linkedin-apply-assistant 0.1.2 → 0.1.3

package/CHANGELOG.md

@@ -6,6 +6,15 @@ This file follows the spirit of Keep a Changelog and uses semantic version label
 
 ## [Unreleased]
 
+## [0.1.3] - 2026-06-13
+
+### Changed
+
+- Replaced the README and npm package-page PowerShell installer command with
+  the shorter `irm ... | iex` form.
+- Kept the inspectable temp-file PowerShell installer form in the detailed
+  install guide for optional installer arguments.
+
 ## [0.1.2] - 2026-06-13
 
 ### Changed

package/README.md

@@ -7,7 +7,7 @@ LinkedIn-apply-assistant is an experimental local browser automation assistant f
 
 The package is local-first. It does not require credentials in config, copied browser profiles, private documents, or generated reports to import, inspect, or run its deterministic tests.
 
-Current package metadata version: `0.1.2`.
+Current package metadata version: `0.1.3`.
 
 ## Safety Boundary
 
@@ -37,7 +37,7 @@ npm install -g linkedin-apply-assistant
 Windows PowerShell:
 
 ```powershell
-powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $env:TEMP\linkedin-apply-assistant-install.ps1; & $env:TEMP\linkedin-apply-assistant-install.ps1"
+irm https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 | iex
 ```
 
 Verify:
@@ -47,7 +47,7 @@ linkedin-apply-assistant --help
 ```
 
 Use Python 3.11 or newer. The npm package is the current public registry path;
-the PowerShell command downloads the installer from GitHub and runs it locally.
+the PowerShell command downloads and runs the installer from GitHub.
 See [docs/install-and-configuration.md](docs/install-and-configuration.md) for
 source, Python, Playwright, and troubleshooting details. PyPI remains a future
 package channel; the package-channel decision is documented in the

package/RELEASE_CHECKLIST.md

@@ -395,6 +395,54 @@ Distribution safety boundary:
 - `install.ps1` continues to avoid `Invoke-Expression` pipe-install behavior
 - PyPI and TestPyPI uploads stay out of this release
 
+## v0.1.3 PowerShell Short Installer Command Release
+
+This patch refreshes the README, npm package page, and GitHub Release wording to
+use the shorter PowerShell installer command:
+
+```powershell
+irm https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 | iex
+```
+
+Scope:
+
+- Package version: `0.1.3`
+- npm package: `linkedin-apply-assistant`
+- npm dist-tag: `latest`
+- GitHub Release: `v0.1.3`
+- Repository: `MohammedGhazal09/linkedin-apply-assistant`
+- Runtime behavior, browser safety posture, and public CLI contract are unchanged.
+- The longer temp-file PowerShell installer form remains documented for optional
+  arguments such as `-InstallBrowser`.
+- PyPI and TestPyPI remain future channels.
+
+Required local evidence before public sync:
+
+```powershell
+python -m pytest tests\test_distribution_metadata.py tests\test_docs_smoke.py tests\test_registry_publication_strategy.py tests\test_release_readiness.py tests\test_npm_launcher.py tests\test_distribution_smoke.py tests\test_release_manifest.py -q
+python scripts\release.py clean
+python scripts\release.py manifest --check
+python scripts\release.py verify
+npm pack --dry-run --json
+```
+
+Post-publish verification:
+
+```powershell
+npm view linkedin-apply-assistant version --json
+npm view linkedin-apply-assistant dist-tags --json
+gh release view v0.1.3 --repo MohammedGhazal09/linkedin-apply-assistant --json tagName,name,url,isDraft,isPrerelease,targetCommitish
+```
+
+Distribution safety boundary:
+
+- this is a docs-only package refresh to update the immutable npm README for the
+  latest package version
+- no lifecycle install, publish, or token scripts are added to `package.json`
+- `install.ps1` itself is unchanged; the shorter command only changes how users
+  download and run that public script
+- PyPI and TestPyPI uploads stay out of this release
+
 ## Required Public Metadata
 
 `package.json` must include exactly these public project fields:
@@ -448,7 +496,7 @@ Do not publish while any hard blocker remains unresolved.
 - `LEGAL.md` and `SAFETY.md` remain linked from README.
 - `MIGRATION.md` explains extraction scope and excluded root surfaces.
 - `CONTRIBUTING.md` and `SECURITY.md` are standalone-scoped.
-- Changelog has `Unreleased`, `0.1.2`, `0.1.1`, and `0.1.0`.
+- Changelog has `Unreleased`, `0.1.3`, `0.1.2`, `0.1.1`, and `0.1.0`.
 - Source, Python, npm launcher, and PowerShell installer docs are current and tested.
 - Phase 21 terminal UX docs and help stay current: `docs\commands.md`, `tests\test_cli_help.py`, and `tests\test_config_diagnostics.py`.
 - Public package metadata points to the canonical GitHub repository and issue tracker.

package/SECURITY.md

@@ -34,4 +34,4 @@ Never attach browser profiles, cookies, credentials, screenshots, private docume
 
 ## Supported Versions
 
-The initial standalone GitHub source release is `0.1.0`. Current package metadata is `0.1.2`. Security guidance applies to the current unreleased, `0.1.2`, `0.1.1`, and `0.1.0` package-local surfaces.
+The initial standalone GitHub source release is `0.1.0`. Current package metadata is `0.1.3`. Security guidance applies to the current unreleased, `0.1.3`, `0.1.2`, `0.1.1`, and `0.1.0` package-local surfaces.

package/docs/install-and-configuration.md

@@ -4,7 +4,7 @@ This package runs locally. You install the Python package, choose a local worksp
 
 This file is the canonical install matrix. The README keeps only a short quick start.
 
-Current package metadata version: `0.1.2`.
+Current package metadata version: `0.1.3`.
 
 The npm launcher and PowerShell no-admin installer are the current quick-install paths.
 PyPI remains a future package channel. The package-channel decision, approval
@@ -23,12 +23,12 @@ linkedin-apply-assistant --help
 Windows PowerShell without npm:
 
 ```powershell
-powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $env:TEMP\linkedin-apply-assistant-install.ps1; & $env:TEMP\linkedin-apply-assistant-install.ps1"
+irm https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 | iex
 ```
 
-The PowerShell command downloads [install.ps1](../install.ps1) from GitHub raw
-content to your temporary directory, then runs that local file. It does not use
-an `Invoke-Expression` pipe-install pattern.
+The PowerShell command is the short `Invoke-RestMethod` pipe-to-`Invoke-Expression`
+form. It downloads [install.ps1](../install.ps1) from GitHub raw content and
+runs it in the current PowerShell session.
 
 ## Prerequisites
 
@@ -72,13 +72,23 @@ local virtual environment, installs the Python package, and writes
 does not require admin rights.
 
 ```powershell
-powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $env:TEMP\linkedin-apply-assistant-install.ps1; & $env:TEMP\linkedin-apply-assistant-install.ps1"
+irm https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 | iex
+```
+
+Inspectable temp-file equivalent:
+
+```powershell
+$script = Join-Path $env:TEMP 'linkedin-apply-assistant-install.ps1'
+iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $script
+& $script
 ```
 
 Optional visible-browser setup during install:
 
 ```powershell
-powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $env:TEMP\linkedin-apply-assistant-install.ps1; & $env:TEMP\linkedin-apply-assistant-install.ps1 -InstallBrowser"
+$script = Join-Path $env:TEMP 'linkedin-apply-assistant-install.ps1'
+iwr https://raw.githubusercontent.com/MohammedGhazal09/linkedin-apply-assistant/main/install.ps1 -OutFile $script
+& $script -InstallBrowser
 ```
 
 ## Current Source Checkout

package/docs/registry-publication-strategy.md

@@ -7,17 +7,17 @@ asset, or grant publish-capable workflow permissions.
 
 The first GitHub source release, `v0.1.0`, remains source-only and is not a
 registry backfill candidate. The npm launcher release starts at `0.1.1`; the
-current docs-only npm package page refresh is `0.1.2`. PyPI and TestPyPI remain
-future channels.
+current PowerShell short-command npm package page refresh is `0.1.3`. PyPI and
+TestPyPI remain future channels.
 
 ## Current Boundary
 
-- Current package metadata version: `0.1.2`.
+- Current package metadata version: `0.1.3`.
 - Current install path: npm global launcher, PowerShell installer, source
   checkout, local Python install, local editable install, and local npm launcher
   dry-run validation.
 - Current public channel: GitHub repository source checkout and GitHub source
-  release archives; npm launcher package for `0.1.2` after the approved npm
+  release archives; npm launcher package for `0.1.3` after the approved npm
   patch publish step verifies successfully.
 - Not current: PyPI package, TestPyPI package, GitHub Packages package, PyPI
   trusted-publisher setup, npm trusted-publisher setup, registry automation,
@@ -34,14 +34,14 @@ action, and exact mutation.
 | GitHub Releases | Current source-only channel for `v0.1.0`. No wheel, sdist, npm tarball, or other release asset is attached. | Keep as the source-of-truth release record. Future assets require explicit approval. | Users can inspect and install from source without introducing registry auth or package-name ownership. | Clean local verification, changelog, release checklist, source manifest, approved tag or release mutation. | Explicit GitHub Release approval naming repo, tag, target commit, release state, and assets, if any. | `gh release view`, `gh release list`, source archive inspection, release manifest verification. | Remove mistaken assets from the release, correct the release notes, or delete a draft. Source tags need separate explicit remediation because asset removal does not undo a tag. |
 | PyPI | Not published and not reserved. | Primary future Python registry for direct package publication. | The project is a Python CLI with Playwright-driven browser automation, so PyPI is the natural long-term install path. | Maintainer or maintainer-controlled organization ownership, account 2FA where supported, PyPI Trusted Publishing with GitHub Actions OIDC, protected `pypi` environment, clean build and metadata gates. | Explicit PyPI approval naming repository, version, PyPI project, workflow or manual action, and exact upload mutation. | Read-only JSON API check, `python -m build`, `twine check dist/*`, local wheel install smoke, release scan, manifest verification. | Prefer yanking a broken release where appropriate. Deletion is disruptive and permanent; never rely on deleting and reusing the same version. |
 | TestPyPI | Not published and not reserved. | Required preflight for the first registry release and for publish-workflow changes. Routine patch preflights can become optional only after a proven release cycle. | It exercises package metadata, artifacts, and installer behavior before the real PyPI release. | Same artifact gates as PyPI, protected `testpypi` environment, explicit preflight approval, no production token. | Explicit TestPyPI approval naming repository, version, TestPyPI project, workflow or manual action, and exact upload mutation. | TestPyPI JSON API check, metadata validation, test-index install smoke, package contents review. | Clean up mistaken TestPyPI releases where possible and move forward with a new version if needed. Do not treat TestPyPI cleanup as production rollback proof. |
-| npm | Public thin-launcher channel for `0.1.2`; `0.1.1` was the first npm and PowerShell distribution release. | Keep as the JavaScript ecosystem convenience launcher; use PyPI later for direct Python package installs. | npm provides a familiar global command on systems that already have Node.js, but the launcher delegates to the Python CLI and cannot install Python itself. | Maintainer or maintainer-controlled ownership, account 2FA where supported, first-publish token bootstrap if trusted publishing cannot create the package, exact package contents review. | Explicit npm approval naming repository, version, npm package, workflow or manual action, and exact registry mutation. | `npm pack --dry-run --json`, package contents inspection, no lifecycle install/publish scripts, npm read-only registry check after publication. | Prefer deprecation for bad packages when unpublish criteria are not met. A used npm `package@version` cannot be reused, even after unpublish. |
-| PowerShell installer | Current GitHub-hosted installer script at `install.ps1`. | Keep as the no-admin Windows convenience path for users who prefer a single script. | It can create a local virtual environment, install dependencies from the public source archive, create command shims, and optionally install Chromium. | Public GitHub source archive availability, Python 3.11+, script syntax validation, no `Invoke-Expression` pipe-install pattern, and local install smoke. | Push the verified installer to the public repository; no registry mutation is required. | PowerShell parser check, temp-directory install smoke, command shim help smoke, and docs link checks. | Fix forward in `main`; users can reinstall from the corrected script or pin `-Ref` to a known tag. |
+| npm | Public thin-launcher channel for `0.1.3`; `0.1.1` was the first npm and PowerShell distribution release. | Keep as the JavaScript ecosystem convenience launcher; use PyPI later for direct Python package installs. | npm provides a familiar global command on systems that already have Node.js, but the launcher delegates to the Python CLI and cannot install Python itself. | Maintainer or maintainer-controlled ownership, account 2FA where supported, first-publish token bootstrap if trusted publishing cannot create the package, exact package contents review. | Explicit npm approval naming repository, version, npm package, workflow or manual action, and exact registry mutation. | `npm pack --dry-run --json`, package contents inspection, no lifecycle install/publish scripts, npm read-only registry check after publication. | Prefer deprecation for bad packages when unpublish criteria are not met. A used npm `package@version` cannot be reused, even after unpublish. |
+| PowerShell installer | Current GitHub-hosted installer script at `install.ps1`; the README uses `irm ... \| iex` and the detailed install doc keeps a temp-file equivalent. | Keep as the no-admin Windows convenience path for users who prefer a single script. | It can create a local virtual environment, install dependencies from the public source archive, create command shims, and optionally install Chromium. | Public GitHub source archive availability, Python 3.11+, script syntax validation, and local install smoke. | Push the verified installer/docs to the public repository; no registry mutation is required for installer-only changes. | PowerShell parser check, temp-directory install smoke, command shim help smoke, and docs link checks. | Fix forward in `main`; users can reinstall from the corrected script or pin `-Ref` to a known tag. |
 | GitHub Packages | Not used. | Deferred. | It adds `packages: write` and authenticated consumption friction without improving the primary Python install path. | A future reason to publish a package to GitHub Packages, explicit package type, permission model, and install documentation. | Separate approval naming package type, repository, version, and exact mutation. | GitHub Packages read-only checks and package permission review. | Delete or deprecate only according to the package type's GitHub Packages support. This is not a substitute for PyPI/npm remediation. |
 
 ## Package Names
 
 The target package name for PyPI, TestPyPI, and npm publication is
-`linkedin-apply-assistant`. The current npm launcher version is `0.1.2`.
+`linkedin-apply-assistant`. The current npm launcher version is `0.1.3`.
 
 If the unscoped npm name becomes unavailable or ownership changes later, the
 fallback is a future scoped npm package under a maintainer-controlled scope.
@@ -56,6 +56,8 @@ fallback is a future scoped npm package under a maintainer-controlled scope.
   PowerShell installer without changing the browser workflow contract.
 - The docs-only npm package page refresh uses `0.1.2` because published npm
   README content is immutable for an existing package version.
+- The PowerShell short-command README refresh uses `0.1.3` because the npm
+  package page must be republished to replace the prior command.
 - If user-visible behavior changes before registry publication, the default
   future version example is `0.2.0`.
 - Future behavior changes remain SemVer decisions at the publish phase.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "linkedin-apply-assistant",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Thin npm launcher for the Python LinkedIn apply assistant package",
   "license": "MIT",
   "repository": {

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "linkedin-apply-assistant"
-version = "0.1.2"
+version = "0.1.3"
 description = "Local LinkedIn application assistant with user-visible browser workflows"
 readme = "README.md"
 requires-python = ">=3.11"

package/src/linkedin_apply_assistant/__init__.py

@@ -1,6 +1,6 @@
 """Package identity for the standalone LinkedIn application assistant."""
 
-__version__ = "0.1.2"
+__version__ = "0.1.3"
 
 APP_DISPLAY_NAME = "LinkedIn-apply-assistant"
 APP_PACKAGE_NAME = "linkedin-apply-assistant"