v0.26.7

Release v0.26.7. See CHANGELOG.md for details.

v0.26.6

Changed

• Container image: unpin claude-agent-sdk floor. The 0.1.73-
  0.1.77 "regression" we suspected at 0.26.0 was actually the
  OAuth-bare-env auth bug in disguise (Anthropic rejecting
  sk-ant-oat01-… tokens passed without the full credentials.json
  context). 0.26.2 fixed the auth path; claude-agent-sdk==0.1.72
  was a workaround that's no longer necessary. Verified locally on
  2026-05-08: 0.1.77 round-trips a real SDK query() in 5s with a
  bind-mounted credentials.json, no is_error=True/subtype=success
  failure. Back to claude-agent-sdk>=0.1.0.

v0.26.5

Added

• NEWB_CLAUDE_CODE_CREDENTIALS_JSON env var. Full
  credentials.json content (refresh_token + accessToken +
  expiresAt + scopes + subscriptionType) as the env-var value. When
  set, DockerRunner/PodmanRunner/ApptainerRunner materialise
  it to a 0644 tempfile, bind-mount that into the container, and
  unlink the tempfile on close(). Adopting workflows pass the GH
  secret as this env var directly — no shell provisioning step
  needed.
• Two new tests covering env-var materialisation and the env-var-

  host-file precedence (17 container-runner tests, was 15).

Changed

• newb-self-verify.yml simplified. Dropped the bash
  Provision Anthropic auth step (chmod 644, mkdir ~/.claude/,
  printf to file). The Run newb against newb step now just sets
  NEWB_CLAUDE_CODE_CREDENTIALS_JSON: ${{ secrets.CLAUDE_CREDENTIALS_JSON }}
  and lets newb materialise the file. One less moving piece per
  adopting repo.
• docs/badge.md workflow template updated to show the
  env-var pattern. Required-secrets table grew a second row
  (CLAUDE_CREDENTIALS_JSON) flagged "only for OAuth flat-rate".

v0.26.4

Fixed

• Container image: pre-create /home/newb/.claude/ owned by
  the newb user. When the host bind-mounts
  ~/.claude/.credentials.json into the container, Docker would
  otherwise create the parent directory as root, which blocks
  the SDK from writing /home/newb/.claude/session-env at runtime
  (the agent's per-session scratch dir). Symptom on the prior
  image: all 6 prompts authenticated and ran, but every prompt's
  Bash tool refused to initialise — INSTALL: fail / IMPORT: fail
  on a perfectly good package. Pre-creating the dir at image-build
  time, owned by the right uid, fixes it cleanly. Requires
  rebuilding the runner image.
• GitHub Actions Node 20 deprecation. Bumped pinned action
  versions in test.yml, sync-main.yml, publish-pypi.yml, and
  publish-image.yml so they run on Node 24:
  actions/checkout@v4 → @v6, actions/setup-python@v5 → @v6,
  actions/upload-artifact@v4 → @v7,
  codecov/codecov-action@v4 → @v5. (newb-self-verify.yml was
  already on v6/v7.)

v0.26.3

Fixed

• In-container _provision_auth() now prefers the bind-mounted
  ~/.claude/.credentials.json over ANTHROPIC_API_KEY. When both
  are present (the 0.26.2 path), the SDK was picking the env var
  and getting rejected because Anthropic doesn't accept
  sk-ant-oat01-… OAuth tokens via bare env. The runner now
  unsets ANTHROPIC_API_KEY when credentials.json is mounted so
  the SDK uses the file-based credentials_file flow exclusively.
  This requires rebuilding the runner image (0.26.3).

v0.26.2

Added

• Container runners bind-mount ~/.claude/.credentials.json
  (read-only) into the container when the file exists on the host.
  Anthropic rejects sk-ant-oat01-… OAuth tokens passed as a bare
  ANTHROPIC_API_KEY env var (no refresh-token / expiresAt
  context); the file-based flow gives the SDK the full credentials
  shape it expects. The env-var-only path still works for real
  sk-ant-api* keys, which authenticate fine bare.
  • DockerRunner, PodmanRunner (inherits), ApptainerRunner: same
    semantics, runtime-appropriate flags (-v / --bind).
• newb-self-verify.yml materialises ~/.claude/.credentials.json
  from the new CLAUDE_CREDENTIALS_JSON repo secret before running
  the verification, so CI can use OAuth flat-rate billing without
  the bare-env rejection. If the secret is unset, the workflow
  falls back to the bare NEWB_ANTHROPIC_API_KEY path (real API
  keys only).
• New unit test asserting the bind-mount appears in argv when the
  host has a credentials file (145 tests, was 144).

v0.26.1

Fixed

• Container image: pin claude-agent-sdk==0.1.72 in
  containers/Dockerfile. The previous unbounded floor pulled in
  SDK 0.1.77, which raises Claude Code returned an error result: success on the first prompt — observed via newb-self-verify on
  the freshly-built v0.26.0 image. 0.1.72 (used by the v0.23.0 image)
  was the last known-good. We'll un-pin when upstream confirms the
  fix.

v0.26.0

Added

• newb dev group — maintainer plumbing under a single noun.
  Mirrors the <cli> dev <verb> shape used by other tooling. Keeps
  the top-level CLI clean (newb <SOURCE> is the user-facing
  primary action) and avoids SOURCE-positional collisions with verb
  names. Verbs:
  • newb dev install <owner>/<repo> — scaffold + set-secret combo
  • newb dev set-secret <owner>/<repo> — push NEWB_ANTHROPIC_API_KEY to GH
  • newb dev scaffold-workflow <owner>/<repo> — workflow file only
• newb install-shell-completion and newb print-shell-completion —
  native Click completion (no scitex-dev dependency).
• newb skills install — copy newb's skill leaves into
  ~/.claude/skills/newb/ for local discoverability.
• Friendlier unknown-positional error. newb rotate-github-secrets
  (typed without the dev prefix) used to fall through to a
  FileNotFoundError on the SOURCE positional. Now the CLI walks the
  registered subcommand tree and suggests the correct path:
  newb: 'rotate-github-secrets' is not a top-level command. Did you mean 'newb dev set-secret'? (Note: the actual rotate-github-secrets
  verb was removed — see below.)
• Canonical version line in root --help. newb (vX.Y.Z) — …
  surfaces the installed version in the epilog so operators don't
  need a separate newb -V call.
• -V short alias for --version.

Changed

• install / set-secret / scaffold-workflow moved under newb dev. Previously top-level (0.25.0). Breaking surface change for
  anyone who scripted against the top-level form, but adoption was
  near-zero so the cleaner grammar wins. The verbs themselves are
  unchanged in behavior.
• env-template → show-env-template. Aligns with the SciTeX
  CLI catalog (show is the canonical read verb; env-template was
  not a verb at all). Added a --json flag to comply with the audit
  rule that show-* verbs offer a machine-readable mode.
• Mutating verbs require --yes / -y. install, scaffold-workflow,
  install-shell-completion, and skills install refuse to run
  without explicit confirmation; pair with --dry-run to preview.
  Removes interactive click.confirm() prompts (forbidden by the
  audit's §2 rule on machine-friendly CLIs).
• Example: blocks added to every leaf command's docstring
  (audit §4).
• Runner image is public on ghcr.io; workflow templates and
  newb-self-verify.yml no longer log into GHCR. Adopting repos
  need exactly one secret (NEWB_ANTHROPIC_API_KEY).

Removed

• newb dev credential2apikey — the bash bridge in
  01_newb.src already extracts the access token from
  ~/.claude/.credentials.json via jq at shell startup; a CLI
  alias was redundant.
• newb dev rotate-github-secrets — collapsed into set-secret.
  Auth flow stays one-directional
  (credentials.json → NEWB_ANTHROPIC_API_KEY → ANTHROPIC_API_KEY);
  newb never writes/synthesises credentials.json.
• newb-self-verify.yml GHCR login step (image is public).
• Stale MANIFEST.md skill leaf (forbidden by skills audit
  SK105 — SKILL.md is the single canonical index).

Fixed

• All five categories of scitex-dev ecosystem audit-all newb
  now report OK.
• 144 unit tests (was 140) pass.

v0.25.0

Added

• newb install <owner>/<repo> — single-repo CI bootstrap.
  Drops .github/workflows/newb.yml (PR by default, --push for
  direct-push) AND sets the NEWB_ANTHROPIC_API_KEY repo secret in
  one verb. Also exposed as separate verbs:
  newb scaffold-workflow and newb set-secret. All three accept a
  positional <owner>/<repo> or . (or omitted) for the current
  git remote. Idempotent — re-running skips already-set secrets and
  existing workflow files; --force overrides.
  • newb deliberately stays single-repo: it knows nothing about
    ecosystems or registries. Multi-repo loops are downstream
    concerns (a wrapping tool calls newb install per repo).
• docs/install.md — generic how-to for newb install.

Changed

• Generalized public-facing docs. Skill frontmatter tags
  (scitex-package → newb), removed "SciTeX-ecosystem"-specific
  prose from docs/badge.md, the skill leaves, and the runtime
  example. The newb package itself no longer mentions specific
  package names (scitex-io etc.) in user-facing text. The runner
  image URL (ghcr.io/ywatanabe1989/newb-runner) and the repo URL
  remain — those are real addresses.
• Runner image is now public on ghcr.io. Workflow templates
  drop the docker-login step; adopting repos need exactly one
  secret (NEWB_ANTHROPIC_API_KEY).
• newb-self-verify.yml — added a newb gate step
  (dogfoods the 0.24.0 declarative gate); dropped the
  GHCR_PAT login.

Removed

• docs/fleet-onboarding.md — replaced by docs/install.md.
  "Fleet" framing was scitex-specific scaffolding for what is, in
  newb, a single-repo operation.

v0.23.0

Added

• Structured <key>_parsed siblings for the canonical questions
  whose replies are CI-gateable. Free-text reply still ships
  unchanged; the parsed form is additive.
  • post_install_check_parsed: {install, import, cli} — each
    ok | fail | n/a | unknown.
  • install_and_help_parsed (cli-tool template): {install, help}.
  • prompt_injection_check_parsed: {found: bool|None, found_raw: yes|no|unknown}.
  • CI gating becomes
    jq -e '.post_install_check_parsed.install == "ok"' newb.json,
    no fragile substring grepping.
  • Off-script replies (agent didn't follow the prompted format)
    yield "unknown" instead of raising — itself a CI signal.
  • New module: newb._parsers (parse_post_install_check,
    parse_install_and_help, parse_prompt_injection_check,
    attach_parsed_fields). 19 new tests.
• newb_signature field at the top of every report — version,
  tagline, PyPI URL, GitHub URL, "Part of SciTeX". Same signature
  rendered as a footer in render_markdown so paste-into-README
  reports carry their own provenance.

Internal

• Extracted render_markdown into _render.py (line-budget
  hygiene; _try.py was at the 512-line limit). Re-exported from
  newb._try so existing imports keep working.
• Extracted _parsers.py as a focused module rather than inlining
  into _try.py — keeps the parser surface easy to extend when new
  question keys land.

Not yet (future work)

The auditor noted that even with parsing, agents occasionally drift
from the prompted format (Install: vs INSTALL:, emoji injection,
extra prose on the verdict line). Three escalation rungs if drift
becomes a real problem:

1. Few-shot examples in the prompt templates (~30 min, ~95%
   reliability).
2. Anthropic Tool Use for post_install_check and
   prompt_injection_check only — JSON schema enforcement at the
   SDK boundary, structurally impossible to drift (~half day).
3. Hybrid stays: free-text for human-readable questions
   (what_for, problems_solved, …), structured for CI-gate
   questions.

Shipping the parsers as the foundation; (1) and (2) defer until
real-world drift data justifies them.