Naar
Menu
Changelog

Release history

Every release page is generated from the root changelog at build time, so the website stays aligned with the repo source of truth.

June 6, 2026

v1.0.0

Added

  • Added a public product website with a homepage, docs, security, FAQ, and changelog pages, plus GitHub Pages deployment.
  • Added an opt-in `awesome` provider backed by Awesome Agent Skills, including support for searchable/installable public GitHub-backed entries such as `awesome:stripe/stripe-best-practices`.

Changed

  • Promoted Naar's documentation and product presentation from a repo-only CLI readme into a fuller product surface, with the website carrying the long-form user guides and reference material.
  • Moved the Anthropic provider to public GitHub-only catalog and bundle fetching. `GITHUB_TOKEN` remains available for GitHub API rate limits, but Anthropic API transport and API-key-driven fetch paths are removed.

Docs and Website

  • Launched interactive website search and guided-flow demos, expanded docs and FAQ coverage, and added a dedicated security reference and release changelog presentation.
  • Rewrote the README to read as a product overview instead of a duplicated manual, and shifted deep command/reference reading to the website docs.
  • Added a public product website with a homepage, docs, security, FAQ, and changelog pages, plus GitHub Pages deployment.
  • Added an opt-in `awesome` provider backed by Awesome Agent Skills, including support for searchable/installable public GitHub-backed entries such as `awesome:stripe/stripe-best-practices`.
  • Promoted Naar's documentation and product presentation from a repo-only CLI readme into a fuller product surface, with the website carrying the long-form user guides and reference material.
  • Moved the Anthropic provider to public GitHub-only catalog and bundle fetching. `GITHUB_TOKEN` remains available for GitHub API rate limits, but Anthropic API transport and API-key-driven fetch paths are removed.
Read full release →

June 3, 2026

v0.4.0

Added

  • Added provider catalog search with `naar search <query>`, including JSON output and compact npm-like discovery rendering.
  • Added direct provider-ref installs with `naar install <provider:skill>` and `naar install <provider:skill@version>`.

Changed

  • Simplified the command model so `search` is discovery-only, `install` installs only explicit provider refs, and `go` remains the guided scan/recommend/install flow.
  • Removed recommendation-backed fallback behavior from standalone `naar install`; direct installs no longer scan the repo, build recommendations, read recommendation cache, or depend on search selection paths.

Docs

  • Added Naar logotype artwork to the README and refreshed search/install guidance around the new direct-install command model.
  • Updated maintainer release guidance and user-facing examples to match the current search/install split.
  • Added provider catalog search with `naar search <query>`, including JSON output and compact npm-like discovery rendering.
  • Added direct provider-ref installs with `naar install <provider:skill>` and `naar install <provider:skill@version>`.
  • Simplified the command model so `search` is discovery-only, `install` installs only explicit provider refs, and `go` remains the guided scan/recommend/install flow.
  • Removed recommendation-backed fallback behavior from standalone `naar install`; direct installs no longer scan the repo, build recommendations, read recommendation cache, or depend on search selection paths.
Read full release →

June 3, 2026

v0.3.0

Added

  • Added a centralized agent target ecosystem with stable, experimental, deprecated, AGENTS.md, and research-only target classifications.
  • Added new target discovery commands: `naar targets list` and `naar targets inspect <target>` with JSON support.

Changed

  • Refactored target compatibility, aliases, detection, defaults, and install rendering to use the central target registry.
  • Preserved existing default install targets while making all new experimental/deprecated/research targets opt-in.

Security and Privacy

  • Prevented research-only targets from producing install actions.
  • Required explicit confirmation for broad target groups such as `all`, `experimental`, and `deprecated`, with `--yes` required in non-interactive/JSON flows.
  • Added a centralized agent target ecosystem with stable, experimental, deprecated, AGENTS.md, and research-only target classifications.
  • Added new target discovery commands: `naar targets list` and `naar targets inspect <target>` with JSON support.
  • Refactored target compatibility, aliases, detection, defaults, and install rendering to use the central target registry.
  • Preserved existing default install targets while making all new experimental/deprecated/research targets opt-in.
Read full release →

June 2, 2026

v0.2.2

Added

  • Added an explicit post-fetch security review decision step for install concerns so risky, blocked, and hard-blocked fetched bundles are reviewed before any files are written.
  • Added explicit risky override semantics with `--allow-risky`, structured status values, and stronger hard-block/dangerous-override wording.

Changed

  • Clarified two-stage scoring language in terminal output: recommendation cards now distinguish match score and pre-fetch risk estimate from final fetched-bundle security score.
  • Improved fetched-bundle security warning presentation with recommendation-card color styling, capitalized labels, clearer spacing, and no user-facing penalty point values.

Fixed

  • Fixed the bundled `go` banner showing `Naar vunknown` by resolving the CLI version from package metadata in both source and `dist` layouts.
  • Fixed version output drift by using the same package-derived version for Commander and the `go` progress banner.
  • Added an explicit post-fetch security review decision step for install concerns so risky, blocked, and hard-blocked fetched bundles are reviewed before any files are written.
  • Added explicit risky override semantics with `--allow-risky`, structured status values, and stronger hard-block/dangerous-override wording.
  • Clarified two-stage scoring language in terminal output: recommendation cards now distinguish match score and pre-fetch risk estimate from final fetched-bundle security score.
  • Improved fetched-bundle security warning presentation with recommendation-card color styling, capitalized labels, clearer spacing, and no user-facing penalty point values.
Read full release →

May 31, 2026

v0.2.1

Added

  • Added install-time full bundle content security scanning for fetched skill files, including markdown comments, code blocks, and inline instructions.
  • Added hard blocking for critical executable-content patterns (for example remote pipe-to-shell and destructive command signatures) before install plan creation.

Changed

  • Refactored recommendation relevance scoring to a repo-needs pipeline with strict need matching, anti-triggers, specialized gates, and normalized scoring.
  • Expanded scanner coverage with modular deterministic multi-ecosystem detectors and clearer CI/infra fact separation.

Security

  • Strengthened fetched-bundle policy enforcement and blocked-output reporting with signal IDs and concise evidence for suspicious content findings.
  • Added install-time full bundle content security scanning for fetched skill files, including markdown comments, code blocks, and inline instructions.
  • Added hard blocking for critical executable-content patterns (for example remote pipe-to-shell and destructive command signatures) before install plan creation.
  • Refactored recommendation relevance scoring to a repo-needs pipeline with strict need matching, anti-triggers, specialized gates, and normalized scoring.
  • Expanded scanner coverage with modular deterministic multi-ecosystem detectors and clearer CI/infra fact separation.
Read full release →

May 30, 2026

v0.1.2

Fixed

  • Stabilized CLI output tests by stripping ANSI terminal escape codes in stdout capture for command output assertions.
  • Unblocked release pipeline failures at the `npm test` step in tag-triggered publish workflow runs.
  • Stabilized CLI output tests by stripping ANSI terminal escape codes in stdout capture for command output assertions.
  • Unblocked release pipeline failures at the `npm test` step in tag-triggered publish workflow runs.
Read full release →

May 30, 2026

v0.1.1

Added

  • Added recommendation card layout in `naar go` and `naar recommend` for clearer scanability.
  • Added per-skill description lines (provider description with summary fallback) in recommendation output.

Changed

  • Reduced default recommendation list size from 20 to 10 to lower decision overload.
  • Improved install prompt UX with clearer key hints, including explicit `q` quit visibility.
  • Added recommendation card layout in `naar go` and `naar recommend` for clearer scanability.
  • Added per-skill description lines (provider description with summary fallback) in recommendation output.
  • Reduced default recommendation list size from 20 to 10 to lower decision overload.
  • Improved install prompt UX with clearer key hints, including explicit `q` quit visibility.
Read full release →

May 30, 2026

v0.1.0

Added

  • Bootstrapped the Naar CLI with scan/recommend/install pipeline.
  • Added repository detection for JS/TS and Python ecosystems.

Changed

  • Renamed product/CLI from `pomegranate`/`pom` to `naar`.
  • Improved `go` flow output ordering and readability.

Provider and Security

  • Replaced curated runtime provider data path with live provider fetch.
  • Added retrying HTTP client with timeout/backoff and partial-result handling.
  • Bootstrapped the Naar CLI with scan/recommend/install pipeline.
  • Added repository detection for JS/TS and Python ecosystems.
  • Renamed product/CLI from `pomegranate`/`pom` to `naar`.
  • Improved `go` flow output ordering and readability.
Read full release →