@skilly-hand/skilly-hand 0.22.0 → 0.22.2

package/CHANGELOG.md

@@ -16,6 +16,37 @@ All notable changes to this project are documented in this file.
 ### Removed
 - _None._
 
+## [0.22.2] - 2026-04-12
+[View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.22.2)
+
+### Added
+- _None._
+
+### Changed
+- Updated native setup agent selection flow to preserve previously configured agents when `--agent` flags are omitted.
+
+### Fixed
+- Fixed CLI argument parsing so `--agent` defaults can distinguish between omitted flags and explicit empty selections.
+- Fixed native setup defaults to avoid unexpectedly resetting managed agent targets.
+
+### Removed
+- _None._
+
+## [0.22.1] - 2026-04-12
+[View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.22.1)
+
+### Added
+- _None._
+
+### Changed
+- Moved maintainer release/security workflow details from README into `docs/MAINTAINER.md`, keeping README with a maintainer-runbook link.
+
+### Fixed
+- _None._
+
+### Removed
+- _None._
+
 ## [0.22.0] - 2026-04-11
 [View on npm](https://www.npmjs.com/package/@skilly-hand/skilly-hand/v/0.22.0)
 

package/README.md

@@ -89,27 +89,7 @@ See [catalog/README.md](./catalog/README.md) for generated skill metadata.
 
 ---
 
-## Release Workflow (npm)
-
-1. Confirm session: `npm whoami` (or `npm login`).
-2. Keep `CHANGELOG.md` up to date under `## [Unreleased]` as work lands.
-3. Regenerate derived files when needed: `npm run build && npm run catalog:sync && npm run agentic:self:sync`.
-4. Run publish gate: `npm run verify:publish`.
-5. Inspect package payload: `npm pack --dry-run --json`.
-6. Bump version intentionally: `npm version patch|minor|major` (this auto-rotates `CHANGELOG.md`, creates a dated release section, and inserts a version-specific npm link).
-7. Publish with assisted 2FA flow: `npm run publish:otp` (or `npm run publish:next` for prereleases).
-   - The script runs the publish gate, asks for OTP with hidden input, and if left blank lets npm trigger your default security method.
-8. Smoke test after publish: `npx @skilly-hand/skilly-hand@<version> --help`.
-9. Verify npm metadata (README render, changelog, license, executable bin).
-
-### Security Automation
-
-- `npm run security:check` runs repository secret/config checks plus strict dependency security checks.
-- `npm run security:deps` runs strict dependency audit + outdated reporting only.
-- `npm run deps:policy:check` enforces exact runtime dependency pins and lockfile sync (`package-lock.json` + `npm-shrinkwrap.json`).
-- `npm run deps:update:safe -- <pkg[@version]>` is the required dependency update path; it pins exact versions, syncs shrinkwrap, and blocks completion unless all validation gates pass.
-- Do not use raw `npm install` for dependency upgrades in this repo; use `deps:update:safe` so tests and security gates run before accepting version changes.
-- Run `npm run setup:hooks` once per clone to install `pre-commit` (fast checks) and `pre-push` (full gate) hooks.
+Maintainer release and security workflow: [docs/MAINTAINER.md](./docs/MAINTAINER.md).
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skilly-hand/skilly-hand",
-  "version": "0.22.0",
+  "version": "0.22.2",
   "license": "CC-BY-NC-4.0",
   "type": "module",
   "publishConfig": {

package/packages/catalog/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skilly-hand/catalog",
-  "version": "0.22.0",
+  "version": "0.22.2",
   "private": true,
   "type": "module"
 }

package/packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skilly-hand/cli",
-  "version": "0.22.0",
+  "version": "0.22.2",
   "private": true,
   "type": "module",
   "bin": {

package/packages/cli/src/bin.js

@@ -53,7 +53,7 @@ export function parseArgs(argv) {
     verbose: false,
     json: false,
     classic: false,
-    agents: [],
+    agents: null,
     include: [],
     exclude: []
   };
@@ -78,7 +78,7 @@ export function parseArgs(argv) {
     else if (token === "--verbose" || token === "-v") flags.verbose = true;
     else if (token === "--json") flags.json = true;
     else if (token === "--classic") flags.classic = true;
-    else if (token === "--agent" || token === "-a") flags.agents.push(takeFlagValue(token));
+    else if (token === "--agent" || token === "-a") { if (!flags.agents) flags.agents = []; flags.agents.push(takeFlagValue(token)); }
     else if (token === "--cwd") flags.cwd = takeFlagValue(token);
     else if (token === "--include") flags.include.push(takeFlagValue(token));
     else if (token === "--exclude") flags.exclude.push(takeFlagValue(token));

package/packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skilly-hand/core",
-  "version": "0.22.0",
+  "version": "0.22.2",
   "private": true,
   "type": "module"
 }

package/packages/core/src/index.js

@@ -183,10 +183,14 @@ function retainNativeProfilesForAgents(previousLock, selectedAgents) {
 }
 
 function normalizeAgentList(agents) {
-  if (!agents || agents.length === 0) {
+  if (agents == null) {
     return [...DEFAULT_AGENTS];
   }
 
+  if (agents.length === 0) {
+    return [];
+  }
+
   return uniq(agents.flatMap((item) => String(item).split(",")).map((item) => item.trim()).filter(Boolean));
 }
 
@@ -483,12 +487,12 @@ export async function setupNativeProject({
   agents,
   dryRun = false
 }) {
-  const selectedAgents = normalizeAgentList(agents);
   const generatedAt = nowIso();
   const installRoot = path.join(cwd, ".skilly-hand");
   const backupsDir = path.join(installRoot, "backups");
   const lockPath = path.join(installRoot, "manifest.lock.json");
   const previousLock = await exists(lockPath) ? await readJson(lockPath) : null;
+  const selectedAgents = normalizeAgentList(agents ?? previousLock?.agents);
   const selectedNativeTargets = selectedAgents
     .map((agent) => NATIVE_ADAPTER_REGISTRY[agent])
     .filter((adapter) => adapter && adapter.supported)

package/packages/detectors/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@skilly-hand/detectors",
-  "version": "0.22.0",
+  "version": "0.22.2",
   "private": true,
   "type": "module"
 }