Skip to content

SkillMeat v0.28.0 Release Notes

Release Date: 2026-04-07

Bundles the enterprise migration / dialect-guard hardening pass and the enterprise stub-promotion phases (formerly tracked on fix/enterprise-migration-fixes). Also lands Clerk auth container fixes, the auth-aware fetch path, the admin Versions diff wiring, the SQLite search_vector fallback, and the project scaffolder planning artifacts. Two-minor bump from 0.26.0 reflects the breadth and the enterprise-edition behavior changes.

Added

  • PostgreSQL migration downgrade validation in enterprise-smoke CI workflow — validates both enterprise and local-edition Alembic chains against PG 16
  • Compositions Page: New /compositions page in Library navigation consolidating Bundles, Deployment Sets, and Scaffold Templates into a unified three-tab interface with compositionsPageEnabled feature flag
  • Scaffold Template Modal Tabs: Scaffold templates now open in the consolidated entity modal with YAML preview, configuration, and members tabs (all React.lazy loaded)
  • Bundle Creation Wizard: Multi-step wizard for creating bundles with EntityPickerDialog member selection, tier-organized review, and validation gating (behind bundleAuthoringEnabled flag)
  • WizardShell UI Primitive: Generic multi-step wizard shell extracted to @miethe/ui/primitives for reuse across the application
  • 184 Component Tests: Comprehensive test coverage for compositions page (41), scaffold tabs (36), deployment set tabs (61), and bundle wizard (46)
  • 43 Accessibility Tests: WCAG 2.1 AA compliance suite for all HTAM surfaces including ARIA tabs, keyboard navigation, and focus management
  • Enterprise Dashboard Governance Hub: Interactive artifact governance interface for enterprise admins and team leads
  • Clickable artifact rows with enterprise modal containing Governance (policies, tiers), Propagation (cascade rules, sync status), and Audit Trail tabs
  • BulkActionBar component extracted to @miethe/ui/bulk-actions for global deployment, lock/unlock, delete, and reassign operations
  • Global Collections management with create, team binding, and configuration workflows
  • Actionable activity feed with priority classification and client-side filtering for operational visibility

Changed

  • Deployment Set Modal: Upgraded from read-only to full CRUD with member management, tags, and batch deploy in the consolidated entity modal
  • Navigation: Library section now includes "Compositions" entry; "Backstage Templates" and "Deployment Sets" nav items redirect to corresponding Compositions tabs

Deprecated

  • /deployment-sets route: Redirects to /compositions?tab=deployment-sets
  • /templates/scaffold route: Redirects to /compositions?tab=scaffold-templates

Removed

  • DeploymentSetDetailsModal: Legacy standalone modal removed; all interactions now use the consolidated entity modal

  • Repository DTO Migration v2 (Phases 1-5): Continued DTO boundary expansion across git scanning, activity tracking, bundle management, and collection stats domains.

  • Git scanning stack (3 ABCs) migrated to frozen DTOs: GitRepoConnectionDTO, GitRepoScanDTO, GitScanArtifactDTO with full converter implementations
  • Activity tracking ABC rewritten to remove ORM imports; all 6 event-returning methods now return ActivityEventDTO
  • Bundle domain fully typed: IBundleRepository methods return BundleDTO and BundleMembershipDTO instead of raw dicts
  • Marketplace router cleanup: removed 4 Any-typed escape-hatches; routers now use IArtifactRepository.get() directly
  • Low-priority partial-compliance DTOs: CollectionStatsDTO, TemplateDeployResultDTO, CollectionBatchGetResultDTO, CollectionBatchUpdateResultDTO, CollectionBatchDeleteResultDTO for ICollectionRepository and IProjectTemplateRepository
  • Added 92 DTO converter unit tests covering both local and enterprise implementations

  • Architecture review completed with detailed findings documented

  • Repository DTO Migration (DTO-Refactor-v1): Eliminated ORM object leakage from API routers, resolving 9 cross-edition data divergences with zero runtime impact.

  • Added 4 new frozen dataclass DTOs: DeploymentSetDTO, DeploymentSetMemberDTO, GovernancePolicyDTO, EnterpriseArtifactResponseDTO for type-safe API contracts
  • Migrated 8 high-risk + 2 low-risk routers to consume DTOs instead of raw ORM objects: marketplace_sources, artifacts/_legacy, artifacts/links, deployments, governance, and 4 additional routers
  • All ORM divergences resolved at repository boundary: UUID normalization, field name mismatches, type conversions, and edition-specific attribute filtering now handled before serialization
  • Zero getattr() on ORM objects across all migrated routers; added CI lint guard (verify-no-router-getattr) to prevent regression
  • Added 36 DTO contract integration tests covering both local and enterprise editions with round-trip serialization validation
  • Fixed test regressions: updated mock factories to use typed DTOs instead of raw ORM objects
  • Updated edition feature matrix documentation with DTO contract and cross-edition parity status
  • Git Connection Decoupling (GCD-3): First-class git connections with many-to-many linking to projects and layered token management.
  • Git connections are now first-class entities: a single connection can be linked to multiple projects via a many-to-many join table; deleting a project no longer deletes its connections.
  • New "Git Sources" tab on Project detail page for viewing and managing linked connections.
  • Layered token management: per-connection, per-developer, and org-level GitHub tokens with automatic fallback chain.
  • Enterprise: GET /git-connections now supports team_id and unlinked=true query parameters.
  • New endpoints: POST/DELETE/GET /projects/{id}/git-connections/{conn_id}, POST/GET/DELETE /git-credentials.
  • Reusable @miethe/ui/primitives: SearchablePickerDialog, ViewModeToggle, MaskedSecretInput.
  • Git connections accordion in Create Project and Edit Project dialogs.

  • Edition-conditional rendering helpers (isEnterpriseEdition, EnterpriseOnly).

  • Auth Session Endpoint: GET /auth/me exposes backend-resolved roles to frontend, enabling consistent RBAC checks independent of the auth provider's token claims.

  • Enterprise Admin Navigation: Admin and enterprise sections wired into sidebar navigation with feature flag gating (is_enterprise_feature_enabled()). Includes cascade policies, sync management, and team sync pages.

  • skillmeat enterprise import --from-collection command for local-to-enterprise collection migration with CAS dedup, conflict strategies (skip/overwrite/create_version), dry-run mode, tier assignment, and type/tag filtering.

  • Enterprise Gap Closure Final (EGCF-6): Completed enterprise mode router migration with 11 critical + 7 important-tier SQLAlchemy models for workflow, memory, bundle, and BOM domains.

  • Enterprise SQLAlchemy ORM models for Workflow, MemoryItem, Bundle, BOM, and related audit/context domains with UUID primary keys and PostgreSQL-native JSONB storage
  • Centralized resolve_enterprise_artifact_id() helper for consistent UUID resolution across enterprise endpoints
  • Enterprise-mode routers for /workflows, /memory-items, /bundles, /bom, /analytics, /scaffold-templates, and /settings now return HTTP 501 with descriptive documentation references instead of ORM exceptions

  • Promoted marketplace source properties (description, supports_publish, supports_import, requires_api_key, default_trust_level) from hardcoded stubs to real database columns in EnterpriseMarketplaceSourceRepository

  • DVCS v1 (Distributed Version Control System) — Complete version control foundation spanning 7 phases:

  • Phase 1: CAS Storage — Content-Addressable Storage (CAS) with ArtifactBlob model, BlobBackend for PostgreSQL and SQLite, BlobRepository, and CASService with automated backfill migration and dvcs_cas_enabled feature flag.
  • Phase 2: Atomic Composite Versioning — BundleCommit model for multi-artifact atomic commits with compute_bundle_hash, BundleCommitRepository and BundleCommitService using SERIALIZABLE isolation and conflict analysis, bundle commit API endpoints, and 37 unit tests.
  • Phase 3: 4-Tier Inheritance & FQANs — TierCollection schema with CollectionTier enum, FQAN (Fully Qualified Artifact Name) utilities, FQANResolver service with tier walk and ambiguity policies, UpstreamCascadeService and CrossTierDiffService, and tier API endpoints.
  • Phase 4: Enterprise Governance — Cryptographic trust infrastructure for artifact signing, governance API router with admin-only endpoints, and async POST /sync-all with job tracking.
  • Phase 5: Time Machine UX — HistoricalEntityModal and VersionTimelineBrowser components, CherryPickDialog with useCherryPick mutation hook, SemVerTagDialog and RollbackConfirmationDialog.
  • Phase 5b: Version-Targeted Deployment — Version-targeted deploy and patch endpoints, VersionDeployAction and AdvancedDeployDialog components, PatchEditorDialog with usePatchVersion hook.

  • Phase 6: SDLC Integration — Git Commit Trailer Hook with SkillBOM-Ref format, CCDash webhook endpoint with circuit breaker, Hard Update GitOps PR automation, and Hard Update Pre-Execution Gate (Option B).

  • Enterprise Unified Sync UX (BE-4 & FE-4): Comprehensive multi-tier sync orchestration and team-wide visibility for enterprise developers and admins.

  • Enhanced Developer Sync: Compare artifact versions across enterprise tiers (dev → staging → prod) directly in the sync modal alongside upstream sync. New cross-tier comparison scope shows whether artifacts are in-sync, drifted, or missing across the deployment hierarchy. Tier-aware diff viewer highlights version mismatches and cascade impact.
  • Team Sync Dashboard: Dedicated real-time dashboard showing sync health across team artifacts with per-scope divergence indicators (upstream, tier-to-tier, source-project). Bulk sync action for quick remediation of multiple drifted deployments. Team-scoped visibility with membership-based filtering.
  • Enterprise Admin Sync Management: Org-wide sync health view with tier-level aggregation, cascade policy management UI, and operation audit logs. Admin-only endpoints for triggering cascade propagation and reviewing policy execution history.
  • Cross-Axis Cascade Policies: CascadePolicyService with CRUD endpoints for defining tier propagation rules (auto-sync on source update, staggered rollout, approval gates). Configurable per artifact type and tier pair with feature flag gating (enterprise_cascade_policies). Background processor applies policies on sync events with audit trail.
  • SyncStatusTab Integration: Extended with cross-tier scope selector, tier divergence cards, and cascade policy visualization. hasValidCrossTierSource() validates tier connections before querying. Unified label helpers for all comparison scopes.

  • Backend Services: EnterpriseContextSyncService extended with cross-tier sync status classification and diff computation; new CascadePolicyService with in-order policy application and history tracking; CrossTierDiffService for tier-pair comparison with automatic reconciliation suggestions.

  • Sync-Driven Version Capture (DVCS Unified Sync) — Automatic version history capture triggered by artifact sync events across 5 phases:

  • Phase 1: Foundation + On-Access Capture — SyncDebounceEntry model with Alembic migration, SyncDebounceRepository for debounce lifecycle management, SyncCaptureService with configurable quiet window, and on-access version capture during sync checks.
  • Phase 2: Background Periodic Scanner — SyncCaptureTask asyncio background task with configurable scan intervals, debounce processor integration, lifespan management with feature flag gating, and TTL-based entry pruning.
  • Phase 3: FS Watcher Daemon — Real-time filesystem change detection via skillmeat watch CLI command, FSWatcherService with debounce integration, notification API endpoint, and frontend sync status indicators.
  • Phase 4: Frontend UI + Settings — Sync capture settings panel, real-time capture indicators, and version history labels for auto-captured versions.

  • Phase 5: Enterprise Integration — Cascade-aware batch debounce with staggered jitter on UpstreamCascadeService propagation, per-scope sync capture config (global/tier/project hierarchy) with CRUD API, and per-artifact rate limiting (default 10/hr) to prevent runaway auto-capture. 79 new tests.

  • Added skillmeat demo seed command with --profile flag (minimal/full/backstage/ccdash) to populate a full demo environment covering all 17 artifact types, version history, deployments, marketplace metadata, and sync scenarios in under 60 seconds.

  • Enterprise Router Migration v2 Complete: Full API endpoint parity for enterprise edition with router decomposition and intentional 501 gates.

  • Enterprise Endpoint Coverage: All P0/P1 artifact management endpoints now fully functional in enterprise mode (previously returned HTTP 501)
    • Artifact CRUD: list, get, create, update, delete operations
    • Deployment operations: deploy, undeploy, sync workflows
    • Tag CRUD and linked artifact management
    • Diff operations: artifact, upstream, and source-project comparisons
    • Bulk import and duplicate confirmation workflows
    • Associations and consolidation cluster analysis
  • Router Decomposition: Monolithic artifacts.py (~10,654 lines) decomposed into 12 focused sub-modules under artifacts/ package
    • artifacts/crud.py, artifacts/diff.py, artifacts/deployments.py, artifacts/imports.py, artifacts/associations.py, and 7 additional focused modules
    • Each module handles single responsibility with explicit dependency injection
    • Sub-module composition enables enterprise-mode bypass with minimal code duplication
  • Dependency Injection Wrappers: Added ArtifactManagerOptDep, CollectionManagerOptDep, SyncManagerOptDep, ContextSyncServiceOptDep to dependencies.py for safe enterprise-mode resolution
    • Returns None in enterprise mode instead of raising exceptions
    • Endpoints using these wrappers return HTTP 501 with descriptive error messages
    • Maintains zero-config local development experience
  • Intentional 501 Gates: Filesystem-only operations explicitly return HTTP 501 in enterprise mode with user-facing error messages
    • ~~File content endpoints~~ — Now implemented via CAS (see Enterprise CAS File Content below)
    • Context sync operations: Discovery and MCP-related endpoints
    • Version graph operations: Not applicable to enterprise artifact lifecycle

  • Enterprise Smoke Tests: 28 new integration tests validating enterprise endpoint behavior

    • Coverage includes artifact CRUD, deployments, tag operations, and diff views
    • Tests verify both success paths (functional endpoints) and 501 gates (intentional limitations)
    • Pre-generated test data with deterministic IDs for reproducibility

  • Enterprise Smoke Test CI (enterprise-smoke.yml): GitHub Actions workflow running enterprise tests against PostgreSQL 16 with Alembic migrations. Includes 23 PostgreSQL-backed runtime smoke tests exercising all ERM-v2 handler paths (CRUD, deploy, tags, links, import, health) and 7 static analysis tests (SQLite bypass detection, UUID coercion checks, interface parity).

  • Enterprise Static Analysis Tests (test_enterprise_code_hygiene.py): AST-based detection of direct local repo instantiations bypassing DI, unguarded uuid.UUID() coercion in enterprise repositories, and enterprise interface parity checks with shrinking allowlists.

  • TCS Gap Remediation (Phase 3 — P2+P3 Metadata & Behavior):

  • Platform badges in card StatusZone with "Universal" fallback when no platforms specified (GAP-3.1)
  • Score/confidence badge display in card StatusZone when score data available (GAP-3.2)
  • Model and effort badges in card StatusZone when metadata populated (GAP-3.3)
  • ArtifactGrid now exposes onCopyCliCommand, onSync, and onEdit callback props (GAP-3.4)
  • Collection badge row with showCollectionBadge/onCollectionClick in HeaderZone (GAP-3.5)

  • Keyboard accessibility (Enter/Space) for tag badges in RelationshipZone (GAP-3.6)

  • Unified Member Picker (Member Management Unification): Consolidated member selection across deployment sets, bundles, and composites with unified EntityPickerDialog<T> component.

  • Generic EntityPickerDialog<T> with grid/list view toggle, multi-tab support, type-aware filtering, and artifact detail preview
  • Grid/list view toggle on all Members tabs (deployment sets, bundles, composites) with persisted preference
  • "View details" button on member cards to open artifact detail modal
  • @miethe/ui/pickers subpath export for EntityPickerDialog and EntityPickerViewToggle reusability
  • Migrated AddMemberDialog (deployment sets) to use EntityPickerDialog with Artifacts/Groups/Sets tabs
  • Migrated BundleMemberPicker (bundles) to use EntityPickerDialog with Artifacts/Context Entities tabs
  • Migrated PluginMembersTab (composites) to "Add Members" button + EntityPickerDialog workflow
  • Migrated create-plugin-dialog from MemberSearchInput to EntityPickerDialog

Changed

  • MemberSearchInput component deprecated and removed — all callers migrated to EntityPickerDialog

  • TCS Gap Remediation (Phase 2 — P1 UX Regressions):

  • Restored artifact type icon in card HeaderZone with tier-appropriate visibility (GAP-2.1)
  • Added inline Manage and Workflow secondary action buttons to card ActionZone (GAP-2.2)
  • Restored author/source display below artifact name in HeaderZone (GAP-2.3)
  • CLI copy command now self-contained with fallback when consumer doesn't provide onCopyCLI (GAP-2.4)

Fixed

  • Enterprise project endpoints routing — Projects CRUD endpoints (GET /projects, GET /projects/{id}, POST /projects, PUT /projects/{id}, DELETE /projects/{id}) now use ProjectRepoDep dependency in enterprise mode, routing to EnterpriseProjectRepository instead of raising HTTP 501

  • Enterprise artifact upstream field hydration — Artifact API responses in enterprise mode now include upstream field with ArtifactUpstreamInfo containing tracking_enabled=True for GitHub-backed sources (direct GitHub origin or marketplace origin), enabling sync-status tab to display upstream diff and sync controls

  • Enterprise sync auto-enable on startupenterprise_sync_enabled feature flag now defaults to True when edition="enterprise" (respects explicit SKILLMEAT_ENTERPRISE_SYNC_ENABLED=false environment variable for opt-out)

  • Enterprise router tenant context standardization — migrated 4 routers (enterprise_tier_diff, enterprise_team_sync, enterprise_collections, enterprise_artifacts) to use EnterpriseContextDep; added AST-based hygiene test to prevent regressions

  • TCS Gap Remediation (Phase 1 — P0 Bugs):

  • Deployment badge in card StatusZone no longer renders "0 deployed" when deployment count is zero (GAP-1.1)

  • Group badges now render correctly in global /artifacts view by mapping collection_id from API response (GAP-1.2)

  • Enterprise Memory/Context Edition Routing: Memory item, context packing, and context module routers now forward settings.edition to service constructors via FastAPI dependency injection. Previously all memory operations silently used SQLite regardless of edition. _verify_project_exists() now skips local-only project table validation in enterprise mode.

  • Enterprise PostgreSQL Migration Failures: Fixed 11 Alembic migrations that failed on PostgreSQL enterprise deployments.

  • Added is_sqlite()/is_postgresql() dialect guards to 6 migrations using SQLite-only syntax (FTS5 triggers, content_tree backfill, TEXT FK types, CREATE INDEX CONCURRENTLY inside transactions)
  • Added idempotency guards to ent_021 preventing DuplicateColumn errors on fresh databases
  • Removed phantom FK reference to non-existent enterprise_tenants table in ent_021
  • Created missing ent_019b migration for enterprise git repo tables

  • Guarded ent_013 CAS index creation against missing columns from schema divergence

  • Clerk Auth Infinite Redirect in Containers: Replaced auth.protect() middleware (blocks Clerk v7 dev browser token flow) with client-side ClerkAuthGate component using useAuth() + RedirectToSignIn. Added NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY as Docker build arg (required for Next.js standalone builds that inline env vars at build time). Updated compose.sh to auto-extract the key from .env.

  • API Client JWT Injection Race Condition: Replaced FetchAuthInterceptor (monkey-patched window.fetch in useEffect, too late for React Query's render-time fetches) with synchronous apiFetch module. Migrated all 24 API service files to shared api-client.ts, eliminating duplicated API_BASE/buildUrl declarations.

  • Enterprise Tenant Context Resolution: Standardized tenant ID resolution across enterprise routers via resolve_tenant_context() helper. Fixed trailing slash redirects exposing internal hostnames behind reverse proxy (redirect_slashes=False). Fixed Clerk org role extraction (org:admin -> admin) and admin role attribute checks.

  • Enterprise Seed Hardening: Made seed scripts edition-aware with automatic SQLite/PostgreSQL syntax selection. Seed orchestrator now bootstraps enterprise_users/enterprise_tenants tables, validates schema before insertion, and uses CAST() for JSONB parameters. Added validate_enterprise_seed.py for post-insertion integrity checks.

  • Enterprise JSONB/TEXT Column Handling: content_payload column stored as TEXT in PostgreSQL but services assumed pre-deserialized JSONB dict. Added explicit json.loads() fallback in enterprise_file_content.py and enterprise repository access patterns.

  • Enterprise Version History: Fixed UUID-based artifact resolution in version endpoints. Legacy verify_token() now bypasses TokenManager for Clerk JWTs that don't have stored token records.

  • Next.js Build Prerender: Dynamically imported Clerk SignIn/SignUp components with ssr: false to prevent build-time prerender failures when Clerk environment variables are unavailable.

Test

  • Achieve full CLI test coverage across 119 commands (32 previously untested, 69 expanded)

Documentation

  • Memory/Context Audit (Enterprise Feature Parity v3 §8): Audited all 6 checklist items — anchor resolution passes (free-form strings, no FK), but CRUD/search/pack/list all failed due to hardcoded SQLite routing. Fixes applied in MEM-002.

  • Workflow Engine Audit (Enterprise Feature Parity v3 §9): Engine is 70% enterprise-ready. Executor, planner, validator, context service, DAG, and models are all database-backed. Only parser (file I/O) and overrides loader need abstraction — estimated 2-3 day effort, no spike required.