- Fixed generated projects failing to render the Graph view in Vite dev/SSR because
3d-force-graphdependencies were not being optimized consistently, causingngraph.forcelayoutdefault-import errors
- Fixed generated projects failing to start the web app because published root packages did not include the top-level
shared/modules referenced fromsrc/ - Fixed
harbor init .next-step output so it no longer prints the meaninglesscd .step
- Fixed packaged runtime entrypoints so generated projects correctly execute
pnpm collect,pnpm post-collect,pnpm build,pnpm dev, andpnpm previeweven when pnpm runs package files through symlinked paths - Fixed generated projects failing to start
pnpm devbecausesveltekit-view-transitionwas treated as a development-only dependency instead of a runtime dependency - Fixed collector downloads for empty repository files such as Python
__init__.py, which are now saved as proper empty files instead of being reported as unexpected responses - Updated init next-step guidance to include
pnpm post-collect, and documented how to test unpublished local packages from a generated project without publishing to npm
- Fixed packaged runtime entrypoints such as
pnpm collect,pnpm post-collect,pnpm build,pnpm dev, andpnpm previewso they execute correctly when Node runs them through pnpm-managed symlinked paths - Shared direct-execution detection in a common helper and updated init next-step output to show
gh auth loginandpnpm collectas separate lines
- Simplified generated project execution by treating
collect,post-collect,dev,build, andpreviewas project-local npm scripts that call packaged runtime entrypoints directly, while narrowing the public CLI surface toinitandsetup - Reworked the collector and web runtime entry layout around
src/runtime/*modules and shared runtime helpers so internal execution no longer depends oncli/commandswrappers - Updated reusable and generated GitHub workflows to call installed runtime modules directly, and changed the Cloudflare Pages deploy template to run
pnpm buildfollowed bywrangler pages deploy
- Fixed generated projects resolving the wrong project root during collect/post-collect runs, so
config/harbor.yamlis read from the actual project and missing config now fails fast with a clear error - Fixed init quick-start guidance and generated workflow/script templates so the documented install, collect, and preview flows match the current package layout
- Added Storybook for the web application with light/dark theme switching and initial component stories for skill and config screens
- Changed
builtin.notify-slackto requireHARBOR_SLACK_WEBHOOK_URLfor live sends, updated templates/docs to prefer env-based secret handling, and madepost-collectload.env - Reorganized Storybook stories under grouped
Components/Skills/*andComponents/Config/*sections to make the UI catalog easier to expand
- Fixed the packaged Guide default content so
/guideno longer falls back to the repository rootREADME, andpnpm buildsucceeds again - Fixed collector runtime settings loading by removing repeated config reads, centralizing defaults, and trimming remaining wrapper/parsing duplication
- Fixed small documentation inconsistencies including the collector README language links
- Added richer
builtin.notify-slackreporting with configurable highlighted intents and clearer debug output for post-collect notification flows - Added small shared collector/runtime utilities for frontmatter parsing, GitHub origin detection, YAML array loading, and label-intent normalization to reduce duplicated logic
- Starting with 0.15.0, the publishable package layout changed from four packages (
cli,collector,post-collect,web) to two packages: the rootagent-skill-harborpackage andcollector/. The olderpackages/*split was removed, and related templates, workflows, and docs were updated accordingly - Reorganized root scripts around
dev/build/previewfor web flows,cli:buildfor the packaged CLI build, andtypecheck/verify/fixfor repository maintenance - Updated contributor and release documentation to match the current package layout, command names, and local development flow
- Fixed duplicated parsing and validation logic across collect and post-collect runtimes by moving shared implementations into common modules
- Fixed Slack notification summaries and highlight counting so built-in plugin results are reported more consistently
- Fixed several stale command references in setup and release guidance so they match the current script layout
- Fixed CLI package-root resolution to walk up the directory tree instead of checking fixed relative depths, so
initandgenwork correctly when tsup inlinespaths.tsinto deeper entry files withsplitting: false
- Fixed
collectorandpost-collectpackages publishingworkspace:*dependency onshared-internalby bundling it via tsupnoExternaland moving it todevDependencies
- Added shared view transitions in the web UI for skill titles, cross-page view tabs, and the owner filter so navigation between card/list/stats/graph views keeps more visual context
- Added animated header toggle icons, a shared
ToggleGroupimplementation, and sharedOwnerFilter/PillSelectFiltercomponents to reduce duplicated UI logic in the web app
- Moved the monorepo packages under
packages/{cli,collector,post-collect,shared-internal,web}and updated workspace scripts, repository paths, templates, and docs to match the new layout - Standardized package scripts around
format,format:check,lint,lint:check,check,test,build, andverifyso package-local maintenance flows are consistent across the repository - Pinned external GitHub Actions in Harbor's reusable workflow and generated deploy workflow templates by commit SHA, moved artifact actions onto their reviewed newer major lines, and introduced an update flow that uses
actions-upfor minor-safe action bumps while keepingpnpm/action-setupas an explicit manual review item - Removed stale CLI runtime wrappers and duplicated runtime code, refactored stats aggregation into shared helpers, and introduced a small persistent-store helper for web state such as theme/background/locale
- Centralized repeated TypeScript ESLint settings in a shared root config helper instead of maintaining identical per-package configs
- Added
packages/shared-internal/as a private workspace package socollectorandpost-collectsharecatalog-storeandresolved-fromfrom one source instead of keeping duplicate runtime copies - Updated local development and release docs to cover
packages/shared-internal/, package-localverifyflows, and the current monorepo package boundaries more clearly
- Fixed CLI package-root detection so installed
init/gencommands resolve templates correctly from both source execution and builtdist/output - Fixed package tarball contents and release docs so package publishes stay clean and current package-specific publish steps are documented accurately
- Fixed the ripple background so ambient ripple generation pauses while the browser tab is hidden instead of bursting on return
- Added the built-in
builtin.audit-skill-scannerpost-collect plugin for org-owned skills, including localskill-scannerCLI execution, HTML/SARIF/JSON secondary artifacts, and skill detail links - Added top-level
sub_artifactssupport to plugin output so secondary files can be described once per plugin and linked from the web UI without per-skill path duplication - Added a WebGL water ripple background effect as a switchable alternative to the existing starfield, with a three-way toggle (none / stars / ripples) in the header that persists via localStorage
- Replaced the generated
CollectSkillsworkflow body with a thin caller that uses Harbor's published reusable workflow pinned towf-v0, and made the reusable workflow auto-installskill-scanneronly whenbuiltin.audit-skill-scanneris enabled - Moved
builtin.audit-promptfoo-securitysecondary report links to the newsub_artifactsconvention and aligned plugin detail rendering around artifact file names - Updated built-in plugin docs, init template examples, and package READMEs to document
skill-scanner, secondary artifact conventions, and Python CLI requirements - Removed the older
builtin.audit-staticbuilt-in plugin now thatbuiltin.audit-skill-scannercovers the security-audit role more clearly - Changed secondary artifact storage from
data/plugin-reports/todata/assets/plugins/, copieddata/assets/into the web output during build, and documented theharbor devstaging path for source-repo development - Renamed the example user-defined plugin scaffold to
example-user-defined-plugin, changed its suggested short label toExample, and made its demo labels neutral (Ex01/Ex02) - Ordered plugin labels in filters and stats by
label_intentskey order, expanded stats trend charts to support up to 7 labels, and refined marker shapes for higher-cardinality plugins - Added counts to skill list filter options and included plugin secondary artifact links in generated GitHub issue bodies for skill detail pages
- Excluded
docs/samples/from workspace Prettier checks so local sample outputs do not fail repository formatting checks - Fixed implicit
anytypes inweb/src/lib/components/StarsBackground.sveltesoweb checkpasses again - Fixed plugin output YAML folding so long
collect_idvalues no longer break latest-result resolution in the web UI
- Added the built-in
builtin.audit-promptfoo-securitypost-collect plugin, including HTML report generation, report links in skill detail pages, and docs for built-in plugin behavior - Added install-surface separation with published
agent-skill-harbor-collector,agent-skill-harbor-post-collect, andagent-skill-harbor-webruntime packages alongside the thinagent-skill-harborwrapper - Added
collect --forceto refresh repositories and skill files even when catalog SHAs are unchanged
- Reworked init templates and GitHub workflows to install role-specific Harbor packages from
tools/harbor/{collector,post-collect,web} - Made collect prune stale repository data when repositories fall out of scope due to excludes or origin resolution changes
- Improved local development and release docs to reflect the split runtime packages and wrapper-based source-repo workflows
- Fixed project-root resolution across collect and post-collect so source-repo execution reads and writes the intended
config/anddata/directories - Fixed wrapper command argument forwarding so delegated commands receive their own flags correctly
- Disabled
promptfootelemetry and update checks during Harbor-driven security audits
- Added normalized
resolved_fromprovenance tracking so collected skills can trace copied origins from_fromfrontmatter or GitHub-basedskills-lock.json - Added a Skill Catalog guide that documents the catalog pages and provenance tracking behavior
- Reduced
data/skills.yamlto catalog metadata only and stopped copying each skill frontmatter into the YAML snapshot - Updated fixture catalog snapshots to match the slimmer
skills.yamlformat and includeresolved_fromwhere available
- Renamed the init workflow template from
CollectAndAuditSkillstoCollectSkillsso collection remains the stable entry point as post-collect processing grows - Changed the default
audit.enginesscaffold to[]and keptbuiltin.staticcommented out because it is still alpha and should stay opt-in by default
- Added a new
auditpipeline to the CLI, including static and user-defined engines, audit reports, history linking, and workflow templates - Added audit reporting to the web UI, including audit summaries in Stats and audit settings in the Config > Harbor tab
- Added optional raw config file panels to the Config tabs so
harbor.yamlandgovernance.yamlcan be inspected in-place
- Refined the built-in static audit engine to use
pass / info / warn / fail, reduced false-positive severity, and renamed the built-in engine id tobuiltin.static - Improved the Harbor config tab with YAML-key help popovers, derived label/help key conventions, and a configurable UI title
- Improved mobile responsiveness for the header, tab bar, card list, and graph detail panel
- GitHub Pages deploy workflow template now creates the Pages artifact manually instead of using
upload-pages-artifact, which excludes.github(all versions) and other dotfiles (v4) from the tar archive
- List view default grouping changed from Repository to Origin
- Broadened the Vite dev server filesystem allow list so
pnpm devworks again when the installed web package is resolved from pnpm's nested store paths
- Tightened the root workspace formatter to repository-level shared files only, leaving package-local formatting to
packages/cli/andpackages/web/
- Added package-local
format,format:check,lint,lint:check, andverifyworkflows sopackages/cli/andpackages/web/can be checked and fixed independently from the workspace root - Updated release docs to use package-specific
verifysteps, optionalpackguidance, and package-specific git tags (cli-vX.Y.Z,web-vX.Y.Z) - Refined package-local formatting targets and fixed small CLI/web source issues uncovered by the new static checks
- Updated contributor docs and README notes to match the independent-package release workflow
- Simplified releases by versioning
agent-skill-harborandagent-skill-harbor-webindependently instead of forcing lockstep bumps - Removed repository-wide version sync scripts and package lifecycle hooks tied to cross-package version alignment
- Relaxed the CLI dependency on
agent-skill-harbor-webto a broad<1range so minor and patch web releases do not require a CLI release - Updated contributor and release docs to describe package-specific releases instead of synchronized dual-package releases
- Added Japanese README support for the published
agent-skill-harborCLI package
- Moved the published CLI package into
packages/cli/so the repository now has symmetricpackages/cli/andpackages/web/package roots - Reduced the root workspace scripts to repository-level maintenance tasks and updated contributor docs to run package-local commands from
packages/cli/andpackages/web/ - Renamed the CLI package build script to
buildand simplified version hooks so the init template stays a checked placeholder instead of a synced output
- Guide markdown links now preserve
paths.baseduring rendering so GitHub Pages prerender does not fail on/guidelinks
- Bundled default Guide pages in
agent-skill-harbor-web, with project-levelguide/overrides andguide/.gitkeepscaffolding
- Renamed the in-app Docs section to Guide and moved its routes from
/docsto/guide - Simplified the init template README to a minimal Quick Start link so copied docs stay lightweight
- Docs dynamic routes now use
prerender = 'auto'so/docs/[slug]no longer fails builds as an unseen prerenderable route
- Skill detail heading IDs now use
github-sluggerwith plain-text heading extraction to better match GitHub anchor generation - Prerender missing-id handling is now downgraded to warnings instead of build-stopping errors
- External
SKILL.mdfiles with GitHub-style self-fragment links no longer fail static builds when their anchors differ slightly from local rendering
- Init workflow templates now keep explicit
pnpmmajor-version pinning without the temporary Node 24 migration env flag - Published
agent-skill-harbor-webmetadata now includes npm description, keywords, and license fields
- Skill detail heading IDs now match GitHub-style anchor links for headings containing symbols such as
&
- Release documentation split into dedicated
04-releasedocs (EN/JA) - Internal npm README files for the published
agent-skill-harbor-webpackage versions:syncandversions:checkscripts to keep root, web, and init template versions aligned
- Split the published web runtime into
agent-skill-harbor-weband made the CLI depend on it - Updated local development docs to explain package ownership and publish order
- Added version lifecycle hooks around
pnpm versionandprepack
harbor build,harbor dev, andharbor previewnow resolve Vite from the installed web package instead of a missing bundled path- Skill detail prerendering now works when building without crawled skill entries present in the source repository
- GitHub Pages init workflow now installs
pnpmvia major-version pinning (version: 10) instead of requiring a stale exact version - GitHub Pages init workflow now opts JavaScript actions into Node.js 24 to avoid the Node.js 20 deprecation path
- Init template now installs the current
agent-skill-harborrelease line instead of the stale^0.1.0
- Config page with Harbor settings and Governance tabs, powered by Zod schemas
- README (EN/JA) displayed at
/docs/as the first sidebar entry manage-governanceandmanage-harbor-configCLI skills with Zod schema references
- Renamed
settings.yamltoharbor.yamlfor clarity - Replaced monolithic
manage-skillskill with focusedmanage-governanceandmanage-harbor-config - Renumbered docs: governance guide →
02, local development →03 - Removed trailing slashes from all routes (
trailingSlash: 'never') - Improved README overview and simplified Organization Setup guide
- Updated agent-command-sync references to agent-skill-porter
- Old screenshot files from
docs/ manage-skillskill (skills are managed by collect phase, not manually)
- Stats page date formatting now respects the selected locale (EN/JA)
- README screenshots updated to
docs/img/, added Stats view, Stats and Graph displayed vertically
- "By Origin" grouping in List view — resolves true origin by recursively following
_fromchains - Origin table with tree-structured display (origin skill + derivative copies)
originTablei18n keys (EN/JA)
- Grouping toggle refactored from single boolean to exclusive mode (
repo/origin/ flat) - Collect cron schedule changed from every 6 hours to weekly (Sunday 12:00 UTC)
- Japanese
repoTable.skillslabel changed to "スキル数" prepackscript added to auto-build CLI before publish/pack
- Stats view with KPI cards, skill trend chart, and collection history table
- Dual-axis trend chart overlaying skill count and repo skill adoption rate
repos_with_skillsmetric for tracking skill adoption across repositories- Hover tooltips on trend chart data points with vertical guide line
- Owner filter on Graph view with URL parameter sync
- Retry with exponential backoff (up to 3 attempts) for GitHub API calls (500/502/503)
- Randomized footer taglines (5 candidates)
- Repository grouping in skills list page
- Separate
collect-history.yamlfor collection history tracking
- Restructured
collect-history.yamltocollecting+statistics(org/community breakdown) format - Renamed
admin.yamltosettings.yaml, addedincluded_extra_reposconfig - Stats tab moved to leftmost position in tab bar
- Repo KPI shows adoption rate format (
repos_with_skills / total (pct%)) - Graph force layout tuned: link distance scales with node degree, stronger charge repulsion
- Improved error messages in collector: shows HTTP status instead of raw HTML
checkRateLimitwrapped in try-catch to avoid blocking on 503
- Owner filter now preserved when navigating to Graph view via tabs
- List view defaults to group-by-repo; tab toggle no longer requires double click
- Restore trailing spaces in README taglines for Markdown line breaks
- Updated tagline and package description
- FileTree component for skill detail page file browser
- Tooltip for truncated descriptions in list view
- Collection summary output with repo/skill/file counts and elapsed time
- Collection metadata (
metablock) saved to skills.yaml
- Renamed
catalog.yamltoskills.yaml - Renamed detail field "Origin" to "Owner", merged Source History into Details section
_fromfrontmatter standardized as scalar (owner/repo@sha), with array backward compatibility- Removed redundant
filesfield from skills.yaml (derived from filesystem cache) - Truncate long skill names in list view with max width
- Tab-based view switching (Card / List / Graph)
- List (table) view with sortable columns and Repository column
reroutehook to serve catalog on both/and/skills/- Cloudflare Pages deploy command and workflow
- Catalog URL restructured from
/to/skills/ - Renamed "Origin" filter/column to "Owner"
- Removed platform display from Card and detail views
- Removed Graph link from header navigation
- Replaced page title with inline skill count in filter row
- Split templates into
init/anddeploy/subdirectories - Moved collect runtime into dist entrypoint
- Markdown links in skill detail pages
- Public origin repository collection
- CLI commands (
init,collect,build,dev,preview) - Interactive 3D knowledge graph view
- Dark mode with light/dark/system toggle
- i18n support (EN/JA)
- Skill detail pages with governance badges and provenance tracking
- Dynamic docs routing
- 404 error page
- Graph print/export feature
excluded_repossetting in settings.yaml- ESLint flat config
- Renamed product from Skill Warehouse to Agent Skill Harbor
- CLI command renamed to
harbor - Replaced build:catalog with SvelteKit server-side catalog loading
- Various data model improvements (tree_sha, _from tracking, timestamps)
- Initial MVP implementation