01Start · Overview
A suitcase for agent skills.
Skill Suitcase is an agent-first skill package manager backed by a Git catalog. One JSON-first CLI inspects, installs, updates, and recovers skills across agent runtimes without ever treating live agent homes as the source of truth.
First command
# install the CLI (Node.js 20 or newer)
npm install --global skill-suitcase
# point at a catalog: skill-suitcase.yaml + skills/<name>/
SRC="/path/to/skills-catalog"
# audit it read-only (writes nothing)
skill-suitcase import --source "$SRC" --json
skill-suitcase validate --source "$SRC" --json
skill-suitcase status --source "$SRC" --json
That is the safe starting path. Read-only commands never create install roots, runtime homes, receipts, symlinks, or catalog files. Inspect their JSON before staging or mutating anything.
Follow the getting-started walkthrough
for a disposable first install and receipt-backed rollback. Use
validate --strict as the release gate for a reviewed
catalog, not as a requirement for its minimal starter skill.
The workflow
The catalog is canonical; runtimes are targets. Every install follows the same rhythm: inspect current state, stage reviewed content, apply through an explicit approval boundary, and recover with receipts when state drifts.
Safety model
The same rules apply to agents and humans alike. Drift is a report, never permission.
-
Read-only
import,validate,targets,plan,status,diff, every--dry-runmode,upstream check, andupstream fetch --dry-runnever write roots, receipts, symlinks, or catalog files. -
Approval
applyrequires exactly one approved input: a plan lock or a staged artifact. Neither binds the resolved install root, path overrides, or copy-versus-symlink mode, so approve those at invocation time. -
Approval
reconcile,repair,prune,promote, andimport-targetmutations require--applyplus an explicitly named scope.prune --applyadditionally requires the exact plan ID returned by its dry-run. -
Approval
trackmutates on explicit invocation, writes only a receipt and never skill files, and requires the target to exactly match catalog source. Its--skillselection is optional; omitting it uses all-planned-skills mode. -
Approval
rollbackrequires an explicit receipt path. -
Refused
Provider-backed targets (OpenCode and Pi) are read-only. Target-aware materialization and mutation return
read_only_targetinstead of writing provider-managed homes. -
Refused
Nothing auto-commits.
upstream import --applywrites only catalog source and the upstream lock, never live agent homes, and leaves the Git diff for review.
The full model, including receipts and the status enum, is on the safety model page.
Modeled targets
Target IDs are openclaw, codex,
openclaw-codex, agents, claude,
hermes, opencode, pi, and
grok. Paths stay portable with explicit overrides:
Categorized Hermes targets install at
<external-root>/<category>/<skill> with one
receipt at the owned root. The root must already exist, be
registered in Hermes skills.external_dirs, and pass
overlap, precedence, identity-shadow, and symlink checks before
live target work.
Where next
- Install: get the CLI, the operator skill, and a catalog onto a machine.
- Safety model: the inspect, stage, mutate phases, receipts, and the status enum.
- Catalog model: the manifest contract, variants, groups, and source policy.
- Upstream refresh: the catalog-only lane for pinned upstream sources.
- Agent workflows: the audit loop, recovery decision tree, and approval-gated operational recipes.
- Troubleshooting: refusal codes and what each status state asks you to do.
- CLI reference: every command on one page.