Skip to content

v0.2.12

Choose a tag to compare

@dongmucat dongmucat released this 18 Jun 07:51
f8ea4e6

SkillHub 0.2.12

The 0.2.12 release focuses on anonymous public CLI installs, security hardening, notification reliability, and CI/dependency maintenance.

🌟 Highlights

  • Anonymous public CLI search and install are now supported with installability filtering, restricted-skill handling, and bearer-token hardening by @dongmucat in #523
  • Security review hardening closes release/runtime, archive extraction, workflow, scanner, and validation gaps by @dongmucat in #508
  • Notification delivery is more reliable for profile reviews, promotion reviewer notices, publish events, and SSE streams by @dongmucat in #530, #533, and #539

🚨 Breaking Changes

  • Invalid CLI bearer tokens now fail closed instead of falling back to anonymous access. Refresh credentials or omit the invalid token before CLI search/install by @dongmucat in #523

✨ Features

  • Support anonymous public search and install in the CLI by @dongmucat in #523
  • Add AgentGuard as a built-in skill from the cloud manifest by @dongmucat in #526

🐛 Bug Fixes

  • Treat the highlighted CLI install target as selected when pressing Enter by @SenLinLeo in #534
  • Preserve SSE headers for notification streams by @dongmucat in #539
  • Keep notification SSE live-push streams open and add profile review notifications by @dongmucat in #530
  • Avoid publish notifications for promotion reviewers by @dongmucat in #533
  • Allow super admins to review their own promotion requests by @dongmucat in #536
  • Harden review/security findings across runtime secrets, release validation, archive extraction, scanner gating, and workflow permissions by @dongmucat in #508
  • Filter installable CLI search results before pagination and reject anonymous restricted resolves cleanly by @dongmucat in #523

⚡ Performance

  • None identified in the v0.2.11..HEAD range.

📚 Documentation

  • Update CLI README/help for anonymous public search and install by @dongmucat in #523
  • Remove handwritten notification OpenAPI docs and refresh profile-review related docs by @dongmucat in #530
  • Refresh docs site dependencies and security authorization docs by @dongmucat in #538

🔧 Chore

  • Patch Dependabot security alerts by @dongmucat in #538
  • Remove unsupported Python CodeQL scanning from the security workflow by @dongmucat in #537
  • Add workflow, runtime-secret, release-config, and dev-web host tests for the hardened release path by @dongmucat in #508

📖 Documentation

👥 New Contributors

Full Changelog: v0.2.11...{{tag}}