npm - @prompts-gpt/client - Versions diffs - 0.2.2 → 0.2.4 - Mend

@prompts-gpt/client 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "@prompts-gpt/client",
-  "version": "0.2.2",
-  "description": "CLI and SDK for pulling Prompts-GPT prompt packs into local projects and syncing agent-readable files for Codex, Cursor, VS Code, and GitHub Copilot.",
+  "version": "0.2.4",
+  "description": "CLI and SDK for syncing AI prompt packs and running multi-iteration sweeps — integrates with Codex, Claude Code, Cursor, Copilot, Gemini CLI, Windsurf, Cline, Continue, Junie, and Amp.",
   "type": "module",
   "homepage": "https://prompts-gpt.com",
   "bugs": {
     "email": "support@prompts-gpt.com"
   },
-  "license": "MIT",
+  "license": "SEE LICENSE IN LICENSE",
   "author": "Prompts-GPT <support@prompts-gpt.com> (https://prompts-gpt.com)",
   "sideEffects": false,
   "keywords": [
@@ -46,8 +46,7 @@
   "files": [
     "dist",
     "README.md",
-    "LICENSE",
-    "CHANGELOG.md"
+    "LICENSE"
   ],
   "engines": {
     "node": ">=18.18"

package/CHANGELOG.md DELETED Viewed

@@ -1,110 +0,0 @@
-# Changelog
-## Unreleased
-### Security
-- Validate `constraints` and `desiredOutput` length (max 1600 chars) client-side before network requests
-- Validate token prefix (`pgpt_`) in `saveLocalCredentials` to reject malformed tokens at save time
-- Sanitize Copilot prompt-file variable names to strip `$`, `{`, `}` injection characters
-- Sanitize managed-block content to prevent marker injection via prompt content
-- Validate API URL scheme (must be `https` or `http`) in `normalizeApiUrl`
-- Auto-generate client-side request IDs (`pgcli_*`) when caller doesn't provide one for correlation
-### Fixed
-- Fix package version mismatch between `package.json` (0.2.1) and CHANGELOG (0.2.2)
-- Fix npm publish failure on unsupported CI providers by removing forced provenance from package metadata
-- Fix race condition in file writes: use atomic `wx` flag with `EEXIST` catch instead of `existsSync` + `wx`
-- Fix `formatPromptMarkdown` producing double blank lines when both `usageNotes` and `variables` are empty
-- Fix `normalizeAgentTargets` deduplication when `all` is mixed with explicit targets (e.g. `all,codex`)
-- Fix `normalizeAgentTargets` returning empty array for empty string input
-- Fix `loadLocalCredentials` returning empty-string token instead of `null` for whitespace-only stored tokens
-- Fix `safeSlug` for unicode-only input by normalizing NFKD and stripping combining marks
-- Fix `ensureGitignoreEntry` to preserve CRLF line endings on Windows-style `.gitignore` files
-- Fix `parseRetryAfterHeader` to cap parsed values at 10 minutes, preventing unbounded waits
-- Fix `assertInside` / `assertSafeOutputDir` boundary comparison for paths at the project root
-- Fix `writePromptIndex` to escape `[` and `]` in Markdown link text to prevent broken rendering
-- Fix `yamlScalar` to handle multi-line strings by normalizing `\r\n` before quoting
-- Serialize agent file writes sequentially to prevent concurrent write races on shared files
-### Improvements
-- Add `--dry-run` flag to `sync` and `install-agents` commands for previewing changes
-- Add dedicated CLI exit code `4` for rate-limit errors (HTTP 429)
-- Use longer default timeout (60s) for prompt generation requests
-- Add `DEFAULT_GENERATE_TIMEOUT_MS` constant for prompt generation timeout
-### Packaging
-- Add npm `homepage` and `bugs.email` metadata so package consumers have a first-party support path from the registry page
-- Clarify the project-local CLI install path and pre-publish `npm pack --dry-run` verification flow in the README
-## 0.2.2 (2026-05-16)
-### Local Sync
-- Reject prompt filename collisions after slug normalization before writing local artifacts
-- Respect each prompt pack's declared `agentTargets` when generating Codex, Cursor, VS Code, and Copilot files
-- Skip existing non-managed agent files unless `--overwrite` is explicitly passed
-- Expand `manifest.json` with agent targets, recommended path, and generated file locations for downstream discovery
-- Emit GitHub Copilot prompt files in prompt-file format instead of generic prompt-pack Markdown
-- Add `.github/instructions/prompts-gpt.instructions.md` so Copilot treats synced agent artifacts as generated files
-## 0.2.1 (2026-05-16)
-### Packaging
-- Add an explicit `default` export target for better ESM consumer and bundler compatibility
-- Enable npm provenance on publish for stronger package registry attestation
-- Remove the redundant `typesVersions` entry and rely on the package `types` field plus export metadata
-### Documentation
-- Replace stale `npx`-only examples with `npm exec` flows that pin to the latest published package
-- Clarify that the importable SDK does not read `process.env` and requires explicit `fetch`
-- Align CI/CD examples with the real CLI contract of passing tokens as flags instead of ambient env reads
-- Document the packed artifact contents shipped to npm
-## 0.2.0 (2026-05-16)
-### Security
-- Token prefix validation now enforced client-side before any network request
-- Response content-type validation prevents processing non-JSON responses
-- Retry delay capped at 30 seconds to prevent retry-after abuse
-- Token length validation on `saveLocalCredentials` prevents oversized storage
-- Control characters stripped from shell-quoted CLI output
-### Improvements
-- Add `accept: application/json` header to all API requests
-- Validate response `content-type` before parsing JSON
-- Cap retry sleep to prevent unbounded waits from malicious `retry-after` headers
-- Improved error messages with structured `code` and `recovery` fields
-- Added `package.json` subpath export for bundler compatibility
-- Extended npm keywords for better discoverability
-- Added `typesVersions` for legacy TypeScript resolution
-### Fixed
-- Fixed potential timeout leak when retries re-create AbortControllers
-## 0.1.1 (2026-05-16)
-- Remove public GitHub repository metadata from the npm package manifest while the source repository remains non-public.
-- Preserve executable permissions for the `prompts-gpt` CLI after package builds.
-## 0.1.0 (2026-05-16)
-Initial release.
-- **CLI commands:** `init`, `pull`, `generate`, `sync`, `install-agents`, `project`, `version`, `help`
-- **SDK client:** `PromptsGptClient` with `getProject()`, `pullPrompts()`, `generatePrompt()`
-- **Agent sync:** Writes agent-readable files for Codex (`AGENTS.md`), Cursor (`.cursor/rules/`), VS Code (`.github/copilot-instructions.md`, `.vscode/`), and Copilot (`.github/prompts/`)
-- **Prompt Markdown files:** Written to `.prompts-gpt/` with YAML frontmatter
-- **Manifest:** `manifest.json` for local agent discovery
-- **Credentials:** Saved to `.prompts-gpt/.credentials.json` with `0600` permissions, auto-added to `.gitignore`
-- **Retry logic:** Automatic retries with jitter for 429/502/503/504 responses and network errors
-- **Input validation:** Client-side validation for `goal` length, `context` length, and `tool` values
-- **Security:** Token prefix validation, HTTPS enforcement, path traversal protection