Skip to content

feat: add setup recipes for ADCS, Intune, DigiCert, F5#6

Open
souf92i wants to merge 9 commits into
masterfrom
feat/setup-skills
Open

feat: add setup recipes for ADCS, Intune, DigiCert, F5#6
souf92i wants to merge 9 commits into
masterfrom
feat/setup-skills

Conversation

@souf92i

@souf92i souf92i commented Apr 30, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds four production-grade setup skills under skills/ (ADCS, Intune, DigiCert, F5) using the Codex five-file layout (SKILL.md, agents/openai.yaml, references/{recipe.md,prerequisites.yaml,troubleshooting.md}).
  • Adds shared scaffolding (skills/_shared/) for preflight, quality checklist, host primitives, MCP probe patterns, prerequisites schema, and the master Missing-MCP-Tools list.
  • Adds skills/manifest.json so the future Claude / Codex plugin packagers can enumerate skills without scanning.
  • Adds scripts/verify-skills.ts and tests/unit/skills.test.ts to lock the layout, frontmatter, prerequisite schema, manifest consistency, em-dash ban, Outline-URL ban, and tool allowlist (built from registerTool(server, '<NAME>', call sites under src/tools/**).
  • Wires bun run verify:skills and bun run lint:skills (markdownlint-cli2) into validate:ci. Updates package.json files to include skills/.

Skill behavior

Every skill:

  1. Runs a hard preflight (whoami, get_license_info, knowledge-resource readability) and fails closed.
  2. Probes the session for complementary MCPs via skill-specific regex.
  3. Hard-gates Phase 2 prerequisite collection via AskUserQuestion from the YAML manifest. No walkthrough is produced until every required value is captured. Sensitive values are never echoed back.
  4. Walks the user through both external-system (Microsoft / DigiCert / F5) and Horizon-side configuration. Every Horizon write step is paired with a read-tool verification (list_credentials, list_profiles, get_profile, list_triggers with the correct (max_items, name_contains, trigger_type) signature, search_certificates, search_events, search_discovery_events).
  5. Gates every mutating tool call behind an explicit Proceed? (yes/no) confirmation (simulate_trigger is read-only and exempt).
  6. Always calls get_request_template before submit_request.
  7. Ends with a per-skill subset of the master Missing MCP Tools list.

Skills never link to private Outline URLs.

Test plan

  • bun run verify:skills clean.
  • bun run lint:skills clean (19 markdown files).
  • bun run lint and bun run typecheck clean.
  • bun run test 647/647 passing (34 new tests in tests/unit/skills.test.ts).
  • Reviewer: walk each skill through skills/_shared/quality-checklist.md and tick every box.
  • Reviewer (optional, with .env.local): execute each skill end-to-end against the QA Horizon instance per the verification plan in ~/.claude/plans/i-want-to-setup-encapsulated-brooks.md (steps 9 through 11). Includes an idempotency replay.
  • Reviewer: confirm package.json files array now includes skills/ so npm publish ships them.

Out of scope

  • Implementing the missing MCP tools enumerated in skills/_shared/tool-gap-signaling.md (credentials CRUD, PKI / third-party connector CRUD, profile CRUD, certification authority CRUD, scheduled task CRUD, F5 datasource type, etc.). They are signaled, not built.
  • Building the actual Claude / Codex plugin packages.

souf92i added 9 commits April 28, 2026 17:47
* docs: add local install for Codex — Node Requirements

* feat: add docs search tools and small-model guidance

* fix: format generated docs artifacts

* fix: standardize search pagination responses
Add skills/_shared/{preflight-template, quality-checklist,
tool-gap-signaling, host-primitives, mcp-probe-patterns,
prerequisites-schema}.md as the host-neutral foundation
reused by every setup skill.
Add skills/manifest.json (plugin manifest with one entry per skill) and
skills/README.md (index, invocation guidance for Claude Code and Codex,
relationship to .claude/skills/, and authoring instructions).
Add scripts/verify-skills.ts (frontmatter, agents/openai.yaml,
recipe headings, prerequisites schema, manifest consistency,
em-dash and Outline URL bans, tool allowlist enforcement),
tests/unit/skills.test.ts, and .markdownlint-cli2.jsonc.

Update package.json: include skills/ in publish files, add
verify:skills and lint:skills scripts, add yaml and
markdownlint-cli2 devDependencies, wire both into validate:ci.
Add the five-file Microsoft ADCS setup recipe under skills/setup-adcs/
covering both evtadcs (recommended) and msadcs variants. Also extend
the verify-skills denylist with common Horizon field names.
Add the five-file DigiCert CertCentral setup recipe under
skills/setup-digicert/ covering both US and EU regions, including
optional connector tuning fields.
Add the five-file Microsoft Intune setup recipe under skills/setup-intune/
covering both intune (SCEP) and intunepkcs variants, including the
azureTenant rename, the clientauth template backdate requirement, and
the Windows-specific SCEP URL caveat.
Add the five-file F5 BIG-IP setup recipe under skills/setup-f5/
covering iControl REST role provisioning (with the four required
calls verbatim), f5client and f5as3 trigger variants, WebRA
scheduled task automation, and BIG-IP discovery via horizon-cli.
Tighten verify-skills Outline URL detection to anchor on the
http(s) scheme so the rule does not flag self-referential mentions
of the Outline domain in shared documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant