Regenerate canonical registry artifacts after removing the synthetic
merge-batch end-to-end fixture.
This drops the remaining bundle, catalog, plugin, and skills index
references so validate:references passes again on main.
Add a short maintainer guide for merge:batch and link it from the
existing merge policy docs.
Lock in the source-validation CI fixes discovered during the
merge-batch end-to-end exercise so shallow checkout and missing
base-branch fetch regressions fail the workflow contract test.
Add the missing When to Use sections for the new psychology skill pack and refresh the canonical generated artifacts required by the release workflow so the repository passes the warning budget and consistency gates.
Move yaml into runtime dependencies so the published npm installer
works in clean npx environments again. Bump the package to 9.5.1,
add the patch release notes, and keep README metadata aligned with
the release state.
Fixes#445
Add installer filters for risk, category, and tags so maintainers and
users can ship smaller skill surfaces to context-sensitive runtimes.
Document the reduced-install flow for OpenCode-style hosts, add the
humanize-chinese community skill, and sync the generated catalog and
plugin-safe artifacts that now reflect the release batch.
Refs #437
Refs #440
Refs #443
Refresh the source credits to match the repositories cited across release notes and current upstream projects. Remove the dead sstklen cost-optimization repo, add missing official and community repos, and tighten several stale or overstated descriptions.
Record the versioned plugin metadata and onboarding docs refreshed by the release preflight so the release workflow can continue from a clean main branch.
Import the official Hugging Face ecosystem skills and sync the\nexisting local coverage with upstream metadata and assets.\n\nRegenerate the canonical catalog, plugin mirrors, docs, and release\nnotes after the maintainer merge batch so main stays in sync.\n\nFixes #417
Add a machine-readable CSV companion for the 2026-03-29 security re-triage so maintainers can consume the refreshed statuses outside the markdown report.\n\nLink the refresh markdown and walkthrough to the new export to keep the historical baseline, addendum, and current-head report aligned.
Re-triage the 2026-03-15 security finding set against current main, keep the old snapshot as historical baseline, and add a current-head refresh with updated counts and finding status.\n\nLink the baseline and addendum to the new refresh report so maintainers have one current source of truth for what is still reproducible on HEAD.
Document the current static web-app behavior, local-only save flow, shallow installer path, and maintainer-only sync controls.\n\nAlign maintainer guides with the active audit-to-risk-sync workflow, canonical artifact bot contract, release/coverage requirements, and updated security triage context so the docs match the repository's real operating model.
Add a maintainers script to safely promote high-confidence legacy risk labels from unknown to concrete values, cover it with tests, and regenerate the canonical skill artifacts and plugin copies. This reduces the legacy unknown backlog without forcing noisy classifications that still need manual review.
Clarify that validate and automated skill-review are necessary but not sufficient for skill and risky guidance changes. Add the requirement consistently to contributing guidance, the quality bar, and the PR checklist so maintainers explicitly review logic, safety, failure modes, and risk labeling before merge.
Tighten the repo-state automation so canonical bot commits remain
predictable while leaving main clean after each sync.
Make the public catalog UI more honest by hiding dev-only sync,
turning stars into explicit browser-local saves, aligning risk types,
and removing hardcoded catalog counts.
Add shared public asset URL helpers, risk suggestion plumbing,
safer unpack/sync guards, and CI coverage gates so release and
maintainer workflows catch drift earlier.
Add a When to Use section for akf-trust-metadata so release validation stays within the current warning budget.\n\nRefresh the generated plugin-safe and catalog artifacts produced by the maintainer sync after the PR batch landed.
Document the new Claude Code and Codex plugin distributions and explain how root plugins, bundle plugins, and plugin-safe filtering relate to the full library install.\n\nSync the catalog, plugin compatibility artifacts, and generated plugin-safe subsets so main stays consistent before the v9.0.0 release flow.
Add Codex marketplace metadata and a repo-local plugin scaffold so the repository can be installed as a Codex plugin without duplicating the skills catalog.
Document the new integration path and cover it with a regression test to keep the marketplace entry and plugin manifest in sync.
Add visible FAQ and concepts content, strengthen tool-specific integration
guides, and publish a dedicated skills-vs-MCP explainer.
Extend homepage SEO metadata and JSON-LD so the GitHub Pages catalog
better reflects the repository's real positioning and common user
questions.
Update the recommended GitHub topics to use all available slots with tags
that better match the repository's real tool coverage and search intent.
Refresh the social preview assets so shared links and topic pages present
current positioning and the latest skill count more clearly.
Add fourteen skills from Dimillian/Skills, integrate the merged Snowflake and WordPress updates into the maintainer sync, and refresh registry metadata, attributions, walkthrough notes, and the 8.9.0 release notes while keeping validation warnings within budget.
Refresh maintainer-owned artifacts after the PR merge batch, convert the\nJetski loader example to a directly importable Node ESM module, and add\nthe 8.7.0 changelog entry before release preparation.\n\nRefs #382\nRefs #388
