npm - happyskills - Versions diffs - 0.27.1 → 0.28.0 - Mend

happyskills 0.27.1 → 0.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 ## [Unreleased]
+## [0.28.0] - 2026-04-02
+### Added
+- Add archive-based upload for large skill publishing — bundles all files into a single `.tar.gz` archive and uploads once via presigned URL, replacing hundreds of individual S3 PUTs for dramatically faster publishes of skills with many files
+## [0.27.2] - 2026-04-02
+### Fixed
+- Fix `publish` not syncing dependency declarations to the lock file when publishing an existing skill — the lock entry's `dependencies` field was stale after publish
+- Fix `refresh` not detecting dependency drift — skills whose lock `dependencies` diverged from the installed `skill.json` were incorrectly reported as up-to-date because the staleness check was purely commit-based
 ## [0.27.1] - 2026-04-02
 ### Fixed

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "happyskills",
-	"version": "0.27.1",
+	"version": "0.28.0",
 	"description": "Package manager for AI agent skills",
 	"license": "SEE LICENSE IN LICENSE",
 	"author": "Nicolas Dao <nic@cloudlesslabs.com> (https://cloudlesslabs.com)",

package/src/api/push.js CHANGED Viewed

@@ -1,6 +1,7 @@
 const { error: { catch_errors, wrap_errors: e } } = require('puffy-core')
 const repos_api = require('./repos')
-const { initiate_upload, complete_upload, upload_files_parallel } = require('./upload')
+const { initiate_upload, complete_upload, upload_file_to_s3, upload_files_parallel } = require('./upload')
+const { create_archive, cleanup_archive } = require('../utils/archive')
 const DIRECT_PUSH_THRESHOLD = 5 * 1024 * 1024 // 5MB
@@ -12,7 +13,47 @@ const estimate_payload_size = (files) => {
 	return size
 }
-const smart_push = (owner, repo, { version, message, files, visibility, base_commit, force, parent_shas }, on_progress) =>
+const archive_push = (owner, repo, { version, message, files, visibility, base_commit, force, parent_shas, source_dir }, on_progress) =>
+	catch_errors('Archive push failed', async () => {
+		const file_meta = files.map(f => ({ path: f.path, sha: f.sha, size: f.size }))
+		// Step 1: Create tar.gz archive
+		const [arch_err, archive] = await create_archive(source_dir)
+		if (arch_err) throw e('Failed to create archive', arch_err)
+		try {
+			// Step 2: Initiate with archive mode (single presigned URL)
+			const init_body = {
+				version, message, files: file_meta, visibility, base_commit, force,
+				archive: true, archive_sha: archive.sha, archive_size: archive.size
+			}
+			if (parent_shas) init_body.parent_shas = parent_shas
+			const [init_err, init_data] = await initiate_upload(owner, repo, init_body)
+			if (init_err) throw e('Upload initiation failed', init_err)
+			// Step 3: Upload single archive
+			const url = init_data.presigned_urls[archive.sha]
+			if (!url) throw new Error('No presigned URL returned for archive')
+			const [upload_err] = await upload_file_to_s3(url, archive.buffer)
+			if (upload_err) throw e('Archive upload failed', upload_err)
+			if (on_progress) on_progress(1, 1)
+			// Step 4: Complete
+			const complete_body = {
+				upload_id: init_data.upload_id, archive_sha: archive.sha,
+				version, message, files: file_meta, base_commit, force
+			}
+			if (parent_shas) complete_body.parent_shas = parent_shas
+			const [complete_err, complete_data] = await complete_upload(owner, repo, complete_body)
+			if (complete_err) throw e('Upload completion failed', complete_err)
+			return complete_data
+		} finally {
+			cleanup_archive(archive.path)
+		}
+	})
+const smart_push = (owner, repo, { version, message, files, visibility, base_commit, force, parent_shas, source_dir }, on_progress) =>
 	catch_errors('Smart push failed', async () => {
 		const payload_size = estimate_payload_size(files)
@@ -25,7 +66,12 @@ const smart_push = (owner, repo, { version, message, files, visibility, base_com
 			return data
 		}
-		// Large payload — use presigned upload flow
+		// Large payload — prefer archive upload if source_dir is available
+		if (source_dir) {
+			return await archive_push(owner, repo, { version, message, files, visibility, base_commit, force, parent_shas, source_dir }, on_progress)
+		}
+		// Fallback: per-file presigned upload
 		const file_meta = files.map(f => ({ path: f.path, sha: f.sha, size: f.size }))
 		// Step 1: Initiate

package/src/commands/publish.js CHANGED Viewed

@@ -195,7 +195,8 @@ const run = (args) => catch_errors('Publish failed', async () => {
 		files: skill_files,
 		visibility,
 		base_commit: force ? null : base_commit,
-		force
+		force,
+		source_dir: dir
 	}
 	if (merge_parents && !force) {
 		push_options.parent_shas = merge_parents
@@ -229,7 +230,8 @@ const run = (args) => catch_errors('Publish failed', async () => {
 				ref: push_data?.ref || `refs/tags/v${manifest.version}`,
 				commit: push_data?.commit || null,
 				base_commit: push_data?.commit || null,
-				base_integrity: (!hash_err && integrity) ? integrity : null
+				base_integrity: (!hash_err && integrity) ? integrity : null,
+				dependencies: manifest.dependencies || {}
 			}
 			if (!hash_err && integrity) updated_entry.integrity = integrity
 			delete updated_entry.merge_parents

package/src/commands/refresh.js CHANGED Viewed

@@ -1,6 +1,7 @@
 const { error: { catch_errors, wrap_errors: e } } = require('puffy-core')
 const { install } = require('../engine/installer')
 const { read_lock, get_all_locked_skills } = require('../lock/reader')
+const { read_manifest } = require('../manifest/reader')
 const { detect_status } = require('../merge/detector')
 const repos_api = require('../api/repos')
 const { print_help, print_table, print_json, print_info, print_success, print_warn, print_hint, code } = require('../ui/output')
@@ -26,6 +27,16 @@ Examples:
   happyskills refresh -y
   happyskills refresh -g -y --json`
+/**
+ * Returns true if the lock entry's dependencies differ from the installed skill.json's dependencies.
+ */
+const has_dependency_drift = (lock_entry, manifest) => {
+	if (!manifest) return false
+	const lock_deps = JSON.stringify(lock_entry.dependencies || {})
+	const manifest_deps = JSON.stringify(manifest.dependencies || {})
+	return lock_deps !== manifest_deps
+}
 const confirm_prompt = (question) => new Promise((resolve) => {
 	const readline = require('readline')
 	const rl = readline.createInterface({ input: process.stdin, output: process.stderr })
@@ -72,6 +83,15 @@ const run = (args) => catch_errors('Refresh failed', async () => {
 		}
 	} else {
 		spinner?.succeed('Checked for updates')
+		const base_dir = skills_dir(is_global, project_root)
+		// Read all installed manifests in parallel to check for dependency drift
+		const manifest_map = {}
+		await Promise.all(to_check.map(async ([name]) => {
+			const short_name = name.split('/')[1] || name
+			const dir = skill_install_dir(base_dir, short_name)
+			const [, manifest] = await read_manifest(dir)
+			if (manifest) manifest_map[name] = manifest
+		}))
 		for (const [name, data] of to_check) {
 			const info = batch_data?.results?.[name]
 			if (info?.access_denied) {
@@ -83,6 +103,9 @@ const run = (args) => catch_errors('Refresh failed', async () => {
 			} else if (!data.base_commit && info.latest_version !== data.version) {
 				// Fallback to version comparison for old lock files without base_commit
 				results.push({ skill: name, installed: data.version, latest: info.latest_version, status: 'outdated' })
+			} else if (has_dependency_drift(data, manifest_map[name])) {
+				// Lock dependencies are stale compared to installed skill.json
+				results.push({ skill: name, installed: data.version, latest: info.latest_version, status: 'outdated' })
 			} else {
 				results.push({ skill: name, installed: data.version, latest: info.latest_version, status: 'up-to-date' })
 			}

package/src/utils/archive.js ADDED Viewed

@@ -0,0 +1,24 @@
+const { execFile } = require('child_process')
+const { promisify } = require('util')
+const crypto = require('crypto')
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+const { error: { catch_errors } } = require('puffy-core')
+const exec_file = promisify(execFile)
+const create_archive = (source_dir) =>
+	catch_errors('Failed to create archive', async () => {
+		const archive_path = path.join(os.tmpdir(), `happyskills-${crypto.randomUUID()}.tar.gz`)
+		await exec_file('tar', ['czf', archive_path, '-C', source_dir, '.'])
+		const buffer = await fs.promises.readFile(archive_path)
+		const sha = crypto.createHash('sha256').update(buffer).digest('hex')
+		return { path: archive_path, buffer, sha, size: buffer.length }
+	})
+const cleanup_archive = (archive_path) => {
+	fs.promises.unlink(archive_path).catch(() => {})
+}
+module.exports = { create_archive, cleanup_archive }