@anytio/pspm 0.14.1 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/dist/index.js +21 -10
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,23 @@ All notable changes to the PSPM CLI will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.15.1] - 2026-05-28
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
|
|
12
|
+
- **Publishing a `@user` skill no longer collides with a same-named GitHub-indexed skill.** GitHub-indexed skills are stored under the indexer's admin user, so for that account a `@user` publish could match an indexed `@github` skill of the same name and inherit its calendar version (`YYYY.M.D`) — making every `0.x` publish fail with "must be greater than existing version 2026.x.x". The publish/lookup query is now scoped to the `@user` namespace.
|
|
13
|
+
- **Clearer publish errors.** Version-bump and duplicate-version failures now print a single accurate message with the offending version and what to do next, instead of mislabelling an HTTP 400 as `E403 / 403 Forbidden`.
|
|
14
|
+
|
|
15
|
+
## [0.15.0] - 2026-05-28
|
|
16
|
+
|
|
17
|
+
### Changed
|
|
18
|
+
|
|
19
|
+
- **Visibility is now fully reversible.** Public skills can be made private again (previously a one-way, npm-style lock). Use `pspm access --private` or republish with `--access private`. Switching to private still requires a Pro subscription. Publish/access prompts and notes no longer warn that going public is irreversible.
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
|
|
23
|
+
- **Failed publishes no longer orphan a skill record.** The server now uploads the tarball before any database writes and creates the skill row and its first version inside a single transaction. Previously, a publish that failed partway (e.g. a storage error after the skill row was created) left behind a versionless skill that was invisible in listings yet permanently reserved the name — and, combined with the old one-way visibility lock, could block ever publishing that name as private.
|
|
24
|
+
|
|
8
25
|
## [0.14.1] - 2026-05-02
|
|
9
26
|
|
|
10
27
|
### Changed
|
package/dist/index.js
CHANGED
|
@@ -30,7 +30,8 @@ function isLocalSpecifier(specifier) {
|
|
|
30
30
|
* pspm access --public # Make current package public
|
|
31
31
|
* pspm access @user/bob/skill --public # Make specific package public
|
|
32
32
|
*
|
|
33
|
-
*
|
|
33
|
+
* Visibility is fully reversible: public packages can be made private and
|
|
34
|
+
* private packages can be made public. Switching to private requires Pro.
|
|
34
35
|
*/
|
|
35
36
|
async function access$1(specifier, options) {
|
|
36
37
|
try {
|
|
@@ -120,7 +121,7 @@ async function access$1(specifier, options) {
|
|
|
120
121
|
console.log(`+ @${result.namespace ?? "user"}/${result.username}/${result.name} is now ${result.visibility}`);
|
|
121
122
|
if (visibility === "public") {
|
|
122
123
|
console.log("");
|
|
123
|
-
console.log("Note:
|
|
124
|
+
console.log("Note: Run 'pspm access --private' to make it private again later.");
|
|
124
125
|
}
|
|
125
126
|
} catch (error) {
|
|
126
127
|
const message = error instanceof Error ? error.message : "Unknown error";
|
|
@@ -1536,8 +1537,8 @@ async function warnAndConfirmPublic(access) {
|
|
|
1536
1537
|
if (access !== "public") return;
|
|
1537
1538
|
console.log("");
|
|
1538
1539
|
console.log("⚠️ Warning: You are about to publish this skill as PUBLIC.");
|
|
1539
|
-
console.log("
|
|
1540
|
-
console.log("
|
|
1540
|
+
console.log(" Anyone will be able to find and install it.");
|
|
1541
|
+
console.log(" You can change it back to private later with 'pspm access'.");
|
|
1541
1542
|
console.log("");
|
|
1542
1543
|
if (!await confirm("Do you want to continue?")) {
|
|
1543
1544
|
console.log("Publish cancelled.");
|
|
@@ -1693,11 +1694,21 @@ function handleUploadError(response, version) {
|
|
|
1693
1694
|
status: response.status,
|
|
1694
1695
|
data: response.data
|
|
1695
1696
|
}, "Publish failed");
|
|
1696
|
-
if (errorMessage.includes("must be greater than")
|
|
1697
|
-
|
|
1698
|
-
console.error(`
|
|
1697
|
+
if (errorMessage.includes("must be greater than")) {
|
|
1698
|
+
const existing = errorMessage.match(/existing version ([\w.+-]+)/)?.[1];
|
|
1699
|
+
console.error(`Error: cannot publish ${version} — a higher version exists.`);
|
|
1700
|
+
if (existing) console.error(` The latest published version is ${existing}. Publish a version greater than ${existing}.`);
|
|
1701
|
+
else console.error(" Bump to a greater version and try again.");
|
|
1702
|
+
process.exit(1);
|
|
1703
|
+
}
|
|
1704
|
+
if (errorMessage.includes("already exists")) {
|
|
1705
|
+
console.error(`Error: version ${version} has already been published.`);
|
|
1706
|
+
console.error(" Published versions are immutable — bump the version in pspm.json and try again.");
|
|
1707
|
+
process.exit(1);
|
|
1699
1708
|
}
|
|
1700
|
-
|
|
1709
|
+
console.error(`Error: publish failed (HTTP ${response.status}).`);
|
|
1710
|
+
console.error(` ${errorMessage}`);
|
|
1711
|
+
process.exit(1);
|
|
1701
1712
|
}
|
|
1702
1713
|
function printPublishResult(result, options, packageJson) {
|
|
1703
1714
|
const visibility = result.skill.visibility;
|
|
@@ -1707,7 +1718,7 @@ function printPublishResult(result, options, packageJson) {
|
|
|
1707
1718
|
console.log(`+ @${namespace}/${owner}/${result.skill.name}@${result.version.version}`);
|
|
1708
1719
|
console.log(`Checksum: ${result.version.checksum}`);
|
|
1709
1720
|
console.log(`Visibility: ${visibilityIcon} ${visibility}${packageJson.encryption ? " (encrypted)" : ""}`);
|
|
1710
|
-
if (visibility === "public") console.log("Note:
|
|
1721
|
+
if (visibility === "public") console.log("Note: Run 'pspm access --private' to make it private again later.");
|
|
1711
1722
|
}
|
|
1712
1723
|
async function publishCommand(options) {
|
|
1713
1724
|
try {
|
|
@@ -2664,7 +2675,7 @@ function registerPublishCommands(program) {
|
|
|
2664
2675
|
program.command("unpublish <specifier>").description("Remove a published skill version (only within 72 hours of publishing)").option("--force", "Confirm destructive action").action(async (specifier, options) => {
|
|
2665
2676
|
await unpublish(specifier, { force: options.force });
|
|
2666
2677
|
});
|
|
2667
|
-
program.command("access [specifier]").description("Change package visibility (public/private)").option("--public", "Make the package public
|
|
2678
|
+
program.command("access [specifier]").description("Change package visibility (public/private)").option("--public", "Make the package public").option("--private", "Make the package private (requires Pro)").action(async (specifier, options) => {
|
|
2668
2679
|
await access$1(specifier, {
|
|
2669
2680
|
public: options.public,
|
|
2670
2681
|
private: options.private
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@anytio/pspm",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.15.1",
|
|
4
4
|
"description": "CLI for PSPM - Package manager for AI agent skills",
|
|
5
5
|
"author": "anyt.io",
|
|
6
6
|
"license": "Artistic-2.0",
|
|
@@ -53,10 +53,10 @@
|
|
|
53
53
|
"tsx": "^4.21.0",
|
|
54
54
|
"typescript": "^6.0.3",
|
|
55
55
|
"vitest": "^4.1.5",
|
|
56
|
-
"@anytio/errors": "0.0.0",
|
|
57
|
-
"@anytio/typescript-config": "0.0.0",
|
|
58
56
|
"@anytio/skill-registry": "0.0.1",
|
|
59
|
-
"@anytio/skill-types": "0.0.1"
|
|
57
|
+
"@anytio/skill-types": "0.0.1",
|
|
58
|
+
"@anytio/typescript-config": "0.0.0",
|
|
59
|
+
"@anytio/errors": "0.0.0"
|
|
60
60
|
},
|
|
61
61
|
"engines": {
|
|
62
62
|
"node": ">=20.0.0"
|