelog.sh against the cherry-picked PRs (#1, #2,
#3, #4, #6, #7, #8, #9, #11 plus the in-cherry-pick spec re-vendor +
RELEASES coordination edits).

Squash-merge of release/v0.2.0 onto main becomes the v0.2.0 anchor.
brettdavies added a commit that referenced this pull request Apr 29, 2026
@brettdavies
chore(release): v0.2.0
f2528e1 
Bump VERSION to 0.2.0 and regenerate CHANGELOG via
scripts/generate-changelog.sh against the cherry-picked PRs (#1, #2,
#3, #4, #6, #7, #8, #9, #10, #11). PR bodies were audited by
parallel subagents against .github/pull_request_template.md before
this regen — empty stubs removed, missing template sections
added, internal-detail bullets moved out of ## Changelog, PR #11's
nested sub-bullets flattened so the generator preserves them.

Squash-merge of release/v0.2.0 onto main becomes the v0.2.0 anchor.
@brettdavies brettdavies mentioned this pull request Apr 29, 2026
Merged
12 tasks
brettdavies added a commit that referenced this pull request Apr 29, 2026
@brettdavies
chore(release): v0.2.0
d66d5bd 
Bump VERSION to 0.2.0 and regenerate CHANGELOG via
scripts/generate-changelog.sh against the cherry-picked PRs (#1, #2,
#3, #4, #6, #7, #8, #9, #10, #11, #13). PR bodies were audited by
parallel subagents against .github/pull_request_template.md before
this regen.

PR #13 added CHANGELOG.md to .markdownlint-cli2.yaml ignores so the
generated long-line bullets no longer trip MD013 on the release CI run.

Squash-merge of release/v0.2.0 onto main becomes the v0.2.0 anchor.
brettdavies added a commit that referenced this pull request Apr 29, 2026
@brettdavies
release: v0.2.0 — agent-native CLI skill bundle public launch (#12)
2b10c84 
## Summary

First public release of the `agent-native-cli` skill bundle
(`agentnative-skill` repo). Establishes the canonical
brettdavies cherry-pick release pattern (`feature → dev → release/* →
main`), ships the flat install layout consumers
will pull via plain `git clone`, and lands the consumer-side
update-check mechanism that replaces the deprecated
`install.json` SHA-pin advisory.

Cherry-picks 10 dev PRs (#1#4, #6#11, #13) onto `origin/main` plus
three direct-to-release-branch fixup commits
(`9f6e276`, `23e1a76` from the bootstrap window) and the curated
`chore(release): v0.2.0` commit. PR #5 (docs-only
public-flip follow-up) stayed on `dev` per the cherry-pick rule. The
original in-cherry-pick spec re-vendor
(`837ab9a` → `1640460`) was converted to a real PR (#10) so the v0.2.0
CHANGELOG carries a curated bullet for the
spec v0.2.0 → v0.3.0 bump.

PR-body template alignment was audited by parallel subagents before this
regeneration — empty stubs removed, missing
template sections added, internal-detail bullets moved out of `##
Changelog`, PR #11's nested sub-bullets flattened.

## Changelog

### Added

- Version-controlled GitHub repository rulesets for `main`, `dev`, and
release tags (`v*`). Apply procedure documented in
`.github/rulesets/README.md`. by @brettdavies in #1
- `AGENTS.md` (root) describing the bundle layout, lint commands, branch
model, and hard rules for agents. by @brettdavies in #2
- `RELEASES.md` (root) documenting a release procedure for this repo
(later rewritten in #3 to the canonical full `release/*` pattern).
- `.github/pull_request_template.md` (canonical PR template).
- `.github/workflows/guard-main-docs.yml` caller for the
`brettdavies/.github` reusable workflow that blocks `docs/plans/`,
`docs/solutions/`, `docs/brainstorms/`, `docs/reviews/` from PRs
targeting `main`.
- `cliff.toml` — git-cliff configuration mirroring sibling repos. by
@brettdavies in #3
- `scripts/generate-changelog.sh` — release-time CHANGELOG generator.
Reads PR-body `## Changelog` sections and prepends a curated, attributed
`[X.Y.Z]` section. Authoritative; never hand-edit `CHANGELOG.md`.
- `CONTRIBUTING.md` — how to propose changes, link to release procedure.
- `.github/ISSUE_TEMPLATE/bug_report.md` + `bundle_proposal.md`
(replaces `principle_proposal.md` with corrected routing).
- Vendored `spec/` tree from `agentnative-spec` — `VERSION`,
`CHANGELOG.md`, `README.md`, and seven `principles/p*.md` files with
machine-readable `requirements[]` frontmatter. The skill points at this
canonical text instead of paraphrasing. by @brettdavies in #4
- `getting-started.md` covering three working agent loops (existing CLI
/ new Rust / other language), canonical `anc check --output json`
invocations, and a "where things live" map.
- `scripts/sync-spec.sh` for re-vendoring `agentnative-spec` on demand.
- `LICENSE-APACHE` — dual-license under MIT or Apache-2.0 (consumer's
choice). by @brettdavies in #6
- `bin/check-update` — gstack-style consumer-side update-check. Compares
the installed `VERSION` against the producer repo's `main`, emits
`UPGRADE_AVAILABLE <local> <remote>`, with cache TTL (60 min UP_TO_DATE
/ 720 min UPGRADE_AVAILABLE) and 3-level snooze (24h / 48h / 7d). State
directory: `$HOME/.cache/agent-native-cli/`. by @brettdavies in #8
- `SKILL.md` `## Update check` section documenting the script's
invocation and the `AskUserQuestion`-driven upgrade flow.

### Changed

- **BREAKING (install layout):** Skill content lives at the repo root
(`SKILL.md`, `bin/`, `spec/`, `references/`, `templates/`, `VERSION`).
Plain `git clone --depth 1` and `git pull --ff-only` are the
load-bearing install + update commands; no sparse-checkout magic, no
post-install scripts. by @brettdavies in #9 (final flat shape;
intermediate `bundle/` indirection from #3 reverted before launch).
- License changed from MIT-only to dual MIT or Apache-2.0 (no MIT
compatibility regression). by @brettdavies in #6
- Documentation now points at `https://anc.dev/skill` instead of
`https://anc.dev/install`. by @brettdavies in #7
- Spec content vendored under `spec/` re-vendored from
`agentnative-spec` v0.2.0 to v0.3.0. All 7 principles flip `status:
draft` → `status: active`; prose tightened across P1–P7 from upstream's
G11 red-team pass. No requirement IDs added/removed/renamed; no level
changes. by @brettdavies in #10
- `scripts/sync-spec.sh` no longer accepts `SPEC_REF`. The script always
vendors the latest `v*` tag, queried from `SPEC_REMOTE_URL` (default
`https://github.com/brettdavies/agentnative.git`) via `git ls-remote
--tags --sort=-version:refname` and shallow-cloned for extraction. On
any remote failure, falls back to the existing `SPEC_ROOT`-based logic
(default `$HOME/dev/agentnative-spec`). New env var `SPEC_REMOTE_URL`
overrides the remote; the temp clone is auto-cleaned on script exit via
trap. by @brettdavies in #11

### Fixed

- Harden `bin/check-update` against malformed local `VERSION` (apply
SemVer regex; malformed → silent exit) and against curl failure being
cached as UP_TO_DATE (skip cache write on network failure so the next
invocation retries). by @brettdavies in #8
- Align table pipes in `SKILL.md` and `getting-started.md` (markdownlint
MD060). by @brettdavies in #9

### Documentation

- `README.md` — License section rewritten to reflect dual licensing and
link both LICENSE files; tree row updated. by @brettdavies in #6
- `CONTRIBUTING.md` — License section rewritten: contributions are
dual-licensed at the consumer's option, no CLA, with an explicit pointer
to the Apache §3 patent grant.
- - `.markdownlint-cli2.yaml` excludes `CHANGELOG.md` from linting
(matches the existing exclusion for `spec/CHANGELOG.md`). Aligns lint
behavior with the `scripts/generate-changelog.sh` regen flow. by
@brettdavies in #13
- All public-facing markdown (`RELEASES.md`, `AGENTS.md`, `README.md`,
`spec/README.md`, `CONTRIBUTING.md`) scrubbed of SHA-pin model
vocabulary: pipeline diagram's "site re-pins to commit SHA" step, the
post-merge "site re-pins via its own PR" step, the `protect-tags.json` /
`install endpoints` claims that tags are pinned to install endpoints,
and the spec-vendor "pinned ref" / "pinned `SPEC_REF`" / "current pin is
recorded" vocabulary across all docs. The new model is plain `git clone`
+ `bin/check-update` for staleness; nothing pins to anything cross-repo.
by @brettdavies in #11

### Removed

- `bundle/scripts/check-compliance.sh` and 24
`bundle/scripts/checks/check-*.sh` files (plus `_helpers.sh`). `anc
check --output json` is the canonical replacement. by @brettdavies in #4
- `bundle/references/principles-deep-dive.md` (419-line hand-typed
paraphrase of the spec; canonical text now lives at `spec/principles/`).
- `.github/ISSUE_TEMPLATE/principle_proposal.md` (replaced by
`bundle_proposal.md` with corrected routing).
- `.shellcheckrc` (its three disables targeted the deleted bundle
scripts; producer scripts pass shellcheck unmodified).

## Type of Change

- [x] `chore`: Maintenance tasks (release engineering)
- [x] `BREAKING CHANGE`: Install layout changes (no v0.1.0 consumers
exist; see Breaking Changes section)

## Related Issues/Stories

- Architecture:
`docs/plans/2026-04-27-001-bootstrap-agentnative-skill-plan.md` —
bootstrap plan (task #15: launch-eve cherry-pick + admin-bypass decision
recorded `2026-04-28`).
- Architecture:
`docs/plans/2026-04-28-001-feat-update-check-mechanism-plan.md` —
update-check mechanism plan (drove PR #8 + the SHA-pin removal across PR
#11 / repo docs).
- Cross-repo: `agentnative-cli` — `scripts/sync-spec.sh` is the
documented mirror; lockstep modernization is being driven in a parallel
session.
- Cross-repo: `agentnative-site` — installs this skill via
`https://anc.dev/skill`; the `install.json` SHA-pin advisory is being
removed in that repo (separate PR there) per the update-check plan's
downstream coordination.

## Testing

- [x] Manual testing completed
- [x] All tests passing (CI: markdownlint + shellcheck on every
cherry-picked commit)

**Test Summary:**

- `markdownlint-cli2` clean across the cherry-pick chain (PostToolUse
hook ran on every edit; CI re-verified each PR).
- `shellcheck --severity=style scripts/sync-spec.sh bin/check-update`:
clean.
- `bash -n scripts/sync-spec.sh bin/check-update`: clean.
- `bin/check-update` 40-test battery (PR #8): 40 pass / 0 fail (unit +
integration + e2e + red-team).
- `scripts/sync-spec.sh` remote-success path verified live: queried
`https://github.com/brettdavies/agentnative.git`, resolved `v0.3.0`,
shallow-cloned, vendored 7 principles + VERSION + CHANGELOG.
Remote-fail-local-success path verified by setting bogus
`SPEC_REMOTE_URL` (warning + fallback to `$HOME/dev/agentnative-spec`).
Both-fail path verified with bogus URL + bogus `SPEC_ROOT` (hard error
with both printed).
- Vocabulary check: `rg` for `SHA-pin` / `commit SHA` / `source.commit`
/ `install.json` / `re-pin` / `SPEC_REF` / `pin` / `pinned` / `pinning`
across shipping content (excluding `docs/plans/`, license boilerplate,
changelogs, vendored `spec/principles/`): **zero** matches.
- PR-body template alignment: parallel audit subagents reported
`verified=true` for PRs #1#11.

## Files Modified

**Cherry-picked from dev (squash commits):**

- `8be19e6` — feat(bundle): consumer-side update-check mechanism (U1+U2)
[#8]
- `34b1da3` — refactor!: flatten bundle/* to repo root for plain
git-clone install [#9]
- `4461806` — chore(spec): re-vendor spec/ to v0.3.0 + RELEASES
spec-revendor section [#10]
- `fb50d18` — chore(sync-spec): drop SHA-pin claims, modernize to
remote-first vendoring [#11]
- `e67523e` — chore(lint): exclude CHANGELOG.md from markdownlint [#13]
(added during release prep to unblock MD013 on the rich generated
CHANGELOG)

**Direct-to-release-branch fixup commits (bootstrap window):**

- `9f6e276` — chore(rulesets): drop `.github/rulesets/README.md`
- `23e1a76` — docs(bundle): trim trailing platform comment on `cargo
install` line

**Curated release commit:**

- `d66d5bd` — chore(release): v0.2.0 (VERSION bump + regenerated
CHANGELOG.md)

**Plus PRs #1#7 cherry-picked earlier in the bootstrap window:**
rulesets (#1), AGENTS/PR-template/RELEASES scaffold (#2), bundle
restructure + cliff.toml (#3), spec vendoring + skill pivot (#4), dual
licensing (#6), `/skill` endpoint rename (#7).

## Breaking Changes

- [x] Breaking changes described below

**Install layout (PR #4 + PR #9):** the skill bundle's directory shape
went from a paraphrased pre-anc layout (v0.1.0) → `bundle/` subdirectory
(PR #3) → flat root (PR #9). The flat root is the load-bearing final
shape: `git clone --depth 1` lands `SKILL.md` at the install root where
Claude Code, Codex, Cursor, and OpenCode auto-discover it.

**No real-world migration impact:** v0.1.0 has zero installed consumers
(the install endpoint at `https://anc.dev/skill` is gated by this very
release). The breaking-change classification is for SemVer hygiene, not
user-impacting.

**Bundle surface contract (PR #4):** the skill no longer ships
shell-script compliance checks (`bundle/scripts/check-compliance.sh` +
24 `check-*.sh` files). `anc check --output json` is the canonical
replacement; downstream tools that scraped the old shell scripts must
migrate to `anc`.

## Deployment Notes

- [x] Deployment steps documented below

**Pre-merge admin-bypass (one-time):** the `protect-main` ruleset
requires `markdownlint`, `shellcheck`, and `guard-docs /
check-forbidden-docs` as required status checks. The third comes from
`guard-main-docs.yml`, which only exists on `dev` (it's part of this
very release). For the FIRST release PR, GitHub evaluates `pull_request`
workflows from `main` (the base), so the guard-docs check cannot run.
Resolution: admin-bypass this single PR via the existing `bypass_actors`
on `protect-main` (`actor_type: RepositoryRole, actor_id: 5,
bypass_mode: always`). One-off; subsequent releases run cleanly. See
bootstrap plan §15 (decision recorded `2026-04-28`).

**Post-merge sequence (per RELEASES.md):**

1. Tag the squash commit on `main`:

   ```bash
   git checkout main && git pull
   git tag -a v0.2.0 -m "v0.2.0"
   git push origin v0.2.0
   ```

2. Create the GitHub Release with the v0.2.0 CHANGELOG section as notes:

   ```bash
   gh release create v0.2.0 --title "v0.2.0" \
--notes "$(awk '/^## \[0\.2\.0\]/{flag=1; next} /^## \[/{flag=0} flag'
CHANGELOG.md)"
   ```

3. Consumers detect the new release on their next `bin/check-update`
run; no site-side coordination step (the SHA-pin model is gone, per
#11).

## Checklist

- [x] Code follows project conventions and style guidelines
- [x] Commit messages follow [Conventional
Commits](https://www.conventionalcommits.org/)
- [x] Self-review of code completed
- [x] Tests added/updated and passing (CI green on every cherry-picked
commit)
- [x] No new warnings or errors introduced
- [x] Changes are backward compatible (or breaking changes documented in
Breaking Changes section)

## Additional Context

- Full v0.2.0 entry in [`CHANGELOG.md`](./CHANGELOG.md) (this section is
a copy; CHANGELOG.md is canonical).
- The PR-body audit run produced template-aligned bodies for all 11
merged PRs; CHANGELOG.md was regenerated from the audited bodies before
this PR opened.
brettdavies added a commit that referenced this pull request Apr 29, 2026
@brettdavies
docs(plans): record v0.2.0 production smoke results
220c3a8 
After tag + GitHub Release published 22:16 UTC, ran end-to-end smoke
against the real raw.githubusercontent.com URL. All four scenarios
green:

- Fresh `git clone --depth 1` lands SKILL.md at install root (PR #9
  flat-layout claim verified in production); 18 entries at root incl.
  bin/, spec/, references/, templates/, VERSION=0.2.0; bin/check-update
  mode 100755.
- VERSION=0.1.0 + fresh cache: bin/check-update emits exact
  `UPGRADE_AVAILABLE 0.1.0 0.2.0` against live remote.
- VERSION=0.2.0 + fresh cache: silent stdout, exit 0; cache file
  $HOME/.cache/agent-native-cli/last-update-check written with
  `UP_TO_DATE 0.2.0` (17 bytes).
- Re-run within 60min TTL: silent stdout, exit 0, no second cache
  write — cache-hit fast path confirmed.

Update-check plan U1 § "Verification": appended a "Production smoke"
subsection with the four scenarios, exact commands, and outputs.
Notes the post-flatten path (`bin/check-update`, not
`bundle/bin/check-update`) for future readers.

Bootstrap plan task #15: appended a one-paragraph smoke summary after
the Step 3b completion note, pointing at the U1 transcript for full
detail. The smoke validates the load-bearing claims of PR #4
(install/upgrade contract), PR #8 (check-update mechanism), and PR #9
(flat-layout install).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brettdavies