Source of truth for Package overview.
Single source of truth (SSOT) linter for agent-enabled repos.
Agent repos accumulate skills, rules, registries, and cross-linked docs faster than anyone can keep them straight by hand. Code repos solved this decades ago with ESLint — deterministic checks, CI gates, fix what you can before merge. Skeleton does the same job for documentation architecture: what's canonical, what links where, what must not exist, and whether your skill overrides are wired correctly.
Skeleton is not a runtime agent harness. It does not execute tools, enforce permissions, or manage agent memory. It is a CLI that audits docs, skills, and registries, and fails CI when invariants break.
Code has linters. Agent repos need the same thing for docs and SSOT.
| Code repos | Agent repos |
|---|---|
| ESLint catches broken imports, unused vars, style drift | Skeleton catches broken links, missing registry rows, stale doc-meta, banned artifacts |
eslint --fix on changed files |
skeleton validate changed on changed docs and skills |
| Pre-commit + CI gate | --staged pre-commit + --base CI gate |
Skill linters (skillmark, agentlint, skillscheck) answer: "Is this SKILL.md well-formed?" Skeleton answers: "Does this repo's documentation system hold together?"
npm install -D @csark0812/skeleton
npx skeleton init --skillsInit writes .skeleton/, merges validate scripts into package.json, and wires customize hooks for Cursor, Claude Code, and Codex.
Edit .skeleton/config.yaml for your repo layout, then verify:
npx skeleton audit selfSee install for flags and options.
- Registry integrity —
.skeleton/registry.mdtopic → canonical file pointers; banner format on registered docs - Link audit — broken refs, skill links, anchors in scanned markdown
- Skill index — disk matches taxonomy READMEs in detected skill roots
- Banned paths — session artifacts and other files that must not exist
- Coverage gaps — markdown outside the scan perimeter (warn-only)
- Doc meta + stale dates — owner and
last-reviewedon index and registry-listed files - Shell / JSON syntax — lightweight checks on changed
.shand.jsonfiles
Code validation (TypeScript, Python, Nx, pytest) stays in your repo. Skeleton handles SSOT-adjacent paths only.
.skeleton/
├── config.yaml # scan perimeter (required)
├── registry.md # topic → canonical file (required)
└── customize/ # project-specific skill overrides (optional)
└── code-review.md
Every canonical doc carries a banner:
**Source of truth for** Backend API conventions.Register it:
skeleton register docs/developer/api.mdSynced toolbox skills stay pristine. Project overrides live in .skeleton/customize/<slug>.md and inject via IDE hooks on skill read — no editing synced SKILL.md files.
skeleton init [--skills] [--force-hooks]
skeleton register <path> [--topic=…]
skeleton audit docs|skills|self [--strict] [--paths=a,b]
skeleton validate changed [--staged | --base <ref>] [paths…]
skeleton references sync|check
skeleton customize resolve <slug>Validate changed routes git diffs to the right audit:
| Path | Action |
|---|---|
| Docs in scan perimeter | path-scoped audit |
Skill bodies (SKILL.md trees) |
exit 1 → run audit skills |
.sh, .bash, .zsh |
shellcheck or bash -n |
Other .json |
JSONC-tolerant syntax check |
.ts, .tsx, .js, .jsx, .mjs, .cjs, .py, package.json, project.json |
skip (exits 1 if all skip) |
Pre-commit: skeleton validate changed --staged (path-scoped, fast).
CI: skeleton validate changed --base origin/main (global rules first, then changed files).
Skeleton is the shared validation layer in a three-tier setup:
| Repo | Role |
|---|---|
| skeleton | SSOT audit CLI (this repo) |
| toolbox | Team skills + public agent preferences |
| personal-toolbox | Private skills + personal preferences |
| Consumer apps | Call skeleton for SSOT; keep code validation local |
Skeleton never calls Nx or other task runners — consumers call skeleton for doc and skill paths, then handle code paths themselves.
See tiers.
| Channel | Installs |
|---|---|
npm install -D @csark0812/skeleton |
CLI, schemas, audit engine, hook script |
npx skills add csark0812/skeleton --skill skeleton |
/skeleton agent skill (ops manual, not the installer) |
One command for humans: npx skeleton init --skills.
Requires Bun 1.2.x and Node ≥ 22. Agent cold-start: AGENTS.md.
bun install
bun run checkbun run check runs lint, test, typecheck, build, and audit:self. validate:changed is docs/config only for path-scoped work — it skips code/config extensions (see table) and skill-body edits need audit skills. All-skip / skill-only / missing paths exit non-zero. Use bun test, bun run typecheck, and bun run build for code.
Optional: brew install pre-commit (or pipx install pre-commit), then pre-commit install to wire .pre-commit-config.yaml.