feat(schema): add optional \license\ and \license_source\ frontmatter fields (#514)

Adds two optional SKILL.md frontmatter fields for downstream consumers (e.g. aggregators and MCP servers) that need to resolve the license of upstream-sourced skills at ingest time. - `license`: SPDX expression for the upstream source material (e.g. `MIT`) - `license_source`: URL to the upstream LICENSE file for automated verification Both fields are strictly optional and non-breaking. Existing skills with no `license` field are treated as "license not declared" by tooling — no inference or default is assumed. Also adds: - PR checklist item prompting contributors to declare license provenance when `source_repo` is set (`.github/PULL_REQUEST_TEMPLATE.md`) - "License provenance" subsection in `docs/contributors/skill-anatomy.md` documenting when and how to use the new fields Co-authored-by: Joel Morrison <spinbitz@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 17:25:12 +02:00 · 2026-04-14 12:02:56 -06:00
parent 1e287475dc
commit 42ce789b78
3 changed files with 16 additions and 0 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -31,6 +31,7 @@ Use this only when the PR should auto-close an issue:
 - [ ] **Repo Checks**: I ran `npm run validate:references` if my change affected docs, workflows, or infrastructure.
 - [ ] **Source-Only PR**: I did not manually include generated registry artifacts (`CATALOG.md`, `skills_index.json`, `data/*.json`) in this PR.
 - [ ] **Credits**: I have added the source credit in `README.md` (if applicable).
+- [ ] **License provenance**: If this skill imports from an external `source_repo`, I have declared `license:` and `license_source:` in the frontmatter, or confirmed the upstream repo carries no restricting license.
 - [ ] **Maintainer Edits**: I enabled **Allow edits from maintainers** on the PR.

 ## Screenshots (if applicable)
--- a/docs/contributors/skill-anatomy.md
+++ b/docs/contributors/skill-anatomy.md
@@ -113,6 +113,18 @@ tools: [claude, cursor, gemini]
 ---
 ```

+#### `license` *(optional)*
+- **What it is:** SPDX license identifier for the upstream source material
+- **Format:** A valid SPDX expression (e.g. `MIT`, `Apache-2.0`, `CC-BY-4.0`)
+- **Example:** `license: MIT`
+- **When to use:** Declare when `source_repo` points to material under a known license. Omitting it signals "license not verified" to downstream tooling.
+
+#### `license_source` *(optional)*
+- **What it is:** Direct URL to the upstream license file
+- **Format:** Full URL string
+- **Example:** `license_source: "https://github.com/owner/repo/blob/main/LICENSE"`
+- **When to use:** Include alongside `license:` so automated tooling can verify the claim. If the upstream repo has no LICENSE file, omit this field.
+
 ### Source-credit contract

 - External GitHub-derived skills should declare both `source_repo` and `source_type`.
--- a/docs/contributors/skill-template.md
+++ b/docs/contributors/skill-template.md
@@ -10,6 +10,9 @@ date_added: "YYYY-MM-DD"
 author: your-name-or-handle
 tags: [tag-one, tag-two]
 tools: [claude, cursor, gemini]
+# Optional: declare the upstream license if source_repo is set
+# license: "MIT"
+# license_source: "https://github.com/owner/repo/blob/main/LICENSE"
 ---

 # Skill Title