Skip to content

Releases: OneClickPostFactory/coding-agent-skills

v0.2.16 — OpenClaw-compatible JSON output contract

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 19:36

v0.2.16 adds machine-readable JSON output and exit-code semantics for orchestrator-safe use.

Install:

npm install -g coding-agent-skills

Highlights:

  • Optional --json output for public read-only CLI commands
  • Stable documented exit-code contract
  • Consistent safety summaries
  • Recommended next action fields for orchestrators
  • Better fit for OpenClaw-style routing, cron-triggered checks, and agent workflows
  • Default human-readable output remains unchanged

Supported commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills route-trace /path/to/project
coding-agent-skills env-audit /path/to/project
coding-agent-skills secret-audit /path/to/project
coding-agent-skills api-contract-audit /path/to/project
coding-agent-skills migration-review /path/to/project
coding-agent-skills github-handoff /path/to/project
coding-agent-skills deployment-preflight /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Safety:

  • Read-only command surface
  • No deployments
  • No database migrations or mutations
  • No target-project builds or tests through repo-map
  • No runtime or service mutation
  • No secret or .env reads
  • Project adapters narrow context and do not grant additional authority

Requires Node.js 20+.

v0.2.15 - Deployment preflight skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 18:48

Adds the audit-only deployment-preflight skill to coding-agent-skills.

Install:

npm install -g coding-agent-skills

New command:

coding-agent-skills deployment-preflight /path/to/project

Existing supported commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Highlights:

  • Static deployment readiness evidence mapping
  • Deployment config, documentation, package-script-key, platform-indicator, and risk-indicator reporting
  • Adapter-aware partial mode when a project adapter exists but does not enable deployment-preflight
  • Evidence-first reporting with explicit not-verified and refused-behavior sections
  • Node.js 20+
  • No runtime dependencies

Safety boundaries:

  • No deployments
  • No cloud provider API calls
  • No provider CLI execution
  • No package installs
  • No target-project builds or tests
  • No runtime checks
  • No service or process mutation
  • No database connections or migrations
  • No secret or .env reads
  • No project writes

npm package:

coding-agent-skills@0.2.15

v0.2.14 - GitHub handoff skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 18:27

Adds the audit-only github-handoff skill and CLI command for local release handoff evidence.

Install:

npm install -g coding-agent-skills

Supported commands now include:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root
coding-agent-skills github-handoff /path/to/project

Highlights:

  • Local Git handoff evidence: branch state, HEAD, tags at HEAD, remote names, and changed-file summary
  • Adapter-aware behavior: reports partial status when a project adapter does not enable github-handoff
  • Remote URLs are not printed
  • Read-only command surface
  • Node.js 20+
  • No runtime dependencies

Safety boundaries:

  • No commits
  • No pushes
  • No tags
  • No branch changes
  • No pull request creation
  • No GitHub API mutations
  • No token reads
  • No secret-file reads
  • No project writes

npm package:

coding-agent-skills@0.2.14

v0.2.13 - Migration review skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 17:48

Adds the read-only migration-review skill and CLI command.\n\nInstall:\n\nnpm install -g coding-agent-skills\n\nNew command:\n\ncoding-agent-skills migration-review /path/to/project\n\nExisting supported commands include validate-pack, validate-project, repo-map, validate-adapters, route-trace, env-audit, secret-audit, and api-contract-audit.\n\nHighlights:\n- Static migration and schema evidence review\n- Adapter-aware scope handling\n- Destructive-looking SQL risk indicators by path only\n- Honest verified, skipped, and not-verified reporting\n- Node.js 20+\n- No runtime dependencies\n\nSafety boundaries:\n- No database connections\n- No migration apply, status, reset, or generation commands\n- No target-project builds or tests\n- No package installs\n- No deployments\n- No service or process mutation\n- No secret or .env reads\n- Project adapters narrow context and do not grant additional authority

v0.2.12 - API contract audit skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 11:55

Adds the read-only api-contract-audit skill.\n\nInstall:\n\nnpm install -g coding-agent-skills\n\nSupported CLI commands now include:\n\ncoding-agent-skills validate-pack\ncoding-agent-skills validate-project /path/to/project\ncoding-agent-skills repo-map /path/to/project\ncoding-agent-skills route-trace /path/to/project\ncoding-agent-skills env-audit /path/to/project\ncoding-agent-skills secret-audit /path/to/project\ncoding-agent-skills api-contract-audit /path/to/project\ncoding-agent-skills validate-adapters /path/to/adapter-root\n\nHighlights:\n\n- Static API contract, endpoint, client-call, and schema/type mapping\n- Adapter-aware bounded scanning\n- Partial status when a project adapter does not enable api-contract-audit\n- Evidence-first reporting with explicit not-verified runtime areas\n- Read-only safety model\n- Node.js 20+\n- No runtime dependencies\n\nSafety boundaries:\n\n- No target project builds or tests\n- No app-code execution\n- No URL probing or API calls\n- No schema or client generation\n- No deployments\n- No migrations\n- No secret or .env reads\n- Project adapters narrow context and do not grant additional authority\n\nnpm package:\n\ncoding-agent-skills@0.2.12

v0.2.11 - Secret audit skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 11:14

Adds the audit-only secret-audit skill and published CLI support.

Install:

npm install -g coding-agent-skills

New command:

coding-agent-skills secret-audit /path/to/project

Existing supported commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills route-trace /path/to/project
coding-agent-skills env-audit /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Highlights:

  • Redacted static secret exposure detection by path, type, and count
  • Adapter-aware scope handling with fail-closed skips when not enabled
  • No matched value printing
  • No .env or secret-file reads
  • No credential validation, rotation, API calls, builds, tests, deployments, migrations, or project writes
  • Node.js 20+
  • No runtime dependencies

npm package: coding-agent-skills@0.2.11

v0.2.10 - Env audit skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 10:54

v0.2.10 adds env-audit-skill.

Install:

npm install -g coding-agent-skills

New command:

coding-agent-skills env-audit /path/to/project

Existing commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills route-trace /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Highlights:

  • Read-only static environment variable name mapping
  • Adapter-aware scope control
  • Sample, required, optional, inferred, skipped, and not-verified reporting
  • .env and secret-bearing files are refused
  • No value printing
  • No credential validation
  • No API calls
  • No target-project builds or tests
  • No deployments
  • No migrations

Requires Node.js 20+.

v0.2.9 - Route trace skill

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 03 Jul 09:43

v0.2.9 adds route-trace-skill.

Install:

npm install -g coding-agent-skills

New command:

coding-agent-skills route-trace /path/to/project

Existing commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Highlights:

  • Read-only static route tracing
  • Adapter-aware scope control
  • Verified / inferred / skipped / not-verified route reporting
  • No app execution
  • No target-project builds or tests
  • No runtime probing
  • No deployments
  • No migrations
  • No secret or .env reads

Requires Node.js 20+.

v0.2.8 — Public npm release

Choose a tag to compare

@OneClickPostFactory OneClickPostFactory released this 02 Jul 21:24

First public npm release of coding-agent-skills.

Install:

npm install -g coding-agent-skills

Supported commands:

coding-agent-skills validate-pack
coding-agent-skills validate-project /path/to/project
coding-agent-skills repo-map /path/to/project
coding-agent-skills validate-adapters /path/to/adapter-root

Highlights:

  • Adapter-aware project repo mapping
  • Project-owned adapter discovery and validation
  • Evidence-first validation and reporting
  • Read-only command surface
  • Node.js 20+
  • No runtime dependencies

Safety boundaries:

  • No deployments
  • No database migrations or mutations
  • No target-project builds or tests through repo-map
  • No runtime or service mutation
  • No secret or .env reads
  • Project adapters narrow context and do not grant additional authority

npm package:

coding-agent-skills@0.2.8