Executor: Gemini-CLI
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Pre-release pass to close gaps between as-shipped capability and the "deterministic governance" pitch. No source-code changes; CI, docs, and distribution only.
- Server-side Composite Action (
.github/actions/verify/action.yml) — runs the same guard pipeline against the PR diff in CI. Gives HITL/governance claims actual teeth, sincegit commit --no-verifycannot bypass it. Documented in README §3 and SECURITY.md. - Release workflow (
.github/workflows/release.yml) — tagv*.*.*triggers build → test → npm publish (with provenance) → GitHub Release. Closes the long-standing gap between local v0.6.0 and the v0.1.0 currently on npm. - SECURITY.md threat model — documents v0.5+ outbound network calls (
hollowArtifact.useDspy,HttpTicketProvider,federation.parentEndpoint) and the explicit out-of-scope items (server-side enforcement, third-party guard sandboxing).
- README framing — added scaffold-vs-turnkey callout and a server-side enforcement section. Toned down the "10x hallucination" tagline to match current as-shipped capability (artifact failure modes), preserving the stronger semantic claim for v0.5+ DSPy follow-ups.
- CI dogfooding (
ci.yml) — removed the|| trueswallow onSelf-verify. Step is now an honest CLI smoke test; meaningful diff-based dogfooding is a follow-up that requires a repo-localdefense.config.ymltuned for self-application. - SECURITY.md supported versions — corrected from
0.1.xto0.6.xto match the current minor line.
No code or config changes are required for users on v0.6.0. The Composite Action is opt-in. The release workflow only fires on tag pushes, so it has no effect on the regular PR/main flow.
- Federation Guard (
federationGuard) — cross-validates child project execution against parent ticket lifecycle phase. Pure guard (zero I/O), all parent state resolved by engine enrichment phase. - HttpTicketProvider — network-aware provider using
globalThis.fetchwithAbortControllertimeout (default: 3000ms). Resolves ticket state from remote REST endpoints for cross-project federation. TicketRefextended with optionalparentId,parentPhase,authorizedfields for parent↔child governance.FederationGuardConfigtype inDefendConfig.guards.federation— configurableblockedParentPhases, severity, provider selection.FileTicketProviderenhanced to extractparentIdfrom TICKET.md YAML frontmatter.DefendEngine.enrichParentTicket()— second-stage enrichment that resolves parent ticket state before guard pipeline runs.- 6 engine integration tests covering full pipeline (FE.01-04): enrichment, blocking, graceful degradation on 404/network error/timeout.
- 17 federation guard unit tests including edge cases (case-insensitive phases, empty parentId, dual findings) and worst cases (missing config, concurrent block+deny).
- Zero-infrastructure default: Federation is opt-in (
enabled: false). Projects without federation config run exactly as before, zero regression. - Guard purity contract: Federation guard performs ZERO I/O. All resolution happens during engine enrichment phase (Invariant #1).
- Graceful degradation: Provider failures produce WARN findings, never crash the pipeline.
FileTicketProviderempty-stringparentIdleak — changed!= nullcheck to truthy check (caught by edge case test).HttpTicketProvidersilently droppedparentIdfrom JSON responses — added extraction logic (caught by integration test).
- DSPy semantic evaluation integrated into
hollow-artifactguard (opt-in viauseDspy: true). - New
evalCLI subcommand for standalone artifact quality analysis with DSPy. HollowArtifactConfigextended withuseDspy,dspyEndpoint,dspyTimeoutMsfields.- Graceful degradation: DSPy failures produce warnings, never crash the guard pipeline.
- Zero-infrastructure preserved: DSPy is disabled by default. All existing deterministic checks unchanged.
- Enhancement, not replacement: DSPy augments the existing
hollowArtifactguard rather than creating a separate evaluation subsystem. Honors thedefense.config.ymldesign intent.
- Review ecosystem strictness: Deep architectural analysis via Automated Review Gateways (assertive profile) alongside AI Agent validation pipelines.
- Local memory system for lesson recording without external infrastructure (
lessons.jsonl). - Growth tracking metrics (
growth_metrics.jsonl). - New
lessonCLI subcommand for recording and searching cases (án lệ). - New
growthCLI subcommand for recording metrics. - Internal
fsandcryptomodules utilized for standard zero-dep persistence, matchingsrc/core/types.tsspecifications forLessonandGrowthMetric.
TicketStateProviderinterface and generic API boundaries for custom external state resolution.- Built-in
fileProvider for zero-infrastructure governance (parses nativeTICKET.mdfrontmatter). ticket-identityguard (v0.3 TKID Lite) — detects cross-ticket contamination in commits (WARN severity)- Explicit contract surface for
ticketIdentityguard inDefendConfiganddefense.config.yml(opt-in by default) TicketRefinterface andTicketIdentityConfiginsrc/core/types.tsfor Federation- Agent and User documents regarding Custom TicketStateProviders.
- Federation v0.3:
extractTicketRef()now derives ticket scope purely from branch name (generic, no AAOS lock-in)
engine.ts: Removed hardcoded.worktrees/path assumption; now uses genericpath.basename()fallback
.agents/governance scaffold vianpx defense-in-depth init --scaffold- 18 rules covering consistency, guard lifecycle, context discipline, living documents
- 5 skills:
skill-bootstrap-agent,skill-creator,skill-deep-research,skill-self-reflection,_template - Contracts directory:
guard-interface.md,type-export-contract.md - Workflows: task execution, onboarding procedures
- Philosophy:
COGNITIVE_TREE.md— cognitive framework for AI agents
- Prebuilt agent configs:
GEMINI.md,CLAUDE.md,.cursorrules - Lazy-load documentation hub in
docs/:docs/user-guide/configuration.md— full config schema referencedocs/user-guide/cli-reference.md— CLI command referencedocs/dev-guide/writing-guards.md— guard authoring guidedocs/dev-guide/architecture.md— architecture deep-dive and alternatives comparison
STRATEGY.md— strategic roadmap and federation design rationale
README.mdrefactored from monolithic (20KB) to Lazy-Load Hub (~7KB)README.vi.mdrefactored to match EN structure (~5.6KB)- Dual-audience documentation: human hub + agent machine gateway
- Core engine with pluggable guard pipeline (
src/core/engine.ts) - Type-safe guard interface with
Guard,GuardResult,Finding,Severity,EvidenceLeveltypes - YAML config loader with deep merge defaults (
src/core/config-loader.ts) - 5 built-in guards:
hollow-artifact— detects files with onlyTODO/TBDplaceholders (BLOCK)ssot-pollution— blocks governance/config files from feature branch commits (BLOCK)commit-format— enforces conventional commit messages (WARN)branch-naming— validates branch name patterns (WARN, off by default)phase-gate— requires plan files before code commits (BLOCK, off by default)
- CLI with 3 commands:
init,verify,doctor - Git hook generators (pre-commit, pre-push)
AGENTS.mdroot — project self-awareness layer for AI agents- Immutable consistency rules (
.agents/rules/rule-consistency.md) - Cross-platform CI matrix: 3 OS × 4 Node.js versions
- OSS standard files:
LICENSE,CONTRIBUTING.md,CODE_OF_CONDUCT.md,SECURITY.md defense.config.ymldefault template