Identify code ownership before modifying validators or linters. Checks file headers for provenance indicators, reviews documentation, and determines if code is upstream (external dependency) or local (project-owned). Prevents accidental modification of upstream tools.
Analyzes code provenance to determine if files are upstream dependencies or locally owned before modifying validators or linters.
/plugin marketplace add rjmurillo/ai-agents/plugin install project-toolkit@ai-agentsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Identify code ownership before modifying validators or linters.
check provenance before modifyingis this file upstream or localwho owns this validatorcheck code ownershipanalyze provenance# Check provenance of a single file
python3 scripts/check_provenance.py --target .config/markdownlint.json
# Check provenance of a directory
python3 scripts/check_provenance.py --target .config/
# JSON output for automation
python3 scripts/check_provenance.py --target PSScriptAnalyzerSettings.psd1 --format json
Use this skill before:
Need to modify a validator/linter?
│
├─ Run: python3 scripts/check_provenance.py --target <file>
│
├─ Result: UPSTREAM
│ ├─ Do NOT modify the tool/file directly
│ ├─ Adjust local configuration instead
│ ├─ Check for configuration override options
│ └─ If no override exists, document why the rule is suppressed
│
└─ Result: LOCAL
├─ Safe to modify as needed
├─ Follow project coding standards
└─ Test changes before committing
| Category | Meaning | Action |
|---|---|---|
| UPSTREAM | External dependency (npm, pip, NuGet, etc.) | Configure, do not modify |
| LOCAL | Project-owned code | Modify as needed |
| VENDOR | Copied/vendored upstream code | Avoid modification, track upstream |
| UNKNOWN | Cannot determine | Investigate before modifying |
| Signal | Location | Example |
|---|---|---|
| Package manifest entry | package.json | "markdownlint-cli2": "^0.12.1" |
| Node modules path | node_modules/ | Any file under this directory |
| Python site-packages | .venv/, site-packages/ | Any file under these directories |
| NuGet cache | .nuget/, packages/ | Any file under these directories |
| File header comment | First 20 lines | "Generated by", "DO NOT EDIT", copyright notice |
| Git submodule | .gitmodules | Path matches submodule |
| Signal | Location | Example |
|---|---|---|
| Under project root | Outside dependency directories | src/, .config/, scripts/ |
| No external version | Not in lockfiles | Custom script |
| Project copyright | File header | Project-specific copyright |
| Git tracked | .git/ | In project git history |
| Signal | Location | Example |
|---|---|---|
vendor/ directory | Project root | vendor/third-party/ |
| Vendor comment | File header | "Vendored from <URL>" |
VENDORED.md reference | Same directory | Documents upstream source |
┌─────────────────────────────────────────┐
│ 1. Target Resolution │
│ - Resolve relative paths │
│ - Check file existence │
│ - Identify file type │
├─────────────────────────────────────────┤
│ 2. Directory Analysis │
│ - Check for node_modules, .venv, etc │
│ - Check for vendor directories │
│ - Check .gitmodules │
├─────────────────────────────────────────┤
│ 3. Package Manifest Analysis │
│ - Parse package.json, requirements │
│ - Check lockfiles for versions │
│ - Identify dependency type │
├─────────────────────────────────────────┤
│ 4. File Header Analysis │
│ - Read first 20 lines │
│ - Check for generated markers │
│ - Check for copyright notices │
├─────────────────────────────────────────┤
│ 5. Provenance Determination │
│ - Weight signals by confidence │
│ - Return category with evidence │
└─────────────────────────────────────────┘
python3 scripts/check_provenance.py --target <path> [options]
| Parameter | Required | Default | Description |
|---|---|---|---|
--target | Yes | - | File or directory to analyze |
--format | No | text | Output format: text, json |
--verbose | No | false | Include all evidence details |
| Code | Meaning |
|---|---|
| 0 | Provenance determined successfully |
| 1 | Script error (file not found, invalid arguments) |
python3 scripts/check_provenance.py --target .markdownlint.json
Output:
Provenance Check: .markdownlint.json
====================================
Category: LOCAL
Confidence: HIGH
Evidence:
- File is under project root
- File is tracked in git
- No external package reference found
Recommendation: Safe to modify as needed.
python3 scripts/check_provenance.py --target node_modules/markdownlint-cli2/lib/main.js
Output:
Provenance Check: node_modules/markdownlint-cli2/lib/main.js
============================================================
Category: UPSTREAM
Confidence: HIGH
Evidence:
- Located in node_modules directory
- Package: markdownlint-cli2@0.12.1 (package.json)
- npm registry: https://registry.npmjs.org/
Recommendation: Do NOT modify. Configure via .markdownlint.json instead.
python3 scripts/check_provenance.py --target PSScriptAnalyzerSettings.psd1 --format json
{
"target": "PSScriptAnalyzerSettings.psd1",
"category": "LOCAL",
"confidence": "HIGH",
"evidence": [
{"signal": "project_root", "value": true},
{"signal": "git_tracked", "value": true},
{"signal": "external_package", "value": false}
],
"recommendation": "Safe to modify as needed."
}
# Check provenance FIRST
python3 .claude/skills/analysis-provenance/scripts/check_provenance.py \
--target <validator-file>
# If UPSTREAM: adjust config
# If LOCAL: modify file
# Prevent accidental upstream modifications
- id: provenance-check
name: Provenance Check
entry: python3 .claude/skills/analysis-provenance/scripts/check_provenance.py
args: [--target, node_modules, --exit-on-upstream]
language: python
| Tool | Config Files | Typical Provenance |
|---|---|---|
| markdownlint | .markdownlint.json, .markdownlint-cli2.jsonc | LOCAL |
| PSScriptAnalyzer | PSScriptAnalyzerSettings.psd1 | LOCAL |
| ESLint | .eslintrc.json, eslint.config.js | LOCAL |
| Prettier | .prettierrc, .prettierrc.json | LOCAL |
| StyleCop | .stylecop.json | LOCAL |
| EditorConfig | .editorconfig | LOCAL |
| Tool binaries | node_modules/, .venv/ | UPSTREAM |
| Avoid | Why | Instead |
|---|---|---|
| Modifying files in node_modules | Changes lost on npm install | Configure via local config files |
| Editing vendored code | Breaks upstream tracking | Document suppression, fork if needed |
| Skipping provenance check | Accidental upstream modification | Always check before modifying |
| Assuming config is local | May be generated or vendored | Verify with this skill |
After running provenance check:
| Skill | Relationship |
|---|---|
| style-enforcement | Configure vs modify validators |
| programming-advisor | Evaluate external solutions |
| analyze | Broad codebase investigation |
Dependency management and provenance tracking are fundamental software engineering practices. The upstream vs local distinction applies regardless of package manager or language. Configuration over modification is a timeless pattern for external dependencies.
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.