@anytio/pspm 0.14.1 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/index.js +7 -6
- package/package.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,16 @@ All notable changes to the PSPM CLI will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.15.0] - 2026-05-28
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
|
|
12
|
+
- **Visibility is now fully reversible.** Public skills can be made private again (previously a one-way, npm-style lock). Use `pspm access --private` or republish with `--access private`. Switching to private still requires a Pro subscription. Publish/access prompts and notes no longer warn that going public is irreversible.
|
|
13
|
+
|
|
14
|
+
### Fixed
|
|
15
|
+
|
|
16
|
+
- **Failed publishes no longer orphan a skill record.** The server now uploads the tarball before any database writes and creates the skill row and its first version inside a single transaction. Previously, a publish that failed partway (e.g. a storage error after the skill row was created) left behind a versionless skill that was invisible in listings yet permanently reserved the name — and, combined with the old one-way visibility lock, could block ever publishing that name as private.
|
|
17
|
+
|
|
8
18
|
## [0.14.1] - 2026-05-02
|
|
9
19
|
|
|
10
20
|
### Changed
|
package/dist/index.js
CHANGED
|
@@ -30,7 +30,8 @@ function isLocalSpecifier(specifier) {
|
|
|
30
30
|
* pspm access --public # Make current package public
|
|
31
31
|
* pspm access @user/bob/skill --public # Make specific package public
|
|
32
32
|
*
|
|
33
|
-
*
|
|
33
|
+
* Visibility is fully reversible: public packages can be made private and
|
|
34
|
+
* private packages can be made public. Switching to private requires Pro.
|
|
34
35
|
*/
|
|
35
36
|
async function access$1(specifier, options) {
|
|
36
37
|
try {
|
|
@@ -120,7 +121,7 @@ async function access$1(specifier, options) {
|
|
|
120
121
|
console.log(`+ @${result.namespace ?? "user"}/${result.username}/${result.name} is now ${result.visibility}`);
|
|
121
122
|
if (visibility === "public") {
|
|
122
123
|
console.log("");
|
|
123
|
-
console.log("Note:
|
|
124
|
+
console.log("Note: Run 'pspm access --private' to make it private again later.");
|
|
124
125
|
}
|
|
125
126
|
} catch (error) {
|
|
126
127
|
const message = error instanceof Error ? error.message : "Unknown error";
|
|
@@ -1536,8 +1537,8 @@ async function warnAndConfirmPublic(access) {
|
|
|
1536
1537
|
if (access !== "public") return;
|
|
1537
1538
|
console.log("");
|
|
1538
1539
|
console.log("⚠️ Warning: You are about to publish this skill as PUBLIC.");
|
|
1539
|
-
console.log("
|
|
1540
|
-
console.log("
|
|
1540
|
+
console.log(" Anyone will be able to find and install it.");
|
|
1541
|
+
console.log(" You can change it back to private later with 'pspm access'.");
|
|
1541
1542
|
console.log("");
|
|
1542
1543
|
if (!await confirm("Do you want to continue?")) {
|
|
1543
1544
|
console.log("Publish cancelled.");
|
|
@@ -1707,7 +1708,7 @@ function printPublishResult(result, options, packageJson) {
|
|
|
1707
1708
|
console.log(`+ @${namespace}/${owner}/${result.skill.name}@${result.version.version}`);
|
|
1708
1709
|
console.log(`Checksum: ${result.version.checksum}`);
|
|
1709
1710
|
console.log(`Visibility: ${visibilityIcon} ${visibility}${packageJson.encryption ? " (encrypted)" : ""}`);
|
|
1710
|
-
if (visibility === "public") console.log("Note:
|
|
1711
|
+
if (visibility === "public") console.log("Note: Run 'pspm access --private' to make it private again later.");
|
|
1711
1712
|
}
|
|
1712
1713
|
async function publishCommand(options) {
|
|
1713
1714
|
try {
|
|
@@ -2664,7 +2665,7 @@ function registerPublishCommands(program) {
|
|
|
2664
2665
|
program.command("unpublish <specifier>").description("Remove a published skill version (only within 72 hours of publishing)").option("--force", "Confirm destructive action").action(async (specifier, options) => {
|
|
2665
2666
|
await unpublish(specifier, { force: options.force });
|
|
2666
2667
|
});
|
|
2667
|
-
program.command("access [specifier]").description("Change package visibility (public/private)").option("--public", "Make the package public
|
|
2668
|
+
program.command("access [specifier]").description("Change package visibility (public/private)").option("--public", "Make the package public").option("--private", "Make the package private (requires Pro)").action(async (specifier, options) => {
|
|
2668
2669
|
await access$1(specifier, {
|
|
2669
2670
|
public: options.public,
|
|
2670
2671
|
private: options.private
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@anytio/pspm",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.15.0",
|
|
4
4
|
"description": "CLI for PSPM - Package manager for AI agent skills",
|
|
5
5
|
"author": "anyt.io",
|
|
6
6
|
"license": "Artistic-2.0",
|
|
@@ -55,8 +55,8 @@
|
|
|
55
55
|
"vitest": "^4.1.5",
|
|
56
56
|
"@anytio/errors": "0.0.0",
|
|
57
57
|
"@anytio/typescript-config": "0.0.0",
|
|
58
|
-
"@anytio/skill-
|
|
59
|
-
"@anytio/skill-
|
|
58
|
+
"@anytio/skill-types": "0.0.1",
|
|
59
|
+
"@anytio/skill-registry": "0.0.1"
|
|
60
60
|
},
|
|
61
61
|
"engines": {
|
|
62
62
|
"node": ">=20.0.0"
|