milanhorvatovic/yaml-config
.agents/skills/yaml-config/SKILL.md
Governs the configuration.yaml file that serves as the single source of truth for all validation rules in the Skill System Foundry. Triggers when adding, modifying, or reviewing validation rules, limits, patterns, or reserved words. Also triggers when working with constants.py, yaml_parser.py, or any code that reads from configuration.yaml. Use this skill when asked to add a new validation check, change a limit or threshold, update reserved word lists, add SPDX license identifiers, modify regex patterns, or troubleshoot why a validation rule is not working as expected. Activates on mentions of configuration, validation rules, constants, thresholds, or pattern definitions.
$ install --global
skillsauthnpx skillsauth add milanhorvatovic/skill-system-foundry yaml-configInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 3:36 AM31.6s1 file scanned
SKILL.md
- name:
- yaml-config
- description:
- >
YAML Configuration Skill
Governs the configuration.yaml file — the single source of truth for all validation rules, limits, patterns, and policy constants in the Skill System Foundry.
Every validation check in the codebase reads its parameters from this file. Rules are never hardcoded in Python. constants.py loads the YAML at startup and exposes values as module-level constants that the rest of the codebase imports.
Architecture
configuration.yaml ← rules defined here (single source of truth)
↓
constants.py ← loads YAML, exposes as Python constants
↓
validation.py, references.py, bundling.py, ... ← import from constants
↓
validate_skill.py, audit_skill_system.py, ... ← entry points use lib
Changing a rule means editing one line in configuration.yaml. The change cascades automatically through constants.py into every script that references it.
File Structure
The YAML is organized into top-level sections separated by comment headers:
# ============================================================
# Section Name
# ============================================================
section_key:
sub_key:
field: value
Current sections and their purposes:
| Section | Purpose |
|---|---|
| skill | All skill validation: name, description, body, compatibility, frontmatter keys, allowed-tools, metadata, license, directories |
| codex_config | Codex agents/openai.yaml schema validation |
| dependency_direction | Patterns detecting upward dependency violations |
| role_composition | Role minimum skill count and reference patterns |
| bundle | Bundle packaging: depth limits, description limits, targets, exclude patterns |
Adding a New Validation Rule
Step 1: Add to configuration.yaml
Place the rule in the correct section. Follow existing conventions:
- Numeric limits — use descriptive key names with clear units:
max_length: 64,min_skills: 2 - Regex patterns — use the key suffix
_pattern:format_pattern: ^[a-z0-9]...$ - Lists — use plural key names:
reserved_words,known_tools,exclude_patterns - Nested groups — group related rules under a common parent key
Add an inline comment explaining non-obvious values:
# Upper bound on tool count — skills requesting too many tools
# likely need to be split. Increase if justified.
max_tools: 20
Step 2: Expose in constants.py
Import and assign in the appropriate section of constants.py:
# --- New Section (if needed) ---
_new = _config["new_section"]
NEW_CONSTANT = int(_new["some_value"])
Follow existing patterns:
- Prefix private variables with underscore:
_skill,_dep,_bundle - Convert numeric values explicitly:
int(...)for integers - Compile regex patterns:
re.compile(...)for patterns - Use
frozenset(...)for immutable sets - Clean up private names with
delat the end of the module
Step 3: Use in validation code
Import from lib.constants:
from lib.constants import NEW_CONSTANT, LEVEL_FAIL
Never import from configuration.yaml directly — always go through constants.py.
Step 4: Add tests
Write tests in the corresponding tests/test_*.py file that verify the rule works at boundaries: at the limit, one over, and well over.
YAML Parser Constraints
The repository uses a custom stdlib-only YAML parser (yaml_parser.py), not PyYAML. It supports a subset of YAML:
Supported:
- Key-value pairs with string values
- Nested mappings (indentation-based)
- Scalar lists (
- item) - Lists of mappings (
- key: value) - Folded (
>,>-) and literal (|,|-) block scalars - Inline comments (
# commentafter a space) - Quoted strings (single and double)
Not supported:
- Flow syntax (
{key: value},[item1, item2]) - Anchors and aliases (
&anchor,*alias) - Multi-document (
---separators) - Type coercion (all scalars returned as strings)
- Complex keys
Important: All scalar values are returned as strings. Numeric values must be explicitly converted in constants.py with int() or float(). Boolean values are strings "true" / "false".
Regex patterns with (?i) flags and backslash sequences (\b, \d) are preserved as-is — the parser performs no escape processing.
Conventions
Comments
Use section headers with = separators to group related rules:
# ============================================================
# Section Name
# ============================================================
Use inline comments sparingly — only to explain why a value was chosen, not what it is:
# Good — explains the "why"
max_reference_depth: 25 # Prevents runaway traversal
# Bad — restates the key name
max_reference_depth: 25 # Maximum reference depth
Naming
- Keys use
snake_case(notkebab-caseorcamelCase) - Pattern keys end with
_pattern - Maximum/minimum keys start with
max_ormin_ - List keys use plural nouns
- Boolean-like keys use positive framing:
allow_implicit_invocationnotdisable_explicit_only
Values
- Strings — bare when simple, quoted when containing special YAML characters (
:,#,{,}) - Patterns with special chars — quote if the pattern contains characters that could confuse the parser (e.g.,
"*.pyc") - Integers — bare numbers, no quotes
- Lists — one item per line with
-prefix, indented under the parent key
Error Level Tagging
When adding validation rules, use the three-tier error level system:
[spec]— Agent Skills specification requirement (typicallyLEVEL_FAIL)[platform: X]— platform-specific restriction (typicallyLEVEL_WARN)[foundry]— foundry convention/recommendation (typicallyLEVEL_INFOorLEVEL_WARN)
Common Mistakes
- Hardcoding a validation limit in Python instead of adding it to
configuration.yaml - Forgetting to convert string values to
int()inconstants.py— the parser returns all scalars as strings - Using flow syntax (
[a, b, c]) that the custom parser does not support - Adding a new section without cleaning up private variables with
delat the end ofconstants.py - Regex patterns using features beyond Python's
remodule - Forgetting the inline comment explaining a non-obvious threshold
- Adding a key to
configuration.yamlbut not exposing it inconstants.py
Related Skills
milanhorvatovic/hello-router
tools
VerifiedTrustedCommunity
Greets a recipient through one of two registered tones — formal or casual — by dispatching to a dedicated capability. Activates when the conversation asks for a tone-specific welcome or a switch between formal and casual greetings; use when comparing the two styles. Demonstrates the router pattern in the Skill System Foundry — a thin SKILL.md entry point routing to capability files, with allowed-tools declared in frontmatter so capability shell fences pass validation.
1SKILL.mdUpdated Apr 29, 2026
milanhorvatovic/hello-greeter
testing
VerifiedTrustedCommunity
Greets a single recipient with a friendly welcome message rendered in a formal or casual tone. Activates when the conversation asks to say hello or welcome someone; use when a minimal standalone skill is needed. Demonstrates the smallest valid standalone skill in the Skill System Foundry — required name and description frontmatter plus an optional metadata block — and how its layout passes validation.
1SKILL.mdUpdated Apr 29, 2026
milanhorvatovic/skill-system-foundry
testing
VerifiedTrustedCommunity
Designs and evolves AI-agnostic skill systems. Triggers on skill/capability creation, role definition, or router migration; use when auditing consistency or improving token efficiency.
1SKILL.mdUpdated Apr 17, 2026
milanhorvatovic/validate-skill-spec
testing
VerifiedTrustedCommunity
Validates a skill directory against the Agent Skills specification (agentskills.io/specification). Checks file reference consistency, frontmatter compliance, progressive disclosure, and structural correctness. Triggers when asked to validate a skill against the spec, check skill references, verify spec compliance, audit a skill's structure, or confirm a skill is ready for distribution. Also triggers on phrases like "is this skill valid," "check spec compliance," "validate file references," "verify the skill structure," or "does this skill follow the spec." Use this skill to catch structural issues, broken references, and spec violations in any skill directory.
1SKILL.mdUpdated Apr 17, 2026