v0.1.3 — fix pakx install against MCP Registry 2025-12-11 schema

Critical install fix. Every pakx install against the live MCP Registry was failing with not found in official MCP registry or no installable transport advertised because the registry's 2025-12-11 schema rename was only patched in the search path (v0.1.1) — the detail-endpoint + install-translator were still hard-coded to the pre-2025 snake_case shape.

What changed

• OfficialMcpSource::fetch falls back from the per-server detail endpoint (404s on the current schema) to ?search=<id> exact-name match.
• mcp_translate::PackageHint accepts both registry_name / registryType, name / identifier, package_arguments / packageArguments, environment_variables / environmentVariables via serde aliases.
• mcp_translate::pick_remote walks packages[].transport.url for hosted SSE / streamable-http servers.
• Recognises npm / npmjs / npmjs.org, pypi / pypi.org, docker / oci / ghcr / ghcr.io as stdio-launchable registry types.

End-to-end repro

echo 'name: demo
version: 1.0.0
dependencies:
  mcp:
  - io.github.bytedance/mcp-server-filesystem' > agents.yml

pakx install   # before v0.1.3 — Error: 1 dep(s) failed to install
               # now              — installed: + io.github.bytedance/mcp-server-filesystem

Upgrade

pakx upgrade

Binaries

All five triples + CycloneDX 1.3 SBOM. Each binary has a matching .sha256 next to it.

v0.1.2 — pakx upgrade + brew + scoop + SBOM

Adopter-friendly release. No breaking changes.

Highlights

• pakx upgrade — check GitHub Releases for a newer version. Read-only by design — prints the channel-appropriate install command (curl|sh, brew upgrade, scoop update, cargo install --tag) instead of rewriting the binary in place.
• Homebrew tap: brew install pakxdev/tap/pakx
• Scoop bucket: scoop bucket add pakx https://github.com/pakxdev/scoop-pakx && scoop install pakx
• CycloneDX 1.3 SBOM attached for downstream vulnerability scanners.
• Governance: .github/ issue templates, PR template, FUNDING.yml. examples/hello-world walks through publishing your first skill.

Install

# curl|sh / irm|iex
curl -fsSL https://pakx.dev/install.sh | sh
irm https://pakx.dev/install.ps1 | iex

# Homebrew
brew install pakxdev/tap/pakx

# Scoop
scoop bucket add pakx https://github.com/pakxdev/scoop-pakx
scoop install pakx

# Cargo
cargo install --git https://github.com/pakxdev/pakx --tag v0.1.2 --locked pakx

Binaries

Triple	File
x86_64-pc-windows-gnu	pakx-v0.1.2-x86_64-pc-windows-gnu.exe
x86_64-unknown-linux-gnu	pakx-v0.1.2-x86_64-unknown-linux-gnu
aarch64-unknown-linux-gnu	pakx-v0.1.2-aarch64-unknown-linux-gnu
x86_64-apple-darwin	pakx-v0.1.2-x86_64-apple-darwin
aarch64-apple-darwin	pakx-v0.1.2-aarch64-apple-darwin

Each binary has a matching .sha256 next to it. CycloneDX SBOM at pakx-v0.1.2-sbom.cdx.json.

Upgrade

pakx upgrade

v0.1.1 — security + cross-platform binaries

Security + portability cleanup. Patch release; no CLI behaviour change.

Highlights

• cargo audit is now 0 / 0 / 0 across 288 dependencies.
• Prebuilts for every supported triple, built locally with cargo zigbuild because GitHub Actions is temporarily disabled to control CI billing.

Security fixes

Advisory	Crate	Action
RUSTSEC-2025-0067	libyml (unsound)	Replaced via serde_yml → serde_yaml_ng.
RUSTSEC-2025-0068	serde_yml (unmaintained)	Replaced with the maintained drop-in fork serde_yaml_ng.
RUSTSEC-2025-0057	fxhash (unmaintained)	Dropped via inquire 0.7 → 0.9.

Portability

• reqwest now uses rustls-tls instead of default-tls. No more system OpenSSL dependency, and the OpenSSL CVE surface is gone from the install footprint.

Binaries

Triple	File
x86_64-pc-windows-gnu	pakx-v0.1.1-x86_64-pc-windows-gnu.exe
x86_64-unknown-linux-gnu	pakx-v0.1.1-x86_64-unknown-linux-gnu
aarch64-unknown-linux-gnu	pakx-v0.1.1-aarch64-unknown-linux-gnu
x86_64-apple-darwin	pakx-v0.1.1-x86_64-apple-darwin
aarch64-apple-darwin	pakx-v0.1.1-aarch64-apple-darwin

Every binary has a matching .sha256 next to it. Verify before running:

sha256sum -c pakx-v0.1.1-x86_64-unknown-linux-gnu.sha256

Install

# Source (every platform)
cargo install --git https://github.com/pakxdev/pakx --tag v0.1.1 --locked pakx

# Or pakx.dev shims
curl -fsSL https://pakx.dev/install.sh | sh                 # Linux / macOS
irm https://pakx.dev/install.ps1 | iex                      # Windows

v0.1.0 — first public early-access release

First public early-access release of pakx — the universal package manager for AI agent context.

What ships

• The full CLI: pakx init, add, install, list, doctor, search, login, whoami, pack, publish, unpublish.
• Federated registry support: official MCP Registry, Smithery, and the first-party registry.pakx.dev.
• Per-agent adapters: Claude Code (reference), Cursor, Codex, Copilot, Windsurf (detect-only at v0.1).

See CHANGELOG.md for the full list.

Install

Source build (every platform):

cargo install --git https://github.com/pakxdev/pakx --tag v0.1.0 --locked pakx

Via pakx.dev shims (Linux / macOS / Windows):

curl -fsSL https://pakx.dev/install.sh | sh
# or, on Windows:
irm https://pakx.dev/install.ps1 | iex

Prebuilt binary (Windows x86_64 only at v0.1):

Download pakx-v0.1.0-x86_64-pc-windows-gnu.exe from the assets below. Verify against the .sha256 next to it.

Linux / macOS / arm64 prebuilts land at v0.2 once the cross-build pipeline is in place — GitHub Actions is temporarily disabled to control CI billing.

Verify

pakx --version       # prints `pakx 0.1.0`

Known limitations

• Smithery support is search-only; install translation arrives at v0.2.
• Only Windows x86_64 has a prebuilt binary attached at v0.1; everyone else builds from source.
• The release pipeline is disabled until billing lands.