chore: release v0.16.0#1526
Merged
Merged
Conversation
Bump pyproject.toml to 0.16.0 (and uv.lock). Move [Unreleased] to [0.16.0] - 2026-05-28 in CHANGELOG.md with one concise 'so what' entry per PR merged since v0.15.0. Minor bump (not patch) is required: the cycle carries a BREAKING change to apm install exit-code semantics plus new user-facing features (apm deps why, semver ranges on git deps, require_pinned_constraint policy, OpenAPM v0.1 spec). Lint mirror green locally (ruff check + format, pylint R0801, auth-signals). Post-merge: tag v0.16.0 to trigger the release workflow. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Cuts the v0.16.0 release by bumping the project version and rolling the changelog forward to a dated release section.
Changes:
- Bump
apm-cliversion from0.15.0to0.16.0inpyproject.toml(and correspondinguv.lockentry). - Promote the prior Unreleased entries into
## [0.16.0] - 2026-05-28inCHANGELOG.md.
Show a summary per file
| File | Description |
|---|---|
uv.lock |
Updates the locked project version to 0.16.0. |
pyproject.toml |
Updates the package version to 0.16.0. |
CHANGELOG.md |
Adds the 0.16.0 release section and summarizes changes since 0.15.0. |
Copilot's findings
- Files reviewed: 2/3 changed files
- Comments generated: 3
Comment on lines
+14
to
+15
| - OpenAPM v0.1 normative spec at `docs/src/content/docs/specs/openapm-v0.1.md` with JSON Schemas for manifest/lockfile/policy and conformance fixtures under `tests/fixtures/spec-conformance/`, so third-party integrators can build conformant tools without reading the rest of the APM docs. (closes #1502, #1517) | ||
| - `ref:` on git-source dependencies now accepts semver ranges (`^1.2.0`, `~1.4`, `>=2.0 <3`, `1.5.x`). `apm install` resolves the highest matching remote tag and pins the resolved tag, SHA, and constraint in `apm.lock.yaml`; subsequent installs replay offline, `apm install --update` re-resolves. (closes #1488, #1496) |
| - `apm.cmd` Windows shim is now written as ASCII so `cmd.exe` parses it correctly when invoked via `PATH`. A previous attempt to write the shim as UTF-16LE broke fresh installs with garbled output and exit code 1. (#1522) | ||
| - `install.ps1` is now strict ASCII, so `apm self-update` on `cp1252` Windows consoles no longer crashes with `UnicodeEncodeError: 'charmap' codec can't encode characters`. (#1523) | ||
| - `apm install --target opencode` now warns at install time when an agent's frontmatter has shapes OpenCode's Zod schema rejects (`tools:` as list/string, non-hex/non-theme `color:`), so users learn why OpenCode refuses the agent instead of hitting only a runtime crash. (Phase 1 of #581, #1513) | ||
| - `apm compile --target claude` now honors `compilation.strategy: single-file` and `--single-agents`, collapsing into one root `CLAUDE.md` instead of silently emitting per-subdirectory files. (closes #1445, #1514) |
Comment on lines
+32
to
+36
| - `apm install git@gitlab.com:owner/repo.git#ref` now succeeds for users with an SSH key and no `GITLAB_APM_PAT` / `GITLAB_TOKEN`: the validator honors the explicit SSH transport instead of demanding an HTTPS-token probe. GitLab SSH-key users get parity with GitHub SSH users. (closes #1501, #1515) | ||
| - `apm install -g` now correctly integrates hook JSON files authored in the "naked" Claude settings-slice format (event names at top-level, no outer `hooks:` wrap). Previously the file parsed cleanly but merged nothing while the summary still reported `1 hook(s) integrated`; the counter now reflects actual contributions and malformed shapes fail closed with a warning. (closes #1499, #1516) | ||
| - `apm install --update` now re-resolves direct git-source semver dependencies even when the dependency's install path already exists; previously the BFS resolver short-circuited and `--update` was a silent no-op for git-semver refs. (#1496) | ||
| - `policy.dependencies.require_pinned_constraint: true` no longer misclassifies the npm/cargo explicit-equality form `=1.2.3` as `BARE_BRANCH`. Both `1.2.3` and `=1.2.3` are pinned; pip-style `==1.2.3` is still rejected. (follow-up to #1494, #1506) | ||
| - `apm uninstall` now fully cleans `.windsurf/skills/<pkg>/` directories on the `windsurf` target. (by @yoelabril, #1486) |
This was referenced May 28, 2026
Closed
danielmeppiel
added a commit
that referenced
this pull request
Jun 1, 2026
* feat(skills): add cut-release skill Encode the v0.16.0 release process as a reusable APM primitive: sanitize the [Unreleased] CHANGELOG block into a dated version block (one 'so what' entry per merged PR), pick patch vs minor per a semver rubric, bump pyproject.toml + uv.lock, run the CI-mirror lint chain, commit, push, and open the release PR. Architecture (per genesis step 6 handoff packet, persisted in session plan.md): - Single-thread sequential pipeline with 3 B10 HUMAN CHECKPOINTS (version pick, sanitized changelog, lint-fail recovery). Not a PANEL -- one lens (release strategy), one rubric. Cites pattern-tradeoffs matrices #4, #6, #9, #1. - Depends on existing apm-strategy skill as the versioning lens (LOCAL SIBLING, auto-loads via CHANGELOG.md trigger). Depends on .apm/instructions/linting.instructions.md and .github/instructions/changelog.instructions.md as path-attached rules. No EXTERNAL MODULE. - 3 S7 deterministic tool bridges: - list-changes-since-tag.sh -- git log + gh pr view, emits JSON, classifies internal-vs-user-facing by path prefix. - bump-version.sh -- edits pyproject.toml version line, runs uv lock, emits unified diff. - verify-lint-mirror.sh -- mirrors the 4-step CI Lint job from .apm/instructions/linting.instructions.md verbatim. - 3 assets: - semver-rubric.md -- signal table, pre/post-1.0 framing, worked v0.16.0 example. - entry-sanitizer.md -- per-entry rubric, DROP list, section mapping, worked v0.16.0 example. - pr-body-template.md -- variable-substituted PR body. Boundary: STOPS at 'PR open'. Does NOT tag the release -- tagging stays a human-gated trigger for the release workflow. Refuses to bump to >= 1.0.0 without explicit operator confirmation. Self-dogfooded: the v0.16.0 cycle (PR #1526) was cut by following this exact procedure manually; the worked examples in semver-rubric.md and entry-sanitizer.md cite that cycle. Evals: 20 trigger evals (10 should-fire, 10 near-miss). Content evals deferred to real-task refinement on the next release cycle. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * fix(cut-release): split {version} and {tag} placeholders in PR body template Copilot review noted that the PR body template used a single {version} placeholder for both unprefixed contexts (CHANGELOG.md heading and pyproject.toml version) and the v-prefixed git tag. The release workflow's stable-release regex (^v[0-9]+\.[0-9]+\.[0-9]+$ in .github/workflows/build-release.yml) only matches v-prefixed tags, so substituting the unprefixed form into 'git tag {version}' produced a tag the workflow would treat as prerelease. Introduce {tag} (v-prefixed) for the post-merge tag block and keep {version} (unprefixed) for the CHANGELOG/pyproject lines, matching the existing repo conventions. Update SKILL.md Phase 6 substitution list to document both placeholders and the rationale. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: danielmeppiel <danielmeppiel@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cut release v0.16.0.
pyproject.tomlto 0.16.0 (anduv.lock).[Unreleased]to[0.16.0] - 2026-05-28inCHANGELOG.md, with one short "so what?" entry per PR merged since v0.15.0.Why minor (0.16.0), not patch (0.15.1)
This cycle carries a BREAKING change to
apm installexit-code semantics (now exits1on errors instead of0, matching npm/pip/cargo) plus four user-facing features:apm deps why <package>command (feat(deps): add 'apm deps why <pkg>' to explain transitive dependencies #1495)policy.dependencies.require_pinned_constraint(feat(policy): require_pinned_constraint to ban unbounded dep ranges #1494)A patch release cannot carry breaking behavior changes or new commands.
Validation
Lint mirror green locally (ruff check + format, pylint R0801, auth-signals).
Post-merge
Tag
v0.16.0to trigger the release workflow.