v1.8.7

Added

• Q16 audit check — new skill quality check detects allowed-tools declaring external CLI tools (not git/python/node/npm/npx/bash or bin//scripts/ paths) without a ## Prerequisites section in the SKILL.md body
• Prerequisites writing guide — skill-writing-guide.md now includes a "Prerequisites Writing" section with standard table format and agent behavior for required vs optional tools
• Overview writing guide — skill-writing-guide.md adds an "Overview Writing" section with three-element template (purpose, core principle, skill type)
• Missing dependency handling — external-integration.md documents the required/optional tool detection pattern for skills with external CLI dependencies

Changed

• Authoring step 8 expanded — external dependency check now includes Prerequisites section guidance alongside declaration syntax
• Skill structure order updated — recommended section order in skill-writing-guide.md now places Prerequisites between Overview and Entry Detection

v1.8.6

[1.8.6] - 2026-04-22

Added

• GitHub issue templates — bug report, feature request, and platform support request templates with structured triage fields; config.yml disables blank issues
• Pull request template — contribution checklist covering validation commands, rigor evidence, and human review gate

Changed

• Input normalization inlined — critical normalization steps (workspace resolution, common input types, failure handling) moved from references/input-normalization.md into auditing and optimizing SKILL.md; reference file demoted to supplementary edge-case documentation
• CLAUDE.md expanded — .bundles-forge/ runtime output directory added to Directory Layout section
• Audit report examples consolidated — replaced dated audit pair (superpowers-v5.0.7-audit.2026-04-20.md/.zh.md) with revised GLM 5.1 reports; improved per-skill analysis formatting and scoring transparency

v1.8.5

[1.8.5] - 2026-04-21

Changed

• Audit scoring formula updated — warning penalty now capped per check ID (capped_warning_penalty = sum(min(count_per_check_id, 3))), preventing a single noisy check from overwhelming the score
• audit_docs.py D2 enhanced — cross-reference validation now resolves <project>:<name> against both skills/ directories and agents/*.md files, not just skills
• Optimizing guide expanded — added Target 7 (Deprecation and Migration) covering skill deprecation, renaming, splitting, merging, and platform cleanup; all "6 targets" references updated to "7 targets"
• Releasing guide restructured — inserted Step 4 (Local Testing) between Change Review and Version Bump; steps renumbered 4→5 through 7→8
• Prerequisites clarified — README now documents python or python3 with find_python() auto-detection instead of requiring only python

Fixed

• Auditing guide check list corrected — audit_skill.py description updated from Q1-Q15, S9, X1-X4, C1, G1-G5 to accurate Q1-Q15, S9, X1-X4
• Troubleshooting guide D3/D6 descriptions fixed — D3 now correctly describes platform manifest sync; D6 correctly describes README sync (previously swapped)
• Session-start prompt size — concepts guide updated from ~120 bytes to accurate ~180 bytes

v1.8.4

[1.8.4] - 2026-04-21

Removed

• commands/ directory deleted — all 8 /bundles-* slash command stubs removed; skills are now invoked exclusively via bundles-forge:<skill-name> references or automatic description matching
• Command concept removed from documentation — "Skill vs Command" distinction, Command row in Key Concepts table, and command-related sections removed from docs/concepts-guide.md/.zh.md

Changed

• Skill invocation model simplified — all documentation, guides (EN + ZH), and README files updated from /bundles-* slash commands to bundles-forge:<skill-name> invocation syntax (e.g. bundles-forge:auditing, bundles-forge:blueprinting)
• README "Commands" section → "Invoking Skills" — command table replaced with concise invocation explanation in both README.md and README.zh.md
• Architecture diagrams updated — Mermaid flowcharts in both READMEs simplified by removing command nodes; flow now starts directly from skill entry points
• Platform manifests cleaned — "commands" field removed from .cursor-plugin/plugin.json and scaffolding Cursor template
• audit_docs.py D6/D7 updated — D6 no longer checks command table sync; D7 now validates bundles-forge:<skill-name> references instead of /bundles-* slash commands between EN/ZH guide pairs
• Auditor agent updated — report next-step recommendations changed from /bundles-optimize to bundles-forge:optimizing
• Scaffolding skill streamlined — command generation step removed from scaffold pipeline; project anatomy reference removes commands/ section
• Testing skill updated — component discovery checklist no longer includes commands
• Codex INSTALL.md updated — symlink instructions no longer reference commands/ directory
• Audit report examples added — examples/superpowers-v5.0.7-audit.2026-04-20.md and .zh.md

v1.8.3

Changed

• Session-start hook rewritten — replaced session-start.py (Python) with a Bash session-start script plus a run-hook.cmd polyglot wrapper, enabling native execution on both Unix and Windows without requiring a Python interpreter for the hook itself
• CLI dispatcher hardened — bin/bundles-forge now includes a Python interpreter probe (tries python3 then python), and bin/bundles-forge.cmd provides clearer error messages when Python is unavailable
• Documentation updated — AGENTS.md, CLAUDE.md, concepts/scaffolding/troubleshooting guides, and audit references refreshed to reflect the new hook structure and platform detection flow

Added

• .gitattributes — enforces consistent line endings for cross-platform compatibility
• Polyglot wrapper run-hook.cmd — shell/CMD dual-mode script that detects the OS and delegates to the correct interpreter
• Audit report examples — superpowers-v5.0.7-audit.glm51.md and its Chinese translation added under examples/

v1.8.2

Changed

• CLI dispatcher polyglot header — bin/bundles-forge converted from #!/usr/bin/env python3 shebang to a shell/Python polyglot that tries python3 then python via exec, improving compatibility across environments where only one binary name is available
• Auditing failure handling unified — all three audit modes (Full Project, Single Skill, Workflow) now use a consistent retry pattern with <plugin-root> resolution (, , or .) instead of hardcoded CMD wrapper bypass instructions
• Concepts guide updated — Bundled Scripts section now documents the bundles-forge CLI dispatcher instead of stating 'Not used'

Added

• CLI dispatcher tests — 5 new tests in TestCLIDispatcher: help output, no-args behavior, unknown command exit code, audit-plugin routing via dispatcher, and polyglot header format validation

v1.8.1

Added

• --output-dir CLI flag — all audit scripts (audit_plugin, audit_docs, audit_security, audit_skill, audit_workflow) now accept --output-dir to save results to a specified directory with timestamped filenames

Changed

• Auditing SKILL.md restructured — Full Project Audit section rewritten as explicit Steps 1-4 (Script Baseline → Dispatch Auditor → Behavioral Verification → Verify Final Report) with Prerequisites, Action, Expected Output, and Failure Handling for each step
• audit_workflow.py standardized — migrated from manual argparse to shared _cli.py make_parser() for consistent CLI behavior across all scripts
• Auditor agent updated — fallback command now includes --output-dir .bundles-forge/audits flag

Fixed

• Windows CMD wrapper — bundles-forge.cmd now forwards exit codes correctly via exit /b %ERRORLEVEL%

v1.8.0

Added

• Comprehensive audit report example — examples/superpowers-v5.0.7-audit.md and .zh.md worked audit reports for the superpowers bundle-plugin
• Plugin context documentation — auditing SKILL.md now documents workspace resolution when running as an installed plugin ($CLAUDE_PROJECT_DIR / <target-dir>)
• Shared finding classification — classify_finding_category() and count_by_severity() extracted to _parsing.py as shared utilities across audit scripts

Changed

• CLI parameter rename — project-root → target-dir across all scripts (_cli.py, audit_docs.py, audit_plugin.py, audit_security.py, audit_skill.py, audit_workflow.py, generate_checklists.py, bump_version.py), SKILL.md files, and documentation
• Output directory structure — audit reports now write to .bundles-forge/audits/, eval results to .bundles-forge/evals/, and inspector reports to .bundles-forge/blueprints/ (previously all flat under .bundles-forge/)
• audit_docs.py refactored — project metadata detection now uses shared detect_project_meta() from _parsing.py instead of inline logic (2 occurrences deduplicated)
• audit_workflow.py refactored — severity counting replaced with shared count_by_severity() from _parsing.py
• audit_skill.py refactored — _classify_finding() replaced with shared classify_finding_category() from _parsing.py; severity counting uses shared count_by_severity()
• Documentation synced — all docs/ guides (auditing, authoring, cli-reference, concepts, optimizing, releasing) and their .zh.md translations updated with new target-dir terminology
• CLAUDE.md — CLI examples updated from [project-root] to [target-dir]
• Agents updated — auditor.md, evaluator.md, inspector.md aligned with terminology changes

v1.7.8

[1.7.8] - 2026-04-17

Added

• 2 new test suites — test_skill_quality.py (description format, cross-references, Integration symmetry) and test_workflow_chains.py (live project workflow integrity, Calls/Called-by symmetry, graph connectivity); total suites now 6
• Testing prompt samples — tests/prompts/testing.yml for testing skill trigger evaluation
• Audit report examples — examples/bundles-forge-v1.7.7-audit.md and .zh.md worked audit reports
• Security triage protocol — auditor agent now classifies suspicious findings as FP/Accepted/TP with rationale table in report
• Suspicious Triage table — added to plugin-report-template.md for traceable security disposition
• New references — ab-eval-protocol.md, restructuring-operations.md, adaptive-mode-questions.md extracted from skill bodies

Changed

• AGENTS.md rewritten — converted from simple agent guidelines to comprehensive PROJECT KNOWLEDGE BASE format (Codex-compatible)
• CLAUDE.md streamlined — condensed Skill Architecture, Session Bootstrap, Agent Dispatch, and Platform Manifests sections; references AGENTS.md for details
• blueprinting SKILL.md — extracted adaptive mode questions 4a-7 to references/adaptive-mode-questions.md
• optimizing SKILL.md — extracted A/B eval protocol and restructuring operations to references/; simplified inline content
• CI matrix expanded — added Windows (3.12) matrix entry and audit-workflow step to validate-plugin.yml
• audit_docs.py — improved AGENTS.md skill list parsing with fallback from table-based to content scan
• audit_security.py — added SC11 superseded-by: exclusion; skip node_modules in scan

Fixed

• README/README.zh.md — added python PATH prerequisite note for systems with only python3
• using-bundles-forge SKILL.md — added OpenClaw discovery documentation

v1.7.7

Added

• Testing skill — new bundles-forge:testing executor for dynamic plugin verification: dev-marketplace setup, hook smoke tests, component discovery, and cross-platform readiness checks
• /bundles-test command — slash command stub routing to the testing skill
• CI workflow — .github/workflows/validate-plugin.yml for automated JSON validation, version/checklist drift, audit, and Python test matrix (3.9 + 3.12)
• Hooks configuration reference — skills/scaffolding/references/hooks-configuration.md with comprehensive hook authoring guide
• Deprecation guide — skills/optimizing/references/deprecation-guide.md for safe skill deprecation and migration workflows
• Platform test guides — skills/testing/references/platform-test-guides.md with per-platform local testing instructions

Changed

• Skill count updated to 8 — all project files now reference 8 skills including the new testing skill
• Release pipeline expanded — releasing now includes a testing phase between audit and version bump
• Session bootstrap simplified — session-start.py emits a lightweight one-line prompt; full routing context loaded on demand via the Skill tool
• Installation instructions updated — README install steps now use dev-marketplace workflow (/plugin marketplace add + /plugin install)
• GitHub organization URL updated — odradekai → OdradekAI across README and install docs
• Using-bundles-forge streamlined — removed "Red Flags" section; added testing to routing tables and priority order