Releases: moyaspace/openspec-superpowers-opencode
Release list
v1.0.7
Fix: npm 11.x renames .gitignore to .npmignore during install
Bug
npm 11.x has a bug where files named .gitignore inside packages are renamed to .npmignore during npm install. This caused template/.gitignore to never reach the setup script during isolated installation, resulting in projects without .gitignore after init.
Fix
- Renamed
template/.gitignore→template/_gitignoreto avoid the npm filename trigger - setup.sh/ps1: Use
_gitignoreas source, added fallback creation (echo/Set-Content) if file copy fails .npmignore: Removed dead/.gitignoreand/.npmignoreentries- TESTING.md Phase 13: Now verifies
.gitignoreexists and exclusion rules work - docs/DESIGN.md: Added ADR-10 documenting the npm 11.x bug and fix strategy
Full Changelog: v1.0.6...v1.0.7
v1.0.6
⚠️ DEPRECATED — template/.gitignore is renamed to .npmignore by npm 11.x during install, causing initialized projects to miss .gitignore. Upgrade to v1.0.7 instead.
What's New in v1.0.6
ADR-9: Brownfield Merge Deny Injection
When openspec-superpowers-opencode is initialized into an existing OpenCode project (brownfield), the merge logic in setup.ps1 and setup.sh now automatically injects deny rules for openspec/schemas/** and openspec/config.yaml into the write and edit permissions of the existing opencode.json.
This ensures that even during merge, the infrastructure protection from ADR-8 is enforced — the AI cannot modify schemas or configuration files, only work within changes/ and specs/.
Fixes & Improvements
- bin/cli.js: Git dirty check moved to position 0 (before mkdir) to prevent deployment artifacts in dirty repositories
- scripts/setup.ps1: Merge logic now includes deny paths injection; .gitignore granular entries for openspec/schemas/ and openspec/config.yaml
- scripts/setup.sh: Same merge logic with deny paths for Linux environments
- .gitignore granularity (ADR-7): Removed blanket openspec/ exclusion in favor of specific entries
- template/.gitignore: Simplified to only include .worktrees/; rest appended by setup scripts at deployment time
Documentation
- docs/DESIGN.md: Added ADR-7, ADR-8, ADR-9, and the Office & Warehouse metaphor explaining why .gitignore and opencode.json deny rules are complementary
- docs/TESTING.md: Updated phases with new test scenarios
Full Changelog: v1.0.5...v1.0.6
v1.0.5
v1.0.5 (2026-05-23)
⚠️ DEPRECATED — setup.sh 在 Windows 拉取后存在 CRLF 问题。建议升级到 v1.0.7。
Bug
CRLF 换行符导致 Linux 上 setup.sh 崩溃
Windows 上 git clone 时 core.autocrlf=true 将 scripts/setup.sh 从 LF 转写为 CRLF,经 npm pack → publish → Linux npm install 链路传递到 Linux,导致 bash 执行时报 $'\r': command not found。
Fix
- 第一道防线:
.gitattributes— 新增根目录.gitattributes,强制scripts/setup.sh和scripts/setup.ps1始终使用 LF(commit574fcb2) - 第二道防线:npm 白名单 —
.gitattributes加入package.json的files数组,确保 tarball 内总有换行策略保护(commit4026dbb) - 强制重新 checkout —
.gitattributes在文件已存在时不生效,对setup.sh做标记变更触发 git 重写为 LF(commitf4054d7)
Documentation
- docs/CRLF-POSTMORTEM.md: 完整的事故复盘,覆盖技术根因、测试盲区分析、修复方案