Tighten the remaining high-signal security findings by switching the todo example to a standard Express rate limiter, removing sensitive metadata from boilerplate logging, and replacing fragile HTML tag filtering with parser-based conversion.
Co-Authored-By: Claude <noreply@anthropic.com>
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
Update the Claude marketplace entry to use a schema-valid relative source path and add a regression test so invalid marketplace sources fail in the local suite. Also document the maintainer workflow used for stale PR metadata and fork-gated Actions runs.
Fixes#344
* Implemented scripts and a Python utility to optimize agent skills, preventing context window overload, and document their usage.
* feat(infra): add skills optimization scripts with bundle support and fixed archive logic
* Removed Linux / Mac optimize-skills
* Removed the Linux Section
* feat(infra): final robust skill optimization suite with Library Mode
* Removed
* Updated the read me changed the optimisation to activation-skills
* Updated ReadMe
* docs: trim activation script README diff
---------
Co-authored-by: sck_0 <samujackson1337@gmail.com>
Include tools/lib in the published npm files whitelist so the npx installer can resolve symlink-safety at runtime. Add a regression test that checks npm pack --dry-run --json for the expected packaged files.
Fixes#315
Co-Authored-By: Claude <noreply@anthropic.com>
- The installer uses copyRecursiveSync which copies files,
not symlinks, so git clone without core.symlinks works fine
- The previous Windows-specific git -c core.symlinks=true clone
required admin privileges, causing install failures
- This fix allows non-admin Windows users to install
Fixes#286
Co-authored-by: 阳虎 <yanghu@yanghudeMacBook-Pro.local>
* feat: Add skill filtering utility to fix Gemini token truncation (Issue #215) Adds skill-filter.js module that provides: - Category-based skill filtering to reduce context overhead - Pre-configured skill bundles (minimal, balanced, complete) - Support for environments with token limits This addresses the "could not convert a single message before hitting truncation" error when all 1,200+ skills are loaded with Gemini. Users can now use the minimal bundle to avoid truncation: - Minimal bundle: ~5k tokens - Balanced bundle: ~15k tokens - Complete bundle: ~50k tokens Fixes#215
This module filters and manages skills by category to address token limit issues in Gemini, providing various skill bundles to optimize performance.
* Fix: Use catalog-backed categories for skill bundles Replaces hardcoded categories (core, architecture, etc) with actual categories present in skills_index.json to ensure getSkillsByBundle returns a usable subset instead of empty set.
Consolidate the repository into clearer apps, tools, and layered docs areas so contributors can navigate and maintain it more reliably. Align validation, metadata sync, and CI around the same canonical workflow to reduce drift across local checks and GitHub Actions.
