feat(tools/asf-svn): ASF SVN-based tool adapter (svn.apache.org + dist.apache.org), full capability surface like tools/github (#608)

[HarshMehta112]

Summary

• Adds tools/asf-svn/ — a complete ASF SVN tool adapter, the SVN counterpart to tools/github/: source control (VCS binding), svn CLI operations + credentials pre-flight, dist.apache.org release
  distribution, ASF committer/PMC authorization, and optional svnpubsub site publishing.
• Why: dist.apache.org is SVN for every ASF project regardless of where code lives, so even a GitHub-hosted ASF project needs this to steward its release flow; a GitHub-only tool surface is
  structurally blind to ASF release infrastructure.
• Packages the generic SVN binding (feat(tools/subversion): Apache Subversion (SVN) support — ASF svn.apache.org / dist.apache.org #602) plus the ASF-specific surface into a first-class named tool an adopter can mix per capability (e.g. GitHub issues + asf-svn source control + asf-svn release
  distribution).

Type of change

• Skill change (.claude/skills/<name>/) — eval fixtures updated below
• Tool / bridge contract (tools/<system>/*.md)
• Python package (tools/*/ with pyproject.toml)
• Groovy reference impl
• Cross-cutting (RFC, AGENTS.md, sandbox, privacy-LLM)
• Documentation (docs/, README.md, CONTRIBUTING.md)
• Project template (projects/_template/)
• CI / dev loop (prek, workflows, validators)
• Other:

Test plan

• skill-and-tool-validator run against the working tree — 0 violations on tools/asf-svn/ files; capability-sync, tool-README (capability + prerequisites), link, and TOC-anchor checks all green.
• All ../ and same-dir markdown links verified to resolve to existing targets.
• doctoc TOC anchors hand-verified against doctoc's GitHub-slugger output already present in the repo (e.g. distapacheorg, -- for em-dash, projects-v2 for parens) — the hook is a no-op on these
  files.
• Every svn / svnmucc recipe checked for flag/subcommand validity.
• apache-projects MCP tool names (get_committee / get_group_members / get_person / search_people) verified against tools/apache-projects/tool.md — no invented identifiers.
• prek run --all-files — not run in authoring env (no uv/node available); doc-only change, no Python/Groovy touched. Please run in CI.
• N/A — no Python package, Groovy bridge, or skill behaviour changed (doc-only adapter; no eval fixtures apply).

RFC-AI-0004 compliance

• skill-and-tool-validator run against the working tree — 0 violations on tools/asf-svn/ files; capability-sync, tool-README (capability + prerequisites), link, and TOC-anchor checks all green.
• All ../ and same-dir markdown links verified to resolve to existing targets.
• doctoc TOC anchors hand-verified against doctoc's GitHub-slugger output already present in the repo (e.g. distapacheorg, -- for em-dash, projects-v2 for parens) — the hook is a no-op on these
  files.
• Every svn / svnmucc recipe checked for flag/subcommand validity.
• apache-projects MCP tool names (get_committee / get_group_members / get_person / search_people) verified against tools/apache-projects/tool.md — no invented identifiers.
• prek run --all-files — not run in authoring env (no uv/node available); doc-only change, no Python/Groovy touched. Please run in CI.
• N/A — no Python package, Groovy bridge, or skill behaviour changed (doc-only adapter; no eval fixtures apply).

RFC-AI-0004 compliance

• HITL — every write path (svn commit, dist stage/promote/prune, site publish) is gated on explicit user confirmation in the calling skill; stated in each file's write-path confirmation rule.
• Sandbox — no new unrestricted host access; network reach (svn.apache.org, dist.apache.org) declared in README.md Prerequisites.
• Vendor neutrality — placeholders (<project>, <asf-id>, <project-config>, <upstream>) used throughout; ASF specifics live in the adapter, not in any skill.
• Conversational + correctable — adapter is doc-only; skills that consume it retain their existing agentic-override paths.
• Write-access discipline — no autonomous outbound messages; all commits/promotions are drafted command sets executed only on confirmation.
• Privacy LLM — N/A; the adapter reads only public ASF roster/infra data (every apache-projects MCP value is already public).

Linked issues

Closes #608. Refs #602 (generic SVN VCS binding this builds on), #526 (ASF infra bootstrap context).

Notes for reviewers (optional)

• Capability label: the README declares capability:setup + capability:resolve (resolve covers the dist promote/prune + publish lifecycle actions). Issue feat(tools/asf-svn): ASF SVN-based tool adapter (svn.apache.org + dist.apache.org), full capability surface like tools/github #608 is labeled capability:setup only — if you
  prefer strict alignment, the + capability:resolve is a 2-line revert in README.md and the docs/labels-and-capabilities.md row. Flagged for your call.
• asf-authorization-template path/format: the exact file path within the infrastructure tree and stanza format are ASF-Infra-maintained and can drift; the doc says so and gives svn list as the
  confirmation fallback rather than hard-coding a brittle path.
• magpie-vcs SVN backend: source-control.md documents the binding as the contract; the runnable magpie-vcs SVN backend itself remains the feat(tools/subversion): Apache Subversion (SVN) support — ASF svn.apache.org / dist.apache.org #602 extension point — this PR is the doc-adapter layer,
  not the Python backend.
• Doc-only adapter: no executable code; skills invoke the svn binary directly.

[justinmclean]

The CI is failing as fenced code blocks should have a language specified - it should be easy to fix.

[justinmclean]

Using the Magpie review skill:

Security model — major

tools/asf-svn/operations.md (Authentication) documents passing the ASF account password as a command-line argument:
svn info https://svn.apache.org/repos/asf//trunk
--username --password --no-auth-cache

The doc itself states this is "the committer's ASF account password (managed at id.apache.org), not a separate token." Passing it on argv exposes it in ps/process listings, shell history, and command logs on the same shared/ephemeral machine the --no-auth-cache note is trying to protect. Recommend omitting --password (let svn prompt) or feeding it via stdin.

API / code correctness — major

The Step 0 auth "write check" uses read-only svn info, which does not verify write access. operations.md labels svn info … | grep "^URL:" a "(write check)" and the broader text says it must "verify that svn has a usable credential with write access." Because svn.apache.org/repos/asf and dist.apache.org/repos/dist are world-readable, svn info exits 0 for a non-committer, so the "hard stop" passes and the failure only surfaces at the real svn commit (E170001). Same false-positive in authorization.md ("confirm dist write access") and release-distribution.md (dist pre-flight).

Code quality — minor

release-distribution.md "Promote a release": prose says "using a server-side SVN copy" and the code comment says "Server-side copy from dev to release," but the command is svn move. Command is correct for ASF promotion; the "copy" wording is misleading (a reader may expect the RC to remain under dev/).

Conventions — minor

tools/asf-svn/README.md omits the Organization: ASF line that tools/AGENTS.md ("Every tool is a directory with a README", point 3) requires for org-bound tools. asf-svn is unambiguously ASF-bound; sibling ASF tools apache-projects and ponymail both carry it. Not CI-enforced when absent, so it won't fail the validator.
No license-header finding: all six new files carry the Apache SPDX header, and .md files are exempt anyway, so this is clean.