chore(release): v0.1.2#4
Conversation
Patch release: ships the keyword-on-coordinator fix from #2 (the false 'SKILL.md not found' warning that fired against the coordinator package itself when installed alongside any real skill package), plus the dependabot/renovate setup, idempotency-probe correction, and the ruleset/workflow-perms hardening that landed since v0.1.1. Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
There was a problem hiding this comment.
Pull request overview
This PR prepares the v0.1.2 patch release of @netresearch/agent-skill-coordinator by bumping the package version and recording the release notes.
Changes:
- Bump
package.jsonversion from0.1.1to0.1.2. - Add a
0.1.2entry toCHANGELOG.mdsummarizing fixes and hardening since0.1.1.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Version bump to 0.1.2 for the release. |
| CHANGELOG.md | Adds release notes for 0.1.2. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request bumps the version to 0.1.2 and updates the changelog to include bug fixes, new dependency management configurations, and security hardening measures. The feedback suggests renaming the Hardened section to Security to align with the Keep a Changelog standard and adding a missing version link reference at the end of the file.
The lockfile root version remained at 0.1.0 after the v0.1.2 bump, so `npm install` and lockfile-aware tooling reported a mismatched root package version. `package-lock.json` is not included in the published npm tarball (the `files` allowlist excludes it), so this only affects the development checkout and CI installs — no v0.1.3 release needed. Addresses review feedback on #4 from copilot-pull-request-reviewer. Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
Summary
Patch release. The keyword-on-coordinator fix from #2 needs an actual published version to reach users, so this PR bumps package.json to 0.1.2 and cuts CHANGELOG.md.
What v0.1.2 fixes / adds (since v0.1.1 on npm)
ai-agent-skillkeyword from the coordinator's own package.json (was triggering a self-detection warning on every install)npm view(which 404s under the runner's OIDC auth context).npmrcadded to.gitignoreRelease flow
After merge,
git tag -s v0.1.2 -m "v0.1.2" && git push origin v0.1.2. The release workflow publishes to npm via OIDC Trusted Publishing (configured by maintainer after v0.1.1) and creates the GitHub Release.