changelog
What shipped in each release
Live mirror of github.com/pakxdev/pakx/releases. The raw notes carry every fix + new command + deprecation. The on-disk version of this list lives in CHANGELOG.md.
v0.1.3
2026-05-21v0.1.3 — fix pakx install against MCP Registry 2025-12-11 schema
**Critical install fix.** Every `pakx install` against the live MCP Registry was failing with `not found in official MCP registry` or `no installable transport advertised` because the registry's 2025-12-11 schema rename was only patched in the search path (v0.1.1) — the detail-endpoint + install-translator were still hard-coded to the pre-2025 snake_case shape.
## What changed
- `OfficialMcpSource::fetch` falls back from the per-server detail endpoint (404s on the current schema) to `?search=<id>` exact-name match.
- `mcp_translate::PackageHint` accepts both `registry_name` / `registryType`, `name` / `identifier`, `package_arguments` / `packageArguments`, `environment_variables` / `environmentVariables` via serde aliases.
- `mcp_translate::pick_remote` walks `packages[].transport.url` for hosted SSE / streamable-http servers.
- Recognises `npm` / `npmjs` / `npmjs.org`, `pypi` / `pypi.org`, `docker` / `oci` / `ghcr` / `ghcr.io` as stdio-launchable registry types.
## End-to-end repro
```sh
echo 'name: demo
version: 1.0.0
dependencies:
mcp:
- io.github.bytedance/mcp-server-filesystem' > agents.yml
pakx install # before v0.1.3 — Error: 1 dep(s) failed to install
# now — installed: + io.github.bytedance/mcp-server-filesystem
```
## Upgrade
```sh
pakx upgrade
```
## Binaries
All five triples + CycloneDX 1.3 SBOM. Each binary has a matching `.sha256` next to it.v0.1.2
2026-05-21v0.1.2 — pakx upgrade + brew + scoop + SBOM
Adopter-friendly release. No breaking changes. ## Highlights - **`pakx upgrade`** — check GitHub Releases for a newer version. Read-only by design — prints the channel-appropriate install command (curl|sh, brew upgrade, scoop update, cargo install --tag) instead of rewriting the binary in place. - **Homebrew tap**: `brew install pakxdev/tap/pakx` - **Scoop bucket**: `scoop bucket add pakx https://github.com/pakxdev/scoop-pakx && scoop install pakx` - **CycloneDX 1.3 SBOM** attached for downstream vulnerability scanners. - Governance: `.github/` issue templates, PR template, FUNDING.yml. `examples/hello-world` walks through publishing your first skill. ## Install ```sh # curl|sh / irm|iex curl -fsSL https://pakx.dev/install.sh | sh irm https://pakx.dev/install.ps1 | iex # Homebrew brew install pakxdev/tap/pakx # Scoop scoop bucket add pakx https://github.com/pakxdev/scoop-pakx scoop install pakx # Cargo cargo install --git https://github.com/pakxdev/pakx --tag v0.1.2 --locked pakx ``` ## Binaries | Triple | File | |---|---| | `x86_64-pc-windows-gnu` | `pakx-v0.1.2-x86_64-pc-windows-gnu.exe` | | `x86_64-unknown-linux-gnu` | `pakx-v0.1.2-x86_64-unknown-linux-gnu` | | `aarch64-unknown-linux-gnu` | `pakx-v0.1.2-aarch64-unknown-linux-gnu` | | `x86_64-apple-darwin` | `pakx-v0.1.2-x86_64-apple-darwin` | | `aarch64-apple-darwin` | `pakx-v0.1.2-aarch64-apple-darwin` | Each binary has a matching `.sha256` next to it. CycloneDX SBOM at `pakx-v0.1.2-sbom.cdx.json`. ## Upgrade ```sh pakx upgrade ```
v0.1.1
2026-05-21v0.1.1 — security + cross-platform binaries
Security + portability cleanup. Patch release; no CLI behaviour change. ## Highlights - **`cargo audit` is now 0 / 0 / 0** across 288 dependencies. - **Prebuilts for every supported triple**, built locally with `cargo zigbuild` because GitHub Actions is temporarily disabled to control CI billing. ## Security fixes | Advisory | Crate | Action | |---|---|---| | [RUSTSEC-2025-0067](https://rustsec.org/advisories/RUSTSEC-2025-0067) | `libyml` (unsound) | Replaced via `serde_yml` → `serde_yaml_ng`. | | [RUSTSEC-2025-0068](https://rustsec.org/advisories/RUSTSEC-2025-0068) | `serde_yml` (unmaintained) | Replaced with the maintained drop-in fork `serde_yaml_ng`. | | [RUSTSEC-2025-0057](https://rustsec.org/advisories/RUSTSEC-2025-0057) | `fxhash` (unmaintained) | Dropped via `inquire` 0.7 → 0.9. | ## Portability - `reqwest` now uses `rustls-tls` instead of `default-tls`. No more system OpenSSL dependency, and the OpenSSL CVE surface is gone from the install footprint. ## Binaries | Triple | File | |---|---| | `x86_64-pc-windows-gnu` | `pakx-v0.1.1-x86_64-pc-windows-gnu.exe` | | `x86_64-unknown-linux-gnu` | `pakx-v0.1.1-x86_64-unknown-linux-gnu` | | `aarch64-unknown-linux-gnu` | `pakx-v0.1.1-aarch64-unknown-linux-gnu` | | `x86_64-apple-darwin` | `pakx-v0.1.1-x86_64-apple-darwin` | | `aarch64-apple-darwin` | `pakx-v0.1.1-aarch64-apple-darwin` | Every binary has a matching `.sha256` next to it. Verify before running: ```sh sha256sum -c pakx-v0.1.1-x86_64-unknown-linux-gnu.sha256 ``` ## Install ```sh # Source (every platform) cargo install --git https://github.com/pakxdev/pakx --tag v0.1.1 --locked pakx # Or pakx.dev shims curl -fsSL https://pakx.dev/install.sh | sh # Linux / macOS irm https://pakx.dev/install.ps1 | iex # Windows ```
v0.1.0
2026-05-21v0.1.0 — first public early-access release
First public early-access release of pakx — the universal package manager for AI agent context. ## What ships - The full CLI: `pakx init`, `add`, `install`, `list`, `doctor`, `search`, `login`, `whoami`, `pack`, `publish`, `unpublish`. - Federated registry support: official MCP Registry, Smithery, and the first-party [registry.pakx.dev](https://registry.pakx.dev). - Per-agent adapters: Claude Code (reference), Cursor, Codex, Copilot, Windsurf (detect-only at v0.1). See [CHANGELOG.md](https://github.com/pakxdev/pakx/blob/main/CHANGELOG.md) for the full list. ## Install **Source build (every platform):** ```sh cargo install --git https://github.com/pakxdev/pakx --tag v0.1.0 --locked pakx ``` **Via pakx.dev shims (Linux / macOS / Windows):** ```sh curl -fsSL https://pakx.dev/install.sh | sh # or, on Windows: irm https://pakx.dev/install.ps1 | iex ``` **Prebuilt binary (Windows x86_64 only at v0.1):** Download `pakx-v0.1.0-x86_64-pc-windows-gnu.exe` from the assets below. Verify against the `.sha256` next to it. Linux / macOS / arm64 prebuilts land at v0.2 once the cross-build pipeline is in place — GitHub Actions is temporarily disabled to control CI billing. ## Verify ```sh pakx --version # prints `pakx 0.1.0` ``` ## Known limitations - Smithery support is search-only; install translation arrives at v0.2. - Only Windows x86_64 has a prebuilt binary attached at v0.1; everyone else builds from source. - The release pipeline is disabled until billing lands.
Upgrading? Run pakx upgrade — it picks the right install command for your channel.