@easonwumac/computer-linker 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/docs/architecture.md +3 -3
- package/docs/release-checklist.md +3 -3
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,29 @@ All notable changes to Computer Linker will be documented in this file.
|
|
|
5
5
|
This project follows a small pre-1.0 changelog: breaking contract changes are
|
|
6
6
|
called out even when the package version is still `0.x`.
|
|
7
7
|
|
|
8
|
+
## 0.1.8 - 2026-06-27
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
|
|
12
|
+
- Public release audit now scans tracked files, packed files, and Git history
|
|
13
|
+
for npm access-token shaped values before publishing.
|
|
14
|
+
- Public release audit now labels tracked, untracked, and packed-file findings
|
|
15
|
+
separately so release failures point at the right source.
|
|
16
|
+
- Release validation now locks the npm access-token audit rule and release
|
|
17
|
+
checklist wording so the public gate cannot silently regress.
|
|
18
|
+
|
|
19
|
+
## 0.1.7 - 2026-06-27
|
|
20
|
+
|
|
21
|
+
### Changed
|
|
22
|
+
|
|
23
|
+
- Public release audit now scans tracked and packed text files for suspicious
|
|
24
|
+
third-party provenance markers, including source-copy, adaptation,
|
|
25
|
+
snippet-site, and vendored-code references before public release.
|
|
26
|
+
- Public release audit now blocks retired product-name markers without keeping
|
|
27
|
+
that retired name in repository text.
|
|
28
|
+
- Release checklist now documents the provenance marker scan alongside license
|
|
29
|
+
and secret checks.
|
|
30
|
+
|
|
8
31
|
## 0.1.6 - 2026-06-27
|
|
9
32
|
|
|
10
33
|
### Changed
|
package/docs/architecture.md
CHANGED
|
@@ -5,9 +5,9 @@ architecture should serve that spec: a local computer MCP service for controlled
|
|
|
5
5
|
file access, commands, Codex, screenshots, computer info, and audit history.
|
|
6
6
|
ChatGPT-specific setup is a client helper, not the product axis.
|
|
7
7
|
|
|
8
|
-
## Product Name
|
|
9
|
-
|
|
10
|
-
The product is named **Computer Linker**.
|
|
8
|
+
## Product Name
|
|
9
|
+
|
|
10
|
+
The product is named **Computer Linker**.
|
|
11
11
|
|
|
12
12
|
## Mental Model
|
|
13
13
|
|
|
@@ -130,9 +130,9 @@ This is the release-oriented alpha readiness gate. It requires fresh external
|
|
|
130
130
|
MCP evidence and a dated `CHANGELOG.md` heading for the current package version,
|
|
131
131
|
so it reports both final blockers in one place before `public:mirror`.
|
|
132
132
|
|
|
133
|
-
This adds the public-release audit: packed-file inspection, tracked and
|
|
134
|
-
non-ignored untracked file secret-shape scanning, production `npm audit`,
|
|
135
|
-
dependency license allowlist checks, and a high-risk Git history secret scan.
|
|
133
|
+
This adds the public-release audit: packed-file inspection, tracked and
|
|
134
|
+
non-ignored untracked file secret-shape scanning, production `npm audit`,
|
|
135
|
+
dependency license allowlist checks, npm access-token scanning, third-party provenance marker scanning, retired product-name marker scanning, and a high-risk Git history secret scan.
|
|
136
136
|
|
|
137
137
|
Before changing the current GitHub repository to public visibility while
|
|
138
138
|
preserving its Git history, run the stricter one-command gate:
|