view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

4.16  2026-06-11
    - teach the built-in `dashboard workspace` command a `-c` flag, accepted
      before or after the workspace name, that changes into the registered
      dashboard path for that name before planning the session, so
      `dashboard workspace -c foobar` behaves like `cdr foobar` followed by
      `dashboard workspace foobar` and the tmux session plus its layered
      `.env` refresh start from the registered project directory
    - fail `-c` explicitly when the workspace name is not a registered
      dashboard path, when the registered target is not a directory, or when
      the directory cannot be entered, instead of silently starting the
      workspace from the wrong directory
4.15  2026-06-11
    - keep the `install.sh` post-install activation runner on the same shell
      dialect as the bootstrap target, so blank hosts without `SHELL` exported
      (fresh Docker containers, `curl ... | sh` runs) no longer source the
      bash-flavoured activation files through plain `sh` and die on the first
      bash-only construct
4.14  2026-06-11
    - align every module under `lib/` back onto the single repository release
      version after the `4.13` bump only advanced `Developer::Dashboard`,
      leaving the other 53 packaged modules still declaring `4.12`
    - add a release-metadata gate that walks every `lib/**/*.pm` and asserts
      its `$VERSION` matches the `dist.ini` release version, so a partial
      version bump can never ship again
    - validate IPv4 loopback octets strictly in `Auth::_ip_is_loopback`, so
      malformed literals such as `127.0.0.999` are no longer classified as
      loopback addresses
    - restore the `4.12` entries in `Changes` and `FIXED_BUGS.md` that the
      `4.13` update overwrote instead of prepending
4.13  2026-06-11
    - harden the GitHub-hosted `Devel::Cover` gate again by exercising the
      installed-dist `File::ShareDir` asset lookup branch in
      `Web::App::_bundled_public_asset_path`, so clean Ubuntu runners close
      the final `99.9` statement gap and keep the reviewed `lib/` totals at
      `100.0 / 100.0 / 100.0`
4.12  2026-06-10
    - harden the GitHub-hosted `Devel::Cover` gate by exercising the
      low-traffic `Web::App` compatibility helpers directly in the focused web
      coverage tests, so route fan-out timing on CI runners cannot leave the
      reviewed `lib/` totals below `100.0 / 100.0 / 100.0`
4.11  2026-06-10
    - decouple the GitHub-hosted CPAN upload workflow from ordinary `vX.XX`
      tag pushes so signed GitHub release tags can be published without
      triggering an unasked PAUSE upload
    - broaden the CodeQL push trigger to every branch so repository-side SAST
      coverage is visible on more commit paths instead of only `master`
4.10  2026-06-10
    - move project-local isolated Docker Compose service discovery and
      disable markers under `./.developer-dashboard/config/docker/...` so
      the implementation matches the documented config-root contract across
      resolver lookup, toggle writes, and exported `DDDC` paths
4.09  2026-06-06
    - keep smart-routed skill page browser edits on their canonical
      `/app/<skill>` and nested `/app/<skill>/<sub-skill>` aliases by
      teaching the edit/source routes and Play handoff to load skill index
      pages through the same smart resolver instead of collapsing to the
      underlying `BOOKMARK: index` id
4.08  2026-06-06
    - split the Web UI bookmark editor into Jupyter-like section blocks while
      keeping the saved bookmark file format canonical, including block-aware
      syntax overlays, Tab-created sections, hidden source recomposition, and
      Play-mode save-and-render handoff
    - standardize operator-facing built-in CLI output so path, file, api, and
      skill inventory or mutation commands default to readable table summaries
      while `-o json` returns the full raw machine payload
4.04  2026-06-05
    - restore the public switchboard helper path contract for dotted
      `dashboard <skill>.<command>` dispatch, keep Windows core-backed
      built-ins routed through the shared staged `_dashboard-core` helper,
      and fix the staged private core import drift that broke `dashboard init`
      and later helper refreshes
    - harden Windows runtime helper and state-file flows so detached web,
      collector-loop, collector-worker, and watchdog launches use the staged
      foreground helper entrypoints and tolerate Windows rename collisions
      through explicit replace fallbacks
    - teach the Windows checkout bootstrap to seed `HOME` from PowerShell's
      own `HOME`, create a stable user-space `make.cmd` shim for Strawberry
      GNU make, and keep the fuzz gate lightweight under `Devel::Cover`
    - force non-interactive CPAN environment defaults for skill `cpanm`
      installs so Windows fresh-session bootstrap checks do not stall behind
      dependency configure prompts
4.03  2026-06-05
    - ship an explicit OWASP compliance SOW and evidence matrix, wire it into
      the OWASP and release-metadata tests, and tighten the manuals so the
      safe public wording stays `OWASP-aligned` / `OWASP-gated` until the
      remaining governance blockers are truly closed
4.02  2026-06-04
    - fix `_helper_file_supports_internal_command` substring detection so
      runtime helper refresh probes return true for matching staged helpers
      and stay stable under the plain and covered harnesses
    - harden `t/47-zombie-coverage-closure.t` with a persistent helper
      fixture and direct runtime-object assertions so the final gate loop
      stays deterministic
4.01  2026-06-02
    - add the built-in `dashboard api` management command for layered
      `config/api.json` machine auth, including merged registry listing,
      per-key inspection, SHA-256 hashing of raw secrets before persistence,
      optional `--maybe-secret` route-oriented secret input, exact saved
      `/ajax/...` route add/remove controls, duplicate-route no-op handling,
      and child-layer tombstones that hide inherited API groups without
      rewriting parent config
4.00  2026-06-02
    - add layered `config/api.json` machine auth for selected saved
      `/ajax/...` routes, including installed skill `config/api.json`
      fragments, exact route allowlists, and `X-DD-API-Key` plus
      `X-DD-API-Secret` header verification against stored SHA-256 digests
    - keep helper-session auth working on those same API-registered ajax
      routes while failing unauthenticated or wrong-secret machine callers
      closed with `403 {"status":"forbidden"}`
    - pass saved ajax API auth headers through the PSGI/Dancer adapter so
      browser-facing and direct HTTP entrypoints enforce the same machine-auth
      contract
3.99  2026-05-26
    - keep the active shell directory in dashboard-managed child `PATH`
      repairs alongside the current Perl interpreter bin so collector shell
      commands still execute cleanly during blank-environment tarball installs
      and any runtime that inherits a stripped `PATH`
3.98  2026-05-20
    - treat collector `disable` as a hard stop-and-skip flag so disabled
      collectors are not started, explicit named starts reject them, and any
      already-running managed loop is stopped during the next lifecycle action