Validation Rules

16. Validation Rules¶

Rule	Constraint
Package `name`	`[a-z0-9-]` max 64 chars, or scoped `@scope/name` max 130 chars
Package `version`	Valid SemVer 2.0
Skill `description`	Max 1024 chars, MUST describe WHAT + WHEN
SKILL.md body	RECOMMENDED < 5,000 tokens / 500 lines
Frontmatter	Valid YAML, no tabs
Scripts	MUST be self-contained or document dependencies
Hook commands	MUST handle JSON on stdin
File references	Forward slashes only, relative paths
Dependency versions	Valid SemVer range syntax (`^`, `~`, `>=`, exact)
Dependency graph	MUST be acyclic — circular dependencies are an error
Peer dependencies	MUST be satisfied by root or ancestor package
System dependencies	Pre-flight check MUST pass (or explicit `--skip-checks`)
Lock file integrity	Hash MUST match on `--frozen` install
Namespace uniqueness	No two skills with same `name` within a single package
Resolution overrides	`resolutions` entries MUST reference packages in the tree
Resolver version	`resolverVersion` MUST be a positive integer. Unknown versions are a fatal error.
YAML round-trip	`package.agent.yaml` MUST use YAML 1.2 with JSON-compatible types only (no anchors, aliases, tags, or merge keys)
Workspace config	`workspace.agent.json` `packages` globs MUST resolve to directories containing `package.agent.json`
Forward-compatibility	Tools MUST NOT reject manifests containing unrecognized fields (see §1 Forward-Compatibility Parsing Rules)
Permission grants	`permissionGrants` keys MUST reference packages listed in `dependencies`
Provenance level	`require_provenance` in config MUST be one of: `L0`, `L1`, `L2`, `L3`
Deprecated field	When `deprecated` is present, `deprecated.message` is REQUIRED
Conformance claim	Platforms claiming a conformance level MUST implement ALL requirements of that level

Permissions Security Audit¶

The following conditions do not fail validation but MUST produce a WARN-level diagnostic during both aam validate and aam install. They indicate a package that may be unintentionally over-privileged.

Condition	Warning message
`permissions` field absent	`⚠ No permissions declared — platform-default restrictions apply. Consider adding a permissions field for explicit least-privilege.`
`shell.allow: true` and `binaries` is empty or absent	`⚠ Shell access is unrestricted. Add a binaries allow-list to limit which executables may be invoked.`
`fs.write` contains `**` or `.`	`⚠ Filesystem write scope is very broad. Narrow the write globs to only the output paths the package requires.`
`network.hosts` contains `*` (bare wildcard)	`⚠ Network host wildcard allows any host. Specify explicit hosts or scoped wildcards (e.g. *.example.com).`
`network.schemes` contains `http`	`⚠ Plain HTTP is declared as an allowed network scheme. Prefer https unless the target endpoint requires it.`

These warnings MUST be displayed to the user and MUST be included in the output of aam validate --json under a warnings array. They MUST NOT block installation or publication.

Vendor Extension Validation¶

The following rules apply to all x-* keys in package.agent.json:

Rule	Constraint
Key naming	MUST match `x-[a-z0-9-]+`, vendor-id max 32 chars
Value type	MUST be a JSON object — scalars and arrays are errors
Unknown keys	Tools MUST silently ignore unrecognised `x-*` keys
Count	`aam validate` MUST warn if more than 5 `x-*` keys are declared
Unregistered vendor-id	Registry SHOULD produce a `WARN`; tools MUST NOT error

The following conditions do not block validation but MUST produce a WARN-level diagnostic:

Condition	Warning message
More than 5 `x-*` keys	`⚠ More than 5 vendor extension keys declared. Consider consolidating metadata — extension sprawl can reduce manifest readability.`
`x-*` key vendor-id not in registered platform list	`⚠ Vendor-id "<vendor-id>" is not a registered platform. This key will not be indexed by the registry.`
`x-*` value is not an object	`✕ Vendor extension "x-<vendor-id>" value MUST be a JSON object. Scalar and array values are invalid.` (this condition is an error, not a warning)