Release v0.1.32

Added

• Evidence substrate (@vibe-agent-toolkit/agent-skills/evidence). Parsers produce neutral EvidenceRecords with stable pattern IDs from PATTERN_REGISTRY; a derivation step rolls evidence into capability Observations; a verdict engine compares observations against declared targets. Designed so pattern refinement never changes the observation contract.
• vat audit --verbose renders the evidence chain beneath each CAPABILITY_* observation — pattern ID, file, line, match text — and includes an evidence[] array in YAML output. Use it to debug false positives or confirm what a detector actually saw.
• Runtime profile table (RUNTIME_PROFILES in @vibe-agent-toolkit/claude-marketplace) is the single source of truth for what each Claude runtime provides and lacks (local shell, browser, network level, preinstalled binaries).
• Verdict engine (computeVerdicts) combines capability observations with declared targets to produce COMPAT_TARGET_* issues. Four states: expected (silent), COMPAT_TARGET_INCOMPATIBLE (warning), COMPAT_TARGET_NEEDS_REVIEW (warning), COMPAT_TARGET_UNDECLARED (info).
• Config-level targets declaration in vibe-agent-toolkit.config.yaml under skills.defaults.targets and skills.config.<name>.targets. Declaring targets suppresses non-applicable compat verdicts.
• Marketplace-level defaults.targets in .claude-plugin/marketplace.json. Layer priority (highest to lowest): plugin.json → marketplace.json → vibe-agent-toolkit.config.yaml.
• Post-build validation: vat skills build runs the full validation suite against built dist/skills/*/SKILL.md (skipping source-only codes like LINK_OUTSIDE_PROJECT). Build failures surface identically to source failures.
• info severity in the validation framework. CAPABILITY_* and COMPAT_TARGET_UNDECLARED emit as info; they appear in output and respect validation.severity overrides but do not contribute to build failure status.
• New validation codes: CAPABILITY_LOCAL_SHELL, CAPABILITY_EXTERNAL_CLI, CAPABILITY_BROWSER_AUTH (info); COMPAT_TARGET_INCOMPATIBLE, COMPAT_TARGET_NEEDS_REVIEW (warning); COMPAT_TARGET_UNDECLARED (info).
• Skill-smell philosophy doc at docs/skill-smell-philosophy.md articulating rule-addition bar, default severity posture, graduation path, and data-driven evolution. Referenced from docs/validation-codes.md.
• Cached Anthropic skill-authoring best-practices doc at docs/external/anthropic-skill-authoring-best-practices.md with attribution, source URL, and fetch date. Provides a diffable reference so VAT's tooling stays aligned with upstream Anthropic guidance. CLAUDE.md documents the periodic-refresh policy.
• vat-skill-review.md (formerly skill-quality-checklist.md) rewritten with [A] / [VAT] tags distinguishing Anthropic-aligned items from VAT-opinionated additions. Added gerund-form naming guidance (Anthropic's preferred pattern), frontmatter-key conservatism, cross-skill dependency disclosure, in-package YAML-styling consistency, and large-tables-to-reference-files guidance — all from dogfood findings across 17 real skills (8 avonrisk-sdlc + 1 vibe-validate + 8 VAT dev-agents).
• Five new skill-quality validation codes, all non-blocking:
  • SKILL_DESCRIPTION_OVER_CLAUDE_CODE_LIMIT (warning): description > 250 chars — Claude Code's /skills listing truncation limit since v2.1.86.
  • SKILL_DESCRIPTION_FILLER_OPENER (warning): description opens with This skill..., A skill that..., Used to..., Use when you want to..., or Use when you need to....
  • SKILL_DESCRIPTION_WRONG_PERSON (warning): description uses first- or second-person voice (Anthropic: "Always write in third person").
  • SKILL_NAME_MISMATCHES_DIR (warning): frontmatter name differs from the parent directory name.
  • SKILL_TIME_SENSITIVE_CONTENT (info): body contains as of <month> <year>, after <month> <year>, etc. — will go stale.
• vat audit and vat skills validate now print a checklist-discovery footer when skill-level findings are present, pointing at the vat-skill-review skill for rationale and judgment-call items.
• vat skill review <path> command: deep-review a single skill. Combines validateSkillForPackaging output, config-aware compat verdicts (when inside a VAT project), and a manual-checklist walkthrough into one report. Groups automated findings by checklist section (Naming / Description / Body structure / References / Frontmatter hygiene / Compatibility). Supports --yaml for machine-readable output. Designed as a thin composition over existing primitives, not a new validation pipeline.
• MCP interpreter observations: the .mcp.json scanner's MCP_SERVER_COMMAND evidence now rolls up into a CAPABILITY_EXTERNAL_CLI observation when the command is a python interpreter (python, python3, python3.11, absolute paths) or a node interpreter (node, nodejs, absolute paths). Closes the gap where python3-MCP plugins produced no capability signal and verdicts couldn't fire against them. Bespoke commands (e.g. ./scripts/my-server.sh) remain un-rolled-up by design.
• RESERVED_WORD_IN_NAME (warning) — code-registry-framework replacement for the legacy non-overridable error SKILL_NAME_RESERVED_WORD. Fires when a skill frontmatter name contains anthropic or claude (reserved for Anthropic's certified skills). Overridable via validation.severity / validation.allow like any other framework code. Per the skill-smell philosophy, reserved-word naming is a fix-before-publish smell, not a genuine build breaker, so default severity is warning.

Changed

• vibe-agent-toolkit plugin restructured into 10 sub-skills + a router. Each sub-skill now has a sharp single responsibility and a name that aligns with its CLI command. Published skill names changed:
  • resources → vat-knowledge-resources
  • distribution → vat-skill-distribution
  • authoring → split into vat-skill-authoring (SKILL.md authoring) and vat-agent-authoring (TypeScript agents)
  • org-admin → vat-enterprise-org (also avoids the reserved word claude in the previous filename)
  • audit → vat-audit
  • skill-quality-checklist → vat-skill-review (now a first-class skill, no longer transcluded)
  • New: vat-adoption-and-configuration, vat-skill-authoring, vat-rag
  • Root SKILL.md (vibe-agent-toolkit) is now a thin discovery router (~60 lines, prose references to sub-skills only, no transclusion).
  • Pre-1.0: no backwards-compatibility shims for the old skill names. Adopters with pinned references to the old names should update to the new ones.
• Contributor-only reference docs moved out of the plugin to docs/contributing/ (vat-debugging.md, vat-install-architecture.md). These are not installed with the plugin — they're for people working on VAT itself.
• Shortened over-limit descriptions on three VAT development-agent skills (renamed above: vat-enterprise-org, vat-skill-distribution) to stay under Claude Code's 250-character truncation limit.
• BREAKING: Runtime target rename. claude-desktop → claude-chat, cowork → claude-cowork. Update plugin.json, marketplace.json, and any config references. The claude-desktop name was architecturally wrong — Claude Desktop is a host application, not a runtime.
• BREAKING: runCompatDetectors returns DetectorOutput { evidence, observations } instead of ValidationIssue[]. The skill-validator converts observations to issues via observationToIssue; external callers must do the same or consume observations directly.
• BREAKING: CompatibilityResult restructured. Old shape: { declared, analyzed: Record<Target, Verdict>, evidence: CompatibilityEvidence[] }. New: { declaredTargets, evidence: EvidenceRecord[], observations: Observation[], verdicts: Verdict[] }.
• BREAKING: Scanner output shape. Scanners in @vibe-agent-toolkit/claude-marketplace now return EvidenceRecord[] with registered pattern IDs; ScannerOutput { evidence, observations } replaces CompatibilityEvidence.

Fixed

• vat audit --compat now honors config-layer targets declared in vibe-agent-toolkit.config.yaml, matching vat skills validate verdicts inside a VAT project. Previously only plugin.json / marketplace.json targets flowed into plugin-level compat analysis. Multi-skill plugins use the union of every in-plugin skill's targets.
• vat-skill-review.md (formerly skill-quality-checklist.md): description-opener rule no longer contradicts Anthropic's official skill-description guidance. Use when <concrete trigger> is now explicitly allowed (it's the recommended pattern); only vague filler like Use when you want to... / Use when you need to... is banned. Prior wording banned all Use when... openers, which contradicted VAT's own authoring guidance.
• readMarketplaceDefaultTargets() now walks upward from the starting directory to find the enclosing .claude-plugin/marketplace.json, instead of only checking the parent directory. Canonical layouts (~/.claude/plugins/marketplaces/<m>/<p>/) still work identically; deeper nested layouts now resolve correctly. Safeguarded against runaway walks by max depth (10 levels) and node_modules / .git boundaries. Closes limitation #1 from the 0.1.32-rc.1 plan Outcome.
• vat audit now walks to the nearest config per SKILL.md instead of loading a single top-level config. In monorepos with per-package vibe-agent-toolkit.config.yaml files (e.g. packages/<pkg>/vibe-agent-toolkit.config.yaml), each skill's validation now honors its own package's config — eliminating cross-package config bleed where a root config was silently applied to skills owned by other packages.
• vat audit now honors resources.exclude from the config. Previously the exclude list in the resources section only affected vat resources validate; audit ignored it and reported finding...

Release v0.1.31

Added

• v1 compat smells. Three new COMPAT_* codes — COMPAT_REQUIRES_BROWSER_AUTH, COMPAT_REQUIRES_LOCAL_SHELL, COMPAT_REQUIRES_EXTERNAL_CLI — detect per-skill runtime capabilities (browser auth, local shell, external CLI) via static analysis of SKILL.md and its transitively linked markdown. Default severity warning; configure per-skill via validation.severity / validation.allow like any other framework code. Full rationale and when-to-allow guidance in docs/validation-codes.md.
• vat audit --user now documents CLAUDE_CONFIG_DIR. Help text and packages/cli/docs/audit.md name the env var, mark ~/.claude as the default rather than unconditional, and document a shell-loop pattern for multi-directory workflows. No code change — CLAUDE_CONFIG_DIR has always been honored in packages/claude-marketplace/src/paths/claude-paths.ts — but the UX gap closes.
• vat audit: gitignore-aware scanning. When scanning inside a git repository, paths matched by .gitignore are skipped by default — no hardcoded directory list needed. --include-artifacts opts back in. When the user explicitly targets a gitignored path (e.g., vat audit dist/skills/), filtering is disabled for that subtree.
• vat audit: config-aware validation in VAT projects. When vibe-agent-toolkit.config.yaml is found at the scan root, audit uses the project's build settings (linkFollowDepth, files, excludeReferencesFromBundle) to validate skills — eliminating false LINK_OUTSIDE_PROJECT warnings for links the build pipeline resolves. Audit never applies validation.allow (always shows all issues).
• docs/skill-quality-and-compatibility.md: new project stance doc articulating what VAT believes makes a skill good and compatible. Linked from the authoring skill and cross-referenced from docs/validation-codes.md.

Changed

• vat audit now skips gitignored paths by default. Before this change, running vat audit in a TypeScript project scanned every SKILL.md in node_modules/, dist/, and other artifact directories (often hundreds of duplicate files). The new behavior uses the project's .gitignore rules, which adapts to each project's layout automatically. Use --include-artifacts to opt back in for deliberate artifact audits.

• SKILL_CONSOLE_INCOMPATIBLE retired. The Bash/Edit/Write/NotebookEdit tool-mention warning is replaced by the new COMPAT_REQUIRES_LOCAL_SHELL, giving adopters a single canonical detector with configurable severity and per-path allow entries.

Removed

• Top-level parsed['targets'] reader in claude-marketplace/src/scanners/frontmatter-scanner.ts. The reader violated VAT's metadata.*-for-extensions convention and served no concrete downstream use case after the unified validation framework landed in 0.1.30. Information it captured migrates to framework codes and validation.allow.

Release v0.1.30

Changed

• BREAKING: Unified validation framework replaces ignoreValidationErrors. Every overridable integrity check now flows through a single validation block (severity + allow) under skills.defaults / skills.config.<name> in vibe-agent-toolkit.config.yaml. The previous non-overridable error tier (OUTSIDE_PROJECT_BOUNDARY, LINK_TARGETS_DIRECTORY, LINKS_TO_NAVIGATION_FILES) is removed and replaced by unified LINK_* codes that accept the same overrides as everything else. Project-config schemas are now strict — configs containing the removed ignoreValidationErrors field (or any other unknown key) fail at parse time with "Unrecognized key(s) in object" instead of silently dropping, so upgrades surface the migration work immediately. See jdutton/vibe-agent-toolkit#83 for full design rationale and the canonical code reference at docs/validation-codes.md.
• BREAKING: PACKAGED_UNREFERENCED_FILE and PACKAGED_BROKEN_LINK now block the build. Previously logged at info level without affecting exit code; now default severity error with vat skills build exiting 1. Downgrade via validation.severity: { PACKAGED_UNREFERENCED_FILE: warning } if needed.
• BREAKING: Expired allow entries no longer silently re-fire the underlying error. The allow entry still applies; VAT emits a new ALLOW_EXPIRED warning to surface the stale date for re-review. Opt in to strict expiry with validation.severity: { ALLOW_EXPIRED: error }.
• vat audit is now advisory. Audit always exits 0 regardless of validation severity, honors validation.severity for display grouping only, and ignores validation.allow. Use vat skills validate or vat skills build for gated checks with per-path allow entries.

Added

• New validation codes — LINK_OUTSIDE_PROJECT, LINK_TARGETS_DIRECTORY, LINK_TO_NAVIGATION_FILE, LINK_TO_GITIGNORED_FILE, LINK_MISSING_TARGET, LINK_TO_SKILL_DEFINITION, LINK_DROPPED_BY_DEPTH, ALLOW_EXPIRED, ALLOW_UNUSED. Full reference at docs/validation-codes.md with defaults, descriptions, and fix hints. LINK_TO_SKILL_DEFINITION fires only for cross-skill SKILL.md references; transitive self-references (a bundled resource linking back to the skill's own SKILL.md) are treated as no-ops.
• LINK_MISSING_TARGET closes a previously silent walker drop path: links to non-existent (non-deferred) files are now reported at the walker with a clear message, rather than only surfacing post-build as a generic PACKAGED_BROKEN_LINK.
• ALLOW_UNUSED — analogous to ESLint's unused-disable — surfaces allow entries that match no emitted issues.
• Per-path validation.allow with required reason and optional expires date, providing an audit trail for legitimate exceptions. paths is optional and defaults to ["**/*"] (the whole skill) — so concerns that apply to an entire skill can omit the paths array entirely.
• Canonical code reference at docs/validation-codes.md, test-locked against the code registry so new codes cannot ship without documentation.

Migration

Old	New
ignoreValidationErrors: { CODE: "reason" }	validation.severity: { CODE: ignore }
ignoreValidationErrors: { CODE: { reason, expires } }	validation.severity: { CODE: ignore } for code-wide silence, OR validation.allow: { CODE: [{ paths, reason, expires }] } for scoped allow entries with re-review on expiry

Release v0.1.29

Added

• vat verify --consistency-check — post-build verification that skill distribution config in vibe-agent-toolkit.config.yaml and package.json are consistent. Detects skills missing from package.json, orphaned entries, and publish opt-out mismatches. Runs automatically as part of vat verify.
• Post-build integrity checks for packaged skills — packageSkill() now runs PACKAGED_UNREFERENCED_FILE and PACKAGED_BROKEN_LINK checks after copying files and rewriting links. Both are best-practice (overridable) errors surfaced via PackageSkillResult.postBuildIssues; the CLI logs them at info level (non-blocking). Suppress via packagingOptions.ignoreValidationErrors. Broken-link detection skips fenced code blocks and inline code spans so template strings aren't false-flagged. Unreferenced-file detection counts any mention of a packaged file's output-relative path — inside code blocks, inline code, or prose — as documented; CLI invocations like node scripts/cli.mjs are legitimate references even though they aren't [text](href) links.
• Skill quality checklist — new skill-quality-checklist.md resource bundled with the agent-authoring skill. 21-item checklist covering general skill authoring (description triggering, length limits, third-person voice, time-sensitive content, references one-level-deep, TOCs on long files) plus CLI-backed skill specifics (env guards, auth checks, cross-platform commands, files config). Reviewed against external best practices (Anthropic docs, anthropics/skills, superpowers conventions, Claude Code release notes through 2026-04-15).

Fixed

• Link rewriting now handles links with inline-formatted text correctly — transformContent keyed its link lookup by [text](href) where text came from remark (formatting stripped) while the regex captured the raw source (formatting preserved). Any link whose text contained backticks, emphasis, or other inline markup silently fell through the rewriter, leaving the original (now-broken) relative path in the packaged output. Lookup is now keyed by href, which the regex and parser report identically. Templates also gain a new link.rawText variable exposing the original formatted text (falls back to link.text when raw text is unavailable), and the default bundled-link template uses it so [`foo.yaml`](…) survives rewriting as [`foo.yaml`](new/path) rather than losing its code styling.
• excludeReferencesFromBundle patterns now apply to terminal non-markdown links — links to YAML, JSON, images, and other assets that are not indexed by the registry were falling through the bundled-link rule and rendering as [text]() because matchesPattern short-circuited to false whenever the target resource was unresolved. matchesPattern now falls back to matching the link's raw href when no resolved resource is available, and buildRewriteRules evaluates per-pattern excludes before the bundled-link rule so terminal assets resolve to the user's template.
• files config in skills.config.<name>.files was parsed but not applied at build time — vat skills build merged the files entries from vibe-agent-toolkit.config.yaml and validated them (vat verify correctly reported missing dests), but never passed them into packageSkill(), so declared files were silently skipped. Now CLI binaries and other build artifacts declared via files config are copied into skill output as intended.
• Skill bundler strips links to non-markdown bundled files — links to YAML, JSON, and script files routed to templates/, assets/, or scripts/ were rewritten to empty () because non-markdown assets weren't added to the output registry. Now all files in the path map are added to the output registry with their mapped output paths, including the duplicate-ID edge case for paired markdown/non-markdown files (e.g. config.md + config.yaml).
• Skill bundler strips depth-boundary links to already-bundled resources — when resource D linked to resource C and C was already bundled via a shorter path from SKILL.md, the link from D→C was stripped because depth-exceeded exclusions were unconditionally added to excludedIds. Bundle membership now wins: excludedIds filters out resources already in bundledResources.
• Discovery scanner no longer traverses git worktrees — .worktrees/ and .claude/worktrees/ added to PERFORMANCE_POISON exclusions, preventing the crawler from physically walking into worktree copies of the repo during scans.
• System tests no longer flaky from vitest worker timeout — refactored skills-list.system.test.ts to run CLI spawns once in beforeAll instead of 5 redundant full-project scans. Same coverage, 70% faster (90s → 27s), eliminates the onTaskUpdate timeout.

Release v0.1.28

Fixed

• Skill bundler no longer silently bundles gitignored files — when a SKILL.md links to files inside a gitignored directory (e.g., data/), those files are now excluded from the bundle instead of being silently packaged and published. This includes files reached through symlinks in gitignored directories (e.g., OneDrive/shared drive mounts). Previously required manual excludeReferencesFromBundle workarounds; now handled automatically.

Release v0.1.27

Breaking

• Removed top-level vat install command. Install of flat skills now uses vat skills install <source> --target <target> --scope <user|project>. Install of Claude plugins uses vat claude plugin install <source>.

Added

• vat skills install <source> --target <target> --scope <user|project> — cross-platform flat skill installer. Supports 7 targets (claude, codex, copilot, gemini, cursor, windsurf, agents) and 2 scopes (user, project). Sources: local directory, .zip, .tgz, or npm:@scope/package. Pre-verifies all skills before touching the filesystem (all-or-nothing).
• vat skills list npm:@scope/package — inspect what skills are in an npm package without installing.
• bun run pre-release — pre-tag validation command that confirms CHANGELOG is stamped, no stale tags exist on remote, marketplace dry-run passes, and version section has content. Prevents failed CI publishes from unready state.
• bun run bump-version now auto-stamps CHANGELOG.md for stable versions — moves [Unreleased] content under a new ## [X.Y.Z] - date heading. Safety guards: fails if [Unreleased] is empty, refuses to stamp if version already exists in CHANGELOG (prevents corruption from backward bumps or re-stamps). Skips for RC/prerelease versions.

Fixed

• CHANGELOG check in pre-publish no longer skipped during bun run validate — the CHANGELOG stamp check was incorrectly gated behind --skip-git-checks (a git check flag), but it's a content check. Now runs unconditionally.

Changed

• Published VAT skills updated to describe the new vat skills install command surface.

Release v0.1.26

Added

• Cross-skill SKILL.md bundling prevention — VAT now detects when a skill links to another skill's SKILL.md and excludes it from the bundle. A SKILL.md is a skill definition marker, not a resource — bundling one inside another skill creates duplicate definitions that break marketplace sync and confuse skill consumers. Two layers of protection: link-follow filtering (prevents the bad state) and post-build validation (safety net). The exclusion appears in build output as skill-definition reason.
• ESLint rule: no-fs-promises-cp — Prevents usage of async cp() from node:fs/promises in favor of cpSync() from node:fs. Node 22's async cp({ recursive: true }) silently drops files in nested directories. The rule auto-fixes and explains the issue so developers can make an informed eslint-disable decision if async is truly needed.

Fixed

• Marketplace publish drops non-markdown files on Node 22 — composePublishTree used async cp() from node:fs/promises which silently drops .mjs files in nested directories on Node 22. Replaced with cpSync which works correctly across all Node versions. Added a system test that verifies .mjs scripts survive the full compose→publish pipeline.
• Marketplace publish --debug flag not reaching logger — --debug was defined on the publish command but consumed by a parent command in the Commander hierarchy. Options are now read via optsWithGlobals() so --debug works correctly.
• Marketplace publish debug logging — vat claude marketplace publish --debug now logs the full file list at each stage of the publish pipeline (cpSync output, git tracked files, git ignored files, early-exit tree). Diagnoses files disappearing between build output and published commit.

Release v0.1.25

Security

• Marketplace publish no longer logs git remote credentials. vat claude marketplace publish previously echoed the full remote URL — including any credentials embedded by the user's config OR injected at runtime from GH_TOKEN/GITHUB_TOKEN — to stdout via its Remote: and Pushed to … log lines. In CI, GitHub Actions auto-masked the secret, but local runs (including adopter dry-runs) emitted the raw token to the terminal. All URL logging now passes through a redactUrlCredentials() helper that strips userinfo before logging. Git commands still receive the tokenized URL for authentication — only the logged copy is redacted.

Changed

• BREAKING: Marketplace publish no longer rewrites CHANGELOG.md. vat claude marketplace publish now mirrors the source CHANGELOG.md byte-for-byte into the publish tree and extracts release notes for the commit body only. Accepts both Keep a Changelog workflows: a pre-stamped [X.Y.Z] section matching package.json (preferred) or a non-empty [Unreleased] section (fallback). Fails if neither is present. Workflow A adopters whose main branch CHANGELOG continues to carry [Unreleased] at publish time will see that heading on the publish branch too — stamp CHANGELOG.md on main before tagging if you want a stamped heading in the published file. Side benefit: corrections/typo-fixes to CHANGELOG.md on main now propagate to the publish branch on the next publish.

Fixed

• toAbsolutePath() and getRelativePath() now return forward-slash paths on Windows — previously these returned backslash paths, bypassing cross-platform normalization.

Release v0.1.24

Feature

• Safe path normalization — added safePath.join(), safePath.resolve(), safePath.relative() wrappers in @vibe-agent-toolkit/utils that always return forward-slash paths. New ESLint rules (no-path-join, no-path-resolve, no-path-relative) enforce their use over raw node:path functions, with auto-fix support. Adopters can copy these rules from packages/dev-tools/eslint-local-rules/ into their own projects. Closes #38.
• Cross-platform ESLint rule parity with vibe-validate — ported no-path-resolve-dirname (enforces normalizePath() over path.resolve(__dirname) in tests for Windows 8.3 short name safety) and no-test-scoped-functions (enforces module-scope helper functions in test files, SonarQube S1515). VAT now ships 15 custom ESLint rules for cross-platform safety.

Release v0.1.23

Feature

• Marketplace publishing — distribute Claude plugin marketplaces via Git branches. vat claude marketplace publish composes built artifacts with changelog, readme, and license into a squashed commit on a configurable branch. Consumers install with /plugin marketplace add owner/repo#branch. Includes standalone strict validation (vat claude marketplace validate) and automatic marketplace verification in vat verify.

Docs

• Marketplace testing guide — added "Testing Your Marketplace" section to marketplace-distribution.md with full local test flow (marketplace add → install → validate → verify skills), known issues (name collision, $schema validation), and update workflow.
• Marketplace README — rewrote marketplace branch README as a developer-facing landing page with two-step install, skill descriptions, and architecture link.
• Main README — added "Claude Plugin Marketplace" section with install commands and links to marketplace branch and distribution guide.
• Distribution skill — added local marketplace testing subsection with commands and known-issue notes.

Changed

• Publish workflow — added marketplace publish step to CI; stable tags push to claude-marketplace branch, RC tags push to claude-marketplace-next.
• Pre-publish checks — added marketplace dry-run validation (Check 12) to catch build/changelog issues before any npm mutations.