npm - @kingkyylian/handoffkit - Versions diffs - 0.1.1 → 0.3.0 - Mend

@kingkyylian/handoffkit 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,22 @@
 # Changelog
+## 0.3.0
+- Added richer deterministic risk notes that map changed file groups to common failure modes across release, CI, tooling, CLI, resume, report rendering, docs, security, and generated artifact workflows.
+- Raised release and package publishing changes to high-severity risk guidance with explicit `pnpm pack:dry-run` and `pnpm smoke:release` verification prompts.
+- Added transcript parsing for Codex, Claude, Cursor, and Gemini-style exported or copied agent sessions.
+- Added opt-in local `.handoffkit` cache artifacts for `verify --cache`, `resume --cache`, and `pack --verify --cache`.
+- Documented the `.handoffkit` cache layout and kept cache/checkpoint artifacts out of changed-file reports by default.
+## 0.2.0
+- Added meaningful target-specific Markdown profiles for Codex, Claude Code, Cursor, and generic handoffs.
+- Made `--for` adjust packet titles, section order, and next-agent action notes while preserving the same collected source facts.
+- Added local secret scanner config discovery for `gitleaks` and `secretlint`.
+- Added scanner installation and config guidance when optional local scanners are unavailable.
+- Fixed secret redaction so scanner names such as `secretlint` are not mistaken for secret assignment keys.
+- Updated tests to cover target profile rendering, unchanged JSON source facts across targets, scanner config discovery, direct `scan-secrets` guidance, and scanner-name redaction.
 ## 0.1.1
 - Added automated release tarball install smoke testing.

package/README.md CHANGED Viewed

@@ -104,6 +104,8 @@ Optimize the packet for a target agent:
 handoffkit pack --for codex --goal "Resume implementation"
 ```
+Target profiles keep the same collected facts but adjust the title, section order, and next-agent notes for the selected tool. They do not invent project state or call model-specific APIs.
 During development:
 ```sh
@@ -144,6 +146,7 @@ Run verification directly:
 ```sh
 handoffkit verify
+handoffkit verify --cache
 ```
 Inspect deterministic risk notes:
@@ -162,6 +165,7 @@ Resume from a previous handoff or transcript:
 ```sh
 handoffkit resume previous-handoff.md --goal "Continue from here"
+handoffkit resume previous-handoff.md --goal "Continue from here" --cache
 ```
 ## CLI Options
@@ -176,9 +180,16 @@ handoffkit resume previous-handoff.md --goal "Continue from here"
 | `--since <ref>` | Focus committed branch delta on a base ref such as `main`. |
 | `--verify` | Run safe verification scripts and include results in the packet. |
 | `--scan-secrets` | Run optional local secret scanners and include bounded redacted results. |
+| `--cache` | Explicitly write local verification or resume artifacts under `.handoffkit/`. |
 | `--include-diff` | Include full tracked patches and bounded untracked previews. |
 | `--no-diff` | Omit diff summaries and full patches. |
+## Local Cache
+Cache writes are opt-in. `verify --cache`, `pack --verify --cache`, and `resume --cache` write redacted JSON artifacts under `.handoffkit/verification` or `.handoffkit/resume`. The cache directory is ignored by default so repeated handoffs do not pollute git status or generated reports.
+See [docs/CACHE.md](docs/CACHE.md) for the file layout.
 ## What Gets Collected
 HandoffKit reads local git and filesystem metadata from the current repository:
@@ -190,7 +201,7 @@ HandoffKit reads local git and filesystem metadata from the current repository:
 - package manager and verification scripts from the root `package.json`
 - optional verification results when `--verify` is used
 - deterministic risk notes from changed file paths
-- optional secret scanner availability for `gitleaks` and `secretlint`
+- optional secret scanner availability, local config files, and install guidance for `gitleaks` and `secretlint`
 - bounded, redacted secret scan results when `--scan-secrets` is used
 ## What Never Happens
@@ -198,7 +209,7 @@ HandoffKit reads local git and filesystem metadata from the current repository:
 - No LLM API calls.
 - No network requests from the CLI.
 - No git writes, commits, staging, or branch changes.
-- No files are written unless `--output` is provided.
+- No files are written unless `--output` or explicit `--cache` is provided.
 ## Development
@@ -214,7 +225,7 @@ pnpm pack:dry-run
 ## Release
-Releases are manual and should happen only after CI, package dry-run, and install smoke tests pass. The preferred path is the GitHub `Release` workflow with an `NPM_TOKEN` repository secret so npm provenance is attached to the published package.
+Releases are manual and should happen only after CI, package dry-run, and install smoke tests pass. The preferred path is the GitHub `Release` workflow with an `NPM_TOKEN` repository secret that can publish from CI without an interactive OTP, so npm provenance is attached to the published package.
 See [docs/RELEASE.md](docs/RELEASE.md) for the release checklist.
@@ -224,6 +235,8 @@ HandoffKit is local-first and deterministic. It reads local git and filesystem s
 When `--scan-secrets` is used, HandoffKit runs installed local scanners only. It does not install scanners, send code to a service, or fail when `gitleaks` or `secretlint` is missing.
+When scanner config files such as `.gitleaks.toml`, `.gitleaksignore`, `.secretlintrc.*`, or `secretlint.config.*` are present, HandoffKit reports them in the packet so the next agent knows which local policy files exist.
 ## License
 MIT

package/ROADMAP.md CHANGED Viewed

@@ -93,11 +93,11 @@ Regex redaction remains the default. HandoffKit detects optional local scanners
 Scan results are bounded and redacted before rendering.
+Scanner status also reports common local config files such as `.gitleaks.toml`, `.gitleaksignore`, `.secretlintrc.*`, and `secretlint.config.*`. When a scanner is not installed, the packet includes local installation and config guidance without installing anything automatically.
 ## Next Up
-- Add scanner-specific installation guidance and config discovery.
 - Make `risk` rules richer by mapping changed files to common failure modes.
-- Improve `--for` formats beyond headings, with agent-specific action prompts.
 - Add transcript parsers for Claude Code, Codex, Cursor, and Gemini exports.
 - Add a stable `.handoffkit` cache format for verification and resume artifacts.