Releases: urlbox/urlbox-cli
Releases · urlbox/urlbox-cli
v0.10.0
Changelog
- cfccbb7: release: reset to 0.10.0 (early-access) (@gdameneses)
- 1208097: ci(release): explicit --tag latest on npm publish (@gdameneses)
Contributors
gdameneses
Assets 16
- 1.14 KB
2026-05-19T13:01:24Z - 8.04 KB
2026-05-19T13:01:24Z - 4.41 MB
2026-05-19T13:01:20Z - 4.12 MB
2026-05-19T13:01:20Z - 4.48 MB
2026-05-19T13:01:21Z - 4.32 MB
2026-05-19T13:01:23Z - 4.31 MB
2026-05-19T13:01:22Z - 4.34 MB
2026-05-19T13:01:21Z - 4.07 MB
2026-05-19T13:01:22Z - 3.95 MB
2026-05-19T13:01:23Z -
2026-05-19T12:58:50Z -
2026-05-19T12:58:50Z - Loading
v1.0.4
Deprecated — use v0.10.0.
Changelog
- 61492a8: fix(config): close credential/host validation gaps across all input sources (@gdameneses)
- 80338ef: feat(security): harden outbound HTTP + OS URL dispatch (@gdameneses)
- 11c768b: fix(output): errors and warnings honor stream + format contract (@gdameneses)
- 3ed62b6: feat(skill,config): safe-write helper + --force on skill install (@gdameneses)
- 7466629: feat(render,skill): client-side auth pre-flight + sandbox docs in SKILL.md (@gdameneses)
- 1cc10b2: docs(surface): document SURFACE.txt's exclusion rule explicitly (@gdameneses)
- cb50674: docs(readme,changelog,npm): v1.0.4 entry + onboarding clarifications (@gdameneses)
Contributors
gdameneses
Assets 16
v1.0.3
Deprecated — use v0.10.0.
Changelog
- d320cd1: fix(hints): replace ghost-command references in error hints (@gdameneses)
- 7f509dc: fix: cross-reviewer Importants from Round 1 (@gdameneses)
- 2f70a0f: feat(security): --api-secret-stdin / --api-secret-file across commands (@gdameneses)
- b196bca: feat(security): auth overwrite guard + masked config get (@gdameneses)
- 18a2e5f: refactor(validation): drop package-global lastWarnings; return warnings (@gdameneses)
- ad5a074: security(installers): verify sha256 + sigstore on install.sh and npm/install.js (@gdameneses)
- 570539c: security(installers): close sigstore-downgrade gap; loud SKIP banner; execFileSync (@gdameneses)
- 1ff3a63: fix(security): cap --api-secret-stdin/-file at 4KiB; friendly file errors (@gdameneses)
- a1e8d87: fix(auth): unify overwrite-refused exit code on ErrConflict (exit 7) (@gdameneses)
- e73de68: fix: four polish nits from Round 3 reviewers (@gdameneses)
- 3ebbe22: fix(auth): honor --profile + URLBOX_PROFILE; reject unknown names (@gdameneses)
- fcdd466: fix(doctor): treat non-2xx auth response as failure, not "credentials valid" (@gdameneses)
- 7d24add: fix(render): preflight --output sandbox + writability before API call (@gdameneses)
- 655b40e: fix: input/output validation polish (M2, M3, M4) (@gdameneses)
- 54c1bf1: fix(render): extend large-int guard to the --json path (@gdameneses)
- afdcdfb: fix(profile): reject unknown URLBOX_PROFILE on every command (Adv-2) (@gdameneses)
- 0500afc: fix(config): validate profile names at creation time (Adv-4) (@gdameneses)
- 471bf74: fix(doctor): bump per-check timeout to 10s for cold-container resilience (@gdameneses)
- deb5677: fix(config): get/set honor default_profile when 2+ profiles exist (CI-2) (@gdameneses)
- f790420: fix(api): route InvalidURLError to ErrValidation, not ErrUsage (First-2) (@gdameneses)
- b7824ef: fix(link): accept positional URL; replace circular auth hint (Lows) (@gdameneses)
- 6bef881: fix: text mode = summary-only; render quiet = single useful scalar (@gdameneses)
- 1c12bb6: fix(render): three input-validation lows from Round 5 (@gdameneses)
- 2d92313: fix(secret): single validated path for every secret-write (class-fix) (@gdameneses)
- b2e3666: fix(render): JSON int-range guard walks the whole tree (class-fix) (@gdameneses)
- 37d6dec: fix(doctor): route through config.Resolve so --profile/URLBOX_PROFILE are honored (class-fix) (@gdameneses)
- 1f0f7bd: fix(suggester): scope candidates to active command (class-fix) (@gdameneses)
- 7d96c5f: fix(suggester): scope unknown-command suggestions to the parent path (@gdameneses)
- 39cb1f5: fix(config): file lock around all config writes (class-fix) (@gdameneses)
- dcd5365: fix(auth): reject invisible Unicode in API secrets (class-fix) (@gdameneses)
- 45e4324: fix(cli): align profile-not-found envelopes across CLI (class-fix) (@gdameneses)
- ec553e3: fix(auth): secret validation parity + Mn marks + invalid UTF-8 (class-fix) (@gdameneses)
- 8bf594d: fix(config): validate api_host on every write path (class-fix) (@gdameneses)
- 0d6d93d: fix(cli): wire repo overlay loader into every Resolve call site (class-fix) (@gdameneses)
- ba88357: fix(cli): root-level errors carry command field; add version subcommand (class-fix) (@gdameneses)
- a0a6e9c: fix(doctor): scalar quiet mode + exit code matches failure category (class-fix) (@gdameneses)
- 324b29a: fix(config): stale-lock self-recovery + correct exit code class (class-fix) (@gdameneses)
- f93b2d0: fix(render): reject >2^63 ints + duplicate JSON keys (class-fix) (@gdameneses)
- 7108c48: fix(cli): output-format consistencies bundle (class-fix) (@gdameneses)
- 9558f11: fix(cli): reject explicit empty --profile at flag-resolution time (class-fix) (@gdameneses)
- 4192f0b: fix(output): apply --jq to error envelopes (class-fix) (@gdameneses)
- f97ccb3: docs(aliases): clarify shared /v1/screenshot endpoint + pdf full-page default (@gdameneses)
- b354d79: refactor(cmd): inline validateSecretValue shim, move tests to config (@gdameneses)
- e895e7c: chore(config): delete dead ResolveAPISecret + APISecretSource (review H1) (@gdameneses)
- 6cabfa8: fix(config): classify read errors by category — Forbidden/Usage, not Server (review M1) (@gdameneses)
- 053a0a2: docs(auth): clarify that the repo overlay's profile field is ignored (review M4) (@gdameneses)
- 6c8a815: docs(changelog): add v1.0.3 entry (review M2) (@gdameneses)
Contributors
gdameneses
Assets 16
v1.0.2
Deprecated — use v0.10.0.
Changelog
- 72dd157: fix(v1.0.2): five UX/correctness fixes from Round 2 stress-testing (@gdameneses)
Contributors
gdameneses
Assets 16
v1.0.1
Deprecated — use v0.10.0.
Changelog
- 2e29fd2: fix(v1.0.1): unquote --jq scalars in quiet mode; humanize status 404 (@gdameneses)
Contributors
gdameneses
Assets 16
v1.0.0
Deprecated — use v0.10.0.
Changelog
- 5d1dd22: fix(render): reject leaf symlinks in --output sandbox (@gdameneses)
- 194e724: fix(api): RetryDo returns last response on ctx-cancel (@gdameneses)
- b16a833: fix(auth): emit prompt newline via cobra writer (@gdameneses)
- 5c0fed1: test(config): cover Save error branches and Load/APISecretSource gaps (@gdameneses)
- 4fbf132: test(validation): cover loadSchema corrupt-bytes via loadSchemaFrom (@gdameneses)
- 02b0aa5: fix(errors): non-empty hint on every CLIError path (Fizzy item 1) (@gdameneses)
- 45582fb: feat(root): suggest did_you_mean on typo command/flag (Fizzy 5) (@gdameneses)
- 1bf177b: feat(cmd): add urlbox link with HMAC-SHA256 signing (@gdameneses)
- a0ea2f8: feat(cmd): pin link error envelopes (auth, validation) (@gdameneses)
- 9a10ba7: feat(cmd): add urlbox status (single-shot mode) (@gdameneses)
- 74522cb: feat(cmd): implement urlbox status --wait polling loop (@gdameneses)
- 724b82d: feat(cmd): add urlbox dashboard with headless fallback (@gdameneses)
- 07e7387: fix(cmd): actionable hints on config-resolve fallback in link/status (@gdameneses)
- b6a28ab: feat(skill): add cursor, codex, opencode install targets (@gdameneses)
- e385467: docs(skill): document cursor/codex/opencode targets in SKILL.md (@gdameneses)
- 38576ea: fix(render): thread --profile through to config.Resolve (@gdameneses)
- 6166bc8: fix(output): reject unknown --output-format; emit envelope on upgrade (@gdameneses)
Contributors
gdameneses
Assets 16
v0.9.0
Changelog
- a90af13: feat: schema-as-documentation contract for --json (v0.9.0) (@gdameneses)
- 20dded6: feat(cmd): enforce typed-flag enums at Cobra layer (--format, --wait-until) (@gdameneses)
- a01c3b3: feat(api): route InvalidOptions to ErrValidation + smoke for v0.9.0 contract (@gdameneses)
- cc1bbd0: Merge branch 'feature/schema-as-docs' for v0.9.0 (@gdameneses)
Contributors
gdameneses
Assets 16
v0.8.1
Changelog
- 278bf04: feat(skill): add
urlbox skill installfor agent self-bootstrap (@gdameneses) - a75c000: Merge branch 'feature/skill-install' for v0.8.1 (@gdameneses)
Contributors
gdameneses
Assets 16
v0.8.0
Changelog
- 17bc81b: fix(cmd): use schema-derived enum in --wait-until help (@gdameneses)
- 0fca5da: feat(api): surface upstream HTTP status in render envelope (@gdameneses)
- 695ba3e: fix(cmd): --timeout flag + fail-fast on render timeout (@gdameneses)
- d924e9c: feat(cmd): add --preset article for news/article rendering (@gdameneses)
- ea6b9b2: fix(cmd): floor suggestLongerTimeout at 30s (@gdameneses)
- 69106f2: docs(changelog): flag --timeout int→duration as breaking (@gdameneses)
- 318ec0e: fix(schema): add video_scroll + 4 supporting fields (@gdameneses)
- 940c786: fix(auth): point users at the dashboard URL for their API secret (@gdameneses)
- 1e7df73: docs(skill): teach --json fallback prominently for agents (@gdameneses)
- 41ab071: docs(changelog): set v0.8.0 release date (@gdameneses)
- 446b04c: Merge branch 'feature/render-ux-hardening' for v0.8.0 (@gdameneses)
Contributors
gdameneses
Assets 16
v0.7.0
Changelog
- 8cf2465: feat(cmd): add urlbox render flag layer + merge + validation (@gdameneses)
- 734f6a0: refactor(cmd): apply Task 6 review nits (@gdameneses)
- c38d0ba: feat(cmd): add --curl shortcut + harden --dry-run with never-hit guard (@gdameneses)
- 1678c6b: fix(api): handle Urlbox nested error body + map ApiKey* codes to ErrAuth (@gdameneses)
- 517f1be: test(api): add real-API smoke tests + make smoke target (@gdameneses)
- 7e3f1da: feat(cmd): add --preset (mobile, desktop, pdf-a4) (@gdameneses)
- 8239d4d: feat(cmd): wire render full pipeline (API call + output save + open) (@gdameneses)
- fa62c4c: fix(cmd): close two security/UX gaps surfaced by Task 9 review (@gdameneses)
- 5775de6: feat(cmd): add screenshot, pdf, video aliases for render (@gdameneses)
- 2478cea: Merge branch 'feature/render-command' into main (@gdameneses)
Contributors
gdameneses