@ralph-orchestrator/ralph-cli - npm Package Compare versions

Comparing version 2.6.0 to 2.7.0

CHANGELOG.md

@@ -5,2 +5,33 @@ # Changelog
 
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [2.7.0] - 2026-03-06
+
+### Added
+
+- Per-project orchestrator lifecycle hooks v1.
+- `kiro-acp` backend with ACP executor support.
+- Subprocess TUI over JSON-RPC stdin/stdout.
+- Improved TUI tool rendering for ACP-backed flows.
+
+### Changed
+
+- Simplified internal code paths by removing redundant clones and deduplicating `now_ts`.
+- Replaced deprecated `Duration` method usage with `from_secs`.
+- `ralph plan` PDD SOP now syncs from the canonical `strands-agents/agent-sop` upstream source, with a small Ralph-specific loop handoff addendum.
+- Added embedded asset sync, check, and upstream refresh helpers for SOP maintenance.
+- Unified and modernized preset documentation.
+- Added `llms.txt` map generation and CI validation.
+- Hardened web `tsx` preflight behavior and added funding metadata.
+
+### Fixed
+
+- Avoid self-lock contention in subprocess TUI mode.
+- Accumulate Pi text deltas into flowing paragraphs in the TUI.
+- Clean up zombie worktree loops more reliably.
+- Fix ACP orphaned processes, garbled TUI output, and missing tool details.
+- Resolve clippy issues and missing struct fields.
+
 ## [2.6.0] - 2026-02-25
@@ -110,2 +141,4 @@
 
+[Unreleased]: https://github.com/mikeyobrien/ralph-orchestrator/compare/v2.7.0...HEAD
+[2.7.0]: https://github.com/mikeyobrien/ralph-orchestrator/compare/v2.6.0...v2.7.0
 [2.6.0]: https://github.com/mikeyobrien/ralph-orchestrator/compare/v2.5.1...v2.6.0
@@ -112,0 +145,0 @@ [2.5.1]: https://github.com/mikeyobrien/ralph-orchestrator/compare/v2.5.0...v2.5.1

npm-shrinkwrap.json

@@ -26,3 +26,3 @@ {
       "name": "@ralph-orchestrator/ralph-cli",
-      "version": "2.6.0"
+      "version": "2.7.0"
     },
@@ -519,3 +519,3 @@ "node_modules/@isaacs/balanced-match": {
   "requires": true,
-  "version": "2.6.0"
+  "version": "2.7.0"
 }

package.json

 {
-  "artifactDownloadUrl": "https://github.com/mikeyobrien/ralph-orchestrator/releases/download/v2.6.0",
+  "artifactDownloadUrl": "https://github.com/mikeyobrien/ralph-orchestrator/releases/download/v2.7.0",
   "bin": {
@@ -65,3 +65,3 @@ "ralph": "run-ralph.js"
   },
-  "version": "2.6.0",
+  "version": "2.7.0",
   "volta": {
@@ -68,0 +68,0 @@ "node": "18.14.1",

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

AI-detected potential malware

Supply chain risk

AI has identified this package as malware. This is a strong signal that the package may be malicious.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42683

3.54%

Number of high supply chain risk alerts

2

-33.33%

No dependency changes