- Add 'logs' to _DOCKER_SUBACTIONS so the validation guard passes through
to the informative ToolError rather than a generic 'Invalid action' (P1)
- Add inline comments to _SYSTEM_QUERIES explaining that 'network' and
'variables' share the vars root field but fetch different subfields (P3)
- Process system/server response into a structured summary dict instead
of returning raw GraphQL data directly (P3)
Sweep remaining references to the old scripts/ directory that were
missed when scripts/ was renamed to bin/ in 1.3.6.
Fixes active config (ci.yml, .pre-commit-config.yaml, Justfile) and
documentation (CHECKLIST, INVENTORY, MARKETPLACE, SCRIPTS, REPO).
hooks/scripts/ and skills/unraid/scripts/ are intentional and unchanged.
- bin/bump-version.sh: one-command version bump across all four files;
supports explicit version or major/minor/patch keywords; uses
CLAUDE_PLUGIN_ROOT when set (hook context), dirname fallback otherwise
- tests/test_bump_version.bats: 9 bats tests covering all bump modes,
all-files-in-sync, output format, and dirname fallback
- scripts/ renamed to bin/
- Bump 1.3.5 → 1.3.6
Replaces the inline uv-specific hook command with a shell script that
detects the package manager from lock files (uv, npm, yarn, pnpm) and
installs deps into CLAUDE_PLUGIN_DATA. Hook reduces to a single sh call.
Bump 1.3.1 → 1.3.2
- plugin.json: SessionStart hook diffs uv.lock against CLAUDE_PLUGIN_DATA
copy; runs uv sync into CLAUDE_PLUGIN_DATA/.venv on first install or
after dep changes; removes stale lockfile copy on sync failure so next
session retries
- .mcp.json: add UV_PROJECT_ENVIRONMENT and --project flags so uv run
uses the persisted venv without re-syncing on every startup
- tests/conftest.py: redirect hypothesis home dir and example database
to .cache/.hypothesis to keep repo root clean
- Bump version 1.2.5 → 1.3.0
Adds generate-cli recipe targeting local HTTP server for on-demand CLI
generation. Includes schema-hash caching, timeout 30, token-embedding
warning. Generated CLIs embed OAuth token — personal/local-only, never
commit or distribute.
Every CLAUDE.md now has companion AGENTS.md → CLAUDE.md and GEMINI.md → CLAUDE.md
symlinks so Codex/OpenAI agents and Gemini CLI pick up the same instructions.
Generate 42 documentation files across 6 subdirectories (mcp/, plugin/,
repo/, stack/, upstream/, and root) based on plugin-lab templates.
All content is real — no template placeholders — covering tools (15
action domains, 107 subactions), resources (10 live subscriptions),
elicitation flows, GraphQL integration, auth, deployment, CI/CD,
testing, and security guardrails.
TestMiddlewareOrdering (6 tests): stacked WellKnown→BearerAuth integration
tests that prove the ordering invariant for issue #17. Includes a negative
test that explicitly verifies the wrong order (BearerAuth outer) produces
401 on /.well-known/ — the exact regression scenario.
Justfile: add test-http, test-http-no-auth, test-http-remote targets.
test-http.sh: harden BASE_URL derivation to handle trailing slashes and
non-/mcp URL suffixes correctly.
Auth test suite now: 42 tests (was 26).
Covers RFC 9728 compliance: 200 on both well-known paths, correct
content-type, bearer_methods_supported=["header"], resource derived
from Host header, no authorization_servers field, and fall-through
for non-GET methods / unrelated paths / non-HTTP scopes.
Auth test suite now: 36 tests (was 26).
New `e2e` CI job builds the Docker image, starts it with a known bearer
token (DISABLE_HTTP_AUTH=false), waits for /health, then runs test-http.sh
Phases 1-3 (middleware + auth enforcement + MCP protocol) with --skip-tools.
This proves bearer auth works end-to-end on every push without needing real
Unraid credentials.
Also adds --skip-tools flag to test-http.sh for CI use, and expands the
version-sync check to validate all four manifest files (pyproject.toml,
.claude-plugin/plugin.json, .codex-plugin/plugin.json, gemini-extension.json).
