All future implementation work belongs in:
/Users/yjw/agent/Agent Engineering Toolkit
This repository was migrated here on 2026-07-11 with its Git history, phase tags, local fixtures, and dogfood snapshots intact. Treat this path as the only active workspace; the prior Codex-generated directory is archival.
At the start of any new task, read this file, then run git status --short,
git tag --sort=-creatordate | head, and
uv run --no-editable python -m unittest discover -s tests. Do not start a
later phase until the current phase's acceptance checks pass and this file is
updated.
aet is an Evidence First, read-only engineering gate for coding-agent
context and Skills. It proves what can be inspected locally and reports
unknowns; it never invents a holistic trust score.
Primary users are individual developers and small teams using Codex, Claude Code, Cursor, Copilot, or compatible agent Skills across multiple repositories.
The final distributable form is the canonical cross-agent Skill in
skills/agent-engineering-toolkit/; the aet CLI is its deterministic local
runtime. Every shipped capability must be exposed through this tool-neutral
Skill and retain JSON/SARIF evidence contracts so any agent host can invoke it.
Out of scope: an agent runtime, a Skill marketplace, automatic prompt rewrites,
and model-dependent prompt regression. The only retained later expansion is
Repo Archaeologist, planned as aet evolve, not a dependency of the static
core.
- Local, deterministic, and read-only by default; no LLM or API key in v0.1.
- Every finding has a stable ID, status, severity, evidence location, remediation, and rule version.
- Use
PASS,FAIL,UNKNOWN, andNOT_APPLICABLE; do not produce a single opaque score. - Keep the core dependency-light. Python 3.11+ standard library is sufficient for v0.1.
- New rules require a fixture that proves both a clean and failing case.
- End every phase by: testing, committing, tagging, updating this file, and bumping/installing the local Skill version.
discovery.py locates context assets → rules.py produces evidence-backed
findings → reporters.py serializes Markdown, JSON, or SARIF → cli.py
controls output and CI exit status.
Supported v0.1 assets: AGENTS.md, CLAUDE.md, CODEX.md,
copilot-instructions.md, .cursorrules, and every SKILL.md below the
target root.
| Stage | Version | Git tag | Result | Rollback |
|---|---|---|---|---|
| Phase 0 | Skill 0.0.1 | phase-0-dogfood |
Workspace, fixtures, dogfood baseline, project memory, and conservative path semantics. | git checkout phase-0-dogfood |
| v0.1 | Skill 0.1.0 / package 0.1.0 | v0.1.0 |
Static context and Skill audit CLI with Markdown, JSON, SARIF, CI example, tests, and wheel verification. | git checkout v0.1.0 |
| v0.2 | Skill 0.2.0 / package 0.2.0 | v0.2.0 |
Intent Gate: human-reviewable contract, changed-path budget, scope checks, and proof-evidence checks. | git checkout v0.2.0 |
| Skill portability | Skill 0.2.1 / package 0.2.0 | skill-v0.2.1 |
Tool-neutral SKILL.md cleanup and cross-agent contract. |
git checkout skill-v0.2.1 |
| v0.3 | Skill/package 0.3.0 | v0.3.0 |
Host-neutral Evidence Pack compiler and opt-in, redacted command Trace. | git checkout v0.3.0 |
v0.3 complete. The deterministic static core now includes host-neutral
Evidence Packs and explicit command Trace. Repo Archaeologist remains a
separate future aet evolve capability.
- Initialized this repository and the
agent-engineering-toolkitSkill. - Added clean and broken fixtures plus an initial evidence schema and static rule prototype for dogfooding.
- Audited read-only shallow clones stored outside Git tracking:
stock-analysisate875974992e8a5258df9723ead115390efecf5a1pain-mineratddf3ce20a1bc0cfbd04b79ac76c8e713b6ff0fdacli-creator-skillat418e941607a53be95921edbbb8e2196411b7893d
- Final dogfood reports are in
docs/dogfood/; each discovered one Skill and emitted zero FAIL/UNKNOWN findings under the v0.1 prototype. - Dogfood corrected two false-positive risks before release: generated output names are not local paths, and verification detection recognises Chinese as well as English wording.
- Local Skill installed at
~/.codex/skills/agent-engineering-toolkit, version0.0.1.
- Released the read-only
aet audit [path]command with Markdown, JSON, and SARIF output plus CI exit semantics (FAILalways fails;--strictalso fails onWARN). - Implemented deterministic checks for missing local Markdown/explicit command targets, root instruction bloat, duplicate long directives, required Skill frontmatter, Skill name/directory mismatch, and verification instructions.
- Added four standard-library tests covering clean and failing fixtures, CLI exit codes, and SARIF parsing. Use the exact resume command above.
- Added a GitHub Actions SARIF example and built a source distribution and wheel. Release verification includes running the wheel from a fresh temporary virtual environment.
- Upgraded and reinstalled the local Skill at
~/.codex/skills/agent-engineering-toolkit, version0.1.0. - On this Python 3.13 + uv environment, editable installs create an
underscore-prefixed
.pthfile that CPython skips. Useuv run --no-editablefor local verification; released wheels are unaffected.
- Added
aet review --base <revision>, which reads a human-authoredaet.intent.json, compares the working tree (including untracked files) to the Git base, and emits evidence-backedAET-REV-001throughAET-REV-004findings for contract validity, changed-path budget, scope, and local proof evidence. - Intent Gate stays read-only: it never executes declared proof commands. A PASS for proof evidence means the command and local evidence were declared; human review must run the command separately before claiming it passed.
- Added passing and failing Git-backed review tests, then verified the 0.2.0 wheel in a fresh virtual environment. The local Skill is updated to 0.2.0 with the v0.2 contract reference.
- Removed the generated-template residue from the canonical Skill and made its
workflow tool-neutral: the shared boundary is
aetplus JSON/SARIF output, not any vendor-specific API. - Added
references/cross-agent-use.md. Native Skill hosts install the whole folder; agents without native Skill support can loadSKILL.mdas project instructions and invoke the same CLI. agents/openai.yamlremains optional UI metadata. It must never become a runtime dependency or reduce compatibility for another agent host.- Upgraded and reinstalled the local Skill to
0.2.1after structural validation and the current test suite passed.
- Added
aet trace --output ... -- <command> [args...]: the sole opt-in execution path. It records redacted argv, exit status, timestamps, working directory, Git HEAD/worktree digest, and SHA-256 digests of redacted stdout/stderr artifacts. A non-zero command produces a validFAILTrace; it is not successful proof. - Added
aet evidence pack, which schema-validates independently produced audit, review, and trace JSON, records source SHA-256 values, atomically writes a portable JSON pack, and marks missing optional componentsUNKNOWN. It preserves component summaries and excludes raw command logs. - Added acceptance coverage for successful and failing commands, built-in secret redaction, stable hashes, invalid schemas, missing inputs, atomic replacement, and an audit → review → trace → pack temporary Git fixture.
- Ran 11 unit tests through Trace, built 0.3.0 source/wheel distributions, and installed the wheel into a fresh virtual environment for a Trace smoke test.
- Updated the canonical and local cross-agent Skill to 0.3.0 with the portable
v0.3-contract.mdreference.
Turn the existing audit and review reports plus explicitly requested command execution into one portable, content-addressed Evidence Pack that any agent can attach to a handoff or CI run.
# Explicit execution only; `--` separates the trace options from the command.
aet trace --output .aet/evidence/trace.json -- <command> [args...]
# Compile independently generated audit, review, and trace artifacts.
aet evidence pack \
--audit .aet/evidence/audit.json \
--review .aet/evidence/review.json \
--trace .aet/evidence/trace.json \
--output .aet/evidence/evidence-pack.jsontraceis opt-in and executes only the explicit argv after--; neither audit nor review may start executing commands implicitly.- Store argv, exit code, start/finish timestamps, working directory, Git HEAD and diff digest, plus SHA-256 digests of captured stdout/stderr artifacts. Do not write raw output to the Evidence Pack by default.
- Redact configured secret patterns from command metadata and persisted log
excerpts. If redaction confidence is insufficient, mark the field
UNKNOWNrather than retaining the value. evidence packvalidates the input report schemas, records each input's SHA-256, preservesPASS/FAIL/UNKNOWNwithout collapsing them to a score, and writes atomically.- Inputs may be absent, but the pack must record the missing component as
UNKNOWNand never imply that a test or review happened. - Keep the format host-neutral JSON. It must be consumable by any agent that can read files; no MCP, model API, or vendor trace API is permitted.
- Unit tests cover a successful command, a non-zero command, secret redaction, stable hashing, invalid input schema, missing optional inputs, and atomic output replacement.
- A clean temporary Git fixture produces audit → review → trace → pack with source hashes and no fabricated status.
- A failing command has a recorded non-zero status and a valid Trace artifact; it does not become a successful proof.
- Build and install the 0.3.0 wheel in a fresh virtual environment.
- Upgrade the canonical and local cross-agent Skill to 0.3.0, update this
memory with actual results, commit, and tag
v0.3.0.
The static core will be complete. Repo Archaeologist remains aet evolve and
must not become a dependency of audit, review, trace, or Evidence Pack. No
model-generated judgement should be the sole release gate.
The complete post-v0.3 product plan is recorded in
docs/productization-plan.md. It was produced from the original “设计 Agent
工具包方案” conversation, the active repository at v0.3.0, and a source
review of yaojingang/yao-meta-skill at commit
4eb11f923dc71173736ebf541a7eebfff942d10e.
aet is an Evidence Plane, not a general-purpose Skill OS. Its stable product
surfaces are Context/Skill Hygiene (audit), Intent Change Control (review),
Execution Evidence (trace/evidence pack), and Repository Evolution
(aet evolve). Repo Archaeologist is therefore a first-class usage scenario
of the canonical cross-agent Skill, but remains independent of the offline
deterministic core.
- Reuse an Evidence IR with source hashes and verification levels; preserve
PASS/FAIL/UNKNOWNrather than creating a health score. - Scores may only prioritize reviewer work; they cannot release a change or convert an unknown into a pass.
evolvemust distinguish direct, corroborated, candidate, and unknown links across Git, docs, releases, PRs, and Issues. Model narration is an optional, provenance-bound inference and cannot become source evidence.- Implement
v0.3.1first: fix the stale README v0.3 claim, add auditable discovery excludes/config, and make self-audit usable despite intentional failing fixtures. Then execute v0.4 Evidence IR/proof binding, v0.5 Skill UX/governance, v0.6 offline evolve, and v0.7 GitHub evolve.
aet audit . --strictproduces expected FAIL/UNKNOWN results fromtests/fixtures/broken_project, proving the current discovery layer lacks a configurable test-fixture boundary.README.mdstill contains an obsolete statement that v0.3 Trace and Evidence Pack are planned/not implemented, althoughv0.3.0implements them. This is a documentation defect.- This entry is a design/memory update only; no v0.3 behavior was changed and no new release tag has been created. Resume implementation from the v0.3.1 acceptance criteria in the productization plan.
- v0.1 parses local Markdown and paths; it cannot prove that a remote MCP server is reachable or that a command semantically succeeds.
- Detection is intentionally conservative. A missing local target is a FAIL; a remote, dynamic, or bare filename is left unverified rather than guessed.
- Repo Archaeologist needs GitHub history, Issues, PRs, and releases, so it is deferred behind the stable evidence schema.
- Implemented the Evidence Plane: configurable
audit, intentreview, proof-boundtrace/ Evidence Pack / static viewer, transparent non-gatingtriage, andaet evolveas the Repo Archaeologist surface (plan, local Git/docs, export or explicit GitHub API, graph, report, query). - Added Evidence IR metadata and L0–L5 boundaries while preserving
PASS/FAIL/UNKNOWNas authoritative. Weighted triage factors are visible and cannot alter a gate. - Fixed self-audit with reasoned
aet.tomlexclusion for intentionally broken fixtures. Added stale absolute-path detection after auditing Codex globalAGENTS.md, whose Skill index can drift from installed paths. - Scoped Codex
AGENTS.mddogfood found 52 stale absolute Skill paths and one root-context-bloat warning; the audit did not mutate global instructions. - Added v1 README, contracts, schema, canonical Skill flow, changelog, CI and tag-driven GitHub release workflow.
- Before tagging, require strict self-audit, full unit suite, wheel plus isolated CLI smoke, a proof-bound Evidence Pack, GitHub audit/evolution evidence, and a clean intentional commit.
- Reworked the English README from a command-first reference into a product entrypoint: user problem, four capability surfaces, evidence architecture, verified quality boundary, install paths, workflow guides, Repo Archaeologist, audience fit, and repository map.
- Added
docs/README.zh-CN.mdas the complete Simplified Chinese companion, with an explicit language switch at the top of both README files. - Added
CONTRIBUTING.md, a copyable generic intent example, and GitHub Issue forms so external users can report sanitized evidence-boundary defects or propose concrete workflows without exposing private repository content. - GitHub discovery metadata should describe AET as evidence-first engineering guardrails for coding agents and use focused topics rather than broad AI hype. Keep public claims tied to reproducible release checks; do not claim PyPI publication unless it actually occurs.
- Added
aet context discover,record, andverify. The Context Manifest records local instruction/Skill discovery and hashes; a declared read is explicitly anagent_attestation, never evidence that a model understood or used the file. - Added the local JSON Decision Ledger with
init,add,list,verify, andsupersede. It stores source hashes, evidence state, lifecycle state, and replacement history; it is project decision provenance, not generic Agent memory or RAG. - Regression coverage now includes both a clean and a changed-source/context path, as well as direct supersession. The v1.3 release gate requires 27 unit tests, strict self-audit, reviewed intent, a proof-bound Trace/Evidence Pack, and an isolated wheel smoke test.
- Invest-Vault dogfood confirmed that v1.3 Trace successfully ran its complete pytest process; the gap was report portability, not subprocess execution. Trace held stdout/stderr but not a test framework's generated report.
- Added explicit
trace --artifact <relative-path>capture. It is not a report-file guesser: only a declared regular UTF-8 file under the workspace is captured, redacted, hashed, and embedded into Trace plus Evidence Pack. - A missing, outside-root, non-regular, undecodable, or unredactable declared
artifact is
UNKNOWN. AET returns non-zero after an otherwise successful child command, while preserving the child'sexecution: PASSfact. - A real pytest dogfood trace initially exposed unrelated collection of nested
work/dogfoodrepositories.pyproject.tomlnow limits optional pytest discovery to AET's owntests/directory. - This adopts the useful Harness Engineering idea of durable, inspectable filesystem artifacts and failure traces. It explicitly rejects the article's broader runtime, autonomous optimization, and generic-memory directions.
- The v1.4 release gate requires 30 unit tests, a real pytest JUnit artifact dogfood trace/pack, strict self-audit, reviewed intent, a proof-bound release Evidence Pack, and an isolated wheel smoke test.