Brian Madison 489067fdda fix(installer): address PR review findings for plugin resolver ... - Guard against path traversal in plugin-resolver.js: skill paths from unverified marketplace.json are now constrained to the repo root using path.resolve() + startsWith check - Skip npm install during browsing phase: cloneRepo() accepts skipInstall option, used in ui.js before user confirms selection, preventing arbitrary lifecycle script execution from untrusted repos - Add createModuleDirectories() call to installFromResolution() so modules with declarative directory config are fully set up - Fix ESLint: use replaceAll instead of replace with global regex		2026-04-09 08:44:17 -05:00
..
docs	feat(installer): restore KiloCoder support and installer (#2151)	2026-03-28 20:24:29 -05:00
installer	fix(installer): address PR review findings for plugin resolver	2026-04-09 08:44:17 -05:00
build-docs.mjs	fix(docs): community feedback — typo, locale 404s, llms-full (#2091)	2026-03-21 16:42:57 -06:00
fix-doc-links.js	fix(docs): comprehensive documentation site review fixes (#1578)	2026-02-08 11:58:22 -06:00
format-workflow-md.js	check alignment	2025-10-22 12:36:39 -05:00
javascript-conventions.md	refactor(installer): restructure installer with clean separation of concerns (#2129)	2026-03-27 06:50:07 -06:00
migrate-custom-module-paths.js	_cfg -> _config	2025-12-13 19:41:09 +08:00
platform-codes.yaml	feat: add Junie platform support (#2142)	2026-03-27 23:55:57 -06:00
skill-validator.md	refactor: tighten SKILL-04 regex, broaden WF-01/WF-02, remove forbidden names	2026-03-18 08:02:01 -06:00
validate-doc-links.js	feat(docs): add public roadmap and improve site navigation	2026-02-22 19:41:57 -06:00
validate-file-refs.js	chore(install): stop copying skill prompts to _bmad by default (#2182)	2026-04-07 10:02:59 -07:00
validate-skills.js	fix: address PR review findings in skill validator	2026-03-18 14:35:52 -06:00
validate-svg-changes.sh	Project Cleanup of Agents Menus, BMB module removal to other repo	2026-01-19 02:04:14 -06:00