feat: add setup recipes for ADCS, Intune, DigiCert, F5#6
Open
souf92i wants to merge 9 commits into
Open
Conversation
* docs: add local install for Codex — Node Requirements * feat: add docs search tools and small-model guidance * fix: format generated docs artifacts * fix: standardize search pagination responses
Add skills/_shared/{preflight-template, quality-checklist,
tool-gap-signaling, host-primitives, mcp-probe-patterns,
prerequisites-schema}.md as the host-neutral foundation
reused by every setup skill.
Add skills/manifest.json (plugin manifest with one entry per skill) and skills/README.md (index, invocation guidance for Claude Code and Codex, relationship to .claude/skills/, and authoring instructions).
Add scripts/verify-skills.ts (frontmatter, agents/openai.yaml, recipe headings, prerequisites schema, manifest consistency, em-dash and Outline URL bans, tool allowlist enforcement), tests/unit/skills.test.ts, and .markdownlint-cli2.jsonc. Update package.json: include skills/ in publish files, add verify:skills and lint:skills scripts, add yaml and markdownlint-cli2 devDependencies, wire both into validate:ci.
Add the five-file Microsoft ADCS setup recipe under skills/setup-adcs/ covering both evtadcs (recommended) and msadcs variants. Also extend the verify-skills denylist with common Horizon field names.
Add the five-file DigiCert CertCentral setup recipe under skills/setup-digicert/ covering both US and EU regions, including optional connector tuning fields.
Add the five-file Microsoft Intune setup recipe under skills/setup-intune/ covering both intune (SCEP) and intunepkcs variants, including the azureTenant rename, the clientauth template backdate requirement, and the Windows-specific SCEP URL caveat.
Add the five-file F5 BIG-IP setup recipe under skills/setup-f5/ covering iControl REST role provisioning (with the four required calls verbatim), f5client and f5as3 trigger variants, WebRA scheduled task automation, and BIG-IP discovery via horizon-cli. Tighten verify-skills Outline URL detection to anchor on the http(s) scheme so the rule does not flag self-referential mentions of the Outline domain in shared documentation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
skills/(ADCS, Intune, DigiCert, F5) using the Codex five-file layout (SKILL.md,agents/openai.yaml,references/{recipe.md,prerequisites.yaml,troubleshooting.md}).skills/_shared/) for preflight, quality checklist, host primitives, MCP probe patterns, prerequisites schema, and the master Missing-MCP-Tools list.skills/manifest.jsonso the future Claude / Codex plugin packagers can enumerate skills without scanning.scripts/verify-skills.tsandtests/unit/skills.test.tsto lock the layout, frontmatter, prerequisite schema, manifest consistency, em-dash ban, Outline-URL ban, and tool allowlist (built fromregisterTool(server, '<NAME>',call sites undersrc/tools/**).bun run verify:skillsandbun run lint:skills(markdownlint-cli2) intovalidate:ci. Updatespackage.jsonfilesto includeskills/.Skill behavior
Every skill:
whoami,get_license_info, knowledge-resource readability) and fails closed.AskUserQuestionfrom the YAML manifest. No walkthrough is produced until every required value is captured. Sensitive values are never echoed back.list_credentials,list_profiles,get_profile,list_triggerswith the correct(max_items, name_contains, trigger_type)signature,search_certificates,search_events,search_discovery_events).Proceed? (yes/no)confirmation (simulate_triggeris read-only and exempt).get_request_templatebeforesubmit_request.Skills never link to private Outline URLs.
Test plan
bun run verify:skillsclean.bun run lint:skillsclean (19 markdown files).bun run lintandbun run typecheckclean.bun run test647/647 passing (34 new tests intests/unit/skills.test.ts).skills/_shared/quality-checklist.mdand tick every box..env.local): execute each skill end-to-end against the QA Horizon instance per the verification plan in~/.claude/plans/i-want-to-setup-encapsulated-brooks.md(steps 9 through 11). Includes an idempotency replay.package.jsonfilesarray now includesskills/sonpm publishships them.Out of scope
skills/_shared/tool-gap-signaling.md(credentials CRUD, PKI / third-party connector CRUD, profile CRUD, certification authority CRUD, scheduled task CRUD, F5 datasource type, etc.). They are signaled, not built.