You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+95-1Lines changed: 95 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,9 +6,93 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
7
7
## [Unreleased]
8
8
9
+
## [v0.5.0] - 2026-05-07
10
+
11
+
### Added
12
+
13
+
-**Estimated cost in token display** — Per-request and session-level cost estimates based on model list pricing (Claude, OpenAI, Gemini). Shows cache savings breakdown. New `getModelPricing()` and `estimateCost()` exports for reuse (#114)
14
+
-**Actionable limit error messages** — Every plugin error about a breached configurable limit now tells the LLM which config field to increase via `manage_plugin` (21 messages across fs-read, fs-write, fetch) (#112)
15
+
-**Configurable plugin limits** — Previously hardcoded ceilings (per-call chunk sizes, rate limits, session budgets, etc.) are now user-configurable with no artificial maximums. Includes `maxReadChunkKb`, `maxListResults`, `maxWriteChunkKb`, `maxRedirects`, `maxJsonResponseBytes`, `maxTextResponseBytes` and more (#106)
16
+
-**Clarifying questions for skills** — pptx-expert, pdf-expert, xlsx-expert skills now include structured "Clarifying Questions" sections that tell the LLM what to ask when details are missing (#110)
17
+
-**Cache write token tracking** — `cacheWriteTokens` from the SDK is now accumulated in session state for accurate cost calculation (#114)
18
+
19
+
### Fixed
20
+
21
+
-**PPTX hex colour XML injection** — `hexColor()` did no validation, allowing non-hex strings (like gradient XML) to be embedded as `srgbClr val` attributes, producing corrupt OOXML that PowerPoint would repair by stripping entire slides. Now validates with `HEX_RE` and throws descriptive errors (#115)
22
+
-**ha:pdf import validation failure** — Native module resolution loop broke early when a transitive dependency (e.g. `ha:ziplib`) had no JS source, producing a cryptic empty error. Now checks `moduleJsons` and `dtsSources` alongside `sources` before breaking (#111)
23
+
-**PPTX shape ID collision on restore** — `restorePresentation()` set the shape ID counter AFTER `createPresentation()`, causing duplicate IDs when shapes were created between the two calls. Counter is now restored FIRST. Includes fallback max-ID scan for legacy serialized data (#113)
24
+
-**Plugin config silently clamped** — `safeNumericConfig` from `path-jail.ts` defaults to a 10 MB ceiling. Plugin code that omitted the ceiling arg had values like `maxWriteSizeKb: 20480` silently clamped to 10240 (#106)
25
+
-**fetchJSON/fetchText byte counting** — Used `body.length` (UTF-16 code units) instead of `Buffer.byteLength(body, 'utf8')` for the configured byte limit check (#106)
26
+
27
+
### Changed
28
+
29
+
-**Handler validation guidance** — Stricter handler shape requirements with better error messages; nested helper functions no longer trigger false-positive misnamed-handler errors; `function(` expressions properly skipped in return detection (#105, #101)
30
+
-**SDK forward compatibility** — Use SDK `SessionEvent` type for forward compat with copilot-sdk 0.3.0 (#100)
31
+
32
+
## [v0.4.2] - 2026-04-29
33
+
34
+
### Added
35
+
36
+
-**MSAL M365 server discovery** — Bootstrap MCP server discovery for Microsoft 365 services using MSAL authentication (#97)
37
+
38
+
## [v0.4.1] - 2026-04-29
39
+
40
+
### Fixed
41
+
42
+
-**Release smoke test** — Removed fragile package size check from post-publish smoke test (#96)
-**npm package size** — Reduced published package size and hardened post-publish smoke test (#93)
51
+
52
+
## [v0.3.0] - 2026-04-28
53
+
54
+
### Added
55
+
56
+
-**Excel XLSX module** — Promoted `ha:xlsx` to a builtin module with workbook, sheet, chart, pivot table, and conditional formatting APIs (#86)
57
+
-**M365 MCP integration** — Microsoft 365 MCP server support for calendar, email, and Teams (#83)
58
+
-**`/plugins` alias** — `/plugins` now works as an alias for `/plugin` (#84)
59
+
60
+
### Fixed
61
+
62
+
-**Handler edits and MCP gateway** — Improved handler edit flow and MCP gateway module loading (#88)
63
+
9
64
### Changed
10
65
11
-
-**Trusted npm publishing** — Publish workflow now uses OIDC trusted publishing with `--provenance` for release-triggered publishes, eliminating the need for a long-lived `NPM_TOKEN` secret. Manual `workflow_dispatch` publishes fall back to `NPM_TOKEN`.
66
+
-**README** — Restructured to be capabilities-first (#87)
-**PDF document support** — Full PDF generation with flow layout, charts, themes, and font embedding via `ha:pdf`, `ha:pdf-charts`, and `ha:doc-core` modules (#51)
86
+
-**MCP integration** — Model Context Protocol support for external tool servers with SSE and stdio transports (#57)
87
+
-**Kubernetes deployment** — AKS and KIND deployment manifests with Hyperlight DaemonSet and agent pods (#54)
88
+
-**Token usage tracking** — Per-request and session-total token counts with cache hit reporting (#58)
89
+
-**Trusted npm publishing** — OIDC-based publishing with `--provenance` (#62)
90
+
-**Dependabot automation** — Enhanced Dependabot config with auto-approval for patch updates (#20, #45)
91
+
92
+
### Fixed
93
+
94
+
-**Hyperlight dependency alignment** — Aligned code-validator Hyperlight deps with hyperlight-js to prevent version skew (#64)
0 commit comments