Make post-merge credits maintenance mandatory on every PR merge. Require maintainers to sync Repo Contributors, audit Official Sources and Community Contributors, and push any README credit updates immediately instead of deferring them to release prep.
Refresh the source credits to match the repositories cited across release notes and current upstream projects. Remove the dead sstklen cost-optimization repo, add missing official and community repos, and tighten several stale or overstated descriptions.
Allow the Claude and Codex marketplace tests to tolerate short-lived filesystem propagation delays while plugin skill directories are being rebuilt during release sync.
Handle transient ENOTEMPTY failures when rebuilding root and bundle plugin skill directories during the release sync flow, and cover the retry behavior with a unit test.
Record the versioned plugin metadata and onboarding docs refreshed by the release preflight so the release workflow can continue from a clean main branch.
Improve github-issue-creator discovery metadata, record the 9.3.0 notes, and sync generated artifacts so the maintenance batch is ready for the release workflow. Preserve the current main state for issue closure and release publication.
Refs #419
Refs #421
Scope the .gitignore rule to the root Claude plugin directory so\nrelease staging can add the tracked manifest files.\n\nAlso include the upstream Trackio Claude manifest that ships inside\nthe imported skill directory.
Replace the derived .claude-plugin directory entry with the concrete\nplugin manifest files so release:prepare can git-add them without\ntripping over the ignore rule for the directory itself.\n\nAdd matching test updates for the workflow contract.
Import the official Hugging Face ecosystem skills and sync the\nexisting local coverage with upstream metadata and assets.\n\nRegenerate the canonical catalog, plugin mirrors, docs, and release\nnotes after the maintainer merge batch so main stays in sync.\n\nFixes #417
Add a machine-readable CSV companion for the 2026-03-29 security re-triage so maintainers can consume the refreshed statuses outside the markdown report.\n\nLink the refresh markdown and walkthrough to the new export to keep the historical baseline, addendum, and current-head report aligned.
Re-triage the 2026-03-15 security finding set against current main, keep the old snapshot as historical baseline, and add a current-head refresh with updated counts and finding status.\n\nLink the baseline and addendum to the new refresh report so maintainers have one current source of truth for what is still reproducible on HEAD.
Document the current static web-app behavior, local-only save flow, shallow installer path, and maintainer-only sync controls.\n\nAlign maintainer guides with the active audit-to-risk-sync workflow, canonical artifact bot contract, release/coverage requirements, and updated security triage context so the docs match the repository's real operating model.
