docs!: replace PowerShell installation scripts with skill-installer

[rjmurillo-bot]

Pull Request

Summary

BREAKING CHANGE: Replace the entire PowerShell installation infrastructure with skill-installer, a Python-based TUI tool for installing AI agents.

Users must now use skill-installer instead of PowerShell scripts:

# One-liner (no install required)
uvx --from git+https://github.com/rjmurillo/skill-installer skill-installer interactive

# Or install globally
uv tool install git+https://github.com/rjmurillo/skill-installer
skill-installer interactive

Specification References

Type	Reference	Description
Spec	.agents/analysis/incoherence-install-migration-2026-01-17.md	Incoherence analysis for migration
Spec	.claude-plugin/marketplace.json	skill-installer manifest

Spec Requirement Guidelines

This is a documentation/infrastructure PR (docs!:). Per guidelines, spec references are optional but included for traceability.

Changes

Deleted (15 files, -4739 lines)

• Installation Scripts (7): scripts/install.ps1, install-claude-global.ps1, install-claude-repo.ps1, install-copilot-cli-global.ps1, install-copilot-cli-repo.ps1, install-vscode-global.ps1, install-vscode-repo.ps1
• Library Files (2): scripts/lib/Install-Common.psm1 (859 lines), scripts/lib/Config.psd1
• Test Files (5): install.Tests.ps1, Install-Common.Tests.ps1, Config.Tests.ps1, Verify-InstallOutput.ps1, Verify-InstallOutput.Tests.ps1
• CI Workflow (1): .github/workflows/verify-install-script.yml

Added (3 files, +624 lines)

• .claude-plugin/marketplace.json - skill-installer manifest for agent discovery
• .agents/analysis/incoherence-install-migration-2026-01-17.md - Incoherence analysis report
• .agents/sessions/2026-01-17-session-01-skill-installer.json - Session log

Updated (17+ files)

• README.md - Reorganized structure, added workflow badges, updated installation instructions
• docs/installation.md - Complete rewrite for skill-installer
• AGENTS.md, CONTRIBUTING.md - Updated installation references
• scripts/AGENTS.md, scripts/README.md - Removed deleted file documentation
• templates/AGENTS.md - Updated installation flow diagram
• src/copilot-cli/copilot-instructions.md - Updated installation instructions
• Memory files - Added deprecation notices for historical context

Type of Change

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update
• Infrastructure/CI change
• Refactoring (no functional changes)

Testing

• Tests added/updated
• Manual testing completed
• No testing required (documentation only)

Agent Review

Security Review

Required for: Authentication, authorization, CI/CD, git hooks, secrets, infrastructure

• No security-critical changes in this PR
• Security agent reviewed infrastructure changes
• Security agent reviewed authentication/authorization changes
• Security patterns applied (see .agents/security/)

Note: Deleted CI workflow (verify-install-script.yml) was not security-critical. New installation via skill-installer uses external tool with its own security model.

Other Agent Reviews

• Architect reviewed design changes
• Critic validated implementation plan
• QA verified test coverage

Incoherence Analysis

Ran incoherence detection skill which found 10 temporal consistency issues (stale references to deleted files):

Priority	Count	Action
Critical	2	Fixed - Removed Install-Common.psm1/Config.psd1 docs from scripts/AGENTS.md
High	3	Fixed - Added deprecation notices to memory/planning files
Medium	5	No action - Historical records (QA reports, architecture reviews)

Full analysis: .agents/analysis/incoherence-install-migration-2026-01-17.md

Checklist

• Code follows project style guidelines
• Self-review completed
• Comments added for complex logic
• Documentation updated (if applicable)
• No new warnings introduced

Related Issues

None - This is a proactive migration to improve installation UX.

Migration Guide

Users with existing automation using install.ps1 should:

1. Install UV: curl -LsSf https://astral.sh/uv/install.sh | sh
2. Run skill-installer: uvx --from git+https://github.com/rjmurillo/skill-installer skill-installer interactive
3. Select agents/skills to install via TUI

---

🤖 Generated with Claude Code

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

PR Validation Report

Note

✅ Status: PASS

Description Validation

Check	Status
Description matches diff	PASS

QA Validation

Check	Status
Code changes detected	True
QA report exists	false

⚡ Warnings

• QA report not found for code changes (recommended before merge)

---

_{Powered by PR Validation workflow}

[github-actions]

Session Protocol Compliance Report

Tip

✅ Overall Verdict: PASS

All session protocol requirements satisfied.

What is Session Protocol?

Session logs document agent work sessions and must comply with RFC 2119 requirements:

• MUST: Required for compliance (blocking failures)
• SHOULD: Recommended practices (warnings)
• MAY: Optional enhancements

See .agents/SESSION-PROTOCOL.md for full specification.

Compliance Summary

Session File	Verdict	MUST Failures
sessions-2026-01-17-session-01-skill-installer.md	✅ COMPLIANT	0

Detailed Validation Results

Click each session to see the complete validation report with specific requirement failures.

📄 sessions-2026-01-17-session-01-skill-installer

---

✨ Zero-Token Validation

This validation uses deterministic PowerShell script analysis instead of AI:

• ✅ Zero tokens consumed (previously 300K-900K per debug cycle)
• ✅ Instant feedback - see exact failures in this summary
• ✅ No artifact downloads needed to diagnose issues
• ✅ 10x-100x faster debugging

Powered by Validate-SessionJson.ps1

📊 Run Details

Property	Value
Run ID	21103373989
Files Checked	1
Validation Method	Deterministic script analysis

_{Powered by Session Protocol Validator workflow}

[github-actions]

AI Quality Gate Review

Caution

❌ Final Verdict: CRITICAL_FAIL

Walkthrough

This PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:

• Security Agent: Scans for vulnerabilities, secrets exposure, and security anti-patterns
• QA Agent: Evaluates test coverage, error handling, and code quality
• Analyst Agent: Assesses code quality, impact analysis, and maintainability
• Architect Agent: Reviews design patterns, system boundaries, and architectural concerns
• DevOps Agent: Evaluates CI/CD, build pipelines, and infrastructure changes
• Roadmap Agent: Assesses strategic alignment, feature scope, and user value

Review Summary

Agent	Verdict	Category	Status
Security	PASS	N/A	✅
QA	PASS	N/A	✅
Analyst	PASS	N/A	✅
Architect	CRITICAL_FAIL	CODE_QUALITY	❌
DevOps	PASS	N/A	✅
Roadmap	PASS	N/A	✅

💡 Quick Access: Click on individual agent jobs (e.g., "🔒 security Review", "🧪 qa Review") in the workflow run to see detailed findings and step summaries.

Security Review Details

Security Review: PR #962

PR Type Analysis

Category	Files	Count
DOCS	.md files, session logs, memory files, planning docs	~25
CONFIG	marketplace.json, session JSON	2
WORKFLOW	verify-install-script.yml	1 (DELETED)
CODE	*.ps1, *.psm1, *.psd1	15 (DELETED)

Net Effect: This PR removes 15 CODE files (4739 lines) and 1 WORKFLOW file. It adds configuration and documentation only.

Security Assessment

Attack Surface Change: Reduced. Deleting 15 PowerShell scripts eliminates:

• Shell injection risk in installation scripts
• Execution policy bypass patterns
• File system manipulation code

Findings

Severity	Category	Finding	Location	CWE
None	-	No security issues identified	-	-

Analysis Details

1. marketplace.json: Contains only metadata (name, description, source paths). No secrets, no external URLs with credentials.

2. installation.md: Commands reference public GitHub repos (github.com/rjmurillo/skill-installer, astral.sh/uv). No credentials or sensitive data.

3. README.md: Public badge URLs and installation instructions only. No sensitive data exposed.

4. Deleted Workflow: verify-install-script.yml removal reduces CI attack surface (no injection vectors remain).

5. Session/Memory Files: Historical references and deprecation notices. No secrets.

Recommendations

None required. The PR reduces attack surface by removing executable code.

Verdict

VERDICT: PASS
MESSAGE: PR deletes 15 PowerShell scripts and 1 workflow, reducing attack surface. New files contain only metadata and documentation with no secrets or vulnerabilities.

QA Review Details

Based on my analysis of the PR, I can now provide the QA verdict.

---

QA Review: PR #962

VERDICT: PASS
MESSAGE: Documentation-focused PR removing obsolete scripts; no new executable code requiring tests.

PR TYPE: DOCS (with minor CONFIG)

FILES:
- DOCS (27 files): *.md updates, session logs, analysis reports
- CONFIG (2 files): .claude-plugin/marketplace.json, workflow YAML deletion
- DELETED (15 files): PowerShell scripts and tests (no new code to test)

EVIDENCE:
- Tests found: N/A - No new executable code added
- Edge cases: N/A - Documentation changes only
- Error handling: N/A - No code paths added
- Blocking issues: 0

Analysis Summary

Check	Status	Notes
New executable code	N/A	PR deletes 4739 lines of scripts; adds 0 executable code
Documentation quality	[PASS]	Installation guide is complete with prerequisites, troubleshooting
marketplace.json schema	[PASS]	Valid JSON, proper structure with required fields
Broken links	[PASS]	Cross-references use relative paths to existing files
Migration path	[PASS]	Clear migration guide in PR description and docs/installation.md

Why PASS (Not CRITICAL_FAIL)

Per QA evaluation criteria:

1. No new executable code: This PR removes PowerShell scripts and replaces with documentation pointing to external tool
2. DOCS-only criteria apply: Documentation files do not require test coverage
3. CONFIG criteria apply: marketplace.json has valid schema structure
4. Deleted code had tests: The removed scripts had corresponding tests (also deleted), maintaining consistency

Regression Risk Assessment

• Risk Level: Low
• Affected Components: Installation workflow only (shifted to external tool)
• Breaking Changes: Yes, documented with migration guide
• Required Testing: skill-installer functionality (external repository responsibility)

Quality Concerns

Severity	Issue	Location	Required Fix
None	-	-	-

Analyst Review Details

Analysis: PR #962 - Replace PowerShell Installation Scripts with skill-installer

Code Quality Score

Criterion	Score (1-5)	Notes
Readability	4	Documentation is clear and well-structured
Maintainability	5	Reduces codebase by 4739 lines, delegates installation to external tool
Consistency	4	Follows existing documentation patterns; marketplace.json is minimal
Simplicity	5	Replaces 15 files with 1 manifest file

Overall: 4.5/5

Impact Assessment

• Scope: System-wide (breaking change to installation workflow)
• Risk Level: Medium (external dependency on skill-installer, no version pinning yet)
• Affected Components: Installation scripts, CI workflow, documentation across 37 files

Findings

Priority	Category	Finding	Location
Medium	Security	skill-installer not pinned to specific version	README.md:104, docs/installation.md:29
Low	Documentation	All 14 security review comments resolved	Various files
Low	Architecture	External dependency on Python/UV toolchain	docs/installation.md
Info	Cleanup	Incoherence analysis identified and addressed 10 stale references	PR description

Recommendations

1. Track version pinning for skill-installer as a follow-up issue (acknowledged in review comments)
2. Consider adding a security note about curl | sh pattern for UV installation (optional, follows upstream docs)

Verdict

The PR demonstrates thorough execution of a significant architectural change. Key observations:

• Net reduction: 4739 lines deleted, 997 added (net -3746 lines)
• Documentation complete: README, installation.md, AGENTS.md, CONTRIBUTING.md all updated
• Historical context preserved: Memory and planning files include deprecation notices
• Review feedback addressed: All 14 review threads resolved
• CI status: [PASS] (CodeRabbit success)

The transition from in-house PowerShell scripts to an external Python TUI tool reduces maintenance burden. The marketplace.json manifest is minimal and correct after review feedback.

VERDICT: PASS
MESSAGE: Breaking change is well-documented with complete migration guide and thorough incoherence cleanup. Version pinning tracked as follow-up.

Architect Review Details

Now I have enough context to provide a comprehensive architectural review of this PR.

Design Quality Assessment

Aspect	Rating (1-5)	Notes
Pattern Adherence	3	External tool dependency replaces internal infrastructure; ADR-005 violated without amendment
Boundary Respect	4	Clean removal of old system; marketplace.json provides integration point
Coupling	3	New external dependency (skill-installer) creates supply chain coupling
Cohesion	4	Installation concerns now delegated to specialized external tool
Extensibility	4	marketplace.json is extensible; skill-installer supports multiple sources

Overall Design Score: 3.6/5

Architectural Concerns

Severity	Concern	Location	Recommendation
Critical	ADR-005 (PowerShell-only) violated without superseding ADR	Project-wide	Create ADR-042 to formally supersede ADR-005 for installation
High	External dependency on third-party tool (skill-installer) without ADR	docs/installation.md	Document decision, versioning strategy, fallback plan
High	No ADR for Python/UV requirement as new prerequisite	README.md:81-84	ADR should document Python 3.10+ requirement rationale
Medium	marketplace.json only lists claude-agents; missing copilot-cli and vscode	.claude-plugin/marketplace.json	Verify manifest completeness
Low	ADR-031 references deleted PowerShell install scripts	.agents/architecture/ADR-031-hybrid-powershell-architecture.md	Update or deprecate

Breaking Change Assessment

• Breaking Changes: Yes
• Impact Scope: Major
• Migration Required: Yes
• Migration Path: Documented in PR description and docs/installation.md. Users must install UV and use skill-installer instead of PowerShell scripts.

Technical Debt Analysis

• Debt Added: Low (removes 4739 lines of PowerShell code)
• Debt Reduced: High (eliminates complex multi-script installation infrastructure)
• Net Impact: Improved (significant code reduction, simpler architecture)

ADR Assessment

• ADR Required: Yes
• Decisions Identified:
  1. Replace internal PowerShell installation with external Python tool (skill-installer)
  2. Add Python 3.10+ and UV as project prerequisites
  3. Introduce marketplace.json manifest format for agent discovery
  4. Deprecate 15 PowerShell files (7 scripts, 2 libraries, 5 tests, 1 workflow)
• Existing ADR: ADR-005 (PowerShell-only) directly conflicts with this change
• Recommendation: Create ADR-042 to supersede ADR-005 for installation scope

Recommendations

1. Create ADR-042: Document the decision to replace PowerShell installation with skill-installer. This is a significant architectural decision that affects project prerequisites, violates ADR-005, and introduces external supply chain dependency.

2. Verify marketplace.json completeness: The manifest only lists claude-agents but the system supports VS Code and Copilot CLI agents. Confirm skill-installer discovers all three platforms.

3. Add deprecation notice to ADR-005: Reference ADR-042 when created, noting installation scripts are exempt from PowerShell-only requirement.

Verdict

VERDICT: CRITICAL_FAIL
MESSAGE: Significant architectural decision (external tool dependency, ADR-005 violation) requires corresponding ADR before merge. Create ADR-042 documenting skill-installer adoption decision.

Rationale

This PR makes three ADR-worthy decisions without documentation:

1. Technology choice: Replacing internal PowerShell with external Python tool
2. New prerequisites: Python 3.10+ and UV package manager
3. ADR-005 violation: PowerShell-only scripting standard bypassed for installation

The incoherence analysis correctly identified and resolved stale documentation references. The migration path is well documented. The concern is governance: this decision pattern should be captured for future maintainers to understand why the project now depends on an external Python tool when ADR-005 explicitly forbids Python scripts.

DevOps Review Details

The workflow file verify-install-script.yml has been deleted. Let me examine what else changed.

I can see that the installation scripts have been deleted and the workflow verify-install-script.yml no longer exists. Let me verify the marketplace.json structure is valid and check the documentation updates.

Based on my analysis, I can now provide the DevOps review.

DevOps Review: PR #962

PR Scope Detection

Category	Files	Review Scope
WORKFLOW	.github/workflows/verify-install-script.yml (deleted)	CI/CD deletion impact
SCRIPT	7 scripts/*.ps1, 2 scripts/lib/* (deleted)	Script removal impact
CONFIG	.claude-plugin/marketplace.json (added)	Schema validation
DOCS	17 markdown files	Documentation consistency

Pipeline Impact Assessment

Area	Impact	Notes
Build	None	No build scripts affected
Test	Medium	Deleted 5 test files and verify-install-script.yml workflow
Deploy	Low	Installation method changed, not deployment
Cost	Low (savings)	Removes one CI workflow, reduces runner minutes

CI/CD Quality Checks

Check	Status	Location
YAML syntax valid	✅	No remaining workflow changes
Actions pinned	N/A	Workflow deleted, not added
Secrets secure	✅	No secrets exposed in deletions
Permissions minimal	N/A	No workflow added
JSON config valid	✅	.claude-plugin/marketplace.json is valid JSON

Findings

Severity	Category	Finding	Location	Fix
Low	CI/CD	Workflow verify-install-script.yml deleted	.github/workflows/	Expected - scripts being replaced
Low	Scripts	15 PowerShell files removed (-4739 lines)	scripts/	Expected - migration to skill-installer
Info	Config	New marketplace.json manifest added	.claude-plugin/	Valid JSON structure

Template Assessment

• PR Template: Not modified
• Issue Templates: Not modified
• Template Issues: None

Automation Opportunities

Opportunity	Type	Benefit	Effort
None identified	-	-	-

The PR appropriately removes automation that is superseded by skill-installer.

Recommendations

1. None blocking: The workflow deletion is intentional and documented in the PR description.
2. Documentation complete: Installation docs are fully updated for skill-installer.
3. Incoherence addressed: PR includes analysis of stale references and fixes them.

Verdict

VERDICT: PASS
MESSAGE: Intentional CI/CD and script removal for skill-installer migration. No security concerns. Workflow deletion properly documented and references updated.

Rationale:

• Workflow deletion is intentional, not accidental
• No secrets exposed
• No syntax errors
• Documentation updated to reflect new installation method
• Incoherence analysis performed and stale references addressed
• marketplace.json is valid JSON with correct structure

Roadmap Review Details

Based on my analysis of the roadmap, project objectives, and incoherence report, here is my strategic assessment:

---

Strategic Alignment Assessment

Criterion	Rating	Notes
Aligns with project goals	High	"Minimal friction" installation is the Master Product Objective. skill-installer provides TUI, one-liner, cross-platform support
Priority appropriate	Medium	Not explicitly on roadmap, but removes 4739 lines of PowerShell maintenance burden
User value clear	High	Simpler install: 1 command vs 7 platform-specific scripts
Investment justified	High	Removes 15 files, CI workflow, ongoing PS maintenance. Trades custom code for maintained external tool

---

Feature Completeness

• Scope Assessment: Right-sized. Complete removal with migration path documented.
• Ship Ready: Yes. Incoherence analysis performed, 5 critical/high issues resolved, 5 medium archived.
• MVP Complete: Yes. Users can install all agent types via skill-installer.
• Enhancement Opportunities: None blocking. skill-installer is external; enhancements go upstream.

---

Impact Analysis

Dimension	Assessment	Notes
User Value	High	Eliminates platform-specific script knowledge. Universal uvx command works everywhere.
Business Impact	Medium	Reduces maintenance burden by removing 4739 lines of PowerShell. No revenue impact (OSS).
Technical Leverage	High	Shifts installation ownership to skill-installer ecosystem. Enables marketplace discovery.
Competitive Position	Improved	Modern tooling (UV/skill-installer) vs legacy PowerShell scripts

---

Concerns

Priority	Concern	Recommendation
Medium	Breaking change creates migration friction for existing users with automation	PR includes migration guide. Consider changelog entry in release notes.
Low	External dependency (skill-installer) - not under project control	Acceptable risk. skill-installer is by same author (rjmurillo).
Low	Python/UV prerequisite not previously required	Minor. UV is increasingly standard for Python tooling.

---

RICE Score Analysis

Factor	Value	Rationale
Reach	100% of new users	All installation paths affected
Impact	2 (High)	Simpler onboarding, reduced cognitive load
Confidence	85%	skill-installer proven on other projects
Effort	0.3 person-months	One session to complete migration
Score	5.67	(1 x 2 x 0.85) / 0.3

Score is respectable for maintenance work. Primary value is debt reduction, not feature addition.

---

KANO Classification

Must-Be (retroactive): Installation must work. Replacing how it works is invisible to satisfied users.

Risk: Breaking change could move users from "satisfied" to "dissatisfied" during transition window.

Mitigation: Migration guide provided. One-liner requires no permanent installation.

---

Recommendations

1. Ensure release notes prominently document the breaking change and migration path
2. Consider tagging this as v0.2.0 or v1.0 to signal breaking change per semver
3. Update CHANGELOG.md (if it exists) with migration instructions
4. The marketplace.json enables future discoverability value

---

Verdict

VERDICT: PASS
MESSAGE: Change aligns with Master Product Objective (minimal friction installation). Removes 4739 lines of maintenance burden, replaces with external tool. Breaking change is documented with migration guide. Incoherence analysis demonstrates thorough cleanup.

---

Run Details

Property	Value
Run ID	21103541674
Triggered by	pull_request on 962/merge
Commit	672a8212412ba2783f1f6687fbe4f0a4a27284a2

_{Powered by AI Quality Gate workflow}

[gemini-code-assist]

Code Review

This pull request is a significant and welcome refactoring that replaces the custom PowerShell installation scripts with the skill-installer tool. This simplifies the installation process and centralizes the logic. The documentation has been thoroughly updated across README.md, AGENTS.md, and docs/installation.md to reflect these changes, which greatly improves clarity for new users. My review focuses on enhancing the supply chain security of the new installation instructions. Specifically, I've recommended pinning the skill-installer dependency to a specific version to prevent supply chain attacks and suggested adding security warnings for installation commands that execute scripts directly from the internet.

[rjmurillo]

Review Triage Required

Note

Priority: NORMAL - Human approval required before bot responds

Review Summary

Source	Reviews	Comments
Human	3	3
Bot	17	25

Next Steps

1. Review human feedback above
2. Address any CHANGES_REQUESTED from human reviewers
3. Add triage:approved label when ready for bot to respond to review comments

---

_{Powered by PR Maintenance workflow - Add triage:approved label}