npm - happyskills - Versions diffs - 0.5.0 → 0.7.0 - Mend

happyskills 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.md +20 -0
package/package.json +1 -1
package/src/api/push.js +3 -3
package/src/commands/convert.js +6 -20
package/src/commands/login.js +28 -2
package/src/commands/login_device.js +1 -1
package/src/commands/publish.js +4 -1
package/src/index.js +1 -1
package/src/integration/cli.test.js +26 -0

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 ## [Unreleased]
+## [0.7.0] - 2026-03-06
+### Added
+- Add `--json --browser` combined flags to `login` command for single-command authentication — returns already-logged-in status or launches the browser flow and returns the result as JSON, eliminating the two-step check-then-login dance
+### Changed
+- Change `login_device` expired-token handling from `process.exit()` to a thrown error so callers (including `--json` mode) can handle it gracefully
+## [0.6.0] - 2026-03-06
+### Added
+- Add `--public` flag to `publish` command to explicitly publish a skill as publicly discoverable in the catalog
+### Changed
+- Change `publish` default visibility from public to private — skills are now private by default; pass `--public` to make a skill visible in the catalog
+- Change `convert` to no longer auto-publish to the registry after converting; the skill is registered locally and the user is prompted to run `happyskills publish <skill-name>` as a separate step
+### Fixed
+- Fix `--version` flag collision where commands accepting `--version <value>` (e.g., `convert --version 1.0.0`) would incorrectly trigger the root `--version` output instead of passing the value to the command
 ## [0.5.0] - 2026-03-05
 ### Added

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "happyskills",
-	"version": "0.5.0",
+	"version": "0.7.0",
 	"description": "Package manager for AI agent skills",
 	"license": "SEE LICENSE IN LICENSE",
 	"author": "Nicolas Dao <nic@cloudlesslabs.com> (https://cloudlesslabs.com)",

package/src/api/push.js CHANGED Viewed

@@ -12,13 +12,13 @@ const estimate_payload_size = (files) => {
 	return size
 }
-const smart_push = (owner, repo, { version, message, files }, on_progress) =>
+const smart_push = (owner, repo, { version, message, files, visibility }, on_progress) =>
 	catch_errors('Smart push failed', async () => {
 		const payload_size = estimate_payload_size(files)
 		if (payload_size < DIRECT_PUSH_THRESHOLD) {
 			// Small payload — use direct push
-			const [err, data] = await repos_api.push(owner, repo, { version, message, files })
+			const [err, data] = await repos_api.push(owner, repo, { version, message, files, visibility })
 			if (err) throw e('Direct push failed', err)
 			return data
 		}
@@ -28,7 +28,7 @@ const smart_push = (owner, repo, { version, message, files }, on_progress) =>
 		// Step 1: Initiate
 		const [init_err, init_data] = await initiate_upload(owner, repo, {
-			version, message, files: file_meta
+			version, message, files: file_meta, visibility
 		})
 		if (init_err) throw e('Upload initiation failed', init_err)

package/src/commands/convert.js CHANGED Viewed

@@ -5,9 +5,7 @@ const { error: { catch_errors, wrap_errors: e } } = require('puffy-core')
 const { require_token } = require('../auth/token_store')
 const repos_api = require('../api/repos')
 const workspaces_api = require('../api/workspaces')
-const { smart_push } = require('../api/push')
 const { parse_frontmatter } = require('../utils/skill_scanner')
-const { collect_files } = require('../utils/file_collector')
 const { write_manifest } = require('../manifest/writer')
 const { read_lock } = require('../lock/reader')
 const { write_lock, update_lock_skills } = require('../lock/writer')
@@ -125,7 +123,7 @@ const run = (args) => catch_errors('Convert failed', async () => {
 		console.error(`  Description: ${description || '(none)'}`)
 		console.error(`  Keywords:    ${keywords.length ? keywords.join(', ') : '(none)'}`)
 		console.error('')
-		const answer = await confirm('Publish this skill to the registry? [y/N] ')
+		const answer = await confirm('Convert this skill to a managed package? [y/N] ')
 		if (answer !== 'y' && answer !== 'yes') {
 			print_info('Aborted.')
 			return process.exit(EXIT_CODES.SUCCESS)
@@ -138,21 +136,6 @@ const run = (args) => catch_errors('Convert failed', async () => {
 	const [manifest_err] = await write_manifest(skill_dir, manifest)
 	if (manifest_err) { pub_spinner.fail('Failed to write skill.json'); throw e('Failed to write skill.json', manifest_err) }
-	pub_spinner.update('Packaging skill...')
-	const [collect_err, skill_files] = await collect_files(skill_dir)
-	if (collect_err) { pub_spinner.fail('Failed to collect files'); throw e('File collection failed', collect_err) }
-	pub_spinner.update(`Publishing ${workspace.slug}/${skill_name}@${version}...`)
-	const on_progress = (completed, total) => {
-		pub_spinner.update(`Uploading files (${completed}/${total})...`)
-	}
-	const [push_err, push_data] = await smart_push(workspace.slug, skill_name, {
-		version,
-		message: `Release ${version}`,
-		files: skill_files
-	}, on_progress)
-	if (push_err) { pub_spinner.fail('Publish failed'); throw e('Push failed', push_err) }
 	pub_spinner.update('Updating lock file...')
 	const lock_dir = lock_root(is_global, project_root)
 	const [, lock_data] = await read_lock(lock_dir)
@@ -162,8 +145,8 @@ const run = (args) => catch_errors('Convert failed', async () => {
 	const updates = {
 		[full_name]: {
 			version,
-			ref: push_data?.ref || `refs/tags/v${version}`,
-			commit: push_data?.commit || null,
+			ref: null,
+			commit: null,
 			integrity: integrity || null,
 			requested_by: ['__root__'],
 			dependencies: {}
@@ -185,6 +168,9 @@ const run = (args) => catch_errors('Convert failed', async () => {
 		} })
 		return
 	}
+	console.error('')
+	print_info(`Next step: enrich metadata, then run \`happyskills publish ${skill_name}\` to publish.`)
 }).then(([errors]) => { if (errors) { exit_with_error(errors); return } })
 module.exports = { run }

package/src/commands/login.js CHANGED Viewed

@@ -22,7 +22,8 @@ Options:
 Examples:
   happyskills login
   happyskills login --browser
-  happyskills login --password`
+  happyskills login --password
+  happyskills login --json --browser    Check status or authenticate (for automation)`
 const prompt = (question) => new Promise((resolve) => {
 	const rl = readline.createInterface({ input: process.stdin, output: process.stderr })
@@ -120,8 +121,33 @@ const run = (args) => catch_errors('Login failed', async () => {
 			const email = payload?.email || 'unknown'
 			const username = payload?.['cognito:username'] || payload?.sub || 'unknown'
 			print_json({ data: { status: 'already_logged_in', username, email } })
+			return
+		}
+		// Not logged in — check if browser flow requested
+		if (!args.flags.browser) {
+			print_json({ error: { code: 'INTERACTIVE_REQUIRED', message: 'Login requires browser interaction. Run `happyskills login --json --browser` to authenticate.', exit_code: EXIT_CODES.ERROR } })
+			process.exit(EXIT_CODES.ERROR)
+			return
+		}
+		// --json --browser: run browser flow, return JSON result
+		const [errors] = await run_browser_flow()
+		if (errors) {
+			print_json({ error: { code: 'AUTH_FAILED', message: errors[0]?.message || 'Browser login failed', exit_code: EXIT_CODES.ERROR } })
+			process.exit(EXIT_CODES.ERROR)
+			return
+		}
+		// Browser flow succeeded — read saved token
+		const [, new_token] = await load_token()
+		if (new_token) {
+			const payload = decode_jwt_payload(new_token.id_token)
+			const email = payload?.email || 'unknown'
+			const username = payload?.['cognito:username'] || payload?.sub || 'unknown'
+			print_json({ data: { status: 'logged_in', username, email } })
 		} else {
-			print_json({ error: { code: 'INTERACTIVE_REQUIRED', message: 'Login requires browser interaction. Run `happyskills login --browser` manually.', exit_code: EXIT_CODES.ERROR } })
+			print_json({ error: { code: 'AUTH_FAILED', message: 'Login flow completed but token could not be loaded', exit_code: EXIT_CODES.ERROR } })
 			process.exit(EXIT_CODES.ERROR)
 		}
 		return

package/src/commands/login_device.js CHANGED Viewed

@@ -45,7 +45,7 @@ const run_browser_flow = () => catch_errors('Browser login failed', async () =>
 			const api_err = token_err.find(err => err.error_code)
 			if (api_err?.error_code === 'EXPIRED_TOKEN') {
 				spinner.fail('Authorization expired. Please run `happyskills login` again.')
-				process.exit(EXIT_CODES.ERROR)
+				throw new Error('Authorization expired. Please run `happyskills login` again.')
 			}
 			// Transient error — keep polling
 			continue

package/src/commands/publish.js CHANGED Viewed

@@ -24,6 +24,7 @@ Arguments:
 Options:
   --bump <type>          Auto-bump version before publishing (patch, minor, major)
   --workspace <slug>     Target workspace (overrides lock file owner)
+  --public               Publish as public (default is private)
 Aliases: pub
@@ -120,10 +121,12 @@ const run = (args) => catch_errors('Publish failed', async () => {
 	const on_progress = (completed, total) => {
 		spinner.update(`Uploading files (${completed}/${total})...`)
 	}
+	const visibility = args.flags.public ? 'public' : 'private'
 	const [push_err] = await smart_push(workspace.slug, manifest.name, {
 		version: manifest.version,
 		message: `Release ${manifest.version}`,
-		files: skill_files
+		files: skill_files,
+		visibility
 	}, on_progress)
 	if (push_err) { spinner.fail('Publish failed'); throw e('Push failed', push_err) }

package/src/index.js CHANGED Viewed

@@ -115,7 +115,7 @@ const run = (argv) => {
 		set_json_mode()
 	}
-	if (args.flags.version) {
+	if (args.flags.version === true) {
 		show_version()
 		return process.exit(EXIT_CODES.SUCCESS)
 	}

package/src/integration/cli.test.js CHANGED Viewed

@@ -340,6 +340,32 @@ describe('CLI — --json: success responses use { data } envelope', () => {
 			fs.rmSync(tmp_xdg, { recursive: true, force: true })
 		}
 	})
+	it('login --json --browser with stored credentials returns already_logged_in', () => {
+		const tmp_xdg = make_tmp()
+		try {
+			const creds_dir = path.join(tmp_xdg, 'happyskills')
+			fs.mkdirSync(creds_dir, { recursive: true })
+			const payload = { email: 'test@example.com', 'cognito:username': 'testuser', sub: 'test-sub-123' }
+			const fake_jwt = `eyJhbGciOiJSUzI1NiJ9.${Buffer.from(JSON.stringify(payload)).toString('base64url')}.fakesig`
+			fs.writeFileSync(path.join(creds_dir, 'credentials.json'), JSON.stringify({
+				id_token: fake_jwt,
+				access_token: 'fake-access',
+				refresh_token: 'fake-refresh',
+				expires_in: 3600,
+				stored_at: new Date().toISOString()
+			}, null, '\t'))
+			const { stdout, code } = run(['login', '--json', '--browser'], { XDG_CONFIG_HOME: tmp_xdg })
+			assert.strictEqual(code, 0)
+			const out = parse_json_output(stdout, 'login --json --browser with credentials')
+			assert.ok('data' in out)
+			assert.strictEqual(out.data.status, 'already_logged_in')
+			assert.strictEqual(out.data.username, 'testuser')
+			assert.strictEqual(out.data.email, 'test@example.com')
+		} finally {
+			fs.rmSync(tmp_xdg, { recursive: true, force: true })
+		}
+	})
 })
 // ─── --json flag: existing commands use { data } envelope ─────────────────────