Update the web app and Loki example frontend to the patched Vite
release and regenerate the derived Claude plugin package files.
This aligns the affected manifests with the current Dependabot fix.
Tighten the repo-state automation so canonical bot commits remain
predictable while leaving main clean after each sync.
Make the public catalog UI more honest by hiding dev-only sync,
turning stars into explicit browser-local saves, aligning risk types,
and removing hardcoded catalog counts.
Add shared public asset URL helpers, risk suggestion plumbing,
safer unpack/sync guards, and CI coverage gates so release and
maintainer workflows catch drift earlier.
Tighten the web app ESLint scope so TypeScript source is checked
without crawling bundled skill assets, and remove unused markdown and
debounce dependencies.
Clarify the security reporting flow and split code vs content
licensing to reduce ambiguity for users and contributors.
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add support for GFM and highlight in markdown rendering
* feat: enhance markdown rendering by splitting YAML frontmatter and body
* feat: improve markdown styling for light and dark themes
* feat: enhance frontmatter parsing and display in SkillDetail component
Consolidate the repository into clearer apps, tools, and layered docs areas so contributors can navigate and maintain it more reliably. Align validation, metadata sync, and CI around the same canonical workflow to reduce drift across local checks and GitHub Actions.
