github agent-sh/agnix v0.28.0
on GitHub

latest release: v0.28.1
4 hours ago

Removed

  • Five AS-* rules with no normative origin (part of #957). A full re-audit of every AS-* rule against the current agentskills.io spec and its skills-ref reference validator (and, for the platform ones, current Claude Code docs) found five rules with no basis in any spec or vendor doc - they were agnix heuristics producing false positives. Removed: AS-007 (reserved names - no reserved-name list in spec/validator/Claude docs), AS-010 ("Use when" literal trigger phrase - spec endorses the intent but never the literal phrase), AS-014 (backslash/Windows path separator - spec is silent on separators), AS-018 (first/second person in description - spec is silent, and optimizing-descriptions actually recommends second-person imperative "Use this skill when…"), and AS-019 (vague skill name - spec defines name format only). Rule count 425 → 420.

Changed

  • AS-013 corrected to a SHOULD-level warning (part of #957). The re-audit found AS-013 (file references one level deep) is in the agentskills.io spec but as a SHOULD ("Keep file references one level deep"), not a MUST. Its normative_level and severity were wrong (MUST/HIGH/error) - corrected to SHOULD/MEDIUM/warning, and the source fixed from platform.claude.com to agentskills.io/specification.

Added

  • agentskills.io spec is now tracked by the release watcher (part of #957). agentskills.io (the source of the AS-* rules) publishes no GitHub releases or tags, so a new commit_repo + commit_path source type in scripts/check-tool-releases.sh watches the latest commit SHA touching docs/specification.mdx in agentskills/agentskills. Any spec change opens a per-tool issue to diff the spec against the AS-* rules - complementing the weekly spec-drift.yml check. Baselined at the current spec commit.
  • CDX-REQ-000 / CDX-REQ-001: Codex managed requirements.toml validation (closes #965). New FileType::CodexRequirements detects Codex's admin-written managed requirements.toml (system location: /etc/codex/requirements.toml on Unix, %ProgramData%\OpenAI\Codex\requirements.toml on Windows; the project .codex/ directory is deliberately not matched, since Codex never reads requirements.toml from there). CodexRequirementsValidator adds CDX-REQ-000 (HIGH, invalid TOML syntax) and CDX-REQ-001 (MEDIUM, unknown top-level key checked against the 19 documented ConfigRequirementsToml keys). Upstream has no deny_unknown_fields, so a typo'd managed constraint is silently ignored by Codex and never enforced - CDX-REQ-001 is the only catch. MVP is parse + unknown-key; cross-field invariants are tracked as a follow-up. Covered by 9 unit tests plus detection tests.
  • Rule count: 423 -> 425 across all derived locations via scripts/sync-rule-bookkeeping.js (rules.json, crates/agnix-rules/rules.json mirror, CLAUDE.md/AGENTS.md, README/docs counts, plugin/skill metadata, generated website rule pages). Validator count 42 -> 43.

Changed

  • Tool baseline: codex bumped rust-v0.130.0 -> rust-v0.133.0 (closes #959). Diffed upstream codex-rs/core/config.schema.json between rust-v0.129.0 and rust-v0.133.0 and extended the config-key allow-lists so CDX-004 / CDX-CFG-026 do not false-positive on valid v0.133 configs. Added (additive only - removed upstream keys are kept for older-version tolerance): top-level apps_mcp_product_sku, include_collaboration_mode_instructions, model_auto_compact_token_limit_scope, and the opaque [desktop] table; [features] mentions_v2 / network_proxy / plugin_sharing; [mcp_servers.*] oauth; [permissions.network] mitm. New hook events (SubagentStart/SubagentStop, compact SessionStart) were already recognized by schemas/hooks.rs; the FileSystemAccessMode deny-canonical change (openai/codex#23493) and per-profile permission keys have no agnix enum to update. New [tui] keys (pet/pet_anchor) were intentionally not added - TUI display tweaks are on the codex irrelevant list. Regression-tested in test_codex_0_133_0_*.
  • Tool baselines: triaged the auto-opened release-watch issues as agnix-irrelevant and bumped cursor 3.4.17 -> 3.5.33 (closes #960) and opencode v1.15.0 -> v1.15.10 (closes #961). Cursor's tracked source exposes only a version marker; OpenCode's sole change was a desktop-app bugfix. No validator, rule, ToolVersions, or SpecRevisions update required. .github/tool-release-baselines.json and knowledge-base/RESEARCH-TRACKING.md updated.

Fixed

  • Claude/platform-specific AS-* rules scoped correctly, and AS-012 re-sourced (part of #957). An audit of every AS-* rule against the current agentskills.io spec found four that cited platform.claude.com rather than the generic spec: AS-007 (reserved names), AS-010 ("Use when" trigger phrase), and AS-015 (8 MB upload limit) are genuinely Claude/platform-specific (absent from the agentskills.io spec and its reference validator), so they now fire only for Claude Code (and unscoped) skills and are suppressed for known non-Claude clients. AS-012 (500-line SKILL.md body) is the opposite case - it is in the agentskills.io spec ("Keep your main SKILL.md under 500 lines"), so its evidence was corrected from platform.claude.com / claude-code-only to agentskills.io/specification and it remains a generic rule for all clients.
  • XML-001 no longer flags placeholders in skill/agent frontmatter (part of #957). The XML balance validator scanned the whole file, so <name>/<X>-style placeholders in a skill's frontmatter description (or any frontmatter value) tripped XML-001 "Unclosed XML tag". The YAML frontmatter region is now masked before the balance check - it is structured metadata, not body XML. Body XML is still validated, with line/column offsets preserved. Applies to all frontmatter file types the validator runs on (Skill, Agent, Copilot, …).
  • The entire CC-SK-* family is now scoped to Claude Code skills (part of #957). The Claude Code skill rules previously fired on every SKILL.md regardless of owning tool, so a Codex/OpenCode/Cursor skill was judged against Claude's model values, tool vocabulary, and frontmatter fields. They now run for Claude Code skills and unscoped skills (no identifiable client) but are suppressed for skills owned by another known tool, which are covered by the generic AS-* rules and the per-client skill validator.
  • Claude-specific skill/agent rules corrected and scoped (part of #957).
    • CC-SK-008 (unknown tool name): refreshed KNOWN_TOOLS to the current Claude Code built-in set (adds PowerShell - the reported false positive - plus Agent, Cron*, Team*, EnterWorktree/ExitWorktree, ScheduleWakeup, ListMcpResourcesTool/ReadMcpResourceTool/WaitForMcpServers, etc.; legacy names kept). Now scoped with the CC-SK family (Claude Code and unscoped skills; suppressed for known non-Claude clients - see above) - other clients have their own tool vocabularies.
    • CC-SK-017 (unknown frontmatter field): added the documented when_to_use and arguments fields. Now scoped with the CC-SK family (Claude Code and unscoped skills; suppressed for known non-Claude clients - see above) (other clients' fields are checked by the per-client skill validator). aliases remains correctly flagged - it is not a documented Claude skill field.
    • CC-AG-007 (agent parse error): sub-agent tools/disallowedTools now accept a comma/space-separated string (the canonical tools: Read, Glob, Grep form) as well as a YAML list, so the documented string form no longer surfaces as a parse error.
  • allowed-tools as a YAML list no longer trips AS-016 (part of #957). Claude Code accepts allowed-tools as a space-separated string or a YAML list; agentskills.io documents a space-separated string. The skill frontmatter parser previously only accepted a string, so the list form failed to deserialize and surfaced as an AS-016 skill parse error. It now deserializes both shapes (a list is joined with spaces for downstream tool parsing). The list form is accepted for every client by design. It is a Claude-specific feature, and the tools that follow agentskills.io (Codex/OpenCode/Kiro) do not constrain the field's shape. Since an unscoped skill using a list is almost certainly a Claude skill, agnix does not warn on it - a warning would re-introduce a false positive with no client to safely attach it to.
  • Skill rules now scope by owning client, fixing Claude Code false positives (part of #957). Skills are attributed to a client via their path (.claude/skills/, .agents/skills/, …) or the configured target/tools, and two divergent rules are resolved per client: AS-008 description length is the agentskills.io baseline 1024 (matched by Codex/OpenCode/Kiro) but 1536 for Claude Code skills (Claude truncates at 1536); AS-009 (angle brackets in description) now fires only for Codex skills - its quick_validate.py rejects </>, but agentskills.io and Claude Code impose no such restriction, so AS-009 no longer false-positives on Claude/generic skills. Verified against agentskills.io, Codex, OpenCode, Kiro, and Claude Code specs.
  • Codex top-level allow-list drift between the TOML and JSON/YAML backends (closes #966). The Codex config top-level allow-list was maintained twice (KNOWN_TOP_LEVEL_KEYS + KNOWN_TABLE_KEYS in schemas/codex.rs for TOML; KNOWN_CONFIG_TOP_LEVEL_KEYS in rules/codex.rs for JSON/YAML) and had diverged, so the same key was accepted by one backend and flagged by the other: debug and include_apply_patch_tool false-positived on JSON/YAML (CDX-CFG-006), while js_repl_node_path / js_repl_node_module_dirs false-positived on TOML (CDX-004). Both backends now consult a single schemas::codex::is_known_top_level_key predicate; the duplicate const was removed. Lenient union (102 keys), so strictly fewer false positives.
Check out latest releases or
releases around agent-sh/agnix v0.28.0

Don't miss a new agnix release

NewReleases is sending notifications on new releases.

Get notifications