Skip to main content

Implementation Plan: Integrated Skills β€” Single Source, Chat Commands, Skill Hubs

Branch: 097-skills-middleware-integration | Date: 2026-03-27 | Spec: spec.md

Input: Feature specification from docs/docs/specs/097-skills-middleware-integration/spec.md

Summary​

Unify the skill catalog for the Next.js UI, Try skills gateway (JWT + catalog API keys), and the CAIPE platform engineer supervisor: aggregate default filesystem/Mongo skills, agent_skills projection (source: agent_skills), and GitHub hubs into skills_middleware, feed upstream deepagents.middleware.skills.SkillsMiddleware via StateBackend, remove β€œrun skills” / β€œRun in Chat” from chat, implement /skills client-side against the same catalog API, support hub crawl/preview, visibility (global / team / personal), search/pagination, Skill Scanner from Cisco AI Defense with documented third-party attribution in docs, NOTICE, and admin UI (FR-023, SC-009), configurable gates, bounded prompt summaries (FR-024), supervisor refresh + observability (FR-012, FR-016), gateway–supervisor sync (FR-026), with catalog source: agent_skills and agent_skills loader naming aligned across UI and middleware (FR-025, completed).

Technical Context​

Language/Version: Python 3.11+ (supervisor, skills_middleware); TypeScript / Node 20+ (Next.js UI)

Primary Dependencies: LangGraph, LangChain, deepagents (β‰₯0.3.8, SkillsMiddleware), FastAPI, A2A protocol; Next.js 16, React 19, Tailwind; optional cisco-ai-skill-scanner CLI/package for hub/CI scans per skill-scanner

Storage: MongoDB (agent_skills, optional skills, skill_hubs, catalog_api_keys, skill_scan_findings); filesystem SKILLS_DIR for packaged defaults; in-process catalog cache with explicit generation counters

Testing: pytest / make test, make lint (Ruff); UI npm run lint, npm test / make caipe-ui-tests; integration smoke per Constitution VII (docker compose -f docker-compose.dev.yaml minimal profiles)

Target Platform: Linux containers (supervisor + UI); local dev via docker-compose

Project Type: Multi-part β€” Python backend (ai_platform_engineering/) + Next.js app (ui/)

Performance Goals: Catalog list GET p95 ~500 ms under typical catalog sizes; hub fetch bounded; scanner runs off hot path where possible

Constraints: No secrets in source; API keys hashed; JWT JWKS validation aligned with RAG; progressive disclosure for skills in prompt; no restart for catalog refresh (FR-012); per-invoke entitled files (FR-020); scanner attribution visible wherever product names the tool (FR-023)

Scale/Scope: Thousands of skills stored OK; prompt summaries capped (FR-024); paginated catalog API (FR-019)

Constitution Check​

GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.

PrincipleStatusNotes
I. Specs as source of truthPassspec.md authoritative
II. Agent-firstPassSupervisor + skills_middleware
III. MCP patternN/ANot a new MCP server
IV. LangGraphPassDeep agent rebuild semantics in spec
V. A2APassInvoke-time files / entitlement
VI. Skills / agentskills.ioPassDual format; Cisco AI Defense Skill Scanner per FR-023 with attribution
VII. Test-firstPassGates: make lint, make test, make caipe-ui-tests
VIII. DocumentationPassSpecs + contracts + NOTICE attribution
IX. SecurityPassAuthN, visibility, scanner disclaimer (no findings β‰  safe)
X. SimplicityPassFR-025 consolidation / source: agent_skills alignment (delivered)

Post-design: research.md Β§18, contracts/skill-scanner-pipeline.md, and data-model.md reflect attribution β€” Pass.

Project Structure​

Documentation (this feature)​

docs/docs/specs/097-skills-middleware-integration/
β”œβ”€β”€ plan.md
β”œβ”€β”€ research.md
β”œβ”€β”€ data-model.md
β”œβ”€β”€ quickstart.md
β”œβ”€β”€ contracts/
β”‚   β”œβ”€β”€ catalog-api.md
β”‚   β”œβ”€β”€ gateway-api.md
β”‚   β”œβ”€β”€ skill-hubs-api.md
β”‚   β”œβ”€β”€ chat-command-skills.md
β”‚   β”œβ”€β”€ supervisor-skills-status.md
β”‚   └── skill-scanner-pipeline.md
β”œβ”€β”€ tasks.md
└── spec.md

Source Code (repository root)​

ai_platform_engineering/
β”œβ”€β”€ skills_middleware/
β”œβ”€β”€ multi_agents/platform_engineer/
β”‚   β”œβ”€β”€ deep_agent.py
β”‚   └── protocol_bindings/a2a/agent.py, fastapi/main.py
ui/
β”œβ”€β”€ src/app/api/skills/, skill-hubs/
β”œβ”€β”€ src/components/skills/, chat/
└── src/lib/

scripts/
└── scan-packaged-skills.sh

Structure Decision: Python catalog and supervisor under ai_platform_engineering/; UI under ui/; feature design artifacts under docs/docs/specs/097-skills-middleware-integration/.

Complexity Tracking​

No constitution violations requiring justification.

ViolationWhy NeededSimpler Alternative Rejected Because
β€”β€”β€”

Phase 0 & 1 Outputs (this run)​

ArtifactPath
Researchresearch.md
Data modeldata-model.md
Contractscontracts/
Quickstartquickstart.md

Next steps​

  • /speckit.tasks β€” ensure tasks cover FR-023 attribution (NOTICE, admin UI copy) and FR-025/FR-026 if not already listed.
  • Implement; verify with quickstart.md scenarios.