Klimkit

v0.2.8 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 5d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-workflows agentic-engineering ai-agents automation cli code-server

+8 more

codex codex-cli developer-tools proof-reports pwa python tailscale worktrees

ReleasePort's take

Moderate signal

editorial:auto 5d

The release replaces the worktree‑stack skill with a general‑purpose create‑worktree workflow and removes private project names, local paths, and network traces from public evidence surface.

Why it matters: Security fact (severity 70) eliminates exposure of private project details in public repositories; developers and SREs should verify no sensitive data leaks post‑upgrade.

Summary

AI summary

The old worktree-stack skill is replaced by a general-purpose create-worktree workflow.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Removes private project names, local paths, and network traces from public evidence surface. Removes private project names, local paths, and network traces from public evidence surface. Source: llm_adapter@2026-05-29 Confidence: high	—
Refactor	Low	Replaces old worktree-stack skill with general-purpose create-worktree workflow. Replaces old worktree-stack skill with general-purpose create-worktree workflow. Source: llm_adapter@2026-05-29 Confidence: high	—
Refactor	Low	Folds imported security auditor into canonical Klimkit security skill. Folds imported security auditor into canonical Klimkit security skill. Source: llm_adapter@2026-05-29 Confidence: high	—

Full changelog

Klimkit v0.2.8 sharpens the public skills package: the imported security auditor is folded into the canonical Klimkit security skill, the old worktree-stack skill is replaced by a general-purpose create-worktree workflow with deterministic bundled scripts for simple and dev-synced worktrees, and the tracked public evidence surface is scrubbed of private project names, local machine paths, and private network traces so the repository is safer to publish, install, and inspect.