Skip to content

(deps): Bump moonrunnerkc/skillcheck from 0.2.0 to 1.1.0#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/moonrunnerkc/skillcheck-1.1.0
Open

(deps): Bump moonrunnerkc/skillcheck from 0.2.0 to 1.1.0#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/moonrunnerkc/skillcheck-1.1.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps moonrunnerkc/skillcheck from 0.2.0 to 1.1.0.

Release notes

Sourced from moonrunnerkc/skillcheck's releases.

skillcheck 1.1.0

An external audit against v1.0.1 surfaced eight repo defects: an unpinned GitHub Action install, gitignored evidence paths cited in the README, a top-level SKILL.md describing an unrelated skill, a missing @v0 tag the README claimed existed, exit-code 2 conflating tool-misuse with warning-only reports, an oversized cli.py, and a vague-word list that flagged context-dependent terms like "comprehensive". v1.1.0 fixes all of them and reverses one v1.0.1 behavior change that turned out wrong.

Behavior change

Warning-only runs now return exit code 0 by default. v1.0.1 made them return 2; that conflated valid runs that produced warnings with tool-misuse cases (missing path, conflicting flags, empty directory). CI consumers couldn't tell the difference. v1.1.0 splits them: warnings exit 0, input errors exit 2, errors stay at 1, semantic drift stays at 3. The new --warnings-as-errors flag escalates warning-only runs to exit 1 for pipelines that want warnings to block.

If your CI relied on v1.0.1's "warnings exit 2" behavior, add --warnings-as-errors to your skillcheck invocation, or pin to @v1.0.1 until you can update.

Added

  • --warnings-as-errors flag.
  • Two regression tests guarding the description-scorer rubric.

Changed

  • action.yml install step pins skillcheck>=1.0.1. Until v1.1.0 is uploaded to PyPI, this fails loudly on unpublished v1 features rather than silently resolving to v0.2.0.
  • Description scorer no longer penalizes comprehensive, robust, or flexible in descriptions. Each can describe a concrete attribute when qualified ("comprehensive coverage of N file formats", "robust against malformed input"). The inclusion rubric is now documented inline. Verified against anthropics/skills: zero score changes across 17 files, because none of those skills use the dropped words. The rubric edit is a no-op against the current corpus; the two new regression tests are forward-looking guards, not regression evidence.
  • Description scorer verb matching collapsed from 86 entries (base + 3rd-person duplicates) to 42 base forms with stem normalization. Adding a new verb now only requires the base form.
  • README field-test citations replaced gitignored runs/... paths with reproducible commands.
  • README exit-code table documents the new semantics; flag table documents --warnings-as-errors.
  • README test count: 663 → 667.

Removed

  • Top-level git-commit-crafter SKILL.md from the repo root.
  • False @v0 tag claim from the README and CHANGELOG.

Why this is a minor and not a patch

The exit-code semantics change is observable in CI and not opt-in. Adding --warnings-as-errors is also a public-surface addition. Either alone would be a minor bump under semver; together they aren't a patch.

Audit items not closed

  • PyPI publish: the v1.1.0 sdist and wheel are built and pass twine check, but PyPI upload requires authenticated credentials and happens out-of-band. Until that runs, pip install skillcheck continues to ship v0.2.0. The pinned action install will refuse to run.
  • cli.py line count: the audit asked for a refactor toward main() under 100 lines and cli.py under 700. An attempted helper extraction met the main() target but pushed total file size from 1127 to 1172. The refactor was reverted; the file remains at its pre-audit size, with the audit's "deliberate choice" path left open for a follow-up.

skillcheck 1.0.1

skillcheck v1.0.1 commits a batch of post-v1.0.0 implementation work that had been sitting uncommitted, ships the docs corrections an end-to-end verification surfaced, and aligns the README, CHANGELOG, and CLI surface so they describe the same release.

There is one behavior change relative to v1.0.0: warning-only runs now return exit code 2. Errors return 1; semantic drift returns 3. CI consumers that previously relied on warning-only exiting 0 must update.

Changed

  • Warning-only CLI reports now return exit code 2. Exit code 1 remains errors; exit code 3 remains semantic drift.
  • README Exit Codes table row 0 now reads "no errors and no warnings".
  • README test count corrected from 653 to 663.
  • README JSON-stability promise updated from "0.x series" to "v1.x series".

... (truncated)

Changelog

Sourced from moonrunnerkc/skillcheck's changelog.

[1.1.0] - 2026-04-28

External audit against v1.0.1 surfaced eight repo defects ranging from documentation drift to a CI-confusing exit-code conflation. v1.1.0 ships fixes for all eight, reverses one v1.0.1 behavior change that turned out wrong, and tightens the description scorer's vague-word rubric. The minor bump is driven by the exit-code semantics change (now distinguishes warning-only from input error) and the new --warnings-as-errors flag.

Behavior change

  • Warning-only CLI reports now return exit code 0 by default, reversing v1.0.1's "warnings exit 2" decision. Exit code 2 is now reserved for tool-misuse / input errors (missing path, conflicting flags, empty directory) so CI consumers can distinguish them. Pass --warnings-as-errors to escalate warning-only runs to exit code 1 for stricter gates. Errors remain 1; semantic drift remains 3.

Added

  • --warnings-as-errors flag: escalate warning-only runs to exit 1 for CI configurations that want warnings to block.
  • scripts/summarize_batch.py and tests/test_batch15_summarize.py: maintainer-facing tool that consumes a directory of skillcheck batch-run artifacts (one directory per repo, one subdirectory per skill, paired *.json / *.txt reports per phase) and writes summary.csv plus findings.md. Invoked as python scripts/summarize_batch.py <batch_dir>. Not exposed as a console script, not wired into the GitHub Action; the action runs skillcheck against one path, this consumes outputs across many. Documented under Maintainer Notes in the README.
  • tests/test_readme_test_count_claim.py: parses the README's "N tests cover ..." sentence and asserts it matches pytest --collect-only. The next time the suite grows without bumping the README number, CI fails. Closes the recurring drift pattern that v1.0.1 had to correct twice.

Changed

  • action.yml install step pins skillcheck>=1.0.1 so consumers fail loudly on unpublished v1 features instead of silently running v0.2.0.
  • Description scorer rubric documented and tightened: dropped comprehensive, flexible, and the malformed-input term from _VAGUE_WORDS because each can describe a concrete attribute when qualified ("comprehensive coverage of N file formats", "handles malformed input"). The inclusion rubric is now documented inline. Verified against anthropics/skills (17 SKILL.md files): zero score changes, because none of those skills use the dropped words. The rubric edit is a no-op against the current corpus; the new regression tests are forward-looking guards against scoring drift if the list is ever re-expanded.
  • Description scorer verb matching: collapsed _ACTION_VERBS from 86 entries (base + 3rd-person duplicates) to 42 base forms. Added _is_action_verb() to handle stem normalization across -s, -es, and -ies endings. Adding a new verb now only requires the base form.
  • README test count bumped from 663 to 667 to include the drift-guard test, two description-scorer regression tests, and the --warnings-as-errors test.
  • README field-test citations: replaced seven gitignored runs/... path references with the exact skillcheck commands needed to reproduce each finding. Readers can now verify the claims without access to private artifacts.
  • README exit-code table reflects the new semantics; flag table documents --warnings-as-errors.

Removed

  • Top-level git-commit-crafter SKILL.md from the repo root. It was unrelated to skillcheck and confused first-time readers; the canonical example lives at skills/skillcheck/SKILL.md.
  • False @v0 tag claim from the README. Only @v0.2.0 was ever pushed; the action-install snippet no longer suggests a tag that does not exist. CHANGELOG entries that referenced @v0 corrected to @v0.2.0.

[1.0.1] - 2026-04-28

End-to-end verification against anthropics/skills surfaced documentation drift in the published v1.0.0 README and a batch of post-tag implementation work that had not been committed. v1.0.1 commits that work, ships the docs corrections, and adds guide-parity flags. Behavior change: warning-only runs now return exit code 2 (was 0).

Changed

  • Warning-only CLI reports now return exit code 2. Exit code 1 remains errors; exit code 3 remains semantic drift. README Exit Codes table row 0 updated to "no errors and no warnings".
  • README test count corrected from 653 to 663.
  • README JSON-stability promise updated from "0.x series" to "v1.x series".
  • README field-test numbers reframed as April 2026 snapshots against anthropics/skills, with a note that they will drift as upstream evolves.
  • action.yml format input description clarified: accepted but ignored at runtime; the action always invokes skillcheck with --format json.
  • Development extras now include ruff>=0.6, mypy>=1.10, and types-PyYAML>=6.0.

Added

  • --semantic: guide-compatible shortcut that enables semantic-adjacent validation. In standalone mode it runs heuristic graph analysis; with ingested agent responses it merges those diagnostics.
  • --agent-reason: guide-compatible agent-workflow shortcut. Emits a combined critique and graph prompt packet so the calling agent can run both reasoning steps and feed JSON back through --ingest-critique and --ingest-graph.
  • --format md and --format agent: Markdown report output and agent-oriented next-action output.
  • skillcheck.toml config loading: top-level defaults for format, thresholds, target agent, strict VS Code mode, skip flags, ignored rule prefixes, graph analysis, semantic mode, history, and agent variants.
  • Experimental --activation-hypotheses: generates likely natural-language routing triggers plus a discoverability entropy score. Routing caveat included in every report.
  • Machine-readable diagnostic metadata: JSON diagnostics now include source and confidence fields.
  • GitHub Action inputs for the v1.0 modes: semantic, analyze-graph, ingest-critique, critique-agent, ingest-graph, graph-agent, history, activation-hypotheses. The action still always emits JSON internally for PR annotations.
  • tests/test_v1_completion.py: covers --format md, --format agent, --agent-reason, --semantic graph enabling, --activation-hypotheses JSON, skillcheck.toml loading, and source/confidence in JSON output.

... (truncated)

Commits
  • 44620cc Merge pull request #5 from moonrunnerkc/v1-phase3d-release-prep
  • 4be2d76 docs: tighten rubric-change wording in CHANGELOG and RELEASE_NOTES
  • f681e37 chore(release): bump to 1.1.0
  • 3082a53 revert: undo cli.py helper extraction; keep exit-code split
  • 0cfc15f feat(cli): split exit codes and refactor main() into helpers
  • 5476b44 fix(rules): tighten description scorer rubric and verb matching
  • e57d383 chore: address external audit findings (claims 2, 3, 5, 6)
  • c2734ad Merge pull request #4 from moonrunnerkc/v1-phase3d-release-prep
  • 14d79ec chore: untrack launch checklist and launch post drafts
  • 2fa2896 Merge pull request #3 from moonrunnerkc/v1-phase3d-release-prep
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
(deps): Bump moonrunnerkc/skillcheck from 0.2.0 to 1.1.0
882da96 
Bumps [moonrunnerkc/skillcheck](https://github.com/moonrunnerkc/skillcheck) from 0.2.0 to 1.1.0.
- [Release notes](https://github.com/moonrunnerkc/skillcheck/releases)
- [Changelog](https://github.com/moonrunnerkc/skillcheck/blob/main/CHANGELOG.md)
- [Commits](moonrunnerkc/skillcheck@v0.2.0...v1.1.0)

---
updated-dependencies:
- dependency-name: moonrunnerkc/skillcheck
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants