Skip to content

v1.7.1 - Installer reliability + docs honesty sweep

Latest
Latest

Choose a tag to compare

View all tags
@kevinnft kevinnft released this 15 May 08:01
· 2 commits to main since this release
v1.7.1
6135b3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Reliability + honesty pass. Triggered by an external review (public-repo-review audit). No skill content changed; one installer footgun fixed, one safety warning added, docs hyperbole sweep finished.

Fixed

  • install.sh --validate no longer silently installs. Bare --validate (without --all / --category / --preset) used to lint and then write 185 skills to ~/.hermes/skills/ because INSTALL_ALL defaults to true. Surprise filesystem writes for users who only meant to lint.
    • New: --validate-only lints frontmatter and exits, never touches the filesystem. Honours --category and --preset for scoping.
    • Back-compat: --validate still works, but now prints a warning when used without an install scope and points at --validate-only.
  • Submodule-trap warning. Cloning without --recurse-submodules left skills/obsidian-skills/ and skills/patent-disclosure-skill/ empty; the installer would deliver 185 while every doc / badge / FAQ claimed 191. Now the installer detects empty submodule dirs at startup and prints a with the exact git submodule update --init --recursive command.

Changed

  • docs/ hyperbole sweep #2. README's v1.6.0 cleanup never propagated to docs/. Removed/qualified production-ready, zero bugs, working perfectly across docs/AUTOMATION.md, docs/quality-dashboard.md, docs/release-automation.md, docs/skills-api.md, docs/installation.md. Quality scores still appear, now annotated as heuristics from this repo's own scripts/quality-dashboard.py (not third-party validation).
  • Example dashboard numbers in docs corrected to current repo state (5 stars, 0 forks). Previous fabricated 45/12 figures predated v1.6.0.

Why patch bump

  • One installer bug fix, one safety warning, doc cleanup. No skill content changed, no public CLI surface removed, --validate-only is purely additive. Strictly safer than 1.7.0.

Verified

  • bash -n scripts/install.sh clean
  • ✅ pytest 28/28 pass on ubuntu-latest AND macos-latest
  • --validate-only --preset minimal lints 14 skills, leaves target dir uncreated
  • ✅ Bare --validate prints warning and proceeds (back-compat preserved)
  • ✅ Empty submodule dirs trigger new warning before any install work

PR: #21

Assets 2
Loading