v2.0.0

Second major version. Two breaking changes drive the SemVer bump from 1.x:

1. Trust model flipped to deny-by-default. Previous versions silently auto-registered every type: ai-agent-skill package in AGENTS.md. v2.0.0 prompts on first run and persists explicit decisions in composer.json under extra.ai-agent-skill.allow-skills. Non-interactive runs (CI) default to deny with a per-package composer skills:trust … recovery hint, so dependencies are never auto-trusted in pipelines.
2. Composer support narrowed from ^2.1 to 2.2.*|^2.9 — Composer 2.0/2.1 are end-of-life upstream, and 2.3–2.8 no longer receive maintenance. This matches the only release lines we test against.

Universal skill discovery

Skills are no longer tied to package type. Any Composer package — library, plugin, project — can ship a skill via extra.ai-agent-skill in its composer.json, and it will be discovered, gated through the trust prompt, and (if allowed) registered in AGENTS.md. The legacy type: ai-agent-skill shape continues to work unchanged. Closes #42, shipped via #43.

New trust commands

• composer skills:trust <package> — allow / deny / revoke a trust decision without hand-editing composer.json. Supports glob patterns mirroring Composer's config.allow-plugins.
• composer skills:list-trust — read-only inventory of every persisted decision, with [allowed] / [denied] and (exact) / (glob) markers.
• composer list-skills — now includes a trust-state column and a footer count of pending packages. Purely informational, never prompts.
• composer read-skill — header now shows trust state and warns when reading content from a pending or denied skill.

Broader test matrix, narrower runtime

• Added: PHP 8.5, Symfony 8.0, Symfony 7.4 LTS, Composer 2.9.
• Removed: Symfony 7.2 (no longer receives security updates).
• Composer host matrix: every PHP × Symfony combination is tested against both Composer 2.2 LTS and 2.9.
• Lowest-deps row: one extra matrix row resolves with --prefer-lowest --prefer-stable against Composer 2.2 LTS, validating that documented minimums actually install and pass tests.
• Composer 2.2 LTS compatibility fix: CommandContextTrait now falls back to the legacy getComposer(false) API on Composer 2.2 (tryComposer() was only added in 2.3). Caught by the new --prefer-lowest row.

Quality and security hardening

• PHPStan level bumped from 8 to 10 (max).
• Security review of #43 flagged the previous "auto-seed everything" behavior as HIGH; replaced with the deny-by-default first-run policy prompt.
• Symlink escape, path traversal, and bidi-override / control-char injection in skill metadata all now fail closed.
• Atomic write for trust map persistence.
• New abstractions for testability: SkillTrustManager, TrustStore, SkillGate, PackageProvider, InstalledVersionsProvider, PackageInfo, TrustDecision enum.

Upgrading from v1.x

Existing installations that implicitly relied on the v1.x "auto-trust everything" behavior will see a one-time prompt on their next install/update:

[n] None  [d] Direct deps only  [a] All

• Choose a to preserve previous behavior (auto-trust every legacy type: ai-agent-skill package).
• Choose d to trust only direct dependencies.
• Choose n (default) to start strict and grant trust per-package via composer skills:trust <vendor/package>.

Non-interactive runs default to n and emit a recovery line per affected package — CI never silently auto-trusts dependencies.

The composer-plugin-api constraint change means consumers on Composer 2.0 / 2.1 / 2.3–2.8 must upgrade to Composer 2.2 LTS or 2.9 before installing v2.0.0.

Backfilled CHANGELOG history

This release also backfills CHANGELOG entries for v1.1.3, v1.1.4, and v1.1.5, which were tagged in git but never recorded in CHANGELOG.md.

---

Full changelog: CHANGELOG.md · v1.1.5...v2.0.0 diff

v1.1.5

Dependency-only release

No functional changes. This release bundles a batch of Renovate and Dependabot bumps for GitHub Actions used in the plugin's CI:

• codecov/codecov-action bumped to v6
• dependabot/fetch-metadata bumped to v3 (and then to v3.1.0)
• step-security/harden-runner bumped across 2.16.0 → 2.16.1 → 2.17.0 → 2.18.0 → 2.19.0
• actions/cache digest refreshed to 27d5ce7

These are hardening and bookkeeping updates to the release/publish pipeline; the plugin contents themselves are unchanged from v1.1.4.

Full Changelog: v1.1.4...v1.1.5

v1.1.4

Dependency updates and CI hardening. Updated codecov/codecov-action to v6, dependabot/fetch-metadata to v3, and pinned all GitHub Actions to SHA digests to reduce supply chain attack surface.

Full Changelog: v1.1.3...v1.1.4

v1.1.3

What's Changed

• chore: Configure Renovate by @renovate[bot] in #1
• Security: Pin action SHAs and add explicit permissions by @CybotTM in #2
• feat: Add Agent Skills branding by @CybotTM in #10
• feat(ci): add auto-merge workflow for dependency updates by @CybotTM in #13
• chore(deps): update step-security/harden-runner action to v2.14.0 by @renovate[bot] in #14
• chore(deps): update dependabot/fetch-metadata action to v2.5.0 by @renovate[bot] in #15
• chore(deps): combined dependency upgrades by @powli in #16
• chore(deps): update actions/cache digest to 8b402f5 by @renovate[bot] in #17
• chore(deps): update actions/checkout action to v6.0.2 by @renovate[bot] in #18
• chore(deps): update step-security/harden-runner action to v2.14.1 by @renovate[bot] in #19
• chore(deps): update actions/cache digest to cdf6c1f by @renovate[bot] in #20
• chore(deps): update step-security/harden-runner action to v2.14.2 by @renovate[bot] in #23
• chore(deps): update dependency phpunit/phpunit to v13 by @renovate[bot] in #21

New Contributors

• @renovate[bot] made their first contribution in #1
• @CybotTM made their first contribution in #2
• @powli made their first contribution in #16

Full Changelog: v1.1.2...v1.1.3

v1.1.1

What's Changed

Added

• Working Directory Reminder: read-skill command now displays actionable footer with copy-paste ready cd command to help AI agents execute scripts from correct directory

Changed

• AGENTS.md Instructions: Updated base directory instruction from descriptive to imperative language for clearer guidance

---

Full Changelog: v1.1.0...v1.1.1

v1.1.0 - Enhanced Compatibility & CI

🎉 What's New in v1.1.0

🆕 New Features

Symfony 5.4 LTS Support

• Extended compatibility to support Symfony 5.4+ (previously required 6.0+)
• Now supports: ^5.4|^6.0|^7.0
• Enables usage in projects still on Symfony 5.4 LTS

GitHub Actions CI

• Comprehensive continuous integration workflow
• Test matrix across PHP 8.2, 8.3, 8.4
• Test matrix across Symfony 5.4, 6.4, 7.1
• Lowest dependencies testing (PHP 8.2 + Symfony 5.4)
• Code quality checks (PHPStan level 8, PHP-CS-Fixer)
• Code coverage reporting with Codecov integration
• Automated testing on every push and pull request

🔧 Improvements

Library Best Practices

• Removed composer.lock from repository (libraries should not commit lock files)
• Added composer.lock to .gitignore
• Ensures proper dependency resolution for consumers

Documentation Updates

• Fixed installation instructions for Composer 2.2+ plugin authorization
• Added interactive installation prompt example
• Added non-interactive/CI installation instructions
• Documented allow-plugins configuration requirement
• Added CI and Symfony version badges to README

📊 Compatibility

✅ Tested and verified across:

• PHP: 8.2, 8.3, 8.4
• Symfony: 5.4, 6.4, 7.1
• All combinations passing CI

📦 Installation

composer require netresearch/composer-agent-skill-plugin

See README.md for detailed installation and usage instructions.

🔗 Full Changelog

Compare: v1.0.0...v1.1.0

Release v1.0.0: Initial release of Composer AI Agent Skill Plugin

Release v1.0.0: Initial release of Composer AI Agent Skill Plugin

• Automatic skill discovery from ai-agent-skill packages
• AGENTS.md generation with openskills-compatible XML format
• CLI commands: list-skills and read-skill
• Comprehensive validation and edge case handling
• Full documentation and example skill package