Rename /agent-sdk skill to /claude-agent-sdk for clarity

.claude/commands/amplihack/skill-builder.md

@@ -643,7 +643,7 @@ When your skill includes supporting documents (reference.md, examples.md, patter
 - Common pitfalls and how to avoid them
 ```
 
-**Reference Example:** See `~/.amplihack/.claude/skills/agent-sdk/SKILL.md` lines 376-408 for an excellent navigation guide implementation.
+**Reference Example:** See `~/.amplihack/.claude/skills/claude-agent-sdk/SKILL.md` lines 376-408 for an excellent navigation guide implementation.
 
 ### For Agent Skills (`agent`)
 

.claude/skills/agent-sdk/README.md → .claude/skills/claude-agent-sdk/README.md

@@ -23,7 +23,7 @@ This skill enables Claude to:
 ## File Structure
 
 ```
-agent-sdk/
+claude-agent-sdk/
 ├── SKILL.md                    # Main entry point (~2,100 tokens)
 │   └── Core concepts, quick start, navigation guide
 ├── reference.md                # Complete API reference (~3,900 tokens)
@@ -60,7 +60,7 @@ agent-sdk/
 
 ```python
 # In Claude Code conversations
-@~/.amplihack/.claude/skills/agent-sdk/SKILL.md
+@~/.amplihack/.claude/skills/claude-agent-sdk/SKILL.md
 ```
 
 ## Usage Patterns
@@ -133,7 +133,7 @@ The skill includes automated drift detection:
 ### Running Drift Detection
 
 ```bash
-cd .claude/skills/agent-sdk
+cd .claude/skills/claude-agent-sdk
 
 # Check for drift
 python scripts/check_drift.py
@@ -232,7 +232,7 @@ Token calculation: words × 1.3 (conservative estimate)
 The skill ships with placeholder content hashes. Generate real hashes:
 
 ```bash
-cd .claude/skills/agent-sdk
+cd .claude/skills/claude-agent-sdk
 python scripts/check_drift.py --update
 ```
 
@@ -279,7 +279,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Check for drift
         run: |
-          cd .claude/skills/agent-sdk
+          cd .claude/skills/claude-agent-sdk
           python scripts/check_drift.py
 ```
 

docs/claude/skills/agent-sdk/SKILL.md → .claude/skills/claude-agent-sdk/SKILL.md

@@ -72,7 +72,7 @@ npm install @anthropics/agent-sdk
 Set your API key as an environment variable:
 
 ```bash
-export ANTHROPIC_API_KEY="your-api-key-here"
+export ANTHROPIC_API_KEY="your-api-key-here"  # pragma: allowlist secret
 ```
 
 Or pass it explicitly in code:

docs/claude/skills/agent-sdk/VALIDATION_REPORT.md → .claude/skills/claude-agent-sdk/VALIDATION_REPORT.md

@@ -26,7 +26,7 @@ The Claude Agent SDK skill has been successfully built according to the architec
 ### Directory Structure
 
 ```
-.claude/skills/agent-sdk/
+.claude/skills/claude-agent-sdk/
 ├── SKILL.md
 ├── reference.md
 ├── examples.md
@@ -344,10 +344,10 @@ token_budget: 4500                        ✓ Integer valid
 
 ### Immediate Actions
 
-1. ✓ Deploy skill to `~/.amplihack/.claude/skills/agent-sdk/`
+1. ✓ Deploy skill to `~/.amplihack/.claude/skills/claude-agent-sdk/`
 2. Run drift detection to generate initial hashes:
    ```bash
-   cd .claude/skills/agent-sdk
+   cd .claude/skills/claude-agent-sdk
    python scripts/check_drift.py --update
    ```
 3. Test skill activation with sample queries containing keywords

amplifier-bundle/skills/agent-sdk/drift-detection.md → .claude/skills/claude-agent-sdk/drift-detection.md

@@ -73,7 +73,7 @@ def generate_content_hash(url: str) -> str:
 
 ### check_drift.py Script
 
-Location: `~/.amplihack/.claude/skills/agent-sdk/scripts/check_drift.py`
+Location: `~/.amplihack/.claude/skills/claude-agent-sdk/scripts/check_drift.py`
 
 **Core Functionality:**
 
@@ -304,7 +304,7 @@ When drift is detected, follow this systematic workflow:
 **Step 1: Verify Drift**
 
 ```bash
-cd .claude/skills/agent-sdk
+cd .claude/skills/claude-agent-sdk
 python scripts/check_drift.py
 ```
 

.claude/skills/agent-sdk/examples.md → .claude/skills/claude-agent-sdk/examples.md

@@ -411,7 +411,7 @@ from claude_agents import Agent
 custom_mcp = MCPClient(
     command="node",
     args=["./custom-mcp-server.js"],
-    env={"API_KEY": "secret-key"}
+    env={"API_KEY": "secret-key"}  # pragma: allowlist secret
 )
 
 # Agent automatically gets all tools from MCP server

amplifier-bundle/skills/agent-sdk/reference.md → .claude/skills/claude-agent-sdk/reference.md

@@ -241,7 +241,7 @@ agent = Agent(
     model="claude-sonnet-4-5-20250929",
 
     # Authentication (optional if env var set)
-    api_key="sk-ant-...",
+    api_key="sk-ant-...",  # pragma: allowlist secret
 
     # System prompt
     system="You are a helpful assistant.",
@@ -343,15 +343,15 @@ console.log(result.response);
 **Environment Variable (Recommended):**
 
 ```bash
-export ANTHROPIC_API_KEY="sk-ant-..."
+export ANTHROPIC_API_KEY="sk-ant-..."  # pragma: allowlist secret
 ```
 
 **Explicit in Code:**
 
 ```python
 agent = Agent(
     model="claude-sonnet-4-5-20250929",
-    api_key="sk-ant-..."
+    api_key="sk-ant-..."  # pragma: allowlist secret
 )
 ```
 
@@ -1023,7 +1023,7 @@ result = agent.run("How do I use agent sdk tools?")
 ```python
 agent = Agent(
     model="claude-sonnet-4-5-20250929",
-    skills=["agent-sdk", "python-expert"]  # Explicitly activate skills
+    skills=["claude-agent-sdk", "python-expert"]  # Explicitly activate skills
 )
 ```
 
@@ -1074,7 +1074,7 @@ If total content exceeds `token_budget`, SDK:
 Skills can span multiple files for organization:
 
 ```
-.claude/skills/agent-sdk/
+.claude/skills/claude-agent-sdk/
 ├── SKILL.md          # Main entry point (always loaded)
 ├── reference.md      # API reference (loaded on demand)
 ├── examples.md       # Code examples (loaded on demand)

.claude/skills/gh-aw-adoption/SKILL.md

@@ -452,6 +452,7 @@ This skill follows the Diátaxis documentation framework with four complementary
 4. **reference.md** (Reference): Technical specifications, detailed configurations, troubleshooting reference
 
 **For troubleshooting**:
+
 - Start with **reference.md** to understand the error and root cause
 - Check **examples.md** for step-by-step fix instructions
 - Review **patterns.md** to avoid the anti-pattern in future workflows

.claude/skills/gh-aw-adoption/examples.md

@@ -196,7 +196,7 @@ Identified 20 high-impact workflows:
 
 **Worker agent template** (used by each agent):
 
-````markdown
+`````markdown
 ## Worker Agent: Create {WORKFLOW_NAME}
 
 ### Step 1: Read Reference Workflow
@@ -275,6 +275,7 @@ Log every action to `memory/{WORKFLOW_NAME}/audit-log.jsonl`:
 }
 ```
 ````
+`````
 
 **Safe-Output Awareness**:
 Track operations against limits, prioritize critical actions first.
@@ -315,7 +316,8 @@ git push origin feat/{WORKFLOW_NAME}-workflow
   "commit": "{commit_sha}"
 }
 ```
-````
+
+`````
 
 **Actual execution** (coordinated by main agent):
 
@@ -549,7 +551,7 @@ Your mission is to monitor required secrets for expiration, misconfiguration, or
 
 For each required secret:
 
-1. Query repository secrets: `gh api repos/cloud-ecosystem-security/cybergym5/actions/secrets`
+1. Query repository secrets: `gh api repos/cloud-ecosystem-security/cybergym5/actions/secrets`  # pragma: allowlist secret
 2. Verify secret is configured
 3. Note: Cannot read secret values, only check existence
 
@@ -615,8 +617,8 @@ fi
 Log all validation activities to `memory/secret-validation/audit-log.jsonl`:
 
 ```jsonl
-{"timestamp": "2026-02-15T08:00:00Z", "secret": "ANTHROPIC_API_KEY", "status": "present", "checked_by": "secret-validation-agent"}
-{"timestamp": "2026-02-15T08:00:05Z", "secret": "AZURE_CREDENTIALS", "status": "missing", "action": "created-issue-#456"}
+{"timestamp": "2026-02-15T08:00:00Z", "secret": "ANTHROPIC_API_KEY", "status": "present", "checked_by": "secret-validation-agent"}  # pragma: allowlist secret
+{"timestamp": "2026-02-15T08:00:05Z", "secret": "AZURE_CREDENTIALS", "status": "missing", "action": "created-issue-#456"}  # pragma: allowlist secret
 ```
 
 ## Issue Creation Guidelines
@@ -693,7 +695,7 @@ Validation successful when:
 
 Scheduled: Next Monday at 8 AM UTC
 Manual trigger: `gh workflow run secret-validation.lock.yml`
-````
+`````
 
 **Adaptations made**:
 

.claude/skills/gh-aw-adoption/reference.md

@@ -738,14 +738,17 @@ This section documents common workflow failures discovered in production and the
 ### Failure: MCP Server Launch Errors
 
 **Symptom**:
+
 ```
 ##[error]MCP server(s) failed to launch: docker-mcp
 ```
 
 **Root Cause**: MCP servers configured in `.mcp.json` that cannot run in GitHub Actions environment (e.g., docker-mcp requires Docker which isn't available in standard runners).
 
 **Solution**:
+
 1. **Remove incompatible MCP servers** from `.mcp.json`:
+
    ```json
    {
      "mcpServers": {
@@ -777,6 +780,7 @@ This section documents common workflow failures discovered in production and the
 ### Failure: Lockdown Mode Without Custom Token
 
 **Symptom**:
+
 ```
 Lockdown mode is enabled (lockdown: true) but no custom GitHub token is configured.
 ```
@@ -786,6 +790,7 @@ Lockdown mode is enabled (lockdown: true) but no custom GitHub token is configur
 **Solution Options**:
 
 **Option 1: Remove lockdown mode (recommended for most cases)**
+
 ```yaml
 tools:
   github:
@@ -794,12 +799,14 @@ tools:
 ```
 
 **Option 2: Configure custom token (for enhanced security)**
+
 ```bash
 # Create fine-grained PAT with required permissions
 gh secret set GH_AW_GITHUB_TOKEN --body "github_pat_XXX" --repo owner/repo
 ```
 
 **When to use lockdown mode**:
+
 - ✅ Workflows modifying critical infrastructure
 - ✅ Workflows with elevated permissions
 - ✅ Workflows requiring audit trail beyond GitHub Actions
@@ -812,6 +819,7 @@ gh secret set GH_AW_GITHUB_TOKEN --body "github_pat_XXX" --repo owner/repo
 ### Failure: Missing API Keys for Engine
 
 **Symptom**:
+
 ```
 Neither CODEX_API_KEY nor OPENAI_API_KEY secret is set
 ```
@@ -821,6 +829,7 @@ Neither CODEX_API_KEY nor OPENAI_API_KEY secret is set
 **Solution Options**:
 
 **Option 1: Switch to engines that don't require API keys (recommended)**
+
 ```yaml
 # Before
 engine: codex
@@ -831,11 +840,13 @@ engine: claude   # Requires ANTHROPIC_API_KEY
 ```
 
 **Option 2: Configure required API key**
+
 ```bash
 gh secret set OPENAI_API_KEY --body "sk-..." --repo owner/repo
 ```
 
 **Engine requirements**:
+
 - `copilot`: No API key required (built-in)
 - `claude`: Requires `ANTHROPIC_API_KEY` secret
 - `codex`: Requires `OPENAI_API_KEY` or `CODEX_API_KEY` secret
@@ -870,21 +881,22 @@ safe-outputs:
 ```
 
 **Key Principle**: gh-aw workflows use **safe-outputs** for write operations, not direct permissions. This provides:
+
 - Rate limiting (max: N)
 - Audit trail (all writes logged)
 - Security (operations validated before execution)
 - Expiration (cleanup old issues/comments)
 
 **What you need for different operations**:
 
-| Operation | Read Permission | Safe-Output |
-|-----------|----------------|-------------|
-| Create issue | `issues: read` | `create-issue` |
-| Update issue | `issues: read` | `update-issue` |
-| Add comment | `issues: read` | `add-comment` |
-| Create discussion | `contents: read` | `create-discussion` |
-| Create PR | `contents: read`, `pull-requests: read` | `create-pull-request` |
-| Add labels | Permission depends on resource | `add-label` |
+| Operation         | Read Permission                         | Safe-Output           |
+| ----------------- | --------------------------------------- | --------------------- |
+| Create issue      | `issues: read`                          | `create-issue`        |
+| Update issue      | `issues: read`                          | `update-issue`        |
+| Add comment       | `issues: read`                          | `add-comment`         |
+| Create discussion | `contents: read`                        | `create-discussion`   |
+| Create PR         | `contents: read`, `pull-requests: read` | `create-pull-request` |
+| Add labels        | Permission depends on resource          | `add-label`           |
 
 **Never add** `issues: write` or `discussions: write` directly - use safe-outputs instead!
 
@@ -893,6 +905,7 @@ safe-outputs:
 ### Failure: Missing Dependencies in CI
 
 **Symptom**:
+
 ```
 The specified go version file at: go.mod does not exist
 AttributeError: module 'typer' has no attribute 'rich_utils'
@@ -903,6 +916,7 @@ AttributeError: module 'typer' has no attribute 'rich_utils'
 **Solution**:
 
 **For missing files**:
+
 ```yaml
 # Remove steps that require files not in repo
 steps:
@@ -913,13 +927,15 @@ steps:
 ```
 
 **For Python dependency conflicts**:
+
 ```yaml
 # Pin compatible versions
 pip install 'safety==2.3.5'  # Not 3.x which has typer issues
 pip install 'bandit==1.7.6 pylint==3.0.3'
 ```
 
 **For missing tools**:
+
 ```bash
 # Check tool availability before use
 if command -v tool_name &> /dev/null; then
@@ -936,16 +952,18 @@ fi
 **Important**: The `GITHUB_TOKEN` environment variable is **automatically available** in all GitHub Actions workflows. You do NOT need to configure it as a secret.
 
 **How it works**:
+
 - GitHub automatically injects `GITHUB_TOKEN` into workflow environment
 - Token has permissions based on workflow's `permissions:` declaration
 - Token is scoped to the repository and workflow run
 - Token expires when workflow completes
 
 **Common mistake**:
+
 ```yaml
 # ❌ WRONG - trying to manually configure GITHUB_TOKEN
 env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Unnecessary!
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Unnecessary!
 
 # ✅ CORRECT - just declare permissions, token is automatic
 permissions:
@@ -954,12 +972,14 @@ permissions:
 ```
 
 **When workflows fail with "GITHUB_TOKEN" errors**:
+
 1. Check if workflow declares required permissions
 2. Check if lockdown mode is enabled (requires custom token)
 3. Verify safe-outputs are configured correctly
 4. Ensure you're not trying to set GITHUB_TOKEN as a secret
 
 **Custom tokens** (GH_AW_GITHUB_TOKEN) are only needed for:
+
 - Lockdown mode (`lockdown: true`)
 - Cross-repository operations
 - Enhanced audit requirements