skill-seekers/Skill_Seekers

v3.7.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 4d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-tools ast-parser automation claude-ai claude-skills code-analysis

+12 more

conflict-detection documentation documentation-generator github github-scraper mcp mcp-server multi-source ocr pdf python web-scraping

ReleasePort's take

Moderate signal

editorial:auto 4d

Skill‑Seekers v3.7.0 introduces a new `skill-seekers scan <dir>` command with expanded manifest coverage, cost‑control flags, and documentation updates; it also refactors CLI dispatch logic and fixes a diff algorithm bug.

Why it matters: The breaking change moves `detected_version` to `metadata.detected_version`, requiring config schema updates before upgrading. New scan capabilities support ~50 additional manifest types.

Summary

AI summary

Updates opt-in, https://github.com/yusufkaraaslan/skill-seekers-configs, and args across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	High	Performs atomic JSON writes using `os.replace` to prevent corruption on interruption. Performs atomic JSON writes using `os.replace` to prevent corruption on interruption. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Security	Medium	Rejects AI‑generated config names that fail the registry regex validation. Rejects AI‑generated config names that fail the registry regex validation. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Security	Medium	Probes generated URLs with HEAD requests and retries on 404 to detect hallucinated `base_url` values before writing. Probes generated URLs with HEAD requests and retries on 404 to detect hallucinated `base_url` values before writing. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Breaking	High	Moves `detected_version` under `metadata.detected_version` in config schema. Moves `detected_version` under `metadata.detected_version` in config schema. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature
Feature	Medium	Adds `skill-seekers scan <dir>` command to auto-generate project configs. Adds `skill-seekers scan <dir>` command to auto-generate project configs. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds coverage for ~50 manifest types and directory patterns in `skill-seekers scan`. Adds coverage for ~50 manifest types and directory patterns in `skill-seekers scan`. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds cost‑control flags (`--max-ai-generations`, `--dry-run`, `--probe-urls`, etc.) to `skill-seekers scan`. Adds cost‑control flags (`--max-ai-generations`, `--dry-run`, `--probe-urls`, etc.) to `skill-seekers scan`. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds community submission flow for AI‑generated configs to the registry. Adds community submission flow for AI‑generated configs to the registry. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds archival directory `.archived/` for removed configs to preserve edits. Adds archival directory `.archived/` for removed configs to preserve edits. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds new documentation pages and cross‑links for the scan feature. Adds new documentation pages and cross‑links for the scan feature. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix
Bugfix	Medium	Fixes diff layer to key by stable filename slug, preventing phantom churn. Fixes diff layer to key by stable filename slug, preventing phantom churn. Source: llm_adapter@2026-05-30 Confidence: low	—
Bugfix	Medium	Adds safety guard `_safe_size` around `stat()` calls to avoid crashes from broken symlinks. Adds safety guard `_safe_size` around `stat()` calls to avoid crashes from broken symlinks. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Exits with non‑zero status when no configs or codebase config are emitted, aiding CI detection of failures. Exits with non‑zero status when no configs or codebase config are emitted, aiding CI detection of failures. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Pre‑checks `GITHUB_TOKEN` with clear hint, preventing repeated failed submissions in CI. Pre‑checks `GITHUB_TOKEN` with clear hint, preventing repeated failed submissions in CI. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Detects nested event loops and raises a clear message instead of opaque traceback. Detects nested event loops and raises a clear message instead of opaque traceback. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Catches and logs exceptions from `AgentClient.call` during AI interactions. Catches and logs exceptions from `AgentClient.call` during AI interactions. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Configures logging so warnings/errors from `skill-seekers scan` reach the user. Configures logging so warnings/errors from `skill-seekers scan` reach the user. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Adds idempotency check to avoid duplicate issue submissions to the registry. Adds idempotency check to avoid duplicate issue submissions to the registry. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Implements retry with exponential backoff for transient failures during community submission. Implements retry with exponential backoff for transient failures during community submission. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Refactor
Refactor	Low	Unifies CLI dispatch: `scan` and `doctor` now consume parsed args directly. Unifies CLI dispatch: `scan` and `doctor` now consume parsed args directly. Source: llm_adapter@2026-05-30 Confidence: high	—
Refactor	Low	Makes `SourceDetector.CODE_PROJECT_MARKERS` public (formerly private). Makes `SourceDetector.CODE_PROJECT_MARKERS` public (formerly private). Source: llm_adapter@2026-05-30 Confidence: high	—
Refactor	Low	Rewrites publish flow to be native async using `asyncio.run` and `asyncio.to_thread` for I/O. Rewrites publish flow to be native async using `asyncio.run` and `asyncio.to_thread` for I/O. Source: granite4.1:30b@2026-05-30-audit Confidence: low	—

Full changelog

[3.7.0] - 2026-05-30

Theme: AI-driven project knowledge base (skill-seekers scan) — bootstrap a complete skill set for a project in one command, with safety/observability/coverage hardening throughout.

Added

skill-seekers scan <dir> command (#327) — point at any project; an AI agent inspects manifests, README, Dockerfile/CI, sampled source files (first 2 KB each), and the git remote, then emits one Skill Seekers config per detected framework plus a <project>-codebase.json for the project's own code. Each config stamped with metadata.detected_version so re-scans report added / version-bumped / removed dependencies. Internationalized canonical-name resolver (CJK + EU language suffixes) so detections like "Godot 引擎" resolve godot. Out-dir cache means re-scans reuse prior emissions and respect manual edits. Doctor-style report with pluralized counts and resolved / AI-generated / unresolved / archived breakdown.
Coverage: scan recognizes ~50 manifest types (Pipfile, environment.yml, deno.json, flake.nix, Chart.yaml, stack.yaml, deps.edn, dune-project, BUILD.bazel, …) and walks src/lib/app/cmd/crates/packages/apps/services/backend/frontend plus root-level files (catches Django, flat-layout Python, Go, Rust workspaces, JS monorepos).
Cost + safety flags: --max-ai-generations N (default 10) caps unbounded AI generation for monorepos; --dry-run previews what would be emitted without writing or invoking AI; --probe-urls HEAD-probes AI-generated URLs with retry-on-404; --no-fetch / --no-generate / --no-publish-prompt for offline / CI use.
Community submission (opt-in): freshly AI-generated configs can be submitted to the community registry via a native-async flow. Pre-checks GITHUB_TOKEN, idempotency-guards against duplicate issues, retries transient failures with backoff.
Archival: configs that disappear from detections are moved (not deleted) to out_dir/.archived/<UTC-timestamp>/ so the user never loses hand-edited work and out_dir stays clean.
Docs: new docs/getting-started/05-scan-a-project.md; entries in README, FAQ, CLI Reference, Feature Matrix, Config Format, Environment Variables, and the Quick Start cross-link.

Changed

CLI dispatch unified (#327) — scan and doctor now consume the parsed-args namespace directly via Command(args).execute() instead of building a second argparse.ArgumentParser. Eliminates the _reconstruct_argv hack for these commands; remaining ~14 commands flagged for migration.
Config schema: detected_version lives under metadata.detected_version (alongside metadata.version for the config-schema version) rather than at top level. Backwards-compatible reader; old top-level placements migrate on next stamp.
SourceDetector.CODE_PROJECT_MARKERS is now public (was _CODE_PROJECT_MARKERS); cross-module callers no longer reach into a private attribute.

Fixed

Correctness (#327) — diff layer keyed by stable filename slug instead of internal config name (eliminates phantom add/remove churn); resolve_config_path lookups now append .json so local-disk + user-dir paths actually find files; out-dir cache prevents redundant API/AI calls on re-scan; lowercase filename slugs prevent duplicate-file accumulation across runs.
Safety (#327) — atomic JSON writes via os.replace so SIGINT mid-write can't corrupt a config and silently flip it to "removed" on the next scan; _safe_size guards stat() so a broken symlink in src/ no longer crashes the scan; AgentClient.call exceptions caught and logged; AI-generated config names rejected if they fail the registry regex; URL probe catches AI hallucinations of base_url before writing.
Observability (#327) — logging.basicConfig in scan so logger.warning/error reaches the user (was silently dropped); non-zero exit code when no configs and no codebase config were emitted, so CI pipelines detect total-failure scans.
Publish flow (#327) — native async (asyncio.run at single entry, asyncio.to_thread for input()); pre-check GITHUB_TOKEN with actionable hint instead of asking N "yes/no" questions and failing N times; idempotency check (search existing open issues) prevents duplicate submissions; retry with backoff on transient failures; nested-event-loop detection with clear message instead of opaque traceback.

Breaking Changes

Config schema change: `detected_version` moved under `metadata.detected_version`; old top‑level placement migrates on next stamp.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track skill-seekers/Skill_Seekers

Get notified when new releases ship.

About skill-seekers/Skill_Seekers

Transform 17 source types (docs, GitHub repos, PDFs, videos, Jupyter, Confluence, Notion, Slack/Discord) into AI-ready skills and RAG knowledge. 35 MCP tools for scraping, packaging, enhancing, and exporting to vector databases (Weaviate, Chroma, FAISS, Qdrant). Supports 16+ target platforms.

All releases →