Changed

• Built-in verb dispatch is split between the two surfaces. The explicit
  runner <verb> subcommand — install, clean, list, info,
  completions — is now always the built-in and is never shadowed by a
  same-named project task. The run path (run <verb> / runner run <verb>)
  runs a same-named task when one exists, and otherwise falls back to that
  built-in's default form instead of the package-manager exec path (so
  run install with no install task installs dependencies rather than
  attempting bunx install). Previously the precedence was reversed:
  runner install deferred to a task named install (e.g. a Makefile
install target), which surprised projects whose install means "install
  the built artifact" rather than "install dependencies". Reach a same-named
  task with run install / runner run install; the built-in default for
  info on the run path is a plain task list (no deprecation warning, which
  remains specific to the explicit runner info subcommand). See
  #55
• The run alias now forwards --help/-h and --version/-V to the
  task when they follow a task name: run <task> --help reaches the
  task's own help instead of printing run's (previously run <task> --
  was required). run --help/--version with no task — including after
  global flags like run --pm npm --help — still print this binary's own
  help/version, and run <task> -- --help still forwards literally. The
  runner run subcommand is unchanged. Because -h/--help/-V/
  --version are no longer clap arguments on the alias, they are
  documented in the help footer rather than the options list.

What's Changed

• Builtin verbs always builtin on runner, task-or-builtin on run by @kjanat in #55

Full Changelog: v0.13.1...v0.14.0

Added

• runner doctor --json schema v3 (now the default for doctor):
  the flat detection dump becomes a structured diagnostic inventory —
  invocation/environment/runner provenance, per-ecosystems
  decisions with a confidence grade derived from the resolution step
  (override/manifest/lockfile → high, PATH probe → medium, legacy npm
  fallback → low, failure → none), task sources as first-class objects,
  fqn-keyed tasks with effective resolved commands, PATH-probed
  tools, duplicate-task-name conflicts (which task wins, which are
  shadowed, and why), flattened diagnostics, and a self-describing
  resolution policy block. Implements the former doctor.v3-draft
  schema; the real output validates against both the committed
  doctor.v3.schema.json and the original draft. Draft shapes nothing
  can emit yet (rich dependency edges, workspace identity, probe errors)
  are deferred, not declared. v1/v2 remain available via
  --schema-version; human output is unchanged.
• runner why --json schema v3 (now the default for why): the
  report is restructured around {task, match} candidate pairs plus a
  decision block. Each task carries a stable identity
  (fqn = root:<kind>#<name>, provider, kind — cargo aliases are
  now labeled cargo-alias), its origin (source file,
  source_pointer key path), and resolution data (definition,
  resolved command preview, cwd, sibling aliases,
  dependencies). The match half exposes the exact run-time selection
  key (source_priority, depth, display_order, alias-last), and
  decision.strategy names the branch taken (single-candidate,
  ranked, filtered, exec-fallback). Implements the former
  why.v3-draft example, which the real output now reproduces verbatim;
  v1/v2 stay available via --schema-version. list remains at v2 — its
  v3 draft is still under review, and it rejects --schema-version 3
  rather than mislabel output. schema --all emits the committed
  schemas/why.v3.schema.json, and the example validates against it.
• Both v3 schemas use the <scope>:<kind>#<name> fqn form, with #
  separating the structured prefix from the verbatim task name so a name
  containing : (e.g. an npm script fmt:update) stays unambiguous.
• Deno tasks now run without the deno binary. A deno.json /
  deno.jsonc task whose command is a leaf shell command executes
  in-process via the embedded deno_task_shell (deno's own cross-platform
  task shell) when deno isn't on PATH; with deno installed it still
  shells out to deno task for full fidelity. The unstable-deno-exec
  feature flips the default to self-exec-first. Tasks that invoke deno
  themselves or declare dependencies still need the binary. The shell
  engine lives in a reusable tool::shell so other shell-string task
  sources can build on it later.
• Deno task descriptions. The object form
  ("build": { "command": "…", "description": "…" }) is now parsed and
  the description surfaces in runner list / why / doctor, alongside
  the existing bare-string form.
• runner list and the bare runner view now print a duplicate-name
  conflict footer. When two sources define the same task name (e.g. a
  just run recipe and cargo run), it names the source that
  runner run <name> actually dispatches and the ones it shadows — using
  the same precedence as dispatch — so a silently shadowed task no longer
  goes unnoticed.

Changed

• Cargo built-in aliases now fold under their canonical subcommand in
  runner list and the bare runner view. b/c/d/t/r/rm are
  shown as aliases of the promoted build/check/doc/test/run/
  remove tasks (e.g. test (t)) instead of standing alone; both the
  canonical name and the short form still dispatch. Aliases that carry
  extra arguments (bb, cl, rq, …) keep their own rows. Promoting
  run/remove can collide with a same-named just/other task — that
  collision now surfaces in the conflict footer above rather than hiding.
• runner doctor --json (v3) now probes package-manager and task-runner
  versions via <tool> --version (previously only the Node runtime
  carried a version), reports a per-task self_executable flag (true for
  deno tasks runner can run through the embedded shell), and derives the
  Deno tool's required from it. Node is included in ecosystems /
  tools whenever a resolver or task signal implies it, not only when a
  Node package manager was lockfile-detected.
• The committed v3 schemas (doctor.v3.schema.json,
  why.v3.schema.json) set additionalProperties: false throughout, so
  validation catches stray or misspelled fields in real output instead of
  silently accepting them.

What's Changed

• Emit JSON output schemas by @kjanat in #50
• Forward --help/--version to task in run alias by @kjanat in #54

Full Changelog: v0.13.0...v0.13.1

Added

• runner doctor (and info --json) now classify PATH-probe hits that
  are Volta shims and resolve them to the real provisioned binary via
  volta which: the PATH probe line shows
  npm=<shim> -> <real bin> (volta), or
  (volta shim, not provisioned) when Volta fronts a tool it has no
  version of. JSON gains an additive signals.node.volta_shims map
  (omitted on hosts without Volta; no schema bump). Display only —
  execution still spawns the shim, which performs Volta's per-project
  version selection.

Changed

• runner install now honors the --pm/RUNNER_PM override: when set,
  only that package manager installs (previously the override was
  ignored and every detected PM installed — e.g. a project with both
  bun.lock and deno.json always ran deno install too, writing an
  unwanted deno.lock). An override naming a PM that detection did not
  find refuses the install with exit code 2. runner.toml
  [pm].node/[pm].python continue to scope script dispatch only.
• Invalid --pm/RUNNER_PM/--runner/RUNNER_RUNNER values now produce
  a readable error: the message names the source that carried the value,
  escapes control characters (no more raw ANSI codes), truncates long
  garbage, and — when the value contains line breaks — hints that it
  looks like captured command output with the correctly quoted PowerShell
  spelling. (An unquoted $env:RUNNER_PM=deno executes deno and assigns
  its REPL banner to the variable.)

Fixed

• runner doctor no longer dies when a RUNNER_* override variable
  holds an unparseable value — the condition it exists to diagnose. The
  invalid value is ignored for the report and surfaced as an env:
  warning (human output and the warnings array of doctor --json,
  additively — no schema bump). Every other command, and an explicit bad
  --pm/--runner flag even on doctor, still fails fast.
• Node version constraints are now evaluated with real range semantics
  (via the semver crate) instead of a prefix match that treated
  >=22.22.2 as =22.22.2. Operators (>=, >, <=, <, =),
  caret/tilde ranges, space-separated AND comparators, || unions,
  hyphen ranges, and x wildcards all match per node-semver rules, so
  engines.node: ">=22.22.2" no longer warns on Node 22.22.3 or 25.9.0.
  Bare versions (.nvmrc 20.11) keep the stricter
  prefix-at-segment-boundary behavior; unevaluable inputs (lts/*) fall
  back to the previous prefix match.
• Task dispatch now prepends every existing node_modules/.bin between
  the project directory and the filesystem root (nearest first) to the
  child's PATH, the way npm run / pnpm run / bun run do for
  package.json scripts. Tools that runner spawns directly — turbo
  for turbo.json tasks, and the bare-binary exec fallback — used to
  inherit the shell's PATH unchanged, so a devDependency-only turbo
  failed with Error: No such file or directory (os error 2) unless it
  was also installed globally. On Windows, bare program names are
  additionally re-resolved against those bin dirs with PATHEXT, since
  CreateProcessW would never find the .cmd shims npm and pnpm
  install there. Local bins now shadow global installs for the spawned
  task and everything it launches, matching Node package-manager
  semantics.
• The no-argument project-info banner no longer leaks the Windows .exe
  suffix in its title line (e.g. run.exe 0.12.2). It now shows the same
  run / runner identity as --version, --help, and the Usage:
  line. The banner had its own copy of the arg0-parsing helper that
  skipped the .exe stripping done everywhere else; it now reuses the
  canonical bin_name_from_arg0.
• runner man now works on Windows under --features man builds. The
  subcommand was gated not(windows), so with external_subcommand in
  play it silently degraded to task dispatch (bun man → "Script not
  found") instead of rendering. Rendering is pure clap_mangen with no
  OS-specific code, so the gate bought nothing and is gone.
• install.sh runs under any POSIX sh. It carried a #!/usr/bin/env bash shebang, but curl … | sh ignores the shebang, so the bash-only
  set -o pipefail aborted on line 2 under dash/busybox — the default
  /bin/sh on the -musl targets. Rewritten POSIX-clean. It also picks
  the install dir more intelligently now: reuse an already-installed
  runner's directory (verified by its -V banner, so a system run/
  runner is never clobbered), otherwise prefer ~/bin or
  ~/.local/bin already on PATH (then one that exists), falling back
  to ~/.local/bin.

What's Changed

• fix(info): strip Windows .exe suffix from project-info banner title by @kjanat in #44
• fix(run): put project-local node_modules/.bin dirs on the task's PATH by @kjanat in #47
• Version range semantics, PM-override install, self-diagnosing errors, doctor resilience, Volta shims by @kjanat in #45

Full Changelog: v0.12.2...v0.13.0

Fixed

• runner completions now detects PowerShell when $SHELL is unset or
  unrecognized by falling back to the presence of $PSModulePath, which
  pwsh exports on every platform (it never sets $SHELL). A recognized
  $SHELL still takes precedence, so a pwsh session launched from bash
  keeps completing for the login shell. Previously bare
  runner completions always errored under pwsh.

Full Changelog: v0.12.1...v0.12.2

Added

• pyproject.toml [project.scripts] entry points (PEP 621 console
  scripts) are now extracted as runnable tasks for Python projects. They
  surface under the pyproject.toml source in runner list (with the
  entry-point target shown as the description) and dispatch via the
  detected Python package manager's run subcommand — uv run <name>,
  poetry run <name>, or pipenv run <name>. Previously a uv/poetry
  project's declared scripts were invisible to runner, which detected
  the package manager but listed no tasks.
• AUR distribution channel. Two packages on the Arch User Repository:
  runner-run-bin (prebuilt binaries for x86_64, aarch64, armv7h)
  and runner-run (source build for x86_64, aarch64). -bin
provides/conflicts runner-run, so install whichever you prefer —
  https://aur.archlinux.org/packages/runner-run-bin and
  https://aur.archlinux.org/packages/runner-run.
• Shell completions shipped by both AUR packages and auto-loaded from
  the canonical system dirs: bash at
  /usr/share/bash-completion/completions/{runner,run}, zsh at
  /usr/share/zsh/site-functions/{_runner,_run}, fish at
  /usr/share/fish/vendor_completions.d/{runner,run}.fish. PowerShell
  on Linux has no autoload convention, so the pwsh script is installed
  at /usr/share/runner/runner.ps1 for users to dot-source from their
  $PROFILE. Completions are clap-dynamic — the shell shells out to
  the binary for candidates, so tab-completing in a project picks up
  the current task list from package.json / turbo.json /
  Justfile / etc., not a static snapshot.
• .github/workflows/aur-release.yml publishes both packages on every
  release: published event (with manual workflow_dispatch +
  dry-run for validation). Gated behind a dedicated aur GitHub
  Environment so the AUR_SSH_PRIVATE_KEY secret is only readable from
  that job. Per-pkg concurrency: group serializes manual + automatic
  triggers for the same package without blocking the other matrix leg.
• .github/scripts/publish/aur-prepare.sh rewrites pkgver/pkgrel
  in the checked-in PKGBUILDs and, for the -bin package, injects
  per-arch sha256sums_* read directly from the release's published
  .sha256 companion assets (avoids the updpkgsums host-arch-only
  limitation). Strict semver regex on the version input refuses
  anything containing &, /, \, or newlines before any sed
  runs.
• Man pages for runner, run, and each subcommand. Rendered from the
  clap command tree by a man subcommand gated behind the man
  feature (off by default — never in the shipped binary, never committed)
  and shipped by every channel: crates.io (in the published crate), npm
  (facade man field), both AUR packages (/usr/share/man/man1/), and a
  runner-<tag>-man.tar.gz GitHub release asset that install.sh and
  runner-run-bin pull from. man runner / man run work everywhere.

Security

• All third-party uses: in crates-release.yml, npm-release.yml,
  and release.yml pinned to commit SHAs (with a # vN trailing
  comment for readability), so an upstream tag rewrite or
  account-takeover cannot silently swap in a different action build.
• persist-credentials: false added to every actions/checkout step
  in release.yml, so GITHUB_TOKEN is not persisted into git config.
• Release verification no longer saves Rust caches from pull request
  runs, preventing untrusted PRs from persisting cache contents.

Fixed

• runner list, runner run, and runner why now find
  pyproject.toml scripts and Python package-manager signals from
  nested directories (bounded by the containing VCS root), so running
  from src/ inside a uv/poetry/pipenv project still surfaces and
  dispatches [project.scripts] tasks.
• runner why now reports Python package-manager resolution for
  pyproject.toml tasks, including --pm and [pm].python
  overrides, matching the actual runner run dispatch path.
• runner list --source invalid-label help now includes
  pyproject.toml in the accepted source list.
• Restore the multiple_crate_versions Clippy allow so CI accepts the
  current unavoidable duplicate transitive crate versions while keeping
  the broader clippy::cargo deny group enabled.
• Hide the feature-only runner man generator from shipped runner.1
  output, so installed man pages no longer document an unavailable
  subcommand.

What's Changed

• feat(aur): publish runner-run + runner-run-bin with shell completions by @kjanat in #35
• docs: document AUR install channel in README, site, and changelog by @kjanat in #36
• Man pages: render from the CLI, ship on every channel by @kjanat in #37
• Surface pyproject.toml [project.scripts] as runnable tasks by @kjanat in #39

Full Changelog: v0.12.0...v0.12.1

Added

• GitHub Actions log grouping for task output. Sequential and single
  task runs wrap each execution in a runner: <task> section, emitted
  as ::group:: / ::endgroup:: workflow commands under GitHub Actions
  (and left untouched in a plain terminal). Toggle with
  [github].group_output in runner.toml (default true).
• Grouped parallel (-p) output. Each task's stdout/stderr is captured
  and printed as one contiguous runner: <task> block when that task
  finishes (completion order — first done, first shown), instead of
  interleaving lines live. Under GitHub Actions the block is a ::group::
  section; elsewhere it gets a plain colored header. Defaults diverge by
  environment so CI and local can differ: [github].group_parallel
  (default true, only when [github].group_output is also true)
  governs runs under GitHub Actions, [parallel].grouped (default
  false) governs runs elsewhere. Opting out on either path restores the
  live [<task>]-prefixed multiplexer.
• [github] and [parallel] sections in runner.toml, reflected in the
  generated JSON schema, for the grouping toggles above.
• actions-rs dependency for emitting GitHub Actions workflow commands.

What's Changed

• feat: group chained & parallel task output into log sections by @kjanat in #34

Full Changelog: v0.11.0...v0.12.0

Added

• Task chaining for runner run and runner install. New -s /
  --sequential and -p / --parallel flags turn the trailing
  positionals into a chain: runner run -s build test lint runs
  the three tasks in order; runner run -p test:unit test:e2e
  fans them out concurrently. runner install build test chains
  install → build → test (install head is always sequential; -p
  is rejected on install).
• Failure policies for chains. Default is fail-fast (sequential
  stops on first non-zero; parallel lets running siblings finish,
  doesn't start new ones). -k / --keep-going runs every task
  to completion regardless of failures, with the chain's final
  exit code reflecting the first failure. --kill-on-fail
  (parallel only) terminates siblings immediately when one fails.
  -k and --kill-on-fail are mutually exclusive across CLI,
  env, and config — conflicting layers surface
  ResolveError::ConflictingFailurePolicy with the offending
  source named.
• [chain] section in runner.toml plus RUNNER_KEEP_GOING /
  RUNNER_KILL_ON_FAIL env-var mirrors. Same resolver-chain
  precedence as the rest of the policy knobs: CLI > env > config.
  Env layer is presence-authoritative — RUNNER_KEEP_GOING=0
  overrides [chain].keep_going = true in config, not just the
  default.
• Line-prefix multiplexer for parallel chain output. Each task's
  piped stdout/stderr is captured by a reader thread, prefixed
  with [<task-name>] (right-padded to the longest name, colored
  from an 8-slot deterministic palette), and forwarded to the
  parent's stdout/stderr. Honors NO_COLOR and non-TTY parents.
• Resolver-warning deduplication across chain dispatch. Per-task
  warnings collect into a shared HashSet, then emit once at the
  end sorted by Display so output order is stable across runs.

Changed

• runner install --frozen <tasks> now propagates the --frozen
  flag into the synthetic install head of the chain, so the
  install step runs lockfile-only when the flag is set. Previous
  behavior silently dropped the flag in chain mode.
• Root single-binary Go task name now derives from the module
  path in go.mod (last segment, with a /vN major-version
  suffix dropped to match how Go names the built binary) instead
  of the project directory name, so cloning a repo into a
  differently-named directory no longer changes the task name.
  Falls back to the directory name only when go.mod is absent
  or has no parseable module line.

Fixed

• Node script discovery is no longer gated on a detected
  package manager. A package.json with scripts but no
  lockfile and no packageManager / devEngines field (a
  typical pnpm-workspace member directory) reported "No project
  detected" and runner run build fell through to a bogus
  bun build. Manifest presence is now the Node signal; which
  PM dispatches scripts is the resolver's runtime job. A
  manifest-less subdirectory still lists ancestor scripts, but
  only when it provably sits inside a JS monorepo
  (workspace-root-aware, VCS-bounded), so an unrelated outer
  project's package.json is never silently adopted.
  #32
• Detection now mirrors the resolver's package-manager chain
  (packageManager → devEngines.packageManager →
  enclosing-workspace lockfile/manifest), so runner info /
  runner install from a workspace member target the
  workspace's tool instead of resolving nothing. Corepack
  semantics preserved: a present-but-unparseable legacy
  packageManager still warns and is not silently superseded by
  devEngines.

What's Changed

• Task chaining: run -s/-p chain mode + install <tasks> by @kjanat in #27
• fix(detect): decouple node script discovery from PM detection + mirror resolver PM chain by @kjanat in #32

Full Changelog: v0.10.0...v0.11.0

Added

• mise task extraction and dispatch. mise was previously
  detection-only — runner listed it under "Task Runners" but its
  tasks were invisible to runner list and runner run <task>.
  New TaskSource::MiseToml makes mise a first-class source: tasks
  declared in mise.toml / .mise.toml (and the *.local.toml,
  mise/config.toml, .config/mise.toml companions in mise's
  documented precedence) appear in listings, participate in the
  selection priority, and dispatch via mise run <task>.
• Bacon-style two-tier extraction for mise. Primary path shells
  out to mise tasks --json — authoritative across mise's config
  layering and file-based tasks (mise-tasks/*); fallback parses
  the first project-local config when mise isn't on $PATH.
  Both paths exclude hidden tasks (hide = true),
  underscore-prefixed names, and tasks whose source lives
  outside the project root (so global / ~/.config/mise/* tasks
  don't pollute the project's task list). Empty or
  whitespace-only description = "" values are treated as
  missing so the renderer falls through to the run body or
  file reference instead of showing a blank column. Aliases
  come through as separate entries pointing at their target,
  mirroring the justfile shape.

Fixed

• Resolver no longer dispatches through a Node package manager in
  projects with no Node-ecosystem evidence (#23). runner run <unknown-task> in a Go-only repo with bun installed used to
  warn "no node signals matched" and then run bun <task> anyway;
  the FallbackPolicy::Probe PATH probe now requires a
  package.json (or equivalent manifest) somewhere upward of
  ctx.root before it considers the canonical Node order.
  Without that evidence the resolver returns the existing soft
  NoSignalsFound sentinel and cmd::run::run_pm_exec_fallback
  spawns the target directly on $PATH — no more wrong-ecosystem
  dispatch.

What's Changed

• resolver: skip Node PATH probe in non-Node projects by @kjanat in #24

Full Changelog: v0.9.0...v0.10.0

Added

• Unified package-manager resolution chain. runner run now follows a
  documented 8-step precedence — qualified syntax → --pm / --runner
  → RUNNER_PM / RUNNER_RUNNER → runner.toml → package.json
  (packageManager then devEngines.packageManager) → lockfile →
  PATH probe → terminal error — making toolchain selection
  predictable across Corepack, antfu/ni, mise, and pnpm v11+
  conventions. New src/resolver/ module owns the chain end-to-end.
• --pm / --runner global flags with RUNNER_PM / RUNNER_RUNNER
  env-var mirrors. Cross-ecosystem overrides like --pm cargo against
  a Node project fall through to detection rather than hijacking
  dispatch. CLI wins over env; empty env strings are treated as unset.
• runner.toml project config ([pm], [task_runner],
  [resolution], [sources.*]). Per-ecosystem PM overrides apply
  only when the named PM matches the requested ecosystem;
  [resolution].fallback controls the no-signal behavior.
• devEngines.packageManager parsing from package.json (OpenJS
  proposal, npm 10.9+). Single-object and array forms supported with
  per-entry onFail (ignore/warn/error). download collapses to
  warn since runner is not an installer. The legacy packageManager
  field still wins when both are present; manifest declarations win
  over lockfile signals (Corepack semantics) and emit a package.json
  warning when they disagree.
• Semver enforcement on devEngines.version. When the declared range
  doesn't match the installed PM's --version, onFail=warn emits a
  warning and onFail=error bails. Unparseable ranges or missing
  --version output skip the check silently so a partially-broken
  environment never blocks dispatch.
• --fallback policy (probe default | npm legacy | error) with
  RUNNER_FALLBACK env mirror. The default replaces the silent npm
  fallback with a canonical-order PATH probe (bun > pnpm > yarn > npm); when nothing matches, the user sees an actionable error
  listing every source that was checked.
• --explain flag (RUNNER_EXPLAIN env). Emits a one-line trace
  describing which chain step produced the PM decision: · runner resolved: pnpm via package.json "packageManager".
• runner doctor subcommand. Dumps every signal the resolver
  considers: detected PMs/runners, override sources in effect (with
  origin attribution), manifest declarations, lockfile presence,
  PATH probe results for each Node PM, the final decision, and any
  warnings. --json emits schema-versioned output for jq/scripts/bug
  reports.
• runner why <task> subcommand. Walks the source-selection chain for
  a single task: lists every candidate source with its (priority, depth, display_order, alias) tuple, names the winner, and renders
  the PM resolution trace when a package.json script is picked.
  --json available.
• Passthrough-wrapper detection generalized to every supported task
  runner. A package.json script like "build": "just build" is now
  recognized as a thin wrapper around just and deduped from
  completion candidates when the underlying runner exposes a same-
  named task. Recognized runners: turbo, just, make, task (go-task),
  nx, bacon, mise.
• Ecosystem enum (Node/Deno/Python/Rust/Go/Ruby/Php)
  formalizing the PM-to-ecosystem mapping used by override scoping.

Changed

• Task.passthrough_to_turbo: bool replaced by Task.passthrough_to: Option<TaskRunner> so wrappers around any runner — not just turbo —
  can be attributed at detection time and used by completion.
• cmd::run::run signature now takes a &ResolutionOverrides so the
  resolver-chosen PM also flows through the no-task fallback paths
  (bun test special case, npx-style exec). --pm npm against a
  Bun-detected project now correctly suppresses the bun-test fallback.
• Task selection unified into a single sort key (source_priority, source_depth, display_order, alias_last). Replaces the Deno-only
  depth path with a generic tiebreak that applies to every source.
  Every non-workspace-aware source now walks ancestors upward when
  computing source_depth so the tiebreak actually distinguishes
  nested Makefile/Justfile/Taskfile/bacon.toml configs from
  workspace-root ones.
• Resolver::resolve_node_pm returns Result<ResolvedPm> so manifest
  onFail=error and --fallback error can bubble up structured
  errors instead of bailing inside the resolver.

Fixed

• package.json packageManager: "deno@…" projects no longer require
  a deno.json alongside to be recognized as a Deno project.
• Stale doc comment on detect::push_package_json_tasks updated to
  reflect that passthrough detection covers every known runner, not
  just turbo.

What's Changed

• Add resolver module for package manager and task runner selection by @kjanat in #22

Full Changelog: v0.8.1...v0.9.0

Fixed

• Error: program not found on Windows when runner run <script> dispatches
  through npm / yarn / pnpm (issue #20). Bare-name spawns now walk
  PATH × PATHEXT so .cmd / .bat shims (npm.cmd, yarn.cmd, pnpm.cmd)
  resolve the same way they do under cmd.exe / PowerShell. Same fix covers
  every other Windows-shimmed tool runner dispatches: turbo, deno, make,
  task, just, composer, poetry, pipenv, uv, bundle, go, bacon, and the
  runner run <bin> arbitrary-target fallback. Non-Windows targets are
  unchanged.

What's Changed

• fix(windows): resolve PATHEXT shims when spawning package managers by @kjanat in #21

Full Changelog: v0.8.0...v0.8.1