Today any installed package with a skills/ directory is trusted and surfaced to AI agents — there is no allowlist. This makes the project explicitly declare which sources it trusts, via package.json#intent.skills[]:
Source kinds: npm packages (must be in the dependency tree) and workspace: packages. Intent is scoped to npm distribution — skills travel with packages — so local-directory / file: sources are intentionally not supported (an unrecognized prefix is rejected with a clear error). Adding hand-authored local skills is the developer's own responsibility.
Unlisted packages still work this release but emit an opt-in warning; they become a hard error in a later milestone. The existing package.json#intent.exclude[] filter stays and gains skill-level granularity (e.g. @scope/pkg#skill-name, *#experimental-*).
Breaking: consumer discovery is now allowlist-gated. The tanstack-intent keyword is no longer required for discovery (still recommended for registry indexing).
Depends on #143 (the library-bin cleanup unblocks this work).
Done when: the allowlist gates both intent list and intent load, and excludes work at package + skill-name level.
Today any installed package with a
skills/directory is trusted and surfaced to AI agents — there is no allowlist. This makes the project explicitly declare which sources it trusts, viapackage.json#intent.skills[]:{ "intent": { "skills": ["@tanstack/router", "workspace:@scope/pkg"] } }Source kinds: npm packages (must be in the dependency tree) and
workspace:packages. Intent is scoped to npm distribution — skills travel with packages — so local-directory /file:sources are intentionally not supported (an unrecognized prefix is rejected with a clear error). Adding hand-authored local skills is the developer's own responsibility.Unlisted packages still work this release but emit an opt-in warning; they become a hard error in a later milestone. The existing
package.json#intent.exclude[]filter stays and gains skill-level granularity (e.g.@scope/pkg#skill-name,*#experimental-*).Breaking: consumer discovery is now allowlist-gated. The
tanstack-intentkeyword is no longer required for discovery (still recommended for registry indexing).Depends on #143 (the library-bin cleanup unblocks this work).
Done when: the allowlist gates both
intent listandintent load, and excludes work at package + skill-name level.