🚀 skillshare v0.15.0 Release Notes

Release date: 2026-02-21

TL;DR

v0.15.0 focuses on compatibility and private repo access:

1. Copy sync mode — a third sync mode that copies skills as real files instead of symlinks, for AI CLIs that can't follow symlinks (Cursor, Copilot CLI, etc.); manifest-tracked with SHA256 checksums (#31, #2)
2. HTTPS token auth — install, update, and check auto-detect GITHUB_TOKEN, GITLAB_TOKEN, BITBUCKET_TOKEN, or SKILLSHARE_GIT_TOKEN for private repo clone/pull/check over HTTPS; no manual git config needed
3. agents → universal rename — the agents target group is now called universal; existing configs keep working via backward-compatible alias
4. Devcontainer + project-mode hardening — project mode avoids writing .skillshare/ into /workspace, and partial .skillshare/ state is auto-repaired

What's New

1) Copy sync mode

Some AI CLIs (e.g. Cursor, Copilot CLI) can't read symlinked skill files. Copy mode solves this by syncing skills as real file copies:

# Switch a target to copy mode
skillshare target cursor --mode copy

# Sync as usual — skills are copied instead of symlinked
skillshare sync

# Re-copy all files (skip checksum comparison)
skillshare sync --force

How it works:

• Each copy-mode target gets a .skillshare-manifest.json that tracks managed skills and their SHA256 checksums
• On sync, only changed files are re-copied (checksum comparison); unchanged files are skipped
• Managed copies that are no longer in source are pruned automatically
• --force bypasses checksum comparison and re-copies everything

Mode switching is bidirectional — you can switch between merge, copy, and symlink at any time:

skillshare target cursor --mode copy      # merge → copy
skillshare target cursor --mode merge     # copy → merge (manifest cleaned up)

Full command support:

• sync — copies files, tracks in manifest, prunes orphans
• status — shows copy-mode targets and their state
• diff — compares file checksums to detect content drift
• doctor — copy-managed entries are not flagged as duplicates
• collect — imports from copy-mode targets back to source
• target info — shows mode-appropriate status
• Web UI — targets list shows copy mode, drift detection works

Include/exclude filters work identically in both merge and copy modes.

Config format:

targets:
  - name: cursor
    mode: copy
  - name: claude        # default: merge
  - name: windsurf
    mode: symlink

2) HTTPS token auth for private repos

Previously, installing skills from private repos required SSH key setup or manual git credential configuration. Now skillshare auto-detects tokens from environment variables:

# Set your token (add to shell profile for persistence)
export GITHUB_TOKEN="ghp_..."

# Install from private repo — token is used automatically
skillshare install github.com/myorg/private-skills --track
skillshare update _private-skills    # token also works for updates
skillshare check _private-skills     # token also works for remote checks

Supported tokens (checked in order):

Key details:

• Tokens are injected via transient GIT_CONFIG_* env vars — never written to disk
• Platform-specific tokens take priority over the generic SKILLSHARE_GIT_TOKEN fallback
• GIT_CONFIG_COUNT is safely appended (reads existing count to avoid overriding CI pipeline git config entries)
• SSH URLs continue to work as before — token auth only activates for HTTPS URLs

Better error messages — auth failures now distinguish between two cases:

# No token found:
Authentication required. Options:
  1. Use SSH URL: git@github.com:owner/repo.git
  2. Set GITHUB_TOKEN environment variable
  3. Configure a git credential helper

# Token rejected:
Token authentication failed. Check:
  - Token has read access to the repository
  - Token has not expired

Token values and BITBUCKET_USERNAME are always redacted from error output.

3) agents target renamed to universal

The agents target group has been renamed to universal to better reflect its purpose (CLIs that use the ~/.config/agents/skills convention):

# Both work — "agents" is a backward-compatible alias
skillshare target universal
skillshare target agents    # still works

Target path updates:

• Kimi — global path fixed to ~/.config/agents/skills (matches official docs)
• Replit — global path added (~/.config/agents/skills)

Existing configs using agents continue to work without changes.

Fixes

• diff detects content changes in copy mode — previously only checked symlink presence; now compares file checksums
• doctor handles copy-managed duplicates — group containers and copy-managed skills are no longer flagged as duplicates
• target remove in project mode cleans up copy manifest — the .skillshare-manifest.json file is removed along with the target
• Copy mode handles non-directory entries — stray files in target directories no longer cause sync failures
• Copy mode validates target directory — manifest data is not trusted if the target directory doesn't exist
• Error propagation in DirChecksum — filesystem errors are now surfaced instead of silently swallowed
• update and check now use HTTPS token auth paths — tracked-repo pull and remote head/behind checks work with private HTTPS repos
• Devcontainer ss -p no longer writes to /workspace by default — wrapper redirects to ~/demo-project when invoked from workspace root in project mode
• Partial project init is now self-healing — .skillshare/ without config is repaired automatically instead of returning "project already initialized"

Documentation

• Copy mode docs — sync modes concept page updated; 13 command/guide pages updated with copy mode references
• Architecture comparison — new page comparing centralized vs local-first skill management approaches
• Built-in skill updated — targets.md reference adds copy mode to sync modes table; install.md documents HTTPS token auth
• README updated — v0.15.0 in recent updates; comparison table and platform table mention copy mode

Changelog

• eb397c5 chore(devcontainer): make ss instant and self-healing
• 59ff1bb chore(skill): bump built-in skill version to v0.15.0
• 292d236 docs(readme): add v0.15.0 to recent updates and mention copy mode
• 8290f11 docs(skill): update built-in skill for v0.15.0 features
• 14257b1 docs(skillshare): clarify copy-mode sync and doctor duplicate rules
• 89060c0 docs(sync): fix copy mode schema and document --force flag
• f5893a8 docs(sync): reframe copy mode as a first-class choice, not a workaround
• 084d93b feat(devcontainer): add credential-helper toggle and token forwarding
• a972a0c feat(install): add HTTPS token auth for private repos
• 3b721ee feat(sync): add copy mode for AI CLIs that can't follow symlinks
• 46c7aab fix(doctor): handle group containers and copy managed duplicates
• 854b90e fix(sync): fix copy mode diff, target info, and project remove bugs
• d7d4804 fix(sync): handle non-directory entries in copy mode
• 5b25fa6 fix(sync): propagate errors in DirChecksum instead of swallowing them
• eb6b4cb fix(sync): verify target directory exists before trusting manifest
• 82fa038 fix(test): use strings.Contains in online auth tests
• 3e21826 fix: add HTTPS token auth to check paths
• 15e2b6d fix: add HTTPS token auth to update pull paths
• 62b215f fix: keep devcontainer project mode out of workspace root
• fc94196 fix: repair partial project init when config is missing
• 7f74227 refactor(build): simplify Make/mise targets from 34 to 21
• 595fe84 refactor(devcontainer): simplify dev server management
• be9ac89 refactor(targets): rename agents→universal, fix kimi/replit paths
• 2bb7312 test(install): add auth integration tests and fix docs gaps
• f5144ff test(sync): add smoke test covering all 48 global targets