chore: release v0.19.0#1715
Merged
Merged
Conversation
Bump pyproject.toml + uv.lock to 0.19.0 and move the [Unreleased] CHANGELOG block to [0.19.0] - 2026-06-09 with one 'so what' entry per merged PR. Lint mirror green locally (ruff check + format, pylint R0801, auth-signals). Post-merge: tag v0.19.0 to trigger the release workflow. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Cuts the v0.19.0 release by bumping the project version and rolling [Unreleased] entries into a dated 0.19.0 section in the changelog.
Changes:
- Bump package version to
0.19.0inpyproject.toml. - Update
uv.lockto reflect the new editable package version. - Add a
## [0.19.0] - 2026-06-09section inCHANGELOG.mdand move entries under it.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Version bump from 0.18.0 to 0.19.0. |
uv.lock |
Lockfile update reflecting apm-cli==0.19.0 (editable). |
CHANGELOG.md |
Moves Unreleased entries into the 0.19.0 release section. |
Copilot's findings
- Files reviewed: 2/3 changed files
- Comments generated: 4
| `ADO_APM_PAT` is configured for Azure DevOps file downloads, and fail-closes | ||
| when ADO returns an interactive HTML sign-in page with HTTP 200 instead of | ||
| writing corrupt HTML to disk. (by @danielmeppiel, closes #1671) | ||
| writing corrupt HTML to disk. (by @danielmeppiel, closes #1671, #1675) |
Comment on lines
24
to
+25
| targets (including OS-specific `windows`/`linux`/`osx` hook keys). (by | ||
| @harshitlarl, closes #316) | ||
| @harshitlarl, closes #316, #1700) |
| error handling around external scanners. (by @sergio-sisternes-epam, #1692) | ||
| - `install.sh` now validates `APM_LIB_DIR` before running `rm -rf`, preventing | ||
| data loss when the override points at a directory holding unrelated | ||
| application data. (by @dohwi, closes #1690, #1694) |
| skills consumer target (opt in via `apm experimental enable openclaw`). Skills | ||
| deploy to `.agents/skills/<name>/SKILL.md` (project) or | ||
| `~/.openclaw/skills/<name>/SKILL.md` (global). (by @sergio-sisternes-epam, #1677) | ||
| - `apm publish` auto-pack now includes `README.md`, `CHANGELOG.md`, and `LICENSE` / `LICENCE` (case-insensitive, symlinks excluded) in the flat registry archive, matching npm's behaviour of bundling standard root-level documentation files alongside the package source. (by @nadav-y, #1695) |
Merge origin/main (PRs #1714, #1717, #1718, #1719) into the release branch. Only #1718 is user-facing (src/apm_cli/install drift + target-complete lockfile manifest); its entry was authored on main and now sits in the [0.19.0] Fixed block with the PR number appended. #1714, #1717, #1719 are maintainer-toolkit / test-only and dropped per the entry-sanitizer DROP list. Lint mirror green. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ckfile The APM Self-Check (apm audit --ci) content-integrity gate failed: apm.lock.yaml recorded a stale deployed_file_hashes entry (fe6a73...) for .agents/skills/apm-review-panel/SKILL.md while the deployed file and its packages/** source are both fc63e25... #1714 updated the skill content but deliberately left apm.lock.yaml untouched; #1718 then turned the drift gate live (dropped --no-drift), exposing the mismatch. apm install reconciles the recorded hash (and refreshes apm_version to 0.19.0). All 9 audit checks now pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
sergio-sisternes-epam
pushed a commit
that referenced
this pull request
Jun 9, 2026
…e integrity) Sync with main through v0.19.0 (#1715, #1714, #1718, #1719, #1717). Conflicts resolved: - CHANGELOG.md: main cut the v0.19.0 release, moving prior Unreleased entries into a dated section. Took main's restructure; relocated the #1681 "Tightened Stage 2 code-complexity thresholds" entry to the new ## [Unreleased] section (released sections stay immutable per Keep a Changelog). Took main's #1702/#1710 close-ref for the lockfile entry. - src/apm_cli/install/services.py: #1718 added per-file skill-bundle integrity recording inline at a site my refactor had extracted into _log_skill_result. Kept the new _skill_bundle_file_entries helper in services.py (sibling of _deployed_path_entry); dropped main's duplicate inline _log_hook_display_payloads (already relocated to services_integrate.py and re-exported in my #1700 port); accepted the _log_skill_result delegator at the call site. - src/apm_cli/install/services_integrate.py: ported #1718's deployed.extend(_skill_bundle_file_entries(tp, ...)) into _log_skill_result's deployed-path loop (deployed aliases result["deployed_files"]), with a lazy import of the helper. Shadow gate: no markers, all src <=800 lines, ruff check + format clean, pylint R0801 EXIT=0, auth-signals clean; 11144 tests pass across the install/integration suites plus the #1718, #1700, and #1709 targeted sets. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cut release 0.19.0.
pyproject.tomlto 0.19.0 (anduv.lock).[Unreleased]to[0.19.0] - 2026-06-09inCHANGELOG.md, with one short "so what?" entry per PR merged since v0.18.0.Why MINOR (0.19.0), not PATCH (0.18.1)
A new integration target landed this cycle:
apm install --target openclawadds OpenClaw as an experimental skills consumer target (#1677). That is a new user-facing surface (semver-rubric Row 6), and #1700 adds a new feature (per-event hook action summaries surfaced duringapm install). New surfaces require a minor bump. The rest of the cycle is bug fixes and one behavioral change.Why MINOR (not MAJOR): pre-1.0 framing -- the cycle's one breaking change (
apm publisharchive format) rides in a minor bump per the project's 0.x semver discipline.BREAKING in this release
apm publisharchive format: auto-pack now produces a.zip(ZIP_DEFLATED) instead of.tar.gz, and the--tarballoption is renamed to--zip. Output filename is now{name}-{version}.zip. (feat(publish): switch publish command archive format from tar.gz to zip #1695) Marked**BREAKING:**in the changelog.Validation
Lint mirror green locally (ruff check + format, pylint R0801, auth-signals). See
.apm/instructions/linting.instructions.mdfor the contract this mirrors.Post-merge
Tag
v0.19.0to trigger the release workflow: