Releases: f0d010c/skillforge
Releases · f0d010c/skillforge
v0.3.2
Patch release based on real marketplace PR review failures.\n\n- Validate plugin manifest include paths.\n- Detect bundled skills that reference plugin-level resources not included for marketplace installs.\n- Warn when README bundle trees mention local folders missing from the installable bundle.\n- Detect category drift between plugin manifests and local marketplace metadata.\n- Add real-world cases and tests for these review patterns.\n\nValidation:\n- npm run build\n- npm test\n- npm audit --audit-level=moderate\n- npm pack --dry-run\n- agent-skillforge self-lint\n- marketplace lint against Stark source and awesome-codex-plugins mirror
v0.3.1
What's Changed
- Added
skillforge.jsonlint ignores for repo-level scans:lint.ignoresupports folders liketemplates/**,tests/fixtures/**, and generated or intentionally broken examples.lint.allowEmptyCollectionlets documentation/tooling repos pass when every discovered skill/plugin folder is intentionally ignored.
- Shared ignore handling across
lint,smoke, andcompatskill discovery. - Added self-dogfooding config so SkillForge can lint its own repo cleanly without flagging intentional fixtures/templates.
- Bumped CLI/package version to
0.3.1.
Verification
npm run buildpassesnpm testpasses with 24 testsnpm auditreports 0 vulnerabilitiesnpm pack --dry-runsucceeds foragent-skillforge@0.3.1skillforge lint .passes on this reposkillforge smoke .passes lint and reports no examples declared- GitHub CI passes across Ubuntu, Windows, and macOS on Node 20, 22, and 24
v0.3.0
What's Changed
- Renamed the npm package to
agent-skillforgeto reflect the broader cross-agent direction. - Kept compatibility binaries:
codex-skillforgeskillforgecsf
- Added new aliases:
agent-skillforgeasf
- Added
skillforge compatfor ecosystem compatibility checks:--target codex--target claude--target portable
- Portable checks now warn on agent-specific wording and paths such as
Claude Code,Codex,.claude/,.codex/, and.agents/. - Portable checks warn on obvious OS-specific script assumptions.
- Updated README, CI action metadata, docs, SARIF tool name, and tests for the broader agent-skill positioning.
- Updated CI to current action majors, read-only permissions, manual dispatch, audit isolation, and an Ubuntu/Windows/macOS test matrix across Node 20, 22, and 24.
- Added GitHub Action Marketplace branding and README usage examples.
- Removed npm-generated package metadata that pointed at a non-existent
index.jsentrypoint.
Verification
npm run buildpassesnpm testpasses with 22 testsnpm auditreports 0 vulnerabilitiesnpm pack --dry-runsucceeds foragent-skillforge@0.3.0- Clean temp install confirms all binaries report
0.3.0 - GitHub CI passes across Ubuntu, Windows, and macOS on Node 20, 22, and 24
v0.2.0
What's Changed
- Added lint profiles:
--profile sourcefor repo/local development--profile marketplacefor publish-ready bundles
- Replaced public confidence labels with deterministic impact labels:
blockingadvisory
- Added smarter source-mode handling for build-generated paths such as
./dist/server.jswhen apackage.jsonbuild script exists. - Added MCP config validation:
- MCP config must parse
- each server should define a
urlorcommand argsmust be an array of strings- local
commandandcwdpaths are checked
- Updated
packto use marketplace-profile linting before producing release artifacts. - Added GitHub Action
profileinput.
Verification
npm run buildpassesnpm testpassesnpm auditreports 0 vulnerabilitiesnpm pack --dry-runsucceeds- Clean temp install confirms
codex-skillforge,skillforge, andcsfreport0.2.0
v0.1.3
What's Changed
- Added shorter installed CLI aliases:
skillforgecsf
- Kept
codex-skillforgeas the npm package name and original binary for compatibility. - Updated README examples so first-time users can keep using
npx codex-skillforge, while installed users can run shorter commands likeskillforge lint ..
Verification
npm run buildpassesnpm testpassesnpm auditreports 0 vulnerabilitiesnpm pack --dry-runsucceeds- Clean temp install confirms all three binaries report
0.1.3:codex-skillforge --versionskillforge --versioncsf --version
v0.1.2
What's Changed
- Upgraded runtime dependencies to reduce stale/deprecated package risk:
archiver8commander14yaml2.9zod4
- Fixed
archiver8 ESM usage so the packaged CLI and dogfood GitHub Action run correctly. - Updated the CLI
--versionoutput to0.1.2. - Updated Zod schema usage for v4 compatibility.
- Added real-world example cases based on public Codex plugin scan patterns:
- missing MCP server file referenced from a plugin manifest
- stale
SKILL.mdreference link - weak trigger description caught in
--strictmode
- Added README note that SkillForge is listed in
awesome-codex-pluginsunder "Validate Before You Ship". - Kept raw scan artifacts local-only via
.gitignore.
Verification
npm testpassesnpm run buildpassesnpm auditreports 0 vulnerabilitiesnpm pack --dry-runsucceeds- GitHub Actions CI passes on the final release commit
v0.1.1
What changed
- Added
--strictfor advisory lint checks. - Made default lint mode lower-noise for CI usage.
- Added confidence metadata to lint findings.
- Tightened
reference.missingso placeholder words and external URLs are not treated as missing files. - Added a regression fixture for reference-noise cases.
- Added README security model notes.
- Added real-world scan notes from
awesome-codex-plugins.
Verification
npm run buildnpm testnpm auditnpm pack --dry-run- Clean
npx codex-skillforge@latestsmoke test
v0.1.0
Initial public release of Codex SkillForge.
Highlights:
- Scaffold Codex skills and plugins.
- Lint
SKILL.md,agents/openai.yaml, plugin manifests, bundled skills, hooks, apps, MCP paths, and assets. - Smoke-test declared example prompts.
- Pack release artifacts with install notes and marketplace entry metadata.
- Run SkillForge in CI through the included GitHub Action.
Install:
npx codex-skillforge lint .