fastflowlm: Add version 0.9.33

[YuChen-06]

fastflowlm: Add version 0.9.33

• Use conventional PR title: fastflowlm@0.9.33: Add new manifest
• I have read the Contributing Guide

Description

Add fastflowlm version 0.9.33. This is a lightweight LLM tool.

Verification

I have tested this manifest locally using:
scoop install bucket/fastflowlm.json
The installation was successful and the binary is correctly shimmed.

Summary by CodeRabbit

• New Features

  • Adds a Windows installer package for the app, including a bundled executable and user-facing setup/quick-start notes.
  • Enables automatic update checks with published release metadata and download verification.

• Chores

  • Includes license and documentation links surfaced to users during install and in the quick-start guidance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

Walkthrough

Adds a new Windows Inno Setup installer manifest for FastFlowLM (v0.9.33) containing metadata, installer URL and SHA256, innosetup flag, executable path, GitHub update check configuration, autoupdate URL with JSONPath digest, and user-facing notes.

Changes

Cohort / File(s)	Summary
Package Manifest bucket/fastflowlm.json	New JSON manifest for FastFlowLM v0.9.33: package metadata, description, homepage, license info, installer download URL and SHA256, innosetup flag, bin entry, GitHub-based version check and autoupdate JSONPath digest, plus user-facing notes and quick start commands.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A little rabbit wrote a file so spry,
With checksums snug and versions high,
FastFlowLM now in a neat little crate,
Ready to run—no need to wait,
Hoppity hops to the download sky! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title clearly indicates the main change: adding fastflowlm version 0.9.33 to the repository.
Description check	✅ Passed	Description includes required checklist items, clear summary, and verification steps, matching the repository's template requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

All changes look good.

Wait for review from human collaborators.

fastflowlm

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

bucket/fastflowlm.json (1)

13-15: autoupdate block can leverage GitHub API asset digests to avoid full-installer downloads on each update

Without a hash property, excavator downloads the full installer (~16 MB) on every automated update run to compute a hash. GitHub now publishes SHA-256 digests for all Release assets via its API. Add a hash configuration using the GitHub API to extract the digest automatically:

♻️ Proposed fix

     "autoupdate": {
-        "url": "https://github.com/FastFlowLM/FastFlowLM/releases/download/v$version/flm-setup.exe"
+        "url": "https://github.com/FastFlowLM/FastFlowLM/releases/download/v$version/flm-setup.exe",
+        "hash": {
+            "mode": "json",
+            "url": "https://api.github.com/repos/FastFlowLM/FastFlowLM/releases/tags/v$version",
+            "jp": "$.assets[?(@.name=='flm-setup.exe')].digest"
+        }
     },

If JSONPath filtering proves unreliable, use regex extraction instead:

"hash": {
    "url": "https://api.github.com/repos/FastFlowLM/FastFlowLM/releases/tags/v$version",
    "find": "\"name\"\\s*:\\s*\"flm-setup\\.exe\"(?s).*?\"digest\"\\s*:\\s*\"(?:sha256:)?([A-Fa-f0-9]{64})\""
}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bucket/fastflowlm.json` around lines 13 - 15, The autoupdate block currently
lacks a hash, causing excavator to download the entire installer every run; add
a "hash" entry under "autoupdate" that queries the GitHub Releases API for the
release tag v$version and extracts the SHA-256 digest for the asset named
"flm-setup.exe" (use JSONPath or a regex fallback to capture the 64-char
sha256), so excavator can verify/update using the published asset digest instead
of re-downloading the full installer; target the "autoupdate" object and
populate a "hash" configuration that points to the GitHub API URL for the
release tag and extracts the digest for that asset.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bucket/fastflowlm.json`:
- Line 5: The "license" field in fastflowlm.json is using a non-SPDX value
("Proprietary"); update the manifest to accurately represent the mixed-license
model by using an SPDX identifier for the open-source part and a URL or file
reference for the proprietary binaries (for example set the "license" field to
"MIT; SEE LICENSE_BINARY.txt" or "MIT AND https://example.com/TERMS.md"), ensure
the SPDX identifier MIT is included and point to TERMS.md or LICENSE_BINARY.txt
that describes the proprietary NPU-accelerated kernel restrictions and
commercial limits so consumers can find the full binary license text.

---

Nitpick comments:
In `@bucket/fastflowlm.json`:
- Around line 13-15: The autoupdate block currently lacks a hash, causing
excavator to download the entire installer every run; add a "hash" entry under
"autoupdate" that queries the GitHub Releases API for the release tag v$version
and extracts the SHA-256 digest for the asset named "flm-setup.exe" (use
JSONPath or a regex fallback to capture the 64-char sha256), so excavator can
verify/update using the published asset digest instead of re-downloading the
full installer; target the "autoupdate" object and populate a "hash"
configuration that points to the GitHub API URL for the release tag and extracts
the digest for that asset.