Hivemind turns agent traces into skills and shares with your team

v0.7.37 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 15d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai ai-agents ai-memory anthropic artificial-intelligence claude

+12 more

claude-agent-sdk claude-agents claude-code-plugin claude-skills codex embeddings long-term-memory memory-engine openclaw openclaw-skills postgresql llm

Summary

AI summary

Updates Summary by CodeRabbit, Test plan, and intentional across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Version synced from package.json via scripts/sync-versions.mjs, replacing hand‑rolled JSON rewriting in release.yml. Version synced from package.json via scripts/sync-versions.mjs, replacing hand‑rolled JSON rewriting in release.yml. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Feature	Medium	Release workflow now uses two commits per release: first tracks bundles, second untracks and pins marketplace SHA. Release workflow now uses two commits per release: first tracks bundles, second untracks and pins marketplace SHA. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Bugfix	Medium	Improved bundle validation that smoke-tests built bundles for parse errors, replacing build regression detection. Improved bundle validation that smoke-tests built bundles for parse errors, replacing build regression detection. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Refactor
Refactor	Medium	All 7 build-artifact directories are gitignored (bundle/, claude-code/bundle/, codex/bundle/, cursor/bundle/, hermes/bundle/, mcp/bundle/, pi/bundle/). All 7 build-artifact directories are gitignored (bundle/, claude-code/bundle/, codex/bundle/, cursor/bundle/, hermes/bundle/, mcp/bundle/, pi/bundle/). Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Refactor	Medium	marketplace.json switches to git-subdir SHA-pinned form for plugin source. marketplace.json switches to git-subdir SHA-pinned form for plugin source. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Refactor	Medium	Removed bundled local CLI hooks (session/auth/embedding/skillify/wiki flows). Removed bundled local CLI hooks (session/auth/embedding/skillify/wiki flows). Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Other	Medium	Updated .gitignore to exclude bundle output directories. Updated .gitignore to exclude bundle output directories. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—

Full changelog

Summary

Removes the two main sources of merge-conflict churn on main:

All 7 build-artifact directories are gitignored — bundle/, claude-code/bundle/, codex/bundle/, cursor/bundle/, hermes/bundle/, mcp/bundle/, pi/bundle/. PR #170's merge alone touched 40+ bundle files in commit d8f76bf — that class of diff disappears entirely going forward.
Version is synced from package.json via scripts/sync-versions.mjs — replaces the hand-rolled node -e JSON-rewriting block in release.yml (history of buggy releases: chore commits 6f1d89a, 8f911ba).

Marketplace install still works for legacy + new users — installClaude() is unchanged. marketplace.json switches from source: "./claude-code" to the git-subdir SHA-pinned form (the dominant 2026 pattern in anthropics/claude-plugins-official — used by Adobe, AWS, Apollo, Microsoft, etc.). Users doing claude plugin marketplace add activeloopai/hivemind clone main, read marketplace.json, see the pinned SHA → Claude Code clones the repo at THAT SHA (which has bundles tracked) → extracts claude-code/ → installs.

How the SHA-pin works (the 2-commit release pattern)

release.yml's bump step is now 2 commits per release:

Commit 1: release: v<X> — npm run build runs (prebuild → sync-versions propagates version into 6 manifests; esbuild emits bundles with version baked-in); git add -fA force-tracks the gitignored bundles into THIS commit. The marketplace.json sha at HEAD will reference this commit.
Commit 2: chore: untrack bundles, point marketplace at <commit-1-sha> — git rm --cached -r for the 7 bundle dirs (removes from index, leaves working tree intact so npm publish still ships them); updates marketplace.json's plugins[0].source.sha to commit 1's SHA.

Net effect: main HEAD always bundle-free → PR diffs always source-only → no more merge churn on regenerated bundles. The pinned SHA is reachable from main's history, so claude plugin install continues to work.

This PR itself is a 2-commit bootstrap mirroring that pattern. Marketplace SHA points at commit edb1549e20aefd9da540bde529d31869c80a6379.

End-to-end validation

Verified locally before pushing this PR:

scripts/sync-versions.mjs — 6/6 unit tests pass (tests/scripts/sync-versions.test.ts).
rm -rf all 7 bundle dirs + npm run build — all regenerate; manifests synced.
npm run ci && npm test — all 2733 tests pass.
npm pack --dry-run — tarball contains 53 files including all bundles.
node --check on every bundle entrypoint — clean parse.
End-to-end marketplace install — pushed this branch to a local bare repo, ran claude plugin marketplace add against a clone with the file:// URL, ran claude plugin install hivemind@hivemind — Claude Code resolved the SHA-pinned source, cloned the bare repo at commit edb1549e20aefd9da540bde529d31869c80a6379, extracted claude-code/, installed cleanly with full bundle content present at ~/.claude/plugins/cache/hivemind/hivemind/0.7.34/.

What's NOT in this PR (intentional)

No installClaude() rewrite — current implementation keeps working unchanged.
No removal of .claude-plugin/marketplace.json — marketplace path preserved.
No migration code for legacy users — autoupdate via npm is independent of the marketplace mechanism.
No README/docs updates — separate sister PR.
Plugin-cache GC retention (#179) — orthogonal follow-up.

Test plan

[ ] CI passes (green test suite + bundle smoke + no verify-bundle failure)
[ ] After merge: confirm the auto-bump release flow produces the expected 2-commit pair on main
[ ] After merge: confirm marketplace add activeloopai/hivemind + plugin install hivemind@hivemind works for a fresh install
[ ] After merge: confirm an existing v0.7.30 user's autoupdate cycle picks up the new version without errors

Summary by CodeRabbit

Bug Fixes
- Replaced build regression detection with improved bundle validation that smoke-tests built bundles for parse errors.
Refactor
- Serialized release runs and moved to a two-commit release pattern to reliably track built bundles.
- Switched plugin source references to git-subdirectory pins (commit-sha locked).
Chores
- Removed bundled local CLI hooks and background workers (session/auth/embedding/skillify/wiki flows).
- Updated .gitignore to exclude bundle output directories.

Breaking Changes

Removed all 7 build‑artifact directories (bundle/, claude-code/bundle/, codex/bundle/, cursor/bundle/, hermes/bundle/, mcp/bundle/, pi/bundle/) from version control via .gitignore.
Changed marketplace.json source from a relative path to a git‑subdir SHA‑pinned reference, requiring clones at the specific commit SHA.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Hivemind turns agent traces into skills and shares with your team

Get notified when new releases ship.

About Hivemind turns agent traces into skills and shares with your team

All releases →

Related context

Related tools

Earlier breaking changes

v0.7.52 Removes `hivemind tasks` CLI and related code surfaces.
v0.7.51 Removes `hivemind tasks` CLI and related code surfaces.
v0.7.19 Module name skilify replaced with skillify; affects all imports
v0.7.19 CLI command skilify removed; renamed to skillify without deprecation alias
v0.7.18 CLI subcommand renamed from `skilify` to `skillify`; no deprecation alias.