Document the current static web-app behavior, local-only save flow, shallow installer path, and maintainer-only sync controls.\n\nAlign maintainer guides with the active audit-to-risk-sync workflow, canonical artifact bot contract, release/coverage requirements, and updated security triage context so the docs match the repository's real operating model.
Expand the conservative risk sync with explicit critical, offensive, and none patterns.\n\nAuto-apply high-confidence legacy label fixes, add the authorized-use notice when promoting offensive skills, and regenerate canonical and plugin artifacts so the unknown backlog keeps shrinking without loosening contributor input rules.
Add a maintainers script to safely promote high-confidence legacy risk labels from unknown to concrete values, cover it with tests, and regenerate the canonical skill artifacts and plugin copies. This reduces the legacy unknown backlog without forcing noisy classifications that still need manual review.
Treat generated plugin mirrors and marketplace outputs as managed
canonical artifacts so the main-branch sync bot can stage and commit
them instead of failing on unmanaged drift.
Ignore web-app coverage output during maintainer runs and update the
mirrored Office unpack scripts so plugin copies stay aligned with the
hardened source implementations.
Tighten the repo-state automation so canonical bot commits remain
predictable while leaving main clean after each sync.
Make the public catalog UI more honest by hiding dev-only sync,
turning stars into explicit browser-local saves, aligning risk types,
and removing hardcoded catalog counts.
Add shared public asset URL helpers, risk suggestion plumbing,
safer unpack/sync guards, and CI coverage gates so release and
maintainer workflows catch drift earlier.
Add a When to Use section for akf-trust-metadata so release validation stays within the current warning budget.\n\nRefresh the generated plugin-safe and catalog artifacts produced by the maintainer sync after the PR batch landed.
Add visible FAQ and concepts content, strengthen tool-specific integration
guides, and publish a dedicated skills-vs-MCP explainer.
Extend homepage SEO metadata and JSON-LD so the GitHub Pages catalog
better reflects the repository's real positioning and common user
questions.
Update the recommended GitHub topics to use all available slots with tags
that better match the repository's real tool coverage and search intent.
Refresh the social preview assets so shared links and topic pages present
current positioning and the latest skill count more clearly.
* chore: sync repo state [ci skip]
* Enhance WordPress skill documentation with 7.0 features
Updated the WordPress skill documentation to include new features from WordPress 7.0, such as Real-Time Collaboration, AI Connectors, and Abilities API. Enhanced the overview and workflow sections to reflect these changes.
* chore: sync repo state [ci skip]
* Enhance WordPress theme development for version 7.0
Updated the WordPress theme development workflow to include new features from WordPress 7.0, such as DataViews, Pattern Editing, Navigation Overlays, and admin refresh. Enhanced the overview and added sections for new theme features and testing checklist.
* chore: sync repo state [ci skip]
* Enhance WordPress plugin development for version 7.0
Updated WordPress plugin development workflow to include new features from WordPress 7.0, such as Real-Time Collaboration, AI Connectors, and the Abilities API. Enhanced descriptions and added sections for modern plugin development practices.
* chore: sync repo state [ci skip]
* Enhance WooCommerce workflow with WP 7.0 features
Updated WooCommerce development workflow to include WordPress 7.0 features such as AI connectors, DataViews, and collaboration tools. Enhanced descriptions and added new sections for AI-powered functionalities.
* chore: sync repo state [ci skip]
* Enhance WordPress penetration testing documentation
Updated the description to include WordPress 7.0 security considerations and added new sections on security testing for AI Connector, Abilities API, Real-Time Collaboration, and DataViews endpoints.
* chore: update star history chart
* chore(pr394): Drop derived artifacts from PR
Keep the pull request source-only so maintainer workflows and CI can regenerate canonical artifacts on main after merge.
* fix(pr394): Shorten WordPress pen-test description
Keep the imported WordPress 7.0 update within repository validation limits so source-validation passes on the contributor PR.
* chore: sync repo state [ci skip]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: sck_0 <samujackson1337@gmail.com>
Refresh maintainer-owned artifacts after the PR merge batch, convert the\nJetski loader example to a directly importable Node ESM module, and add\nthe 8.7.0 changelog entry before release preparation.\n\nRefs #382\nRefs #388
Add a Unix activation script, Antigravity-specific installer guidance,
and cross-platform recovery documentation so users can reduce the
live skill set when truncation or context overload appears.
Regenerate the canonical bundle/catalog artifacts after merging the
stale goldrush-api removal so main stays release-ready.
Refs #381
Tighten the web app ESLint scope so TypeScript source is checked
without crawling bundled skill assets, and remove unused markdown and
debounce dependencies.
Clarify the security reporting flow and split code vs content
licensing to reduce ambiguity for users and contributors.
Unify main-branch maintenance around repo-state and release-state commands so generated docs, contributor acknowledgements, tracked web assets, and canonical artifacts stay aligned across CI and scheduled hygiene runs.
Harden release publication by reusing deterministic sync commands, adding package dry-run verification, and covering the new workflow contract with regression tests.
The skills catalog on GitHub Pages can fail to load when BASE_URL-based path
resolution is wrong in some deployment contexts.
This change tries multiple stable paths and validates payload shape before
using it, preventing an empty/hidden catalog state.
Increase home page skills area height and set a 4-column grid at desktop sizes.
This gives the catalog section more visible space on scroll and improves row utilization
on larger screens without altering filtering/search behavior.
Lazy load the home and skill detail routes so markdown and
syntax-highlighting code do not inflate the initial app bundle.
Keep behavior unchanged while splitting the web app into smaller
chunks and clearing the Vite large-bundle warning.
Harden batch activation, dev refresh gating, Microsoft sync path
handling, and Jetski skill loading against command injection,
symlink traversal, and client-side star tampering.
Add regression coverage for the security-sensitive paths and
update the internal triage addendum for the Jetski loader fix.
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
