Add Anthropic skill format for .NET release graph navigation

New release-notes/skills/ directory with task-specific skills:
- SKILL.md: TOC with graph basics and skill triggers
- navigation.md: ASCII flow diagrams, link relations, fetch counts
- cve.md: CVE queries, severity levels, history traversal
- breaking-changes.md: Compatibility, migration guidance
- version-eol.md: Support lifecycle, EOL version queries
- os-support.md: Distros, packages, glibc requirements

llms.json changes:
- required_pre_read now points to skills/SKILL.md
- Removed ai_skills (skills now documented in SKILL.md)
- ai_note leads with required_pre_read instruction

This enables testing two flows:
- llms.txt -> llms.json (existing)
- llms.json -> SKILL.md -> task skills (new)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: richlander

release-notes/llms.json

@@ -1,22 +1,8 @@
 {
   "kind": "llms-index",
   "title": ".NET Release Index for AI",
-  "required_pre_read": "https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/llms.txt",
-  "ai_note": "HAL graph—follow _links only, never construct URLs. ALWAYS read required_pre_read first. Check ai_skills and fetch when your query matches a use_when trigger.",
-  "ai_skills": [
-    {
-      "skill": "navigation-diagram",
-      "use_when": "Your query spans multiple hops and you're unsure which links to follow",
-      "shows": "Visual fetch sequences for every query type, link relations, fetch counts",
-      "href": "https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/llms/navigation-diagram.txt"
-    },
-    {
-      "skill": "schema-reference",
-      "use_when": "CVE/security query needing CVSS vectors, CWE, or field definitions",
-      "shows": "Severity levels, affected package ranges, field enums, file type schemas",
-      "href": "https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/llms/schema-reference.txt"
-    }
-  ],
+  "required_pre_read": "https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/SKILL.md",
+  "ai_note": "ALWAYS read required_pre_read first. HAL graph—follow _links only, never construct URLs.",
   "latest": "10.0",
   "latest_lts": "10.0",
   "latest_year": "2025",

release-notes/skills/SKILL.md

@@ -0,0 +1,54 @@
+---
+name: dotnet-releases
+description: Query .NET release data, CVEs, breaking changes, EOL dates, and OS support. Use when answering questions about .NET versions, security vulnerabilities, compatibility, or support status.
+---
+
+# .NET Release Graph
+
+Machine-readable .NET release, CVE, and compatibility data via HAL hypermedia.
+
+## Entry Point
+
+https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/llms.json
+
+## Core Rules
+
+1. **Follow `_links["..."].href` exactly** — never construct URLs
+2. **Use `_embedded` data first** — it answers most queries without extra fetches
+3. **If data is missing, don't fabricate** — report the gap
+
+## What's in llms.json
+
+| Property | Contains |
+|----------|----------|
+| `_embedded.latest_patches[]` | Current patch for each supported version (8.0, 9.0, 10.0) with EOL dates, support status |
+| `_embedded.latest_security_month[]` | CVE counts and IDs (severity requires fetching month index) |
+| `_links` | Navigation to version indexes, timeline, releases |
+
+## Skills for Specific Tasks
+
+Fetch these when your query matches:
+
+| Skill | Fetch When | URL |
+|-------|------------|-----|
+| navigation.md | Multi-hop query and unsure which links to follow | https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/navigation.md |
+| cve.md | CVE queries needing severity, CVSS, or history | https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/cve.md |
+| breaking-changes.md | Compatibility or migration questions | https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/breaking-changes.md |
+| version-eol.md | EOL versions, support lifecycle, or version history | https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/version-eol.md |
+| os-support.md | OS packages, distro support, or glibc requirements | https://raw.githubusercontent.com/dotnet/core/refs/heads/release-index/release-notes/skills/os-support.md |
+
+## Quick Answers (1 fetch)
+
+These are answered directly from `llms.json`:
+
+- Latest patch for .NET X → `_embedded.latest_patches[]` filter by `release`
+- Is .NET X supported? → `_embedded.latest_patches[]` → `supported`, `eol_date`
+- CVE count this month → `_embedded.latest_security_month[]` → `cve_count`
+
+## Navigation Shortcuts
+
+Each `_embedded.latest_patches[]` entry has `_links` for 2-fetch navigation:
+
+- `release-major` → version index (breaking changes, TFMs, OS support)
+- `latest-sdk` → SDK index (feature bands, downloads)
+- `latest-security` → last security patch for that version

release-notes/skills/breaking-changes.md

@@ -0,0 +1,90 @@
+# Breaking Changes Queries
+
+## Navigation Flow (2 fetches)
+
+```
+llms.json
+    │
+    └─► _embedded.latest_patches[] ─► find version (e.g., "10.0")
+            │
+            └─► _links["release-major"]
+                    │
+                    ▼
+                X.0/index.json
+                    │
+                    ├─► _links["compatibility-json"] ─► breaking changes
+                    │
+                    └─► _links["target-frameworks-json"] ─► TFMs
+```
+
+## Common Queries
+
+### Breaking changes for .NET X (2 fetches)
+
+1. Fetch `llms.json`
+2. Find `_embedded.latest_patches[]` where `release == "X.0"`
+3. Follow `_links["release-major"]` → version index
+4. Follow `_links["compatibility-json"]` → compatibility.json
+
+### TFMs for .NET X (2 fetches)
+
+Same path, but follow `_links["target-frameworks-json"]`
+
+## compatibility.json Structure
+
+```json
+{
+  "breaking_changes": [
+    {
+      "id": "category-version-short-name",
+      "title": "Human-readable title",
+      "category": "core-libraries | sdk | aspnet-core | ...",
+      "type": "behavioral | source-incompatible | binary-source-incompatible",
+      "version_introduced": "10.0",
+      "impact": "low | medium | high",
+      "references": [
+        {
+          "type": "documentation-source",
+          "url": "https://learn.microsoft.com/..."
+        }
+      ]
+    }
+  ]
+}
+```
+
+## Breaking Change Types
+
+| Type | Meaning |
+|------|---------|
+| `behavioral` | Runtime behavior changed, source compiles |
+| `source-incompatible` | Source won't compile without changes |
+| `binary-source-incompatible` | Binary and source compatibility broken |
+
+## Impact Levels
+
+| Impact | Description |
+|--------|-------------|
+| `low` | Unlikely to affect most apps |
+| `medium` | May require code changes |
+| `high` | Likely requires migration effort |
+
+## Categories
+
+Common categories in `compatibility.json`:
+
+- `core-libraries` — BCL changes
+- `sdk` — dotnet CLI, MSBuild, NuGet
+- `aspnet-core` — ASP.NET Core
+- `windows-forms` — WinForms
+- `wpf` — WPF
+- `cryptography` — Security/crypto APIs
+- `extensions` — Microsoft.Extensions.*
+- `networking` — HTTP, sockets
+- `serialization` — JSON, XML serialization
+
+## Tips
+
+- Group by `category` for migration planning
+- Filter by `impact == "high"` for critical review
+- Follow `references[].url` for detailed migration guidance

release-notes/skills/cve.md

@@ -0,0 +1,76 @@
+# CVE Queries
+
+## Quick Rule
+
+`_embedded.latest_security_month[]` in llms.json has **counts and IDs only** — fetch the month index for CVSS scores and severity.
+
+## Navigation Flow
+
+```
+llms.json
+    │
+    ├─► _embedded.latest_security_month[] ─► CVE counts, IDs (no severity)
+    │
+    └─► _links["latest-security-month"]
+            │
+            ▼
+        month/index.json
+            │
+            ├─► _embedded.disclosures[] ─► severity, titles, fix commits
+            │
+            ├─► _links["cve-json"] ─► full CVSS vectors, CWE, packages
+            │
+            └─► _links["prev-security"] ─► previous security month
+```
+
+## Common Queries
+
+### Critical CVEs this month (2 fetches)
+
+1. Fetch `llms.json`
+2. Follow `_links["latest-security-month"]` → month index
+3. Filter `_embedded.disclosures[]` where `cvss_severity == "CRITICAL"`
+
+### CVE history for .NET X (1 + N fetches)
+
+1. Fetch `llms.json`
+2. Follow `_links["latest-security-month"]`
+3. Walk `_links["prev-security"]` until target date
+4. Filter `_embedded.disclosures[]` by `affected_releases`
+
+### Deep CVE analysis (3 fetches)
+
+1. Fetch month index
+2. Follow `_links["cve-json"]` for full details:
+   - `cvss_vector` — full CVSS string
+   - `cwe` — weakness classification
+   - `packages[]` — affected NuGet packages with version ranges
+
+## Disclosure Fields
+
+Each `_embedded.disclosures[]` entry contains:
+
+| Field | Description |
+|-------|-------------|
+| `id` | CVE identifier (e.g., CVE-2025-55315) |
+| `title` | Vulnerability title |
+| `cvss_score` | Numeric score (0-10) |
+| `cvss_severity` | NONE, LOW, MEDIUM, HIGH, CRITICAL |
+| `affected_releases` | Array of .NET versions (e.g., ["8.0", "9.0"]) |
+| `fixes[]` | Commit diff URLs per release branch |
+
+## Severity Levels
+
+| Severity | CVSS Range |
+|----------|------------|
+| CRITICAL | 9.0 - 10.0 |
+| HIGH | 7.0 - 8.9 |
+| MEDIUM | 4.0 - 6.9 |
+| LOW | 0.1 - 3.9 |
+| NONE | 0.0 |
+
+## Tips
+
+- `prev-security` links skip non-security months automatically
+- Fix commit URLs end in `.diff` — fetch immediately if needed (may be blocked later)
+- `cve-json` is only needed for CVSS vectors, CWE, or package version ranges

release-notes/skills/navigation.md

@@ -0,0 +1,122 @@
+# Navigation Flows
+
+Visual map of navigation patterns through the .NET release graph. Use this when planning multi-hop queries.
+
+## Entry Points
+
+```
+llms.json (AI-optimized)          index.json (all versions)       timeline/index.json (by date)
+     │                                  │                                │
+     ├─► latest_patches[]               ├─► _embedded.releases[]         ├─► _embedded.years[]
+     │   (supported versions)           │   (all versions incl EOL)      │   └─► _embedded.months[]
+     │                                  │                                │
+     └─► latest_security_month[]        └─► _links.timeline-index        └─► _links.prev-security
+         (current CVE summary)                                               (walk security history)
+```
+
+## Flow 1: Supported Version Queries (1-2 fetches)
+
+```
+llms.json
+    │
+    └─► _embedded.latest_patches[] ─────────────────────────► DONE (patch version, EOL date, support status)
+            │
+            ├─► _links.release-major ─► X.0/index.json ─► compatibility-json ─► DONE (breaking changes)
+            │                                          └─► target-frameworks-json ─► DONE (TFMs)
+            │
+            └─► _links.latest-sdk ─► sdk/index.json ─► DONE (feature bands, downloads)
+```
+
+## Flow 2: CVE Queries (1-N fetches)
+
+```
+llms.json
+    │
+    ├─► _embedded.latest_security_month[] ─► DONE (CVE IDs and counts only)
+    │
+    └─► _links.latest-security-month
+            │
+            ▼
+        month/index.json ◄──────────────────┐
+            │                               │
+            ├─► _embedded.disclosures[] ────│─► DONE (severity, titles, fixes)
+            │                               │
+            ├─► _links.cve-json ───────────►│   cve.json ─► DONE (CVSS vectors, CWE, packages)
+            │                               │
+            └─► _links.prev-security ───────┘   (repeat for history)
+```
+
+## Flow 3: EOL Version Queries (3-5 fetches)
+
+```
+llms.json
+    │
+    └─► _links.releases-index
+            │
+            ▼
+        index.json
+            │
+            └─► _embedded.releases[] ─► find EOL version (e.g., 6.0)
+                    │
+                    └─► _links.self
+                            │
+                            ▼
+                        6.0/index.json ─► eol_date, latest patch
+                            │
+                            └─► _links.latest-security
+                                    │
+                                    ▼
+                                6.0.35/index.json ─► _embedded.disclosures[] ─► DONE
+```
+
+## Flow 4: Linux/OS Queries (3 fetches)
+
+```
+llms.json
+    │
+    └─► _embedded.latest_patches[] ─► _links.release-major
+            │
+            ▼
+        X.0/index.json
+            │
+            └─► _links.release-manifest
+                    │
+                    ▼
+                manifest.json
+                    │
+                    ├─► _links.supported-os-json ─► DONE (distros, glibc versions)
+                    │
+                    └─► _links.os-packages-json ─► DONE (apt/dnf packages per distro)
+```
+
+## Key Link Relations
+
+```
+From llms.json:
+  latest-security-month ──► timeline month (CVE details)
+  releases-index ──────────► full version list (including EOL)
+
+From latest_patches[]:
+  release-major ───────────► X.0/index.json (version resources)
+  latest-sdk ──────────────► sdk/index.json (SDK bands)
+  latest-security ─────────► last security patch
+
+From month index:
+  prev-security ───────────► previous security month (auto-skips non-security)
+  cve-json ────────────────► full CVE details
+
+From version index:
+  release-manifest ────────► manifest.json (OS support, packages)
+  compatibility-json ──────► breaking changes
+  target-frameworks-json ──► TFMs
+```
+
+## Fetch Count Summary
+
+| Pattern | Fetches | Notes |
+|---------|---------|-------|
+| Embedded data | 1 | patch versions, support status, CVE counts |
+| Version resources | 2 | breaking changes, TFMs, SDK bands |
+| OS/Linux queries | 3 | requires manifest hop |
+| EOL version info | 3-5 | must traverse releases-index |
+| CVE history | 1+N | N = security months to traverse |