Table of Contents generated with DocToc

Labels and capabilities

This page is the canonical reference for the label taxonomy used on issues and pull requests in this framework repository (apache/magpie). It also defines the capability model that classifies what each skill or tool in the framework actually does, independent of which subject area it sits under.

Every issue and pull request opened against this repository should carry at least one family:* label and at least one capability:* label. New tools and new skills must declare their capability up front (see The rule).

Scope caveat. This taxonomy applies to this framework repository. Skills that create issues or PRs on an adopter’s tracker (e.g. security-issue-import, security-issue-fix, issue-fix-workflow) use the adopter’s own label scheme — adopters are free to mirror this taxonomy in their own repo but are not required to.


Label dimensions

The repository’s labels fall into four orthogonal dimensions. An issue or PR typically carries one label from each dimension that applies.

1. family:* — subject

What part of the framework does this touch?

Label Covers
family:pr-management pr-management-* skills
family:security security-* skills, security-tracker-stats-dashboard
family:setup setup-* skills, framework adoption, agent-sandbox setup
family:issue issue-* skills (issue-triage, issue-fix-workflow, issue-reassess, issue-reassess-stats, issue-reproducer, issue-stale-sweep, issue-deduplicate, issue-backlog-stats)
family:tools Substrate tools under tools/* (CLI bridges, agent-runtime adapters, mail-source backends)
family:ci .github/ workflows, prek, validators
family:docs docs/, MISSION.md, READMEs

2. capability — two axes (skills vs tools)

Per RFC-AI-0005, “capability” is two orthogonal vocabularies, one per entity. A skill carries one or more skill capabilities (capability:*); a tool carries one or more tool capabilities (contract:* or substrate:*). List all that apply; do not pick a single “primary”.

Axis 1 — skill capability (capability:*) — the workflow-lifecycle phase a skill performs:

Label Definition
capability:triage Sweep a queue, classify candidates, propose dispositions for human confirmation.
capability:review Deep per-item code review of a PR or local diff; also contributor mentoring (single-item teaching intervention).
capability:fix Implement a code change against an upstream repo to resolve a triaged issue.
capability:intake Import external signal (mailing list, scan report, public PR) into a tracker entry, or keep an existing entry reconciled with one of those sources.
capability:reconciliation Compare tracker state against an external inventory (e.g. ASF security dashboard, organization-wide issue registry); surface drift; propose corrections. Does not write to either source.
capability:resolve Close-out actions: invalidate, dedupe, CVE-allocate, post-announcement housekeeping.
capability:reassess Re-run resolved or end-of-life issues against current code to verify still-fixed / still-broken.
capability:stats Read-only dashboards, metrics, governance evidence, contributor nomination briefs.
capability:platform Framework / agent substrate skills: install, verify, update, doctor, override-upstream, status, shared-config-sync, the setup bootstrap.
capability:authoring Skills that author or maintain other skills: write-skill, optimize-skill.

Axis 2 — tool capability (contract:* / substrate:*) — the interface a tool/adapter provides. contract:<name> implements a capability contract under tools/<contract>/; substrate:<name> is framework substrate:

Label Kind Definition
contract:tracker contract Issue / board / label backend.
contract:source-control contract Branch / commit / diff / push (VCS).
contract:change-request contract Proposed-change review + merge gate (pull request / merge request / Gerrit change).

| contract:mail-archive | contract | Mailing-list / forum archive reads. | | contract:mail-source | contract | Inbound-mail ingestion (mbox / IMAP / …). | | contract:mail-create | contract | Outbound mail composition. Always produces an editable draft; sending is a separate human-approved step on that draft (draft mode = default and the only mode implemented today; send mode declared but unimplemented — no autonomous send). | | contract:cve-authority | contract | CVE allocation / record management / publication. | | contract:report-relay | contract | Inbound security-report relay detection. | | contract:scan-format | contract | Security-scanner report parsing. | | contract:project-metadata | contract | Governance rosters / people / releases. | | substrate:analytics | substrate | Read-only metrics / dashboards / renderers. | | substrate:sandbox | substrate | Agent isolation, egress control, settings audit. | | substrate:action-guard | substrate | Deterministic pre-tool-use command guards. | | substrate:privacy | substrate | PII redaction / approved-LLM gating. | | substrate:framework-dev | substrate | Build / validate / eval the framework itself. |

Coverage qualifiers

Some tool READMEs may declare a Coverage: qualifier next to a capability when the tool intentionally implements only part of a contract.

partial-read-only means the tool implements a read-only subset of named contract operations, but does not satisfy the complete contract and must not be advertised as a complete/selectable backend.

Both capability axes are orthogonal to family:*. A single query can answer “how is our triage stack doing across PR + issue + security?” by filtering on capability:triage alone, without enumerating per-area queries.

Agent-harness support (substrate tools only). A substrate tool that integrates with the agent runtime (a hook, a settings file, a launcher) declares a **Harness:** field naming the harness(es) it supports, or agnostic when it depends on none. This is the agent-harness axis of LLM-integration neutrality and is scored by tools/vendor-neutrality-score — distinct from a tool’s **Runtime:** field, which is its execution environment (e.g. “Python stdlib”). The recognised harnesses are: Claude Code, Codex, Cursor, Gemini CLI, Copilot, OpenCode, Kiro. A tool is harness-neutral when it is agnostic or supports two or more harnesses.

3. kind:* — change type (pre-existing)

Label Covers
kind:dx Maintainer dev-loop / CLI UX
kind:policy Rule changes (eligibility, thresholds, behaviour switches)
kind:perf Token / latency / API-call budget
kind:adopter-config Per-adopter knob

4. mode:* — handling mode (pre-existing)

Label Covers
mode:Triage Agentic Triage — spot, classify, route, surface duplicates
mode:Mentoring Agentic Mentoring — teaching-register issue/PR interventions + good-first-issue authoring
mode:Drafting Agentic Drafting — agent-authored fix, human-reviewed PR
mode:Pairing Agentic Pairing — developer-side dev-cycle skills with mentorship intrinsic
mode:Autonomous Agentic Autonomous — narrowly-scoped auto-merge (off until Triage/Mentoring/Drafting run 2 quarters)
mode:cross-cutting Spans multiple modes
mode:platform Substrate / infra — not a mode (sandbox, CI, validators)

Standalone labels

marketing (branding artefacts), dependencies (dependency-update PRs), python:uv (Python uv-managed code), plus the default GitHub labels (bug, enhancement, documentation, good first issue, etc.).


Capability to skill map

Capabilities for every skill currently in .claude/skills/. Skills with two values (separated by +) carry both labels.

Skill Capability / capabilities
pr-management-triage capability:triage
issue-triage capability:triage
issue-stale-sweep capability:triage
pr-stale-sweep capability:triage
security-issue-triage capability:triage
ci-runner-audit capability:triage
dependency-audit capability:triage
workflow-security-audit capability:triage
license-compliance-audit capability:triage
flaky-test-triage capability:triage
reviewer-routing capability:triage (scores the configured reviewer roster on area match, git-history familiarity, and open-review load; proposes a primary reviewer plus optional backup — read-only, propose-then-confirm)
pr-management-quick-merge capability:triage + capability:review (screens the ready-for-review queue for trivial, all-gates-green PRs — triage; submits the maintainer’s approve on per-PR confirmation — review)
pr-management-code-review capability:review
pairing-self-review capability:review
pairing-multi-agent-review capability:review
pre-first-pr-check capability:review (newcomer-facing pre-flight checklist: SPDX headers, commit shape, Generated-by trailer, placeholder convention — read-only)
pr-management-mentor capability:review
good-first-issue-author capability:review (authors a newcomer-ready good first issue — contributor mentoring on the supply side)
good-first-issue-sweep capability:review + capability:triage (sweeps the open issue backlog for GFI candidates; scores each against the G1–G7 rubric and proposes the label on maintainer confirmation — a triage sweep in the mentoring family)
mentoring-welcome capability:review (drafts a first-contact orientation comment for first-time contributors on issues and PRs)
onboarding-concierge capability:review (answers newcomer “how do I contribute here” questions from the project’s contributing guide; hands off design, security, and out-of-scope queries to a human)
newcomer-issue-explainer capability:review (explains a good-first-issue in beginner terms and sketches an approach; read-only, never posts without confirmation)
issue-fix-workflow capability:fix
audit-finding-fix capability:fix
security-issue-fix capability:fix + capability:resolve (opens the PR that closes the tracker — both phases)
security-issue-import capability:intake
security-issue-import-from-md capability:intake
security-issue-import-from-pr capability:intake
security-issue-import-via-forwarder capability:intake
security-issue-import-from-scan capability:intake
security-issue-sync capability:intake (+ capability:reconciliation once #337 lands the ASF-dashboard step)
setup-shared-config-sync capability:intake + capability:platform (reconciles user-scope config to a sync repo; the act is intake, the subject is setup)
release-vote-tally capability:triage + capability:resolve (reads the vote thread / approval signal, classifies each reply as binding or non-binding, tallies the result — triage over the vote-thread queue — and drafts the [RESULT] [VOTE] close-out email for RM review — resolve)
release-prepare capability:resolve (drafts the planning issue, prep PR, and post-release bump PR that open the release lifecycle)
release-announce-draft capability:resolve (drafts the [ANNOUNCE] email and opens the site-bump PR that complete the release lifecycle)
release-verify-rc capability:triage (read-only RC pre-flight: verifies GPG signatures, checksums, RAT licence headers, NOTICE/LICENSE presence, prohibited binaries, and version-string consistency; emits a PASS/PASS-WITH-WARNINGS/FAIL report)
release-promote capability:resolve (emits the backend-shaped promotion command set that moves a passed-vote RC to the release distribution area; never runs the command itself)
release-keys-sync capability:resolve (drafts the KEYS file diff and paste-ready svn command sequence to add the RM’s public key; validates key strength against the ASF floor)
release-rc-cut capability:resolve (emits the paste-ready tag, build, sign, checksum, and staging command sequences for an RC)
release-vote-draft capability:resolve (drafts the [VOTE] email and planning-issue comment that advance the release to the vote stage)
release-archive-sweep capability:resolve + capability:triage (scans the dist area, classifies each release against the retention rule — triage — and proposes the command set to move past-retention releases to the archive — resolve)
security-cve-allocate capability:resolve
security-issue-invalidate capability:resolve
security-issue-deduplicate capability:resolve
issue-deduplicate capability:resolve (closes a duplicate general-issue and posts cross-reference comments; maintainer confirms before any action is applied)
issue-reassess capability:reassess
issue-reproducer capability:reassess
pr-management-stats capability:stats
issue-reassess-stats capability:stats
issue-backlog-stats capability:stats
security-tracker-stats-dashboard capability:stats
contributor-nomination capability:stats
contributor-to-committer capability:stats
contributor-activity-sweep capability:stats
contributor-sentiment capability:stats (measures contributor-sentiment signals — thread tone, time-to-first-reply, first-PR retention, reviewer load — and produces the gate report for experimental→stable advancement)
committer-onboarding capability:resolve + capability:triage (post-vote onboarding close-out — resolve — after validating the vote result in pre-flight — triage)
list-skills capability:stats
release-audit-report capability:stats (assembles the per-release audit record from the planning issue, vote thread, artefact list, and announce archive URL)
setup-status capability:stats + capability:platform (reports the adoption configuration — stats — and delegates reconfiguration to the setup skill)
setup capability:platform
setup-isolated-setup-install capability:platform
setup-isolated-setup-verify capability:platform
setup-isolated-setup-update capability:platform
setup-isolated-setup-doctor capability:platform + capability:reassess (re-checks an installed sandbox against current spec — the phase is reassess on subject setup)
setup-override-upstream capability:platform
setup-upstream-fix capability:platform
write-skill capability:authoring
optimize-skill capability:authoring
skill-reconciler capability:reconciliation (compares two near-duplicate skill copies and classifies every difference as ALLOWED, DRIFT, or SAFETY-BASELINE; proposes convergence; never writes either copy)

Capability to tool map

Tools under tools/. A tool’s capability is the interface it provides; a tool may carry more than one value (separated by +) when it implements multiple contracts (e.g. tools/gmail provides both mail-source and mail-create).

Tool Capability / capabilities Role
tools/agent-guard substrate:action-guard Deterministic pre-execution guard dispatcher (harness-neutral core behind a Claude Code PreToolUse hook and an OpenCode tool.execute.before plugin): blocks gh/git commands that would ping maintainers, carry a Co-Authored-By trailer, mark-ready prematurely, leak security language publicly, or empty a PR via force-push. Extensible — skills contribute guards via guards.d
tools/agent-isolation substrate:sandbox Secure-agent sandbox helpers
tools/apache-projects contract:project-metadata ASF project-metadata substrate (apache/comdev apache-projects-mcp); read-only projects.apache.org/json rosters / people / releases. Backs contributor-nomination and the security roster-resolution paths; tracked at main, not pinned
tools/asf-svn contract:source-control ASF SVN tool adapter: source-control binding for svn.apache.org working copies (centralized model), svn CLI operation catalogue, dist.apache.org release-distribution helpers (stage/promote/prune), ASF committer/PMC authorization, and optional svnpubsub site publishing. The SVN counterpart to tools/github/ for ASF projects. Also the land delegate for the jira-patch and mail-patch change-request backends (svn patch + svn commit)
tools/change-request contract:change-request Adapter contract for the proposed-change review + merge gate (pull request / merge request / patch). Pure interface spec; no executable code — backends under tools/github/ (PR), tools/jira-patch/, and tools/mail-patch/ implement it. The seam that lets pr-management-* skills run on non-GitHub backends
tools/cve-org contract:cve-authority CVE.org services adapter: publishes records to CVE.org and reads back the resulting CVE state. Implements the tools/cve-tool/ contract for the CVE.org-direct backend
tools/cve-tool contract:cve-authority Adapter contract for CNA backends (Vulnogram, MITRE form, CVE.org direct, GHSA). Pure interface spec; no executable code — adapters under sibling tools/cve-tool-*/ directories implement it.
tools/cve-tool-vulnogram contract:cve-authority ASF Vulnogram CVE-allocation adapter. Implements the tools/cve-tool/ contract. Previously named tools/vulnogram/.
tools/dashboard-generator substrate:analytics Self-contained HTML dashboard generator
tools/dev substrate:framework-dev Framework dev-loop helpers
tools/egress-gateway substrate:sandbox Egress-allowlist forward proxy (proxy.py plugin); host-level egress chokepoint — defence-in-depth for RFC-AI-0003 §4.4
tools/forwarder-relay contract:report-relay Adapter contract for inbound-relay backends (ASF Security relay, huntr.com, HackerOne triagers). Pure interface spec; adapters declare detection + credit-extraction + reporter-addressing rules.
tools/bitbucket contract:change-request Coverage: partial-read-only. Bitbucket Cloud and Bitbucket Data Center bridge foundation for repository metadata context and pull-request discovery/fetching. The partial-read-only qualifier means this tool implements named read-only contract operations but does not satisfy the complete contract and must not be counted as a complete/selectable backend. contract:tracker remains absent until Bitbucket issue operations or linked Jira handoff coverage exist.
tools/fossil contract:tracker + contract:source-control Fossil SCM forge bridge: integrates local SQLite-backed ticket tracking, wiki, and forum reads with the version-control shim
tools/github contract:tracker + contract:source-control + contract:change-request GitHub REST / GraphQL tracker substrate (called by every lifecycle phase) plus the Git source-control binding documented in source-control.md (runnable backend in tools/vcs) and the pull-request review/merge gate (change-request; the ASF default backend, alongside tools/jira-patch/ and tools/mail-patch/ for SVN-first projects)
tools/github-body-field contract:tracker Read or rewrite one ### Field section of a GitHub issue body without bringing the body into agent context — substrate helper for the security-sync skills
tools/github-rollup contract:tracker Append to (or create) the status-rollup comment on a GitHub issue without bringing the rollup body into agent context — substrate helper for every status-update-emitting skill
tools/gmail contract:mail-source + contract:mail-create + contract:mail-archive Gmail API substrate — inbound report intake (mail-source), thread / archive reads (mail-archive), plus outbound courtesy-reply drafting (mail-create); read + draft only, never sends
tools/jira contract:tracker JIRA REST substrate (read-only today; write subcommands tracked in #301)
tools/jira-patch contract:change-request JIRA-patch change-request backend: patches attached to JIRA issues as the proposal, reviewed via JIRA comments, landed via contract:source-control (svn patch + svn commit). Composes tools/jira/ (REST) + tools/asf-svn/ (land). Implements the tools/change-request/ contract
tools/mail-archive contract:mail-archive Adapter contract for public mail-archive backends (PonyMail, Hyperkitty, Discourse, Google Groups, GitHub Discussions). Pure interface spec.
tools/mail-patch contract:change-request [PATCH]-mail change-request backend: a [PATCH] thread on dev@ as the proposal, reviewed via drafted replies (contract:mail-create), read via contract:mail-archive, landed via contract:source-control (svn patch + svn commit). Implements the tools/change-request/ contract
tools/mail-source contract:mail-source Mail-source backend abstraction (mbox / IMAP / Mailman 3) feeding a uniform inbound thread/message view to the intake pipeline
tools/maildir contract:mail-source + contract:mail-create Local Maildir backend (Vendor: Maildir) — the offline, credential-free counterpart of tools/gmail. Implements mail-create by filing editable outbound drafts into a local Maildir for any mail client to send (never sends itself); its mail-source side is the local mbox/Maildir archive reader (tools/mail-source/mbox). The second, non-Google mail-create backend — closes the outbound-mail vendor-neutrality gap
tools/ponymail contract:mail-archive + contract:mail-source PonyMail public mail-archive substrate (ASF lists.apache.org); implements the tools/mail-archive/ contract for archive reads and the tools/mail-source/ contract for inbound list-traffic ingestion
tools/scan-format contract:scan-format Adapter contract for security-scanner report formats (ASVS reference); reads a scan’s finding index + per-finding evidence for the security-issue-import-from-scan pipeline.
tools/permission-audit substrate:sandbox Audit + atomically edit Claude Code permissions.allow[] entries; backs /magpie-setup verify --apply-permission-audit (check 8d)
tools/pr-management-stats substrate:analytics PR-backlog analytics engine
tools/preflight-audit substrate:analytics Dry-run the bulk-mode pre-flight classifier; measure skip-rate before / after any rule edit in the security-issue-sync skill
tools/privacy-llm substrate:privacy Privacy-LLM PII-scrubbing gate
tools/probe-templates substrate:sandbox Sandbox-doctor probe templates
tools/sandbox-lint substrate:sandbox Sandbox settings linter
tools/security-tracker-stats-dashboard substrate:analytics Security-tracker analytics engine
tools/spec-loop substrate:framework-dev Spec-driven build loop runner (Ralph-style) for framework development
tools/skill-evals substrate:framework-dev Eval harness for skills; framework-dev infrastructure whose run output is governance evidence
tools/skill-and-tool-validator substrate:framework-dev Skill-frontmatter and convention validator
tools/spec-inventory substrate:framework-dev + substrate:analytics Compact routing inventory for spec-loop prompts — summarizes specs, skills, and tool metadata so agents can choose relevant files before direct verification
tools/spec-status-index substrate:framework-dev + substrate:analytics Index of spec / RFC implementation status — framework-dev substrate that also doubles as a governance/stats view (analytics)
tools/vendor-neutrality-score substrate:framework-dev + substrate:analytics Deterministic vendor-neutrality score — reads each contract tool’s **Kind:** / **Vendor:** metadata and scores per-contract + per-skill neutrality (analytics); backs the score block in docs/vendor-neutrality.md
tools/spec-validator substrate:framework-dev Spec-frontmatter and body-section validator — counterpart to skill-and-tool-validator for tools/spec-loop/specs/
tools/symlink-lint substrate:framework-dev Self-adoption symlink hygiene — rejects cyclic symlinks and misdirected skill relays (canonical/relay target-correctness)
tools/pilot-report-validator substrate:framework-dev Adopter pilot-report validator — required frontmatter keys, no unfilled placeholders, valid profile, and required body sections; counterpart to spec-validator for docs/pilot-report-template.md
tools/skill-reconciler-diff substrate:framework-dev Deterministic structural diff between two skill trees — parses frontmatter, section headings, step inventory, placeholders, support files, and safety-baseline clauses into a JSON diff object for the skill-reconciler skill
tools/vcs contract:source-control Backend-dispatching implementation of the source-control (VCS) capability (tools/github/source-control.md); complete Git and Mercurial (Hg) backends, plus detected extension point for SVN (#602)
tools/sourcehut contract:tracker + contract:source-control + contract:mail-archive SourceHut (sr.ht) forge bridge: todo.sr.ht, lists.sr.ht, builds.sr.ht, and git/hg repository reads

A tool’s capability is the interface it provides, not which skills happen to consume it (RFC-AI-0005). tools/github provides the contract:tracker interface; tools/cve-tool-vulnogram provides contract:cve-authority; tools/privacy-llm is substrate:privacy. Use a contract:<name> value when the tool implements a capability contract under tools/<contract>/, and a substrate:<name> value for framework substrate. A tool may carry more than one (rare — tools/gmail is the only one today).

MCP servers, classified by capability

Several tools wrap a Model Context Protocol (MCP) server as their concrete backend. An MCP server is not a separate axis — it is classified by the capability its wrapping tool provides; the MCP is just the transport, interchangeable with a CLI or REST backend behind the same contract. A skill never names an MCP server — it targets the capability, and the tool routes to whichever backend the adopter wired in. The framework consumes four:

MCP server Tool prefix Wrapped by Capability provided Organization
GitHub MCP mcp__github__* tools/github contract:tracker + contract:source-control + contract:change-request
Gmail MCP (claude.ai) mcp__claude_ai_Gmail__* tools/gmail contract:mail-source + contract:mail-create + contract:mail-archive
PonyMail MCP (apache/comdev) mcp__ponymail__* tools/ponymail contract:mail-archive + contract:mail-source ASF
apache-projects MCP (apache/comdev) mcp__apache-projects__* tools/apache-projects contract:project-metadata ASF

Non-MCP backends fulfil the same contracts: JIRA is reached over REST and gh is the CLI fallback, both contract:tracker. See docs/prerequisites.md for connection setup.


The rule

When you create any of the following on this repository, declare the capability:

A GitHub issue

Apply at least one family:* AND one capability label — a skill capability (capability:*) for skill work, a tool capability (contract:* / substrate:*) for tool work. If the issue genuinely spans capabilities, apply all that apply.

A pull request

Same: family:* AND the matching capability. Match the capability the change is implementing, not the file paths it happens to touch. A PR that adjusts the validator config to support a new triage rule is capability:triage (the change’s purpose), not substrate:framework-dev (the file it edited).

A new tool under tools/

Declare the tool’s capability in the first paragraph of its README using the line:

**Capability:** contract:NAME

…or substrate:NAME for framework substrate. If the tool serves more than one, list them (contract:a + substrate:b). Pick the contract:<name> that matches the capability contract the tool implements, or the substrate:<name> kind that fits.

A new skill under .claude/skills/

Declare the capability in the skill’s frontmatter:

---
name: my-new-skill
description: |
  ...
capability: capability:NAME
---

The write-skill skill prompts for this on every new-skill scaffold.

A new doc under docs/

Capability-specific docs (e.g. a guide for a single skill family) should link to this page and name the capability in their first paragraph. Cross-cutting docs (MISSION.md, top-level READMEs) need no capability marker.


Why this exists

The original family:* labels split issues by subject — useful for “what part of the codebase is this?” but unable to answer “what kind of thing is this?”. The capability:* dimension fills that gap and is orthogonal: a triage-rule change in PR management (family:pr-management + capability:triage) and a triage-rule change in security (family:security + capability:triage) become trivially findable as a cohort even though they live in different families.

Capability is also a forcing function for skill design: if a new skill doesn’t fit any of the ten skill-capability buckets cleanly, that’s a signal worth inspecting before the skill ships.

Suggest a change