@holdyourvoice/hyv 2.8.7 → 2.8.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/README.md +26 -3
- package/agents/cursor.md +1 -1
- package/dist/index.js +951 -463
- package/package.json +3 -2
- package/scripts/postinstall-lib.js +232 -7
- package/scripts/postinstall.js +8 -92
- package/assets/ai-eliminator-skill.md +0 -63
- package/assets/claude-code-skill.md +0 -24
- package/assets/cursor-rules.md +0 -12
- package/assets/hold-your-voice-skill.md +0 -174
- package/assets/voice-matcher-skill.md +0 -57
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,38 @@
|
|
|
2
2
|
|
|
3
3
|
All notable CLI changes. Also mirrored to [holdyourvoice.com/changelog](https://holdyourvoice.com/changelog) for user-facing releases.
|
|
4
4
|
|
|
5
|
+
## [2.8.9] — 2026-06-12
|
|
6
|
+
|
|
7
|
+
### Improved
|
|
8
|
+
- `hyv fix --in-place` matches batch/watch safeguards: interactive `[y/N]` or `--yes` + `.bak` backup
|
|
9
|
+
- `hyv watch --command fix` ignores self-triggered saves after writing fixes
|
|
10
|
+
- `hyv doctor` checks auth.json permissions, stale `hyv.md` vs `hyv.mdc`, and MCP stdio health
|
|
11
|
+
- Shared `resolveCliEntry()` for MCP setup and stdio probes
|
|
12
|
+
- Auth refresh + destructive-write unit tests
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
- `dist/` built at publish/prepare — no longer committed to git
|
|
16
|
+
|
|
17
|
+
## [2.8.8] — 2026-06-12
|
|
18
|
+
|
|
19
|
+
### Security
|
|
20
|
+
- OAuth browser flow verifies server `state` on callback (CSRF protection)
|
|
21
|
+
- Automatic token refresh via `getValidToken()` before API calls
|
|
22
|
+
- `HYV_API_URL` host allowlist; `assertSafeOpenUrl` for checkout/OAuth redirects
|
|
23
|
+
- Profile name path traversal blocked; MCP file reads symlink-safe with `isError` responses
|
|
24
|
+
- Sensitive `~/.hyv` files and dirs use `0o600`/`0o700` permissions
|
|
25
|
+
|
|
26
|
+
### Fixed
|
|
27
|
+
- `hyv doctor --fix-agents` uses correct postinstall-lib path
|
|
28
|
+
- `hyv import` registered; `--fail-on-hit` exits code 2 (scan + batch)
|
|
29
|
+
- Queue sync sends `original_text` / `accepted_text` for learning reinforce
|
|
30
|
+
- Postinstall: Claude Desktop MCP merge with backup, Cursor `alwaysApply` rule, absolute MCP command path
|
|
31
|
+
|
|
32
|
+
### Improved
|
|
33
|
+
- `hyv mcp --test` spawns stdio subprocess and validates JSON-RPC `tools/list`
|
|
34
|
+
- `hyv batch --fix --in-place` and `hyv watch --command fix` require `--yes` (`.bak` backups)
|
|
35
|
+
- Stale duplicate agent/skill markdown removed from `assets/` (canonical copies in `agents/` + `skills/`)
|
|
36
|
+
|
|
5
37
|
## [2.8.6] — 2026-06-12
|
|
6
38
|
|
|
7
39
|
### Changed
|
package/README.md
CHANGED
|
@@ -17,7 +17,7 @@ npx @holdyourvoice/hyv scan draft.md
|
|
|
17
17
|
npm i -g @holdyourvoice/hyv
|
|
18
18
|
```
|
|
19
19
|
|
|
20
|
-
postinstall
|
|
20
|
+
postinstall copies agent rules and configures MCP for claude desktop and cursor (plus claude code, windsurf, codex, command code skills when detected). set `HYV_AUTO_CONFIGURE_AGENTS=0` to skip.
|
|
21
21
|
|
|
22
22
|
## free vs paid
|
|
23
23
|
|
|
@@ -73,7 +73,7 @@ hyv mcp --test # health check (tools, demo pipeline, profile)
|
|
|
73
73
|
hyv mcp # start server (stdio)
|
|
74
74
|
```
|
|
75
75
|
|
|
76
|
-
postinstall copies agent rules to `~/.cursor/rules/hyv.
|
|
76
|
+
postinstall copies agent rules to `~/.cursor/rules/hyv.mdc`, `~/.claude/commands/hyv.md`, etc. re-run anytime:
|
|
77
77
|
|
|
78
78
|
```bash
|
|
79
79
|
hyv doctor --fix-agents
|
|
@@ -112,6 +112,27 @@ github actions:
|
|
|
112
112
|
- run: npx @holdyourvoice/hyv@latest scan content/ --fail-on-hit
|
|
113
113
|
```
|
|
114
114
|
|
|
115
|
+
`--fail-on-hit` exits with code **2** when issues are found (exit 0 = clean). use in CI to block merges on AI-slop.
|
|
116
|
+
|
|
117
|
+
### destructive in-place writes
|
|
118
|
+
|
|
119
|
+
`fix`, `batch`, and `watch` can rewrite files on disk. they create a `.bak` backup sibling before writing.
|
|
120
|
+
|
|
121
|
+
| command | safeguard |
|
|
122
|
+
|---------|-----------|
|
|
123
|
+
| `hyv fix <file> --in-place` | prompts `[y/N]` locally; use `--yes` in CI |
|
|
124
|
+
| `hyv batch <glob> --fix --in-place` | same — one prompt for the whole batch |
|
|
125
|
+
| `hyv watch <file> --command fix` | same — confirms once at startup |
|
|
126
|
+
|
|
127
|
+
```bash
|
|
128
|
+
# interactive (local)
|
|
129
|
+
hyv fix draft.md --in-place
|
|
130
|
+
|
|
131
|
+
# non-interactive (CI/scripts)
|
|
132
|
+
hyv fix draft.md --in-place --yes
|
|
133
|
+
hyv batch "posts/**/*.md" --fix --in-place --yes
|
|
134
|
+
```
|
|
135
|
+
|
|
115
136
|
## commands
|
|
116
137
|
|
|
117
138
|
| command | description |
|
|
@@ -119,7 +140,9 @@ github actions:
|
|
|
119
140
|
| `hyv` | condensed welcome (no args) |
|
|
120
141
|
| `hyv welcome` / `hyv free` | free demo + capability tour |
|
|
121
142
|
| `hyv scan <file>` | scan text for AI patterns |
|
|
122
|
-
| `hyv fix <file>` | auto-swap fixable patterns |
|
|
143
|
+
| `hyv fix <file>` | auto-swap fixable patterns (`--in-place --yes` for CI) |
|
|
144
|
+
| `hyv batch <glob>` | scan/fix many files (`--fail-on-hit` exits 2) |
|
|
145
|
+
| `hyv watch <file>` | re-scan on save (`--command fix --yes` to auto-fix) |
|
|
123
146
|
| `hyv check <text>` | quick pass/fail check |
|
|
124
147
|
| `hyv init` | authenticate with hold your voice |
|
|
125
148
|
| `hyv new <name>` | create a voice profile |
|
package/agents/cursor.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Hold Your Voice
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Use HYV MCP tools for all writing tasks. If no profile exists yet, call `hyv_welcome` or `hyv_profiles` first — free local scan works without a profile.
|
|
4
4
|
|
|
5
5
|
## When to use
|
|
6
6
|
- Any email, post, doc, or content creation
|