hve-core 3.3.101 (pre-release)

Pre-Release 3.3.101

✨ Features

• add removed maturity tier and retire owasp-docker (#1444)
• add evaluation dataset creator (#1279)
• align RAI planner with guide, remove scoring, improve UX (#1287)
• add PSGallery staleness check and BOM cleanup (#1379)
• ISA-95 network planner agent (#1177)
• auto-generate collection.md with maturity filtering (#1316)
• add folder-consistency check and standardize WARN outp… (#1350)
• add synth-data-generate prompt to data-science collection (#1419)
• add canonical deck workflow and customer-card rendering for design thinking (#1413)
• add Figma MCP integration for DT artifact export (#1222)
• introduce owasp-docker (#1245)
• replace hve-core-specific references with portable discovery-based language (#1335)
• introduce owasp-cicd (#1246)
• add secure-by-design knowledge skill (#1223)
• introduce owasp-infrastructure (#1244)
• introduce owasp-mcp (#1207)
• add OutputPath parameter to Invoke-LinkLanguageCheck.ps1 (#1229)
• add -OutputPath parameter to Validate-SkillStructure.ps1 (#1225)
• add maintainer-only skip-review label guard (#1293)
• add extension collections overview and integrate into getting started flow (#950)
• add agentic workflows for automated issue triage, implementation, PR review, dependency review, and doc-staleness detection (#1219)
• consolidate package-lock.json version sync into Update-VersionFiles.ps1 (#1240)
• add standards code review agent and full review orchestrator (#1174)
• standardize pytest-mock as Python mocking framework (#1170)
• add Jira backlog workflows and Jira/GitLab skills (#978)
• add centralized version bump script and supply-chain attestation (#1183)

🐛 Bug Fixes

• pin PowerShell-Yaml to 0.4.7 across all install sites (#1378)
• close fork-PR/workflow-file-PR secret-strip gap and normalize upload-artifact version (#1421)
• replace stream-based lookahead with array indexing in list-changed-files.sh (#1376)
• centralize ISO 8601 timestamp regex in CIHelpers (#1343)
• update stale documentation date in release-process.md (#1363)
• pin basic-ftp to 5.3.0 to resolve GHSA-rp42-5vxx-qpwr (#1374)
• add bot filter to dependency PR review workflow (#1362)
• resolve pip-audit findings in powerpoint, gitlab, and jira skill lock files (#1360)
• standardize Timestamp JSON key casing across all lint result files (#1314)
• add synchronize trigger to PR Review workflow (#1323)
• standardize timestamp in Validate-SkillStructure.ps1 to use Get-StandardTimestamp (#1280)
• add parallel subagent dispatch and structured JSON contracts to code-review-full (#1304)
• standardize timestamp in SecurityHelpers.psm1 to use Get-StandardTimestamp (#1284)
• standardize timestamps in Test-DependencyPinning.ps1 and SecurityClasses.psm1 (#1282)
• derive collection artifact counts from YAML at build time (#1275)
• standardize timestamp in FrontmatterValidation.psm1 to use Get-StandardTimestamp (#1285)
• standardize timestamp in Markdown-Link-Check.ps1 to use Get-StandardTimestamp (#1283)
• escape hyphens in Mermaid diagram on Collections page (#1262)
• add summary timestamp to PSScriptAnalyzer output (#1211)
• fix plugin compatibility and robustness for coding-standards code review agents (#1289)
• standardize timestamp in Test-CopyrightHeaders.ps1 to use Get-StandardTimestamp (#1278)
• standardize timestamp in Invoke-YamlLint.ps1 to use Get-StandardTimestamp (#1270)
• standardize timestamp in Invoke-LinkLanguageCheck.ps1 to use Get-StandardTimestamp (#1264)
• fix dependency-review path filters and sparse-checkout cone mode (#1259)
• replace invalid bare tool names with official tool identifiers (#1198)
• fix broken links and remove orphaned reference in code review docs (#1257)
• exclude Python env dirs from skill validation warnings (#1255)
• pin happy-dom and serialize-javascript to resolve Dependabot vulnerabilities (#1253)
• remove Mermaid diagram and add missing collection cards (#1247)
• disable MCP servers by default to prevent token limit errors (#1144)
• sync package-lock.json after pre-release version bump (#1236)
• separate mermaid node declarations and add dynamic diagram generation with tests (#1215)
• replace anchor links in meeting-analyst with bold text references (#1201)
• remove recursive symlinks in jira and gitlab skill directories (#1233)
• validate-installation scripts now check .github/skills directory (#1010) (#1206)
• resolve npm audit vulnerabilities via dependency overrides (#1200)
• add post-release triggers to scorecard workflow (#1186)
• add missing .md extensions to relative links in agent documentation (#1180)

📚 Documentation

• broaden Security Review description beyond OWASP (#1385)
• document maintainer advisory mode and skip-review label guard (#1386)
• document ExcludePaths/OutputPath for Invoke-LinkLanguageCheck (#1383)
• CLI getting-started: clarify plugin install commands as alternatives (-all vs base) (#1251)

♻️ Refactoring

• align agent and prompt folder names to collection identifier (#1210)

🔧 Maintenance

• pin PSScriptAnalyzer to 1.25.0 and sync stale workflow version comments (#1389)
• bump lxml from 6.0.2 to 6.1.0 in /.github/skills/experimental/powerpoint (#1424)
• bump @vscode/vsce from 3.7.1 to 3.9.1 in the npm-dependencies group (#1390)
• bump the github-actions group across 1 directory with 7 updates (#1391)
• bump follow-redirects from 1.15.11 to 1.16.0 in /docs/docusaurus (#1356)
• upgrade Node.js from 20 to 24 and bump cspell to v10 (#1353)
• bump basic-ftp from 5.2.0 to 5.2.1 (#1324)
• update github/gh-aw-actions requirement to 536ea1bad8c6715d098a9dc1afea8d403733acfe in the github-actions group across 1 directory (#1298)
• update security instruction attributions and compliance (#1294)
• bump the npm-dependencies group with 2 updates (#1297)
• pre-release 3.3.41 (#1252)
• streamline RAI Planner phase structure and documentation (#1273)
• bump happy-dom from 20.8.8 to 20.8.9 in /docs/docusaurus (#1237)
• pre-release 3.3.27 (#1191)
• bump pygments from 2.19.2 to 2.20.0 in /.github/skills/gitlab/gitlab (#1234)
• bump path-to-regexp from 0.1.12 to 0.1.13 in /docs/docusaurus (#1226)
• bump the github-actions group with 4 updates (#1231)
• add missing folders and alphabetize location lists (#1193)
• bump brace-expansion (#1224)
• bump handlebars from 4.7.8 to 4.7.9 in /docs/docusaurus (#1217)
• bump brace-expansion from 5.0.3 to 5.0.5 in /docs/docusaurus (#1213)
• pre-release 3.3.10 (#1187)
• bump markdownlint-cli2 from 0.21.0 to 0.22.0 in the npm-dependencies group (#1175)
• bump the github-actions group with 3 updates (#1176)
• pre-release 3.3.1 (#1165)

---

Managed automatically by pre-release workflow.

hve-core 3.3.41 (pre-release)

Pre-Release 3.3.41

✨ Features

• add agentic workflows for automated issue triage, implementation, PR review, dependency review, and doc-staleness detection (#1219)
• consolidate package-lock.json version sync into Update-VersionFiles.ps1 (#1240)
• add standards code review agent and full review orchestrator (#1174)
• standardize pytest-mock as Python mocking framework (#1170)
• add Jira backlog workflows and Jira/GitLab skills (#978)
• add centralized version bump script and supply-chain attestation (#1183)

🐛 Bug Fixes

• replace invalid bare tool names with official tool identifiers (#1198)
• fix broken links and remove orphaned reference in code review docs (#1257)
• exclude Python env dirs from skill validation warnings (#1255)
• pin happy-dom and serialize-javascript to resolve Dependabot vulnerabilities (#1253)
• remove Mermaid diagram and add missing collection cards (#1247)
• disable MCP servers by default to prevent token limit errors (#1144)
• sync package-lock.json after pre-release version bump (#1236)
• separate mermaid node declarations and add dynamic diagram generation with tests (#1215)
• replace anchor links in meeting-analyst with bold text references (#1201)
• remove recursive symlinks in jira and gitlab skill directories (#1233)
• validate-installation scripts now check .github/skills directory (#1010) (#1206)
• resolve npm audit vulnerabilities via dependency overrides (#1200)
• add post-release triggers to scorecard workflow (#1186)
• add missing .md extensions to relative links in agent documentation (#1180)

📚 Documentation

• CLI getting-started: clarify plugin install commands as alternatives (-all vs base) (#1251)

♻️ Refactoring

• align agent and prompt folder names to collection identifier (#1210)

🔧 Maintenance

• streamline RAI Planner phase structure and documentation (#1273)
• bump happy-dom from 20.8.8 to 20.8.9 in /docs/docusaurus (#1237)
• pre-release 3.3.27 (#1191)
• bump pygments from 2.19.2 to 2.20.0 in /.github/skills/gitlab/gitlab (#1234)
• bump path-to-regexp from 0.1.12 to 0.1.13 in /docs/docusaurus (#1226)
• bump the github-actions group with 4 updates (#1231)
• add missing folders and alphabetize location lists (#1193)
• bump brace-expansion (#1224)
• bump handlebars from 4.7.8 to 4.7.9 in /docs/docusaurus (#1217)
• bump brace-expansion from 5.0.3 to 5.0.5 in /docs/docusaurus (#1213)
• pre-release 3.3.10 (#1187)
• bump markdownlint-cli2 from 0.21.0 to 0.22.0 in the npm-dependencies group (#1175)
• bump the github-actions group with 3 updates (#1176)
• pre-release 3.3.1 (#1165)

---

Managed automatically by pre-release workflow.

hve-core 3.3.27 (pre-release)

Pre-Release 3.3.27

✨ Features

• standardize pytest-mock as Python mocking framework (#1170)
• add Jira backlog workflows and Jira/GitLab skills (#978)
• add centralized version bump script and supply-chain attestation (#1183)

🐛 Bug Fixes

• sync package-lock.json after pre-release version bump (#1236)
• separate mermaid node declarations and add dynamic diagram generation with tests (#1215)
• replace anchor links in meeting-analyst with bold text references (#1201)
• remove recursive symlinks in jira and gitlab skill directories (#1233)
• validate-installation scripts now check .github/skills directory (#1010) (#1206)
• resolve npm audit vulnerabilities via dependency overrides (#1200)
• add post-release triggers to scorecard workflow (#1186)
• add missing .md extensions to relative links in agent documentation (#1180)

♻️ Refactoring

• align agent and prompt folder names to collection identifier (#1210)

🔧 Maintenance

• bump pygments from 2.19.2 to 2.20.0 in /.github/skills/gitlab/gitlab (#1234)
• bump path-to-regexp from 0.1.12 to 0.1.13 in /docs/docusaurus (#1226)
• bump the github-actions group with 4 updates (#1231)
• add missing folders and alphabetize location lists (#1193)
• bump brace-expansion (#1224)
• bump handlebars from 4.7.8 to 4.7.9 in /docs/docusaurus (#1217)
• bump brace-expansion from 5.0.3 to 5.0.5 in /docs/docusaurus (#1213)
• pre-release 3.3.10 (#1187)
• bump markdownlint-cli2 from 0.21.0 to 0.22.0 in the npm-dependencies group (#1175)
• bump the github-actions group with 3 updates (#1176)
• pre-release 3.3.1 (#1165)

---

Managed automatically by pre-release workflow.

hve-core 3.3.10 (pre-release)

Pre-Release 3.3.10

✨ Features

• standardize pytest-mock as Python mocking framework (#1170)
• add Jira backlog workflows and Jira/GitLab skills (#978)
• add centralized version bump script and supply-chain attestation (#1183)

🐛 Bug Fixes

• add post-release triggers to scorecard workflow (#1186)
• add missing .md extensions to relative links in agent documentation (#1180)

🔧 Maintenance

• bump markdownlint-cli2 from 0.21.0 to 0.22.0 in the npm-dependencies group (#1175)
• bump the github-actions group with 3 updates (#1176)
• pre-release 3.3.1 (#1165)

---

Managed automatically by pre-release workflow.

hve-core 3.3.1 (pre-release)

Pre-Release 3.3.1

✨ Features

• add centralized version bump script and supply-chain attestation (#1183)

---

Managed automatically by pre-release workflow.

hve-core: v3.2.2

3.2.2 (2026-03-23)

🐛 Bug Fixes

• workflows: decouple SBOM artifact name from internal filename (#1178) (c3f1ef4)

hve-core 3.1.46 (pre-release)

Pre-Release 3.1.46

✨ Features

• add Docusaurus 3 documentation site with GitHub Pages deployment (#680)
• add workflow permissions validation for OpenSSF Scorecard compliance (#759)
• add DT coach return path handoff to task-researcher (#591) (#758)
• add DT subagent handoff workflow instructions (#592) (#757)
• create dt-method-06-deep.instructions.md (#602) (#748)
• create dt-method-05-deep.instructions.md (#747)
• add DT-aware task-implementor context instructions (#755)
• extract embedded PowerShell from workflows into testable scripts (#738)
• add gitleaks binary-based secret scanning as PR gate (#734)
• add SBOM generation, attestation, and diff tooling to release pipeline (#730)
• add dt-learning-tutor agent for DT education (#662)
• add DT image prompt generation guidance for Method 5 (#726)
• add DT-aware task-reviewer review context (#714)
• add dt-method-next routing prompt (#713)
• create dt-method-04-deep.instructions.md (#709)
• add Implementation Space exit handoff prompt for DT workflows (#708)
• add Write-CIStepSummary markdown table to Test-SHAStaleness github output (#660)
• add dt-handoff-solution-space prompt for Solution Spac… (#707)

🐛 Bug Fixes

• update prerelease publish to use even/odd convention (#822)
• update sidebar link color to meet WCAG AA contrast requirements (#814)
• harden even/odd versioning against regression and syntax errors (#816)
• replace even/odd versioning with SemVer -rc.N suffixes (#811)
• ensure prerelease label exists before PR creation (#806)
• replace Docusaurus favicons with Microsoft logo (#808)
• add missing subagents and shared instructions to collection manifests (#804)
• standardize file path conventions for copilot-tracking output (#784)
• enforce project-scoped artifact isolation across DT files (#766)
• add top-level permissions to copilot-setup-steps.yml (#760)
• update broken file directives and markdown links after collection directory reorg (#743)
• add pre-release companion pipeline with even/odd versioning (#735)
• exclude auto-generated CHANGELOG.md from spell check (#756)
• add job-level permissions to extension-publish.yml (#729)
• resolve handoff dependencies using display names (#727)
• add job-level permissions to validate-version in extension-publish-prerelease (#731)
• replace parent-directory VS Code settings paths with per-subdirectory enumeration (#732)

📚 Documentation

• add Design Thinking documentation and DT-to-RPI handoff (#789)
• add customization guides for HVE Core artifacts (#772)
• reconcile documentation against implementation (#771)
• document accepted Token-Permissions risks and add lint:dependency-pinning (#763)
• add Design Thinking section to hve-core-all collection description (#762)

♻️ Refactoring

• move collection scripts from plugins to collections (#728)
• remove duplicate git diff logic in frontmatter validator (#473)

🔧 Maintenance

• pre-release 3.1.44 (#819)
• bump basic-ftp from 5.0.5 to 5.2.0 (#780)
• standardize script path references in SKILL.md files (#768)
• bump the github-actions group across 1 directory with 2 updates (#752)

---

Managed automatically by pre-release workflow.

hve-core 3.1.44 (pre-release)

Pre-Release 3.1.44

✨ Features

• add Docusaurus 3 documentation site with GitHub Pages deployment (#680)
• add workflow permissions validation for OpenSSF Scorecard compliance (#759)
• add DT coach return path handoff to task-researcher (#591) (#758)
• add DT subagent handoff workflow instructions (#592) (#757)
• create dt-method-06-deep.instructions.md (#602) (#748)
• create dt-method-05-deep.instructions.md (#747)
• add DT-aware task-implementor context instructions (#755)
• extract embedded PowerShell from workflows into testable scripts (#738)
• add gitleaks binary-based secret scanning as PR gate (#734)
• add SBOM generation, attestation, and diff tooling to release pipeline (#730)
• add dt-learning-tutor agent for DT education (#662)
• add DT image prompt generation guidance for Method 5 (#726)
• add DT-aware task-reviewer review context (#714)
• add dt-method-next routing prompt (#713)
• create dt-method-04-deep.instructions.md (#709)
• add Implementation Space exit handoff prompt for DT workflows (#708)
• add Write-CIStepSummary markdown table to Test-SHAStaleness github output (#660)
• add dt-handoff-solution-space prompt for Solution Spac… (#707)

🐛 Bug Fixes

• update sidebar link color to meet WCAG AA contrast requirements (#814)
• harden even/odd versioning against regression and syntax errors (#816)
• replace even/odd versioning with SemVer -rc.N suffixes (#811)
• ensure prerelease label exists before PR creation (#806)
• replace Docusaurus favicons with Microsoft logo (#808)
• add missing subagents and shared instructions to collection manifests (#804)
• standardize file path conventions for copilot-tracking output (#784)
• enforce project-scoped artifact isolation across DT files (#766)
• add top-level permissions to copilot-setup-steps.yml (#760)
• update broken file directives and markdown links after collection directory reorg (#743)
• add pre-release companion pipeline with even/odd versioning (#735)
• exclude auto-generated CHANGELOG.md from spell check (#756)
• add job-level permissions to extension-publish.yml (#729)
• resolve handoff dependencies using display names (#727)
• add job-level permissions to validate-version in extension-publish-prerelease (#731)
• replace parent-directory VS Code settings paths with per-subdirectory enumeration (#732)

📚 Documentation

• add Design Thinking documentation and DT-to-RPI handoff (#789)
• add customization guides for HVE Core artifacts (#772)
• reconcile documentation against implementation (#771)
• document accepted Token-Permissions risks and add lint:dependency-pinning (#763)
• add Design Thinking section to hve-core-all collection description (#762)

♻️ Refactoring

• move collection scripts from plugins to collections (#728)
• remove duplicate git diff logic in frontmatter validator (#473)

🔧 Maintenance

• bump basic-ftp from 5.0.5 to 5.2.0 (#780)
• standardize script path references in SKILL.md files (#768)
• bump the github-actions group across 1 directory with 2 updates (#752)

---

Managed automatically by pre-release workflow.

hve-core: v3.0.2

3.0.2 (2026-02-21)

🐛 Bug Fixes

• agents: add commit message presentation to RPI agent review completion (#721) (a063996)
• agents: standardize name frontmatter to human-readable format (#716) (f3e05d8)
• extension: preserve artifact directory structure in collection packaging (#725) (4fa94e0)
• instructions: pull request template body case-insensitive (#719) (4cc2a5c)
• instructions: reorder branch freshness gate before diff generation (#723) (23b457c)

hve-core: v3.0.1

3.0.1 (2026-02-20)

🐛 Bug Fixes

• scripts: add marketplace manifest validation and standardize source format (#711) (c5ac616)