feat(applets): merge yubikit-applets into yubikit

.claude/agents/ralph-loop.md

@@ -43,9 +43,9 @@ Execute complex, multi-step engineering tasks autonomously by:
 
 ```bash
 # ✅ CORRECT - Always use build script
-dotnet build.cs build                    # Build entire solution
-dotnet build.cs build --project Piv      # Build specific project (partial match)
-dotnet build.cs build --clean            # Clean rebuild
+dotnet toolchain.cs build                    # Build entire solution
+dotnet toolchain.cs build --project Piv      # Build specific project (partial match)
+dotnet toolchain.cs build --clean            # Clean rebuild
 
 # ❌ WRONG - Never use directly
 dotnet build                             # FORBIDDEN
@@ -56,12 +56,12 @@ dotnet restore                           # FORBIDDEN
 
 ```bash
 # ✅ CORRECT - Handles xUnit v2/v3 automatically
-dotnet build.cs test                                           # All tests
-dotnet build.cs test --project Fido2                           # Module tests (partial match)
-dotnet build.cs test --filter "FullyQualifiedName~MyTest"      # Filter by full name
-dotnet build.cs test --filter "Name=ExactMethodName"           # Exact method match
-dotnet build.cs test --filter "ClassName~Integration"          # Filter by class name
-dotnet build.cs test --project Piv --filter "Method~Sign"      # Combine project + filter
+dotnet toolchain.cs test                                           # All tests
+dotnet toolchain.cs test --project Fido2                           # Module tests (partial match)
+dotnet toolchain.cs test --filter "FullyQualifiedName~MyTest"      # Filter by full name
+dotnet toolchain.cs test --filter "Name=ExactMethodName"           # Exact method match
+dotnet toolchain.cs test --filter "ClassName~Integration"          # Filter by class name
+dotnet toolchain.cs test --project Piv --filter "Method~Sign"      # Combine project + filter
 
 # ❌ WRONG - Fails on xUnit v3 projects
 dotnet test                              # FORBIDDEN
@@ -182,12 +182,12 @@ Load skills when encountering specific situations:
 
 ### Build Failures
 ```bash
-dotnet build.cs build --clean
+dotnet toolchain.cs build --clean
 ```
 
 ### Test Failures
 ```bash
-dotnet build.cs test --filter "FullyQualifiedName~FailingTest"
+dotnet toolchain.cs test --filter "FullyQualifiedName~FailingTest"
 ```
 
 ### Stuck
@@ -199,7 +199,7 @@ dotnet build.cs test --filter "FullyQualifiedName~FailingTest"
 
 ## Completion Protocol
 
-1. Run `dotnet build.cs build && dotnet build.cs test`
+1. Run `dotnet toolchain.cs build && dotnet toolchain.cs test`
 2. Verify all tasks `[x]`
 3. Output `<promise>DONE</promise>`
 

.claude/skills/agent-dispatch/SKILL.md

@@ -78,8 +78,8 @@ Good agent prompts are:
 BEFORE STARTING: Read CLAUDE.md and review available skills in .claude/skills/
 
 MANDATORY SKILLS (use these - NEVER use direct commands):
-- build-project: Use `dotnet build.cs build` - NEVER `dotnet build`
-- test-project: Use `dotnet build.cs test` - NEVER `dotnet test`
+- build-project: Use `dotnet toolchain.cs build` - NEVER `dotnet build`
+- test-project: Use `dotnet toolchain.cs test` - NEVER `dotnet test`
 - commit: Follow commit guidelines - NEVER use `git add .`
 ```
 
@@ -89,8 +89,8 @@ MANDATORY SKILLS (use these - NEVER use direct commands):
 BEFORE STARTING: Read CLAUDE.md and review available skills in .claude/skills/
 
 MANDATORY SKILLS:
-- build-project: Use `dotnet build.cs build` - NEVER `dotnet build`
-- test-project: Use `dotnet build.cs test` - NEVER `dotnet test`
+- build-project: Use `dotnet toolchain.cs build` - NEVER `dotnet build`
+- test-project: Use `dotnet toolchain.cs test` - NEVER `dotnet test`
 
 Fix the 3 failing tests in src/agents/agent-tool-abort.test.ts:
 

.claude/skills/agent-ralph-loop/SKILL.md

@@ -115,11 +115,11 @@ When the engine detects a progress file, it injects these instructions automatic
 
 ```
 1. RED: Write failing test asserting the task's behavior
-   Run: `dotnet build.cs test --filter "FullyQualifiedName~{TestClass}"`
+   Run: `dotnet toolchain.cs test --filter "FullyQualifiedName~{TestClass}"`
    Expect: FAILURE
 
 2. GREEN: Write minimal code to pass
-   Run: `dotnet build.cs test --filter "FullyQualifiedName~{TestClass}"`
+   Run: `dotnet toolchain.cs test --filter "FullyQualifiedName~{TestClass}"`
    Expect: SUCCESS
 
 3. REFACTOR: Clean up, check security, add docs
@@ -145,9 +145,9 @@ When the engine detects a progress file, it injects these instructions automatic
 
 | Action | Command |
 |--------|---------|
-| Build | `dotnet build.cs build` |
-| Test | `dotnet build.cs test` |
-| Test filtered | `dotnet build.cs test --filter "..."` |
+| Build | `dotnet toolchain.cs build` |
+| Test | `dotnet toolchain.cs test` |
+| Test filtered | `dotnet toolchain.cs test --filter "..."` |
 
 **NEVER use `dotnet build` or `dotnet test` directly** - they fail on mixed xUnit v2/v3.
 
@@ -246,7 +246,7 @@ bun .claude/skills/agent-ralph-loop/ralph-loop.ts \
 
 ```bash
 bun .claude/skills/agent-ralph-loop/ralph-loop.ts \
-  "Run 'dotnet build.cs test'. Analyze failures. Fix code. Repeat until passing." \
+  "Run 'dotnet toolchain.cs test'. Analyze failures. Fix code. Repeat until passing." \
   --completion-promise "TESTS_PASSED" \
   --max-iterations 12 \
   --model claude-sonnet-4.5

.claude/skills/agent-ralph-loop/ralph-loop-utils.ts

@@ -177,8 +177,8 @@ export function formatProgressContext(state: ProgressFileState): string {
 All tasks complete! Verify everything passes, then output the completion promise.
 
 Final verification:
-1. Run: \`dotnet build.cs build\` - must exit 0
-2. Run: \`dotnet build.cs test\` - all tests must pass
+1. Run: \`dotnet toolchain.cs build\` - must exit 0
+2. Run: \`dotnet toolchain.cs test\` - all tests must pass
 3. Check: No regressions in existing tests
 `;
   }
@@ -255,7 +255,7 @@ SKILL RULES:
 - BEFORE any build/test/commit action, check if a skill covers it
 - Use \`skill invoke <name>\` or follow skill instructions
 - Mandatory skills MUST be used - direct commands (dotnet build, dotnet test, git add .) are FORBIDDEN
-- This repo has mixed xUnit v2/v3 - ONLY use \`dotnet build.cs test\`, never \`dotnet test\`
+- This repo has mixed xUnit v2/v3 - ONLY use \`dotnet toolchain.cs test\`, never \`dotnet test\`
 `;
 }
 

.claude/skills/agent-ralph-loop/ralph-loop.test.ts

@@ -248,7 +248,7 @@ feature: Test
     const result = formatProgressContext(state);
 
     expect(result).toContain("All tasks complete!");
-    expect(result).toContain("dotnet build.cs build");
+    expect(result).toContain("dotnet toolchain.cs build");
   });
 
   test("shows remaining tasks in phase", () => {

.claude/skills/agent-ralph-loop/ralph-loop.ts

@@ -143,11 +143,11 @@ You are executing a task from a progress file. Follow this protocol for EVERY ta
 
 ## TDD Loop
 1. **RED:** Write a failing test that asserts the task's expected behavior
-   - Run: \`dotnet build.cs test --filter "FullyQualifiedName~{TestClass}"\`
+   - Run: \`dotnet toolchain.cs test --filter "FullyQualifiedName~{TestClass}"\`
    - Expect: FAILURE (test must fail first to prove it tests something)
 
 2. **GREEN:** Write minimal code to make the test pass
-   - Run: \`dotnet build.cs test --filter "FullyQualifiedName~{TestClass}"\`
+   - Run: \`dotnet toolchain.cs test --filter "FullyQualifiedName~{TestClass}"\`
    - Expect: SUCCESS
 
 3. **REFACTOR:** Clean up code, verify security, add XML docs if public API
@@ -166,9 +166,9 @@ You are executing a task from a progress file. Follow this protocol for EVERY ta
 - [ ] Input validation for lengths and ranges
 
 ## Build Commands (MANDATORY - never use raw dotnet commands)
-- Build: \`dotnet build.cs build\`
-- Test: \`dotnet build.cs test\`
-- Test filtered: \`dotnet build.cs test --filter "..."\`
+- Build: \`dotnet toolchain.cs build\`
+- Test: \`dotnet toolchain.cs test\`
+- Test filtered: \`dotnet toolchain.cs test --filter "..."\`
 
 **CRITICAL - xUnit v2/v3 MIXED CODEBASE:**
 This repo uses BOTH xUnit v2 and v3 test projects with different CLI requirements:

.claude/skills/agent-ralph-prompt/SKILL.md

@@ -56,8 +56,8 @@ The prompt may contain completion promises as instructions (e.g., "output `<prom
 - Example (good):
   ```markdown
   ## Verification Requirements (MUST PASS BEFORE COMPLETION)
-  1. Build: `dotnet build.cs build` (must exit 0)
-  2. Test: `dotnet build.cs test` (all tests must pass)
+  1. Build: `dotnet toolchain.cs build` (must exit 0)
+  2. Test: `dotnet toolchain.cs test` (all tests must pass)
   3. No regressions: existing tests pass, new code covered
   Only after ALL pass, output <promise>DONE</promise>.
   If any fail, fix and re-verify.
@@ -108,9 +108,9 @@ git commit -m "refactor(piv): replace manual TLV parsing with Tlv/TlvHelper
 - Example:
   | Action | Command |
   |--------|---------|
-  | Build | `dotnet build.cs build` |
-  | Test | `dotnet build.cs test` |
-  | Coverage | `dotnet build.cs coverage` |
+  | Build | `dotnet toolchain.cs build` |
+  | Test | `dotnet toolchain.cs test` |
+  | Coverage | `dotnet toolchain.cs coverage` |
 
 ### 3a. Using Directives First (Before Refactoring)
 
@@ -227,19 +227,19 @@ If a test requires:
   ```markdown
   ## Phase 1: Create interfaces
   Files: IFoo.cs, IBar.cs
-  Verify: `dotnet build.cs build`
+  Verify: `dotnet toolchain.cs build`
   Commit: "feat(core): add IFoo and IBar interfaces"
   → Output <promise>PHASE_1_DONE</promise>
 
   ## Phase 2: Implement classes
   Files: Foo.cs, Bar.cs
-  Verify: `dotnet build.cs build`
+  Verify: `dotnet toolchain.cs build`
   Commit: "feat(core): implement Foo and Bar"
   → Output <promise>PHASE_2_DONE</promise>
 
   ## Phase 3: Add tests
   Files: FooTests.cs, BarTests.cs
-  Verify: `dotnet build.cs test`
+  Verify: `dotnet toolchain.cs test`
   Commit: "test(core): add Foo and Bar tests"
   → Output <promise>ALL_DONE</promise>
   ```
@@ -267,14 +267,14 @@ If a test requires:
 - Include complete test code (no placeholders)
 
 **Step 2: Run test to confirm failure**
-Run: `dotnet build.cs test --filter "FullyQualifiedName~TestName"`
+Run: `dotnet toolchain.cs test --filter "FullyQualifiedName~TestName"`
 Expected: FAIL (describe expected failure)
 
 **Step 3: Minimal implementation**
 - Include complete implementation code
 
 **Step 4: Re-run test to confirm pass**
-Run: `dotnet build.cs test --filter "FullyQualifiedName~TestName"`
+Run: `dotnet toolchain.cs test --filter "FullyQualifiedName~TestName"`
 Expected: PASS
 
 **Step 5: Commit**
@@ -287,8 +287,8 @@ git commit -m "feat: <message>"
 
 ## Verification Requirements (MUST PASS BEFORE COMPLETION)
 
-1. Build: `dotnet build.cs build` (must exit 0)
-2. Test: `dotnet build.cs test` (all tests must pass)
+1. Build: `dotnet toolchain.cs build` (must exit 0)
+2. Test: `dotnet toolchain.cs test` (all tests must pass)
 3. No regressions: existing tests pass, new code covered
 
 Only after ALL pass, output <promise>{COMPLETION_PROMISE}</promise>.
@@ -463,7 +463,7 @@ The final phase must include explicit verification steps:
 Before delivering completion promise:
 
 1. **Build Verification**
-   Run: `dotnet build.cs build`
+   Run: `dotnet toolchain.cs build`
    Must: Exit 0 with no errors
 
 2. **Coverage Check** (for documentation tasks)
@@ -490,12 +490,12 @@ Before starting work, capture baseline build errors to distinguish pre-existing
 
 Run BEFORE making any changes:
 ```bash
-dotnet build.cs build 2>&1 | grep -E "error (CS|MSB)" | sort > /tmp/baseline-errors.txt || true
+dotnet toolchain.cs build 2>&1 | grep -E "error (CS|MSB)" | sort > /tmp/baseline-errors.txt || true
 ```
 
 After each phase, compare:
 ```bash
-dotnet build.cs build 2>&1 | grep -E "error (CS|MSB)" | sort > /tmp/current-errors.txt || true
+dotnet toolchain.cs build 2>&1 | grep -E "error (CS|MSB)" | sort > /tmp/current-errors.txt || true
 NEW_ERRORS=$(comm -13 /tmp/baseline-errors.txt /tmp/current-errors.txt)
 if [ -n "$NEW_ERRORS" ]; then
     echo "⚠️ NEW BUILD ERRORS (fix before proceeding):"
@@ -657,7 +657,7 @@ For each API signature change:
 
 3. **Build after each batch:**
    ```bash
-   dotnet build.cs build
+   dotnet toolchain.cs build
    ```
 
 4. **Verify no remaining references:**
@@ -747,10 +747,10 @@ Each phase MUST end with explicit verification commands—not just "verify build
 Run these commands and verify expected results:
 ```bash
 # Build must succeed
-dotnet build.cs build   # Must exit 0
+dotnet toolchain.cs build   # Must exit 0
 
 # Run unit tests (hardware tests may fail - document expected failures)
-dotnet build.cs test -- --filter "Category!=Integration"  # Unit tests must pass
+dotnet toolchain.cs test -- --filter "Category!=Integration"  # Unit tests must pass
 
 # Verify expected file changes
 grep -rn "NewClass" src/  # Should find 3 files
@@ -799,13 +799,13 @@ For complex refactors (3+ phases), use this proven structure:
 
 - [ ] N.X-2: **Build verification**
   ```bash
-  dotnet build.cs build
+  dotnet toolchain.cs build
   ```
   Must exit 0.
 
 - [ ] N.X-1: **Test verification**
   ```bash
-  dotnet build.cs test --filter "FullyQualifiedName~Module"
+  dotnet toolchain.cs test --filter "FullyQualifiedName~Module"
   ```
   All tests must pass.
 
@@ -824,7 +824,7 @@ For complex refactors (3+ phases), use this proven structure:
 ## Anti-Patterns to Avoid
 - Vague completion criteria ("when finished")
 - Missing test requirement ("when code compiles")
-- Wrong commands (`dotnet test` instead of `dotnet build.cs test`)
+- Wrong commands (`dotnet test` instead of `dotnet toolchain.cs test`)
 - No failure guidance
 - Using `git add .` or `git add -A` blindly
 - **Cramming multiple phases into one iteration** (causes context rot)

.claude/skills/agent-ralph-prompt/WORKFLOW.md

@@ -121,7 +121,7 @@
     │ write-ralph-prompt│  │    build-project  │  │   test-project    │
     │                   │  │                   │  │                   │
     │ Guidance for      │  │ MANDATORY         │  │ MANDATORY         │
-    │ ad-hoc prompts    │  │ dotnet build.cs   │  │ dotnet build.cs   │
+    │ ad-hoc prompts    │  │ dotnet toolchain.cs   │  │ dotnet toolchain.cs   │
     │ (when no progress │  │ build             │  │ test              │
     │ file needed)      │  │                   │  │                   │
     └───────────────────┘  └───────────────────┘  └───────────────────┘

.claude/skills/agent-subagent/SKILL.md

@@ -48,8 +48,8 @@ Execute plan by dispatching fresh subagent per task, with two-stage review after
 BEFORE STARTING: Read CLAUDE.md and review .claude/skills/
 
 MANDATORY SKILLS (use these - NEVER use direct commands):
-- build-project: `dotnet build.cs build` - NEVER `dotnet build`
-- test-project: `dotnet build.cs test` - NEVER `dotnet test`
+- build-project: `dotnet toolchain.cs build` - NEVER `dotnet build`
+- test-project: `dotnet toolchain.cs test` - NEVER `dotnet test`
 - commit: Follow guidelines - NEVER `git add .`
 ```
 
@@ -61,8 +61,8 @@ Use Task tool with agent_type: "general-purpose":
 BEFORE STARTING: Read CLAUDE.md and review .claude/skills/
 
 MANDATORY SKILLS:
-- build-project: `dotnet build.cs build` - NEVER `dotnet build`
-- test-project: `dotnet build.cs test` - NEVER `dotnet test`
+- build-project: `dotnet toolchain.cs build` - NEVER `dotnet build`
+- test-project: `dotnet toolchain.cs test` - NEVER `dotnet test`
 - commit: Follow guidelines - NEVER `git add .`
 
 You are implementing Task N: [task name]

.claude/skills/docs-write-skill/SKILL.md

@@ -112,7 +112,7 @@ The `description` field in frontmatter is **critical** - it's what triggers skil
 | ❌ Weak | ✅ Strong |
 |---------|-----------|
 | `Helps with testing` | `Use when implementing features - write failing test first, then minimal code to pass` |
-| `Build tool` | `Use when compiling, testing, or packaging .NET code - runs build.cs targets (NEVER use dotnet test directly)` |
+| `Build tool` | `Use when compiling, testing, or packaging .NET code - runs toolchain.cs targets (NEVER use dotnet test directly)` |
 | `For debugging` | `Use when encountering bugs, test failures, or unexpected behavior - systematic root cause analysis before fixes` |
 
 **Rules:**
@@ -168,7 +168,7 @@ Use numbered steps for sequential processes, subsections for parallel concerns.
 ## Core Build Command
 
 ```bash
-dotnet build.cs [target] [options]
+dotnet toolchain.cs [target] [options]
 ```
 
 ## Available Targets