smart-web-mcp 0.25.4 → 0.25.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -68,7 +68,7 @@ The format is based on Keep a Changelog[^1] and this project uses SemVer.
68
68
 
69
69
  ### Changed
70
70
 
71
- - Provider benchmark live-vs-fixture and evidence-gap actions now use `unlock-skipped-fixture-prerequisites` when fixture rows already exist but were skipped by missing credentials or commands, keeping credentialed search follow-up queues from implying new fixtures are needed.
71
+ - Provider benchmark live-vs-fixture and evidence-gap artifacts now mark all-skipped fixture rows as `fixtureEvidence: "skipped"` with `fixture-skipped-*` comparison states, while still using `unlock-skipped-fixture-prerequisites` for credential-gated follow-up queues.
72
72
  - The partial/handoff watchdog now uses a non-existent Wikidocs article id for its unavailable-shell representative, avoiding false failures when public Wikidocs articles render as healthy content.
73
73
  - `smartcrawl` export summaries now include file:// re-open guidance for the summary, manifest, resource-handle JSON, and first Markdown document so agents can resume from export handles without requesting JSON duplication.
74
74
  - `smartcrawl-resource-handles.json` now includes metadata handles for the export summary, crawl manifest, and resource-handle manifest alongside document handles.
@@ -133,6 +133,13 @@ The format is based on Keep a Changelog[^1] and this project uses SemVer.
133
133
  - Korean public API helpers now validate outbound URLs and redirects before fetching, blocking localhost, private, and reserved targets unless `network.allowPrivateHosts` is explicitly enabled.
134
134
  - CI now declares read-only default repository permissions, Dependabot auto-merge pins the reusable workflow without forwarding all caller secrets, and the workflow check enforces those guards.
135
135
 
136
+ ## [0.25.5](https://github.com/jojo-labs/smart-web/compare/v0.25.4...v0.25.5) (2026-06-21)
137
+
138
+
139
+ ### Bug Fixes
140
+
141
+ * mark skipped benchmark fixtures explicitly ([#349](https://github.com/jojo-labs/smart-web/issues/349)) ([38b96a2](https://github.com/jojo-labs/smart-web/commit/38b96a2bbd043d4ccf673853048880815cb647a5))
142
+
136
143
  ## [0.25.4](https://github.com/jojo-labs/smart-web/compare/v0.25.3...v0.25.4) (2026-06-21)
137
144
 
138
145
 
package/README.md CHANGED
@@ -547,7 +547,7 @@ Reports carry the `provider-benchmark.v1` schema version plus non-fatal git and
547
547
 
548
548
  Measurement artifacts also include a live-readiness manifest listing each lane's env/command/settings prerequisites, a deterministic fixture smoke, a safe MCP live-smoke candidate, and surfaces that still lack live evidence. `--run-live-smokes` (`npm run benchmark:providers:live`) is an explicit gated mode that runs only no-secret, core-surface live checks for static articles, long docs/Wikipedia, Hacker News, and docs export; credential/external lanes remain skipped until their prerequisites are configured, except for explicitly allowlisted no-secret exceptions: `--allow-jina-live-smoke` (`npm run benchmark:providers:live:jina`) exercises the public Jina Reader relay with a secret-stripped settings file, `--allow-competitive-programming-live-smoke` (`npm run benchmark:providers:live:cp`) adds a public BOJ/Codeforces representative smoke for the competitive-programming specialist surface, `--allow-browser-live-smoke` (`npm run benchmark:providers:live:browser`) runs a Playwright `--force-dynamic` smoke for the JS-rendered article surface only when the local browser lane is available, `--allow-youtube-live-smoke` (`npm run benchmark:providers:live:youtube`) adds the public YouTube seed-lane representative smoke, `--allow-blocked-authwall-live-smoke` (`npm run benchmark:providers:live:blocked`) adds a deterministic HTTP Basic Auth challenge smoke that treats honest blocked/error/handoff signals as positive calibration without private credentials, `--allow-naver-blog-live-smoke` (`npm run benchmark:providers:live:naver-blog`) adds a stable public Naver Blog representative smoke for Korean specialist-lane calibration, `--allow-naver-map-live-smoke` (`npm run benchmark:providers:live:naver-map`) adds a stable public Naver Map place smoke with browser-preflight diagnostics, and `--allow-naver-cafe-live-smoke` (`npm run benchmark:providers:live:naver-cafe`) adds a stable public Naver Cafe shared-link smoke that treats useful no-credential partial output as honest calibration. `--allow-all-no-secret-live-smokes` (`npm run benchmark:providers:live:no-secret`) enables every no-secret gate in one run while still leaving credentialed Exa/Tavily search lanes disabled unless `--allow-external-search-live-smoke` is provided separately.
549
549
 
550
- Live smoke artifacts record per-case `present`/`missing`/`skipped` evidence next to fixture evidence without printing secret values. Browser-lane live smoke rows also include a secret-safe Playwright preflight diagnostic with executable path, launch timing, `domcontentloaded` navigation timing, HTTP status/final URL, and truncated failure reason so runtime/cache/network failures can be separated from smartfetch normalization failures.
550
+ Live smoke artifacts record per-case `present`/`missing`/`skipped` evidence next to fixture evidence without printing secret values. When fixture rows exist but all are skipped by missing credentials or commands, comparison and gap artifacts report fixture evidence as `skipped` with a `fixture-skipped-*` comparison instead of implying the fixture rows are absent. Browser-lane live smoke rows also include a secret-safe Playwright preflight diagnostic with executable path, launch timing, `domcontentloaded` navigation timing, HTTP status/final URL, and truncated failure reason so runtime/cache/network failures can be separated from smartfetch normalization failures.
551
551
 
552
552
  Credentialed external-search live smoke remains a separate explicit gate: `--allow-external-search-live-smoke` (`npm run benchmark:providers:live:external-search`) attempts each implemented Exa/Tavily `smartsearch` lane only when that lane's key is configured (`EXA_API_KEY` for Exa; `TAVILY_API_KEY` or `SMART_WEB_TAVILY_API_KEY` for Tavily), writes keys only into a temporary mode-0600 settings file, strips API-key environment variables from the child process, and records only secret-free status/output metadata.
553
553
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "smart-web-mcp",
3
3
  "mcpName": "io.github.jojo-labs/smart-web",
4
- "version": "0.25.4",
4
+ "version": "0.25.5",
5
5
  "packageManager": "npm@11.9.0",
6
6
  "description": "Local MCP for web search, direct-URL fetch, compact normalized output, site crawling, and docs export.",
7
7
  "homepage": "https://github.com/jojo-labs/smart-web",