Fix issues

Author: yeasy

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore(deps)"
+    labels:
+      - "dependencies"
+      - "go"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore(ci)"
+    labels:
+      - "dependencies"
+      - "ci"

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     name: Test
     strategy:
       matrix:
-        go-version: ['1.21', '1.22']
+        go-version: ['1.24']
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
 

.gitignore

@@ -1,5 +1,7 @@
 # Binaries
 ask
+ask-main
+ask-test
 *.exe
 *.exe~
 *.dll

.goreleaser.yaml

@@ -51,6 +51,18 @@ brews:
     test: |
       system "#{bin}/ask", "--help"
 
+nfpms:
+  - file_name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    vendor: Antigravity
+    homepage: "https://github.com/yeasy/ask"
+    maintainer: "yeasy <[email protected]>"
+    description: "Agent Skills Kit - The Package Manager for Agent Skills"
+    license: "MIT"
+    formats:
+      - deb
+      - rpm
+    bindir: /usr/bin
+
 release:
   github:
     owner: yeasy

CHANGELOG.md

@@ -222,6 +222,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Configuration file support (`ask.yaml`)
 - Default repositories: Community, Anthropic, MCP-Servers, Scientific, Superpowers
 
-[Unreleased]: https://github.com/yeasy/ask/compare/v0.2.0...HEAD
+[Unreleased]: https://github.com/yeasy/ask/compare/v1.3.2...HEAD
+[1.3.2]: https://github.com/yeasy/ask/compare/v1.3.1...v1.3.2
+[1.3.1]: https://github.com/yeasy/ask/compare/v1.1.3...v1.3.1
+[1.1.3]: https://github.com/yeasy/ask/compare/v1.1.2...v1.1.3
+[1.1.2]: https://github.com/yeasy/ask/compare/v1.1.0...v1.1.2
+[1.1.0]: https://github.com/yeasy/ask/compare/v1.0.0...v1.1.0
+[1.0.0]: https://github.com/yeasy/ask/compare/v1.0.0-rc2...v1.0.0
+[1.0.0-rc2]: https://github.com/yeasy/ask/compare/v0.9.0...v1.0.0-rc2
+[0.9.0]: https://github.com/yeasy/ask/compare/v0.8.0...v0.9.0
+[0.8.0]: https://github.com/yeasy/ask/compare/v0.7.6...v0.8.0
+[0.7.6]: https://github.com/yeasy/ask/compare/v0.7.5...v0.7.6
+[0.7.5]: https://github.com/yeasy/ask/compare/v0.7.4...v0.7.5
+[0.7.4]: https://github.com/yeasy/ask/compare/v0.7.3...v0.7.4
+[0.7.3]: https://github.com/yeasy/ask/compare/v0.7.2...v0.7.3
+[0.7.2]: https://github.com/yeasy/ask/compare/v0.7.1...v0.7.2
+[0.7.1]: https://github.com/yeasy/ask/compare/v0.7.0...v0.7.1
+[0.7.0]: https://github.com/yeasy/ask/compare/v0.6.1...v0.7.0
+[0.6.1]: https://github.com/yeasy/ask/compare/v0.6.0...v0.6.1
+[0.6.0]: https://github.com/yeasy/ask/compare/v0.5.0...v0.6.0
+[0.5.0]: https://github.com/yeasy/ask/compare/v0.4.0...v0.5.0
+[0.4.0]: https://github.com/yeasy/ask/compare/v0.2.0...v0.4.0
 [0.2.0]: https://github.com/yeasy/ask/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/yeasy/ask/releases/tag/v0.1.0

Makefile

@@ -29,3 +29,8 @@ lint:
 
 install:
 	go install
+
+coverage:
+	go test -coverprofile=coverage.out ./...
+	go tool cover -html=coverage.out -o coverage.html
+	@echo "Coverage report generated: coverage.html"

README.md

@@ -13,7 +13,7 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/yeasy/ask/releases"><img src="https://img.shields.io/github/v/release/yeasy/ask?style=flat-square&color=blue" alt="Release"></a>
+  <a href="https://github.com/lbjlaq/Antigravity-Manager/releases/tag/v1.3.3"><img src="https://img.shields.io/github/v/release/lbjlaq/Antigravity-Manager?style=flat-square&color=blue" alt="Release"></a>
   <a href="https://github.com/yeasy/ask/blob/main/LICENSE"><img src="https://img.shields.io/github/license/yeasy/ask?style=flat-square" alt="License"></a>
   <a href="https://github.com/yeasy/ask/stargazers"><img src="https://img.shields.io/github/stars/yeasy/ask?style=flat-square" alt="Stars"></a>
   <a href="https://goreportcard.com/report/github.com/yeasy/ask"><img src="https://goreportcard.com/badge/github.com/yeasy/ask?style=flat-square" alt="Go Report Card"></a>
@@ -90,13 +90,16 @@ brew install yeasy/tap/ask              # CLI version
 brew install --cask yeasy/tap/ask-desktop  # Desktop App (macOS only)
 ```
 
+> [!NOTE]
+> **macOS Users**: When opening `ask-desktop` for the first time, if you see an "unidentified developer" warning, please go to **System Settings > Privacy & Security**, and click **"Open Anyway"** in the Security section.
+
 **Go Install:**
 ```bash
 go install github.com/yeasy/ask@latest
 ```
 
 **Binary / Manual Install (Windows / Linux / Desktop):**
-Download the latest pre-compiled binary or Desktop App for your system from [Releases](https://github.com/yeasy/ask/releases).
+Download the latest pre-compiled binary or Desktop App for your system from [Releases](https://github.com/lbjlaq/Antigravity-Manager/releases/tag/v1.3.3).
 
 
 ### 2. Initialize

README_zh.md

@@ -13,7 +13,7 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/yeasy/ask/releases"><img src="https://img.shields.io/github/v/release/yeasy/ask?style=flat-square&color=blue" alt="Release"></a>
+  <a href="https://github.com/lbjlaq/Antigravity-Manager/releases/tag/v1.3.3"><img src="https://img.shields.io/github/v/release/lbjlaq/Antigravity-Manager?style=flat-square&color=blue" alt="Release"></a>
   <a href="https://github.com/yeasy/ask/blob/main/LICENSE"><img src="https://img.shields.io/github/license/yeasy/ask?style=flat-square" alt="License"></a>
   <a href="https://github.com/yeasy/ask/stargazers"><img src="https://img.shields.io/github/stars/yeasy/ask?style=flat-square" alt="Stars"></a>
   <img src="https://img.shields.io/badge/Go-1.24+-00ADD8?style=flat-square&logo=go" alt="Go Version">
@@ -89,6 +89,9 @@ brew install yeasy/tap/ask              # 命令行版本
 brew install --cask yeasy/tap/ask-desktop  # 桌面应用 (仅 macOS)
 ```
 
+> [!NOTE]
+> **macOS 用户请注意**：首次打开 `ask-desktop` 时若提示"无法验证开发者"，请前往 **系统设置 > 隐私与安全性**，在"安全性"区域点击 **"仍要打开" (Open Anyway)** 即可正常运行。
+
 **源码安装:**
 ```bash
 git clone https://github.com/yeasy/ask.git
@@ -97,7 +100,7 @@ make build && mv ask /usr/local/bin/
 ```
 
 **二进制 / 手动安装 (Windows / Linux):**
-请前往 [Releases](https://github.com/yeasy/ask/releases) 页面下载对应系统的预编译二进制文件。
+请前往 [Releases](https://github.com/lbjlaq/Antigravity-Manager/releases/tag/v1.3.3) 页面下载对应系统的预编译二进制文件。
 
 
 
@@ -192,19 +195,43 @@ export ASK_LOG=debug
 ask skill install browser-use
 ```
 
+## ⌨️ Shell 自动补全
+
+ASK 支持智能 Tab 补全，可补全技能名称、仓库名称和 agent 参数。
+
+**设置 (一次性):**
+```bash
+# Bash
+ask completion bash > $(brew --prefix)/etc/bash_completion.d/ask
+
+# Zsh
+ask completion zsh > "${fpath[1]}/_ask"
+
+# Fish
+ask completion fish > ~/.config/fish/completions/ask.fish
+```
+
+**支持功能:**
+- `ask skill install <TAB>` - 从缓存中补全技能名
+- `ask skill uninstall <TAB>` - 从已安装技能中补全
+- `ask repo sync <TAB>` - 从已配置仓库中补全
+- `ask install --agent <TAB>` - 补全 agent 名称 (claude, cursor, codex 等)
+
 ## 📊 安全审计报告
 
 <img src="reports/anthropics.png" width="300">
 <img src="reports/openai.png" width="300">
 <img src="reports/composio.png" width="300">
 <img src="reports/vercel.png" width="300">
+<img src="reports/superpowers.png" width="300">
 
 完整安全审计报告：
 
 - [🛡️ Anthropic 安全审计报告](reports/anthropics.html)
 - [🛡️ OpenAI 安全审计报告](reports/openai.html)
 - [🛡️ Composio 安全审计报告](reports/composio.html)
 - [🛡️ Vercel 安全审计报告](reports/vercel.html)
+- [🛡️ Superpowers 安全审计报告](reports/superpowers.html)
 
 ## 🤝 贡献参与
 欢迎提交 PR 或 Issue！详见 [CONTRIBUTING.md](CONTRIBUTING.md)。

SECURITY.md

@@ -0,0 +1,72 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take security issues in ASK seriously. If you discover a security vulnerability, please follow these steps:
+
+### 1. Do NOT Open a Public Issue
+
+Security vulnerabilities should not be disclosed publicly until they have been addressed.
+
+### 2. Send a Private Report
+
+Please report security vulnerabilities by emailing:
+
+- **Email**: [Create a security advisory](https://github.com/yeasy/ask/security/advisories/new) on GitHub
+
+Or use GitHub's private vulnerability reporting feature:
+1. Go to the [Security tab](https://github.com/yeasy/ask/security) of the repository
+2. Click "Report a vulnerability"
+3. Fill in the details
+
+### 3. Include Details
+
+Please include the following in your report:
+
+- **Description**: A clear description of the vulnerability
+- **Steps to Reproduce**: Detailed steps to reproduce the issue
+- **Impact**: What could an attacker achieve with this vulnerability?
+- **Affected Versions**: Which versions are affected?
+- **Suggested Fix**: If you have one
+
+### 4. Response Timeline
+
+- **Initial Response**: Within 48 hours
+- **Status Update**: Within 7 days
+- **Fix Timeline**: Depends on severity
+  - Critical: 24-72 hours
+  - High: 1-2 weeks
+  - Medium: 2-4 weeks
+  - Low: Next release cycle
+
+## Security Best Practices
+
+When using ASK:
+
+1. **Verify Skill Sources**: Only install skills from trusted repositories
+2. **Use Security Scanning**: Run `ask check` before installing new skills
+3. **Review Skill Code**: Inspect SKILL.md and associated files before installation
+4. **Keep Updated**: Regularly run `ask update` to get security patches
+5. **Use Lock Files**: Commit `ask.lock` to ensure reproducible installs
+
+## Security Features
+
+ASK includes built-in security features:
+
+- **Entropy Analysis**: Detects potential secrets and API keys
+- **Dangerous Command Detection**: Identifies risky shell commands
+- **Binary File Scanning**: Flags suspicious executable files
+- **HTML Security Reports**: Generate detailed audit reports with `ask check -o report.html`
+
+## Acknowledgments
+
+We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.
+
+Thank you for helping keep ASK secure! 🛡️

cmd/cmd_test.go

@@ -168,95 +168,3 @@ func TestInitCommandHelp(t *testing.T) {
 		t.Error("expected init help to contain 'Initialize'")
 	}
 }
-
-func TestParseGitHubBrowserURL(t *testing.T) {
-	tests := []struct {
-		name          string
-		input         string
-		wantRepoURL   string
-		wantBranch    string
-		wantSubDir    string
-		wantSkillName string
-		wantOK        bool
-	}{
-		{
-			name:          "full URL with subdirectory",
-			input:         "https://github.com/anthropics/skills/tree/main/skills/mcp-builder",
-			wantRepoURL:   "https://github.com/anthropics/skills.git",
-			wantBranch:    "main",
-			wantSubDir:    "skills/mcp-builder",
-			wantSkillName: "mcp-builder",
-			wantOK:        true,
-		},
-		{
-			name:          "URL with different branch",
-			input:         "https://github.com/owner/repo/tree/develop/path/to/skill",
-			wantRepoURL:   "https://github.com/owner/repo.git",
-			wantBranch:    "develop",
-			wantSubDir:    "path/to/skill",
-			wantSkillName: "skill",
-			wantOK:        true,
-		},
-		{
-			name:          "URL without subdirectory - just branch",
-			input:         "https://github.com/owner/repo/tree/main",
-			wantRepoURL:   "https://github.com/owner/repo.git",
-			wantBranch:    "main",
-			wantSubDir:    "",
-			wantSkillName: "repo",
-			wantOK:        true,
-		},
-		{
-			name:          "URL with trailing slash",
-			input:         "https://github.com/anthropics/skills/tree/main/skills/mcp-builder/",
-			wantRepoURL:   "https://github.com/anthropics/skills.git",
-			wantBranch:    "main",
-			wantSubDir:    "skills/mcp-builder",
-			wantSkillName: "mcp-builder",
-			wantOK:        true,
-		},
-		{
-			name:   "non-tree URL (regular git URL)",
-			input:  "https://github.com/owner/repo.git",
-			wantOK: false,
-		},
-		{
-			name:   "shorthand format - not a browser URL",
-			input:  "owner/repo/path/to/skill",
-			wantOK: false,
-		},
-		{
-			name:   "empty string",
-			input:  "",
-			wantOK: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			gotRepoURL, gotBranch, gotSubDir, gotSkillName, gotOK := parseGitHubBrowserURL(tt.input)
-
-			if gotOK != tt.wantOK {
-				t.Errorf("parseGitHubBrowserURL() ok = %v, want %v", gotOK, tt.wantOK)
-				return
-			}
-
-			if !tt.wantOK {
-				return // No need to check other fields if we expected failure
-			}
-
-			if gotRepoURL != tt.wantRepoURL {
-				t.Errorf("parseGitHubBrowserURL() repoURL = %v, want %v", gotRepoURL, tt.wantRepoURL)
-			}
-			if gotBranch != tt.wantBranch {
-				t.Errorf("parseGitHubBrowserURL() branch = %v, want %v", gotBranch, tt.wantBranch)
-			}
-			if gotSubDir != tt.wantSubDir {
-				t.Errorf("parseGitHubBrowserURL() subDir = %v, want %v", gotSubDir, tt.wantSubDir)
-			}
-			if gotSkillName != tt.wantSkillName {
-				t.Errorf("parseGitHubBrowserURL() skillName = %v, want %v", gotSkillName, tt.wantSkillName)
-			}
-		})
-	}
-}