Skip to content

Releases: moyaspace/openspec-superpowers-opencode

v1.0.7

Choose a tag to compare

@moyaspace moyaspace released this 25 May 16:07

Fix: npm 11.x renames .gitignore to .npmignore during install

Bug

npm 11.x has a bug where files named .gitignore inside packages are renamed to .npmignore during npm install. This caused template/.gitignore to never reach the setup script during isolated installation, resulting in projects without .gitignore after init.

Fix

  • Renamed template/.gitignoretemplate/_gitignore to avoid the npm filename trigger
  • setup.sh/ps1: Use _gitignore as source, added fallback creation (echo/Set-Content) if file copy fails
  • .npmignore: Removed dead /.gitignore and /.npmignore entries
  • TESTING.md Phase 13: Now verifies .gitignore exists and exclusion rules work
  • docs/DESIGN.md: Added ADR-10 documenting the npm 11.x bug and fix strategy

Full Changelog: v1.0.6...v1.0.7

v1.0.6

Choose a tag to compare

@moyaspace moyaspace released this 25 May 14:30

⚠️ DEPRECATED — template/.gitignore is renamed to .npmignore by npm 11.x during install, causing initialized projects to miss .gitignore. Upgrade to v1.0.7 instead.


What's New in v1.0.6

ADR-9: Brownfield Merge Deny Injection

When openspec-superpowers-opencode is initialized into an existing OpenCode project (brownfield), the merge logic in setup.ps1 and setup.sh now automatically injects deny rules for openspec/schemas/** and openspec/config.yaml into the write and edit permissions of the existing opencode.json.

This ensures that even during merge, the infrastructure protection from ADR-8 is enforced — the AI cannot modify schemas or configuration files, only work within changes/ and specs/.

Fixes & Improvements

  • bin/cli.js: Git dirty check moved to position 0 (before mkdir) to prevent deployment artifacts in dirty repositories
  • scripts/setup.ps1: Merge logic now includes deny paths injection; .gitignore granular entries for openspec/schemas/ and openspec/config.yaml
  • scripts/setup.sh: Same merge logic with deny paths for Linux environments
  • .gitignore granularity (ADR-7): Removed blanket openspec/ exclusion in favor of specific entries
  • template/.gitignore: Simplified to only include .worktrees/; rest appended by setup scripts at deployment time

Documentation

  • docs/DESIGN.md: Added ADR-7, ADR-8, ADR-9, and the Office & Warehouse metaphor explaining why .gitignore and opencode.json deny rules are complementary
  • docs/TESTING.md: Updated phases with new test scenarios

Full Changelog: v1.0.5...v1.0.6

v1.0.5

Choose a tag to compare

@moyaspace moyaspace released this 23 May 06:19

v1.0.5 (2026-05-23)

⚠️ DEPRECATED — setup.sh 在 Windows 拉取后存在 CRLF 问题。建议升级到 v1.0.7。

Bug

CRLF 换行符导致 Linux 上 setup.sh 崩溃

Windows 上 git clonecore.autocrlf=truescripts/setup.sh 从 LF 转写为 CRLF,经 npm pack → publish → Linux npm install 链路传递到 Linux,导致 bash 执行时报 $'\r': command not found

Fix

  • 第一道防线:.gitattributes — 新增根目录 .gitattributes,强制 scripts/setup.shscripts/setup.ps1 始终使用 LF(commit 574fcb2
  • 第二道防线:npm 白名单.gitattributes 加入 package.jsonfiles 数组,确保 tarball 内总有换行策略保护(commit 4026dbb
  • 强制重新 checkout.gitattributes 在文件已存在时不生效,对 setup.sh 做标记变更触发 git 重写为 LF(commit f4054d7

Documentation

  • docs/CRLF-POSTMORTEM.md: 完整的事故复盘,覆盖技术根因、测试盲区分析、修复方案