Changelog

User-facing changes, newest first. See git log for the full commit history.

Unreleased

Script development loop (FAB-33 / FAB-99)

Mock toolkit panel in the Scripts tab. Define stub responses for
shell commands your script calls via subprocess.run. Each fixture
has a command, optional args prefix, stdout, optional stderr, and
exit code. Use these to test skill scripts in the builder without
needing a real gh, git, or curl.
Run button per script with stdout/stderr/exit-code panel. Today
the runner is in stub mode — it walks your script for
subprocess.run([...]) calls and matches them against the
fixtures, so you can sanity-check fixture coverage before
downloading. The full Pyodide-in-WebWorker runtime ships in a
follow-up; the badge under the Run button makes the limitation
visible.
Run history drawer under each Run button with the most recent
20 runs per script file. Click an older run → expand → see a line
diff against the most recent stdout. Useful when iterating on a
script and trying to spot what changed.
AI guide is mock-aware. When the chat panel is focused on a
skill, it sees the skill's mock fixtures and writes scripts that
use those exact command shapes. Spec updates that touch a single
skill no longer wipe out your other skills — the merge logic
preserves untouched siblings.

Reliability + security pass (FAB-98)

No more silent save failures. The autosave on /builder/[id],
the drafts page delete, the chat panel send, and the verify page
fetches all surface friendly errors via toast / inline banner
instead of swallowing them.
Persisted chat history capped at 200 messages so long sessions
never quietly stop persisting because they overflowed the request
cap. Older messages stay visible in the current tab.
Round-trip parity between export and import — every optional
field on plugin.json, SKILL.md, and agent.md frontmatter now
survives a full export → ZIP → import cycle. Previously the
importer silently dropped effort, context, metadata, the
agent's model/maxTurns/tools/skills/etc., and the plugin's
userConfig/channels.
Bin/ files keep their executable bit in downloaded ZIPs without
needing a chmod step.
Quote, colon, and newline handling in skill descriptions no
longer corrupt on round-trip.
Per-IP rate limits on every public endpoint that didn't already
have one, plus per-owner cap on session creation.
CORS + OPTIONS preflight on all 7 public API endpoints so
third-party tools (CI runners, browser editors, dashboards) can
call them cross-origin without a proxy.
Body size caps enforced mid-stream on every endpoint via a new
shared readBoundedBody helper, plus zip-bomb defense on
importPluginFromZip and gzip-bomb defense on share-token decoding.
Zip-slip safety net on both target generators so a malformed
spec can never produce an archive that escapes its extraction root
when unzipped downstream.
Open Graph + Twitter Card metadata on the landing, /api,
/templates index, and per-template pages, all pointing at the
dynamic /api/card.svg for the social preview. Previously sharing
any link from the site got a blank social card; now every public
page renders a branded preview image, title, and description.
noindex on owner-scoped pages (/drafts, /builder/[id],
/design) so search engines don't crawl per-session URLs into
Google.
Re-hydration on session navigation. The /builder/[id] page
used to keep the previous session's plugin and chat history when
you navigated to a different session URL — fixed.
Test count grew from 281 to 452 across the FAB-98 hardening
pass and the FAB-33 script loop, with regression tests for every
fix and every new module.

Platform

Public HTTP API — POST /api/validate, POST /api/generate,
POST /api/digest, POST /api/parse, GET /api/import,
GET /api/card.svg, GET /api/schema.json. Documented at
/api with curl examples.
JSON Schema at /api/schema.json for the Plugin type, baked into
every generated plugin.json via the $schema field for editor
autocomplete (VS Code, Zed, JetBrains).
X-RateLimit-* response headers on every public endpoint via a
shared rateLimit() helper so callers can back off before hitting 429s.
Sitemap at /sitemap.xml enumerating the landing, API docs,
templates index, changelog, design showcase, and every template slug.
Browseable templates index at /templates with a filter input.
Curated changelog at /changelog rendering this file.
Site-wide footer nav linking Home / API / Templates / Changelog /
Drafts / Design / GitHub.
Branded error pages with status-aware copy for 404 / 429 / 5xx.

Builder

⌘K command palette — tab jumps, download, share, duplicate, focus
chat, validation sheet, shortcuts help, template loading, browse
drafts, reset plugin, and per-skill / per-agent jump entries.
Validation sheet — click the footer status row to see the full
grouped list of errors + warnings; click any row to jump to the owning
tab.
Keyboard shortcuts — ⌘D download, ⌘1–6 tab nav, / focus chat,
? help overlay, 1–9 chat choice picker.
Header metadata strip — live "N skills · N agents · N hooks · N MCP
· NN KB" counts plus a "Saved Xs ago" indicator.
Reorder skills / agents with ↑ / ↓ buttons and moveSkill /
moveAgent store helpers.
Edit / Preview toggle on both the SKILL.md body and agent system
prompt textareas, using the shared sanitised Markdown renderer.
Theme toggle — Auto / Light / Dark, persisted to localStorage,
overrides the OS preference.
Duplicate plugin from the builder header (owners only; mirrors the
existing Fork for non-owners).
Copy plugin.json, Copy Markdown digest, and Copy API curl
quick actions in Overview — the curl button produces a heredoc shell
one-liner that rebuilds the plugin via the public API.

Import / export

Plugin ZIP import — drop a .zip on the landing page (drag-drop
anywhere or use the file picker) and the builder reconstructs the full
spec, lossy on unknown frontmatter but tolerant of flat-root and
wrapper-folder layouts.
GitHub URL import — paste owner/repo or a github.com URL; the
/api/import proxy fetches the codeload tarball and the browser feeds
it into the same importer.
Dynamic OG install card at /api/card.svg with plugin name,
description, platform pills, and 1h edge cache.
Template preview pages advertise the dynamic card via og:image
and Twitter card meta.
Drafts dashboard at /drafts with a filter input and
delete-from-dashboard action backed by DELETE /api/session/:id.
Plugin parse API at POST /api/parse — round-trip a builder ZIP
back into a Plugin spec for migrators and CI jobs.

Spec coverage

Multi-platform targets: Claude Code (default) and Codex
(config.toml, .agents/plugins/marketplace.json) via the
PluginTarget abstraction, plus an all bundle.
Agent frontmatter: all 9 plugin-spec fields — model, effort,
max-turns, tools allowlist / disallowedTools denylist, skills access,
memory, background, isolation — with exclusivity + reference
validation.
Hooks: all 26 lifecycle events (grouped selector) and all 4 hook
types (command / http / prompt / agent) with type-aware inputs and
integrity checks.
userConfig editor (key / description / sensitive) and
settings.json default-agent activation.
Manifest metadata: homepage, repository, keywords, author
name/email/url.
.claude-plugin/marketplace.json and Codex-format marketplace
manifests emitted in every ZIP.
Remaining component types: LSP servers, channels (bound to an MCP
server), bin/ executables, legacy commands/, output-styles/.
Starter scaffolds — three opinionated starters (code-review,
summarise, pre-deploy-check) in the "+ From template" menu on the
Skills panel.

Landing

Hero redesign — wider input, animated typewriter placeholder
cycling six prompts, platform badges (Claude Code + Codex), GitHub
import chip.
Before / After demo with a Run it live button that streams
real Claude output through /api/demo-compare.