Tags

v0.16.0

v0.16.0 -- prompt-template + mcp artifact types

Adds first-class manifest support for two new artifact types
alongside skills:
- prompt-template (writes to .claude/prompt-templates/)
- mcp           (writes to .claude/mcps/)

Companion bug fix: commit_and_push now resolves the destination
directory per artifact type instead of hardcoding the skill path,
so pushes against prompt-template and mcp registries land
correctly.

Tracked at andunn/tanuki harness/pi-extension-self-doc and
nomograph follow-up work that depends on the new types.

archive/pre-lfs-migrate-2026-05-04

Backup of main before LFS-migrate force-push (chore/migrate-pipeline-v4 -> main)

v0.15.0

release v0.15.0

- **`agent-shape.toml` at repo root.** 20-subcommand adoption stub for the
  jig methodology, cross-validated via `jig check --binary` so the
  manifest stays consistent with the actual CLI surface.
- **`scripts/agent-shape-fixture.sh`.** Idempotent fixture builder that
  sets up three git registries (one writable, two readonly mirrors) plus
  a project containing six items spanning current, drifted,
  registry-missing, and upstream-advanced states. Used as the harness
  for agent-shape baselining.
- **5 tuning tasks** under the agent-shape work, exercising the fixture
  states above.
- **Treatment v0 discoverability aliases.** `rune registry list` now has
  a parent `registry` command with a `ls` alias, `rune config list`
  picks up an `ls` alias, and `rune add --registry` is exposed as a
  visible alias for `--from`. Targets the most common path drift the
  agent-shape baseline surfaced.
- **`hero.svg` and `avatar.svg`** in the nomograph paper-palette OV-1
  grammar, plus a `CODEOWNERS` file.

- **`skill_path` is now layout-aware.** It falls back from the typed
  subdirectory layout (`skills/<name>`) to the legacy flat layout
  (`<name>` at registry root) the same way `artifact_path` already did.
  Without this fix, `rune upstream` could not find imported skills in
  writable registries that used the typed-subdirectory layout. Includes
  a `skill_path_typed_vs_legacy` regression test covering both layouts
  plus the directory-skill case.

v0.14.0

v0.14.0 — rune skill subcommand

v0.13.0

v0.13.0 — drift detection

v0.12.0

v0.12.0 — stabilization + registry aliases

v0.11.0

v0.11.0 — structure + archive rewrite

v0.10.0

v0.10.0 — discipline pass

v0.9.0

v0.8.1

v0.8.0

rune v0.8.0

Multi-type support: skills, agents, rules.

- New ArtifactType enum drives per-type sections in manifest/lockfile
- -t/--type flag on add/remove/push/browse (auto-detect where possible)
- Per-project [paths] override for targeting other tools (Cursor, Pi)
- AGENTS.md generator emits separate <agent> tags for agentskills.io interop
- 62 tests (22 unit + 40 integration)

v0.7.0

feat: variadic add, prune command, doctor manifest health

v0.6.0

First crates.io release as nomograph-rune

v0.5.4

rune v0.5.4

Multi-agent interoperability.

- AGENTS.md generated on sync with XML skill metadata (agentskills.io format).
  Parsed by Cursor, Windsurf, Copilot, Aider, and other agent editors.
- .agent/skills/ symlink to .claude/skills/ for non-Claude agent discovery.
- Fix: push new directory-style skills to registry correctly.
- Pipeline component v2.3.0.

v0.5.3

rune v0.5.3

Fix push for new directory-style skills.

- fix: skill_path fell through to .md suffix for new skills not yet in
  the registry, creating spectacle.md/ instead of spectacle/. Now accepts
  a local_is_dir hint from the push command.
- fix: commit_and_push uses actual destination path for git add instead
  of bare skill name.

v0.5.2

rune v0.5.2

Security and identity fix for cross-namespace registries.

- Credentials no longer persist in cached .git/config. Tokens injected
  transiently via GIT_ASKPASS, resolved fresh each operation.
- Per-registry git identity (git_email, git_name) set on clone.
  Ensures rune push commits with the correct email for each namespace.
- rune audit command for detecting content regressions across registries.
- Rewritten README with multi-registry auth documentation.

v0.5.1

rune v0.5.1

- feat: rune audit -- detect content regressions across registries
- docs: rewrite README with multi-registry auth guide
  - Per-registry authentication (token_env, glab/gh auto-detect)
  - Multiple GitLab identity pattern with RUNE_TOKEN_{NAME}
  - Complete command table, lockfile model, upstream imports
- docs: generic examples (no specific registry names in README)

v0.5.0

rune v0.5.0

Per-registry authentication for private skill registries.

Token resolution order (per registry):
1. token_env -- explicit env var in registry config
2. glab auth token -- auto-detect for gitlab.com URLs
3. gh auth token -- auto-detect for github.com URLs
4. No auth -- system credential helpers or public access

This enables registries across different namespaces with separate
PATs. For example, nomograph tools with a personal token and
work-scoped private skills with a fine-grained project token.

Config example:
  [[registry]]
  name = "arcana"
  url = "https://gitlab.com/work-namespace/arcana.git"
  token_env = "RUNE_TOKEN_ARCANA"

Also in this release:
- v0.4.0: lockfile, modified detection, drift direction fix
- v0.4.0: rune status, rune clean, --dry-run, --message, --force
- v0.4.0: colored output, 47 tests
- v0.4.1: CI hardening (deny.toml, pipeline v2.1.0)

v0.4.1

rune v0.4.1

CI hardening -- no functional changes from v0.4.0.

- deny.toml: cargo-deny license allow-list (MIT, Apache-2.0, BSD, ISC, MPL-2.0)
- Pipeline v2.1.0: all images from nomograph container registry, no Docker Hub
- Release page includes tag annotation body + mise/manual install instructions
- audit_allow_failure: false (deny config makes audit pass cleanly)
- Updated yanked fastrand 2.4.0 -> 2.4.1
- Cargo.toml version matches tag (--version reports correctly)

v0.4.0

rune v0.4.0

Architecture:
- Lockfile (.claude/rune.lock): records hash + registry_commit per skill,
  enabling reproducible installs and accurate drift detection
- Modified flag detection: sync compares local hash to lockfile, sets
  pedigree modified=true for imported skills changed locally
- Content-based drift direction replaces unreliable mtime comparison
- File locking (flock) prevents concurrent cache corruption
- Archive etag caching skips redundant tarball downloads
- sync --force required to overwrite locally modified skills
- add/remove update lockfile immediately

New commands and flags:
- rune status: combined summary (registries + project + upstream)
- rune clean: purge stale cache entries for removed registries
- --dry-run global flag on sync/push/update/clean
- --message on push for custom commit messages
- --force on sync to overwrite local modifications

Polish:
- Colored output with isatty detection
- Safer settings.json handling (backup, better errors)
- doctor respects --project flag
- 47 tests (up from 17), clippy clean