Add a conservative metadata fixer for missing risk and source fields,
cover it with tests, and backfill the remaining skills using explicit
source inference only when the provenance is clear. Fall back to the
repo-documented defaults when the file does not support a stronger claim.
Refs #365
The skills catalog on GitHub Pages can fail to load when BASE_URL-based path
resolution is wrong in some deployment contexts.
This change tries multiple stable paths and validates payload shape before
using it, preventing an empty/hidden catalog state.
Increase home page skills area height and set a 4-column grid at desktop sizes.
This gives the catalog section more visible space on scroll and improves row utilization
on larger screens without altering filtering/search behavior.
* Implemented scripts and a Python utility to optimize agent skills, preventing context window overload, and document their usage.
* feat(infra): add skills optimization scripts with bundle support and fixed archive logic
* Removed Linux / Mac optimize-skills
* Removed the Linux Section
* feat(infra): final robust skill optimization suite with Library Mode
* Removed
* Updated the read me changed the optimisation to activation-skills
* Updated ReadMe
* docs: trim activation script README diff
* docs: update README with activate-skills script instructions
* fix: resolve merge conflict in get-bundle-skills.py with security and compatibility
* fix: resolve merge conflicts in activate-skills.bat and get-bundle-skills.py using line-based iteration
---------
Co-authored-by: sck_0 <samujackson1337@gmail.com>
Lazy load the home and skill detail routes so markdown and
syntax-highlighting code do not inflate the initial app bundle.
Keep behavior unchanged while splitting the web app into smaller
chunks and clearing the Vite large-bundle warning.
Make the skill filter helper treat the complete bundle as a
pass-through so categories missing from the hardcoded map are
not silently omitted.
Add a regression test to keep complete bundle behavior aligned
with its name.
Harden batch activation, dev refresh gating, Microsoft sync path
handling, and Jetski skill loading against command injection,
symlink traversal, and client-side star tampering.
Add regression coverage for the security-sensitive paths and
update the internal triage addendum for the Jetski loader fix.
Rename the dotnet backend example assets out of the C# source path so CodeQL no longer performs low-quality C# extraction on standalone template files with no project build context. Update the implementation playbook links to the new template filenames.
Keep the Radix component boilerplate as a template asset, but rename it out of the TSX parser path so CodeQL does not treat placeholder syntax as executable source. Update the example README link to the new template filename.
Tighten the remaining high-signal security findings by switching the todo example to a standard Express rate limiter, removing sensitive metadata from boilerplate logging, and replacing fragile HTML tag filtering with parser-based conversion.
Co-Authored-By: Claude <noreply@anthropic.com>
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks.
Co-Authored-By: Claude <noreply@anthropic.com>
Record that the merged landing-page-generator skill from PR #341
must be included in the next release because v8.2.0 was already
published before the PR landed.
Update the maintainer and user walkthroughs so they reflect the
completed 8.2.0 release publication instead of the pre-release ready
state.
Capture the final PR merge set, issue closure state, and the exact
release commands that were executed on main.
Accept the deterministic metadata updates produced by the release
preflight so the tracked tree matches the current package version and
skill count before the automated 8.2.0 release commit runs.
This keeps the README registry sync comment aligned with the current
package state while preserving the manual 8.2.0 release messaging.
Add the 8.2.0 changelog entry and align the release-facing user docs
with the current maintenance sweep so the release workflow has the
required notes and public version references in place.
Refresh README release messaging and contributor acknowledgements ahead
of the automated release commit and tag creation.
