Install apps/web-app dependencies before running the dedicated
coverage step in CI and publish workflows.
This fixes the failing main workflow where app:test:coverage could not
find vitest on GitHub runners because the web-app package had not been
installed yet.
Tighten the repo-state automation so canonical bot commits remain
predictable while leaving main clean after each sync.
Make the public catalog UI more honest by hiding dev-only sync,
turning stars into explicit browser-local saves, aligning risk types,
and removing hardcoded catalog counts.
Add shared public asset URL helpers, risk suggestion plumbing,
safer unpack/sync guards, and CI coverage gates so release and
maintainer workflows catch drift earlier.
* upgrade skill-review to skill-review-and-optimize
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* retrigger CI
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Install apps/web-app dependencies in the publish workflow before the\nfrontend build so CI matches the working Pages pipeline.\n\nHarden the maintainer release suite by adding the same install step\nbefore app:build, and switch the shared app:install helper to npm ci\nfor deterministic installs.\n\nDocument the follow-up patch release in the changelog so 8.7.1 can\npublish the 8.7.x line to npm after the 8.7.0 release failed before\nreaching the registry.
Freeze the accepted validation warning count at 135 so repo-state and release-state checks fail if the warning baseline grows silently while legacy warnings remain intentionally preserved.
Add a read-only maintainer audit command plus regression tests so maintainers can inspect repo health quickly without mutating files.
Unify main-branch maintenance around repo-state and release-state commands so generated docs, contributor acknowledgements, tracked web assets, and canonical artifacts stay aligned across CI and scheduled hygiene runs.
Harden release publication by reusing deterministic sync commands, adding package dry-run verification, and covering the new workflow contract with regression tests.
Add maintainer automation for repo-state hygiene so contributor acknowledgements, count-sensitive docs, and GitHub About metadata stay aligned from the same workflow.
Cover the new scripts with regression tests and wire them into the local test suite to keep future maintenance changes from drifting silently.
* chore: implement ESM standardization and security attestation
Aligning root infrastructure with Node.js v24.14.0 standards.
- Set type: module in package.json to eliminate re-parsing overhead.
- Migrated Jetski Loader tests to .cjs to maintain legacy security audit compatibility.
- Verified path traversal and symlink protections with clean attestation.
* chore(ci): update pr_preflight path to .cjs for ESM compatibility
* feat(infra): surgical ESM modernization for Gemini suite
Resolved Codex P1 by reverting global root ESM shift to preserve installer stability.
- Implemented scoped 'type: module' in /docs/integrations/jetski-gemini-loader/ to eliminate re-parsing overhead.
- Updated test runner (run-test-suite.js) and CI (ci.yml) to track .cjs transitions.
- Verified zero-warning execution in Node v24.14.0.
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
Update the Claude marketplace entry to use a schema-valid relative source path and add a regression test so invalid marketplace sources fail in the local suite. Also document the maintainer workflow used for stale PR metadata and fork-gated Actions runs.
Fixes#344
- Document step-by-step flow to reopen closed PRs and merge via GitHub
- Add agent instruction block: always merge via GitHub, never close after
local integration; if closed, reopen and merge for contributor credit
- Add shortcut link for Reopen & merge a closed PR
- Add docs/maintainers/merging-prs.md: policy to always use Squash and merge,
resolve conflicts on PR branch so PR shows Merged; Co-authored-by for rare
local integration
- Update .github/MAINTENANCE.md: merge via GitHub only, never close after
local integration; conflict resolution on branch then merge
- Update CONTRIBUTING.md Recognition: we always merge accepted PRs on GitHub,
never close after integrating locally
Addresses feedback from @sraphaz on #225 (attribution when PRs are integrated
locally). Going forward PRs will show as Merged so contributors get full credit.
Consolidate the repository into clearer apps, tools, and layered docs areas so contributors can navigate and maintain it more reliably. Align validation, metadata sync, and CI around the same canonical workflow to reduce drift across local checks and GitHub Actions.
- Add maintainer shortcuts and step-by-step 'When you merge a PR'
- Add post-merge routine and when to close issues (Closes #N, manual)
- Add release checklist, tag/package.json note, release_notes guidance
Co-authored-by: Cursor <cursoragent@cursor.com>
- Align package.json description to 883+ skills
- Allow risk:unknown in validate_skills.py for legacy skills
- Add When to Use section to 6 skills; fix frontmatter in brainstorming, agents-v2-py, hosted-agents-v2-py
- Add scripts/validate_references.py for workflows, bundles, BUNDLES.md links
- Update QUALITY_BAR and SKILL_ANATOMY; add docs/AUDIT.md and MAINTENANCE note for data/
- Make YAML frontmatter test warn instead of fail; regenerate catalog and index
Co-authored-by: Cursor <cursoragent@cursor.com>
Prepare release 5.0.0 by documenting the new Workflows foundation, bumping package metadata, refreshing release notes, and extending MAINTENANCE guidance for workflows consistency and issue-closing protocol.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add npm scripts: validate, validate:strict, index, readme, chain, catalog, build
- Align docs to V4 and 560 skills (GETTING_STARTED, FAQ, BUNDLES, MAINTENANCE, vietnamese)
- build-catalog: output to data/ for catalog, bundles, aliases; add to CI and drift check
- Add yaml dep, Node setup and catalog step in CI; extend auto-commit and drift msg
- Translate CI and MAINTENANCE to English; update CI_DRIFT_FIX and maintenance routine
- QUALITY_BAR/CONTRIBUTING: canonical validator npm run validate; legacy note in validate-skills.js
