moltblock 0.11.6 → 0.11.7

package/dist/index.d.ts

@@ -1,7 +1,7 @@
 /**
  * Moltblock — framework for evolving composite intelligences (Entities).
  */
-export declare const VERSION = "0.11.6";
+export declare const VERSION = "0.11.7";
 export type { ModelBinding, BindingEntry, AgentConfig, MoltblockConfig, ChatMessage, VerifiedMemoryEntry, CheckpointEntry, OutcomeEntry, InboxEntry, StrategySuggestion, ReceivedArtifact, GovernanceConfig, } from "./types.js";
 export { WorkingMemory } from "./memory.js";
 export { signArtifact, verifyArtifact, artifactHash } from "./signing.js";

package/dist/index.js

@@ -1,7 +1,7 @@
 /**
  * Moltblock — framework for evolving composite intelligences (Entities).
  */
-export const VERSION = "0.11.6";
+export const VERSION = "0.11.7";
 // Memory
 export { WorkingMemory } from "./memory.js";
 // Signing

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moltblock",
-  "version": "0.11.6",
+  "version": "0.11.7",
   "description": "Framework for building evolving composite AI intelligences (Entities)",
   "type": "module",
   "main": "dist/index.js",

package/skill/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: moltblock - Trust Layer for AI Agents
 description: Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.
-version: 0.11.6
+version: 0.11.7
 homepage: https://github.com/moltblock/moltblock
 repository: https://github.com/moltblock/moltblock
 metadata:
@@ -10,9 +10,9 @@ metadata:
       anyBins:
         - npx
         - node
-      config:
-        - moltblock.json
-        - ~/.moltblock/moltblock.json
+    optionalConfig:
+      - moltblock.json
+      - ~/.moltblock/moltblock.json
     primaryEnv: OPENAI_API_KEY
     optionalEnv:
       - ANTHROPIC_API_KEY
@@ -21,7 +21,7 @@ metadata:
     homepage: https://github.com/moltblock/moltblock
     install:
       - kind: node
-        package: moltblock@0.11.6
+        package: moltblock@0.11.7
         bins: [moltblock]
 ---
 
@@ -34,9 +34,10 @@ Moltblock provides verification gating for AI-generated artifacts. It runs polic
 **What moltblock does:**
 - Generates artifacts via LLM API calls, then runs policy checks against the output
 - Returns a structured verification result (pass/fail with evidence)
-- Reads its own config files (`moltblock.json`, `~/.moltblock/moltblock.json`) if present
+- Optionally reads config files (`moltblock.json`, `~/.moltblock/moltblock.json`) if present — no config is required
 - API keys are read from environment variables at runtime and sent only to the configured LLM provider endpoint
-- **No code execution occurs** — moltblock only performs policy checks on generated artifacts
+- **When used as a skill (without `--test`):** only policy checks run — no code is generated, written to disk, or executed
+- **The `--test` flag** (developer-only, not exposed to agents via this skill) additionally runs code verification via vitest in an isolated temp directory
 
 ## When to Use
 
@@ -53,7 +54,7 @@ Verify a task before execution.
 ### Usage
 
 ```bash
-npx moltblock@0.11.6 "<task description>" --provider <provider> --json
+npx moltblock@0.11.7 "<task description>" --provider <provider> --json
 ```
 
 ### Parameters
@@ -77,7 +78,7 @@ Moltblock auto-detects the LLM provider from whichever API key is set. If no key
 
 ```bash
 # Verify a task
-npx moltblock@0.11.6 "implement a function that validates email addresses" --json
+npx moltblock@0.11.7 "implement a function that validates email addresses" --json
 ```
 
 ### Output (JSON mode)
@@ -98,13 +99,13 @@ npx moltblock@0.11.6 "implement a function that validates email addresses" --jso
 Use directly with npx (recommended, no install needed):
 
 ```bash
-npx moltblock@0.11.6 "your task" --json
+npx moltblock@0.11.7 "your task" --json
 ```
 
 Or install globally:
 
 ```bash
-npm install -g moltblock@0.11.6
+npm install -g moltblock@0.11.7
 ```
 
 ## Configuration
@@ -135,9 +136,13 @@ See the [full configuration docs](https://github.com/moltblock/moltblock#configu
 
 ## Security
 
-When used as a skill, moltblock performs **policy checks only** — no code is generated, written to disk, or executed. The tool analyzes task descriptions against configurable policy rules and returns a pass/fail verification result.
+**Skill surface (agent-facing):** When invoked via `npx moltblock "<task>" --json`, the tool makes LLM API calls and runs regex-based policy checks against the generated output. No code is written to disk or executed. Task descriptions and generated artifacts are transmitted to the configured LLM provider endpoint.
 
-The CLI additionally supports a `--test` flag for direct user invocation that executes code verification via vitest. This flag is not exposed to agents through this skill and should only be used directly by developers in sandboxed environments. See the [CLI documentation](https://github.com/moltblock/moltblock#security) for details.
+**Developer-only CLI surface:** The CLI supports a `--test <path>` flag that additionally runs code verification via vitest in an isolated temp directory. This flag is **not exposed to agents** through this skill and is documented here only for transparency. It should only be used directly by developers in sandboxed environments.
+
+**npm install behavior:** The package has no `postinstall` scripts. `better-sqlite3` (a dependency) uses `prebuild-install` to download prebuilt native binaries — no compilation occurs unless prebuilds are unavailable. Inspect via `npm pack --dry-run` or review the [source on GitHub](https://github.com/moltblock/moltblock).
+
+**API key scope:** Consider using a limited-scope API key dedicated to verification rather than a key with broader permissions.
 
 ## Disclaimer