v0.6.15

Features

• Native installer: Libretto now ships a native installer at https://libretto.sh/install.sh. Run curl -fsSL https://libretto.sh/install.sh | bash to install the libretto command globally without needing npx on every invocation.

• Google sign-in: libretto cloud auth login now offers a Google sign-in option in addition to email and password. Selecting it opens a browser to complete OAuth and polls for the resulting session automatically. First-time Google users are prompted to set up their organization.

• Forgot password: A new libretto cloud auth forgot-password command sends a password reset email to a given address, making it easier to recover access to a Libretto Cloud account.

• Richer network session logs: Session network logs (network.jsonl) now capture significantly more metadata per request — including resourceType, statusText, request and response headers, inline body previews, and byte counts. Full text-like request and response bodies are saved as gzipped sidecar files under .libretto/sessions/<session>/raw-network/. Failed requests are now also logged via the requestfailed event. Analytics, tracking, and static-asset noise is filtered out automatically.

Fixes

• Kernel provider endpoint hardened: The Kernel browser provider no longer accepts a workspace-configured KERNEL_ENDPOINT override, ensuring KERNEL_API_KEY is never sent to an unintended endpoint.

Improvements

• npx libretto deprecation warning: When Libretto is invoked via a package manager's exec command (e.g. npx libretto, pnpm exec libretto), the CLI now prints a deprecation warning and points to the native installer. Direct libretto invocations are unaffected.
• CLI documentation updated: All built-in help text, error messages, skill files, and docs examples have been updated to use the bare libretto command instead of npx libretto.