npm - @aimlsuperagent/agent - Versions diffs - 0.1.3 → 0.1.4 - Mend

@aimlsuperagent/agent 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +2 -0
package/bin/aiml-superagent.js +15 -1
package/package.json +1 -2
package/templates/AGENTS.template.md +1 -1
package/templates/SAFE_ENV_AUDIT.template.md +1 -2
package/templates/WORKING_NOTES.template.md +2 -1
package/DEPLOYMENT_LOG.md +0 -75

package/README.md CHANGED Viewed

@@ -124,6 +124,8 @@ Check a project for SuperAgent readiness:
 npx @aimlsuperagent/agent check .
 ```
+Generated notes are intended to be safe to commit only after you keep them value-free: record names, roles, decisions, and verification summaries, never credential values, private customer data, local machine paths, or scratch-only notes.
 For personal machine-wide use, install the CLI globally:
 ```bash

package/bin/aiml-superagent.js CHANGED Viewed

@@ -104,6 +104,15 @@ function readJson(file) {
   return JSON.parse(fs.readFileSync(file, "utf8"));
 }
+function isFrameworkPackageRepo(rootDir) {
+  try {
+    const packageJson = readJson(path.join(rootDir, "package.json"));
+    return packageJson.name === "@aimlsuperagent/agent";
+  } catch {
+    return false;
+  }
+}
 let cachedPackageVersion;
 function packageVersion() {
@@ -370,7 +379,11 @@ function checkProject(targetDir, options = {}) {
     }
   }
-  for (const file of RECOMMENDED_FILES) {
+  const recommendedFiles = isFrameworkPackageRepo(rootDir)
+    ? RECOMMENDED_FILES.filter((file) => file !== "DEPLOYMENT_LOG.md")
+    : RECOMMENDED_FILES;
+  for (const file of recommendedFiles) {
     if (!fs.existsSync(path.join(rootDir, file))) {
       findings.push({
         severity: "low",
@@ -598,6 +611,7 @@ async function main() {
     for (const action of actions) {
       console.log(`${action.type}: ${action.file}`);
     }
+    console.log("commit-safety: run `npx @aimlsuperagent/agent check .` before committing generated notes, and store names/roles only, never secret values.");
     const exitCode = 0;
     await recordCliAnalytics(options, {
       command,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aimlsuperagent/agent",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "A token-efficient operating framework for AI coding assistants.",
   "type": "module",
   "bin": {
@@ -16,7 +16,6 @@
     "templates/",
     "AGENTS.md",
     "CONTRIBUTING.md",
-    "DEPLOYMENT_LOG.md",
     "LICENSE",
     "README.md",
     "REPO_SOURCE_OF_TRUTH.json",

package/templates/AGENTS.template.md CHANGED Viewed

@@ -16,6 +16,7 @@ Describe the project in one paragraph.
 - Make small, task-traceable diffs.
 - Verify production reality before changing code when the task depends on live state.
 - Do not store secrets in notes, examples, commits, or logs.
+- Keep generated notes commit-safe: names and roles are okay; credential values, local paths, customer data, and scratch-only notes are not.
 - Update durable notes only when reality changed.
 ## Do Not Load By Default
@@ -39,4 +40,3 @@ REPLACE_WITH_COMMAND
 ```
 If the command cannot run, state why.

package/templates/SAFE_ENV_AUDIT.template.md CHANGED Viewed

@@ -1,8 +1,7 @@
 # Safe Environment Audit
-Do not store values. Store names, roles, scope, and verification status only.
+This file is intended to be safe to commit when it stores names, roles, scope, and verification status only. Do not store values, connection strings, tokens, private keys, password hashes, customer data, or local machine paths.
 | Name | Role | Environments | Source Of Truth | Status | Last Verified |
 | --- | --- | --- | --- | --- | --- |
 | EXAMPLE_API_KEY | Example external API access | production, preview | hosting provider env | placeholder | YYYY-MM-DD |

package/templates/WORKING_NOTES.template.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # Working Notes
+These notes are safe to commit only when they contain durable project facts, decisions, and verification summaries. Do not write secrets, credential values, private customer data, local machine paths, or temporary scratch notes here.
 ## Current Durable Facts
 - Add only facts that will help future tasks.
@@ -15,4 +17,3 @@
 ## Stale Or Deprecated Facts
 - None recorded.

package/DEPLOYMENT_LOG.md DELETED Viewed

@@ -1,75 +0,0 @@
-# Deployment Log
-This repository is public. The npm package is published publicly at `@aimlsuperagent/agent`.
-## 2026-05-31 - Private Repository Buildout
-Platform: local repository
-Commit or build: pending
-Change: Created AiML SuperAgent framework docs, templates, examples, schema, and checker.
-Verification: `npm run check`
-Rollback: revert this repository buildout before public release.
-Risks: license choice is intentionally unresolved before publication.
-## 2026-05-31 - Hardening Pass
-Platform: local repository
-Commit or build: pending
-Change: Added stricter checker validation, public-repo templates, evaluation docs, anti-pattern docs, adoption playbook, and context-budget guidance.
-Verification: `npm run check`; example check; smoke init check; release check.
-Rollback: revert hardening pass before public release.
-Risks: release mode intentionally requires a license decision before public launch.
-## 2026-05-31 - License Selection
-Platform: local repository
-Commit or build: pending
-Change: Added MIT License and updated package metadata.
-Verification: `node bin/aiml-superagent.js check . --release --strict`
-Rollback: change `LICENSE` and `package.json` before public release if a different license is selected.
-Risks: MIT terms apply to public reuse.
-## 2026-05-31 - Private npm Package Preparation
-Platform: npm package metadata
-Commit or build: pending
-Change: Prepared package metadata for `@aimlsuperagent/agent` with restricted publish config, file allowlist, dry-run script, and private publishing documentation.
-Verification: `npm run check:release`; `npm run pack:dry-run`.
-Rollback: revert package metadata to local-only package before publishing.
-Risks: publishing remains blocked until npm scope ownership and private package support are confirmed.
-## 2026-06-01 - Marvin Freedman Repo Connection
-Platform: GitHub and npm package metadata
-Commit or build: pending
-Change: Cloned `github.com/marvinbfreedman/aimlsuperagent`, updated npm package metadata for `@aimlsuperagent/agent` to point repository and issue links at `marvinbfreedman/aimlsuperagent`, and kept restricted npm publishing config.
-Verification: `npm run check:release`; `npm run pack:dry-run`; `npm publish --dry-run --access restricted --cache ./.npm-cache`.
-Rollback: restore `package.json` repository and bug links to the previous repository URL and publish a new patch version if npm metadata needs to move back.
-Risks: npm package metadata changes only become visible on npm after publishing a new version.
-## 2026-06-01 - Trusted Publishing Workflow
-Platform: GitHub Actions and npm
-Commit or build: `64dc17b`; GitHub Actions run `26748684943`
-Change: Added `.github/workflows/npm-publish.yml` for npm Trusted Publishing with GitHub OIDC, `id-token: write`, Node 24, release readiness checks, and restricted npm publish.
-Verification: trusted publisher created for `marvinbfreedman/aimlsuperagent` and `npm-publish.yml`; workflow completed successfully; `npm view @aimlsuperagent/agent version repository.url bugs.url --json` reports version `0.1.1` with the Marvin Freedman repository URLs.
-Rollback: remove the workflow file and publish manually with npm OTP or an npm token that npm accepts for package PUT writes.
-Risks: public package installs no longer require npm organization authorization.
-## 2026-06-01 - Restricted npm Publish
-Platform: npm
-Commit or build: package version `0.1.1`
-Change: Published `@aimlsuperagent/agent@0.1.1` from `marvinbfreedman/aimlsuperagent` through npm Trusted Publishing.
-Verification: GitHub Actions run `26748684943` completed with `success`; npm metadata now shows repository `git+https://github.com/marvinbfreedman/aimlsuperagent.git` and bugs URL `https://github.com/marvinbfreedman/aimlsuperagent/issues`.
-Rollback: publish a new patch version with corrected metadata or access policy; do not unpublish unless there is a security issue.
-Risks: package remains private/restricted, so unauthorized users see npm `404`/access errors by design.
-## 2026-06-01 - Public npm Access
-Platform: npm and GitHub
-Commit or build: `69f1a93`; package version `0.1.2`; GitHub Actions run `26749384029`
-Change: Changed `@aimlsuperagent/agent` access from private/restricted to public. Confirmed `github.com/marvinbfreedman/aimlsuperagent` is public.
-Verification: `npm access set status=public @aimlsuperagent/agent` returned `@aimlsuperagent/agent: public`; repository API reported `visibility: public`; GitHub Actions publish completed successfully; registry metadata reports latest `0.1.2` with `publishConfig.access` set to `public`.
-Rollback: npm public access can be changed back only deliberately with `npm access set status=private`; do not do that unless distribution should become private again.
-Risks: package and repository are now available to the public, so all future docs and examples must stay secret-safe.