菜单
Make an out-of-session agent AgentOps-native with skills, the ao CLI, local cockpit proof, and CI backstop telemetry instead of runtime hooks. Triggers: "agent-native", "agent native", "make an out-of-session agent agentops-native".
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Dispatch fresh-context refuters (model-agnostic; multi-model opt-in) to attack a completion claim at the shared-trunk pawl before landing. Triggers: pre-land validation, refute.
Dispatch fresh-context refuters (model-agnostic; multi-model opt-in) to attack a completion claim at the shared-trunk pawl before landing. Triggers: pre-land validation, refute.
Run pre mortem.
Stress-test plans before work. Use when: a plan is drafted but not yet executed and you want to surface failure modes, risks, and what would prove it wrong before committing.
Repair skill hygiene. Triggers: "heal-skill", "heal skill", "repair skill hygiene.".
Repair skill hygiene. Triggers: "heal-skill", "heal skill", "repair skill hygiene.".
| name | agent-native |
| description | Make an out-of-session agent AgentOps-native with skills, the ao CLI, local cockpit proof, and CI backstop telemetry instead of runtime hooks. Triggers: "agent-native", "agent native", "make an out-of-session agent agentops-native". |
| skill_api_version | 1 |
| practices | ["continuous-delivery","ddd"] |
| hexagonal_role | supporting |
| consumes | ["standards","converter","validate"] |
| produces | ["docs/contracts/agent-runtime-profile.md"] |
| context | {"window":"fork","intent":{"mode":"task"},"sections":{"exclude":["HISTORY"]},"intel_scope":"topic"} |
| metadata | {"tier":"meta","dependencies":["standards","converter"],"stability":"experimental"} |
| output_contract | An AgentOps-native Agent definition (skills + ao tool surface) graded by the same local cockpit/pawl proof path as interactive work |
Run a Claude loop outside an interactive Claude Code / Codex session — an Anthropic Managed Agent, an Agent SDK loop, or a self-hosted sandbox job — and keep it under the same AgentOps guardrails. The old reflex ("port the ~50 marketplace hooks into the new runtime") is wrong for AgentOps 3.0. This skill is the hookless reframe.
AgentOps 3.0 is runtime-hookless. Guardrails come from three things, never runtime hooks:
skills/<name>/SKILL.md progressive-disclosure contracts (standards, behavioral-discipline, council, validation, trace, provenance).ao CLI — the deterministic tool surface (ao session bootstrap, ao inject, ao corpus inject --query, ao validate, ao goals measure) plus the standards skill loaded into the agent's instructions.ao gate check / installed Git pre-push / pawl proof; .github/workflows/validate.yml remains PR/tag/manual backstop telemetry, NOT a PreToolUse hook.So an out-of-session agent becomes AgentOps-native by: (a) loading AgentOps skills into the Agent definition, (b) exposing the ao CLI as a callable tool (MCP or shell-tool) so the agent can ao session bootstrap / ao inject / ao validate itself, and (c) running the same deterministic local validation/proof path on its outputs before the work is accepted. The Agent SDK's own hooks become an optional thin adapter for teams wanting in-loop interception — never the primary mechanism.
Mechanism status (planned, not yet shipped). This skill is the doctrine layer and lands first; the two concrete commands it names —
ao agent bundle(ag-jspr) andao mcp serve(ag-higd) — are open, ready beads under epic ag-7s9fo, not yet in the live CLI. Theao session bootstrap/ao inject/ao corpus inject/ao validate/ao goals measurecommands the bundled agent calls are real today. When ag-jspr and ag-higd land, remove this skill's entry fromscripts/skill-body-refs-allowlist.txt.
This is an extension of two existing skills, not a rewrite:
skills/ ↔ skills-codex/ parity machinery — reused as-is to keep the bundle dual-runtime.Concrete runtime recipes — the three-phase workflow below, one per runtime:
ao shell calls (no Managed Agents API).ao + CI are the portable 3.0 waist that works in any runtime.skills/ files an interactive session uses. Why: a forked guardrail set drifts and defeats the corpus moat.target/ground_truth/PII into an Agent definition or its MCP tool responses. Why: anything sent to the cloud agent leaves the boundary permanently. For holdout-touching work see eval-outcomes.ao agent bundle --runtime managed > agent-def.json
Stitches the selected AgentOps skills (default: session-bootstrap, standards, behavioral-discipline, validation, provenance) into a Managed Agents API payload — model + instructions + skills array + an MCP descriptor for the ao tool surface. POST-able with the managed-agents-2026-04-01 beta header.
Checkpoint: the payload carries the skills + the ao MCP descriptor, and contains no holdout values.
ao as a toolRun a thin MCP server (ao mcp serve) — or a documented shell-tool spec — exposing session_bootstrap, inject, corpus_inject, validate, goals_measure so the hosted loop can orient and self-check. For self-hosted sandboxes (bushido), the MCP server runs inside the sandbox boundary with tailnet access to Dolt.
Checkpoint: the agent can call ao session bootstrap + ao inject itself before doing work.
A reusable workflow (agent-output-validate.yml) can run ao validate + the standards/eval-outcomes gates against whatever the agent produced (PR branch or artifact bundle) as remote backstop telemetry. The routine acceptance path is the same local cockpit/pawl gate as interactive work: land through ao gate check and the installed Git pre-push proof path.
Checkpoint: the agent's output passed the local cockpit/pawl gate; PR/tag/manual CI backstop evidence is green when that route is used.
For Agent SDK users who want in-loop interception, a documented PreToolUse/Stop adapter shells out to ao validate (with the standards checklist loaded). Clearly optional — the default path is the deterministic cockpit/proof gate, never runtime hooks. Reference samples (TypeScript + Python, wired into no runtime by default): references/sdk-hook-adapter.md.
Format: a JSON Agent definition plus a validated PR/artifact. Path: the Agent definition is written to agent-def.json at the repo root; the runtime profile is written to docs/contracts/agent-runtime-profile.md (the frontmatter produces path). Structure: model, instructions (stitched skills), skills array, ao MCP descriptor; the output is accepted only after the local cockpit/pawl proof path passes, with CI backstop evidence when that route is used.
skills/ files as interactive sessions (no fork).ao is callable by the agent (MCP/shell-tool); it can self-bootstrap + self-validate.target/ground_truth/PII in the Agent definition or tool responses.# Bundle, serve the ao tool surface, and land through the cockpit/proof gate
ao agent bundle --runtime managed > agent-def.json
ao mcp serve & # exposes session_bootstrap/inject/validate/goals_measure as MCP tools
# (submit agent-def.json to the Managed Agents API; PR CI is backstop telemetry)
| Problem | Cause | Solution |
|---|---|---|
| Tempted to port the hooks | Old runtime-coupled reflex | Don't — bundle skills + expose ao + land through the cockpit/proof gate. Hooks are the optional adapter only |
| Agent can't orient | ao not exposed as a tool | Run ao mcp serve (or the shell-tool spec) so the loop can ao session bootstrap |
| Unvalidated work merged | Relied on the optional in-loop adapter | The cockpit/pawl proof path is the gate — never the adapter |
ao)/rpi skill loops (ao agent bundle produces the definition a managed-agents substrate runs)