Releases: Eliyce/paqad-ai
Release list
v1.62.0
v1.61.1
Patch Changes
-
496950a: fix(#394): feature-development plan/spec must land in the feature bundle
A feature-development change could produce correct code yet write its plan and spec
to an invented.paqad/features/<slug>/directory, never creating the bundle's rigid
plan.json/specification.json, while the stages still read green. Three fixes
close that:- Rules (RC-1): the feature-development rule pack and requirement-analyst agent now
instructpaqad-ai plan compile/paqad-ai spec freezeinto the bundle and no longer
name.paqad/plans/*or.paqad/specs/*as durable write targets. - Enforcement (RC-2): a
planning/specificationstage-end whose artifact is not
the active bundle'splan.json/specification.jsonis recorded inconclusive (the
artifact is dropped so no digest is hashed), with a message naming the compile/freeze
verb.reviewand the mutation stages are unchanged. - Verdict (RC-3): the end-of-change completeness verdict now asserts the bundle
actually contains a non-emptyplan.jsonandspecification.json; missing either
reads incomplete / Needs your attention, never Safe to merge.
The dogfooded fix produced both artifacts in its own feature bundle, and no
.paqad/features/directory was created. - Rules (RC-1): the feature-development rule pack and requirement-analyst agent now
v1.61.0
Minor Changes
-
9467f47: feat(#389): imperative advisory-host stage protocol + honest JetBrains tiering
The JetBrains Claude Agent incident (framework followed, but stages unenforced and
the ledger empty of planning/specification artifacts) exposed that on advisory hosts
paqad had zero enforcement and relied on the model voluntarily self-recording. The
bootstrap only said "narrate every stage and the verdict yourself" — too weak. The
advisory-host section now imperatively requires running the host-independent CLI for
a feature-development change:paqad-ai stage start/end,paqad-ai plan compile, and
paqad-ai spec freeze, in order, so the stage-evidence ledger carries real planning +
specification artifacts even where no lifecycle hook fires.The verification-enforcement doc now documents the three JetBrains products honestly:
Claude Agent / AI Assistant readsCLAUDE.md-equivalent guidance but fires no
Claude Code hooks (advisory — the incident's host), the Claude Code [Beta] plugin
runs the realclaudeCLI so paqad's hooks fire (full, hook-enforced — the supported
enforcement path), and Junie is advisory. Theaiassistantadapter (already
correctlyhooks:false) is now listed in the per-adapter coverage matrix, and a
reproducible manual advisory-host protocol is documented. No host-detection change and
no overclaim of enforcement paqad does not have on the host. -
9467f47: fix(#390): gate feature-evidence bundle creation + report render to the feature-development route
Feature-evidence artifacts — the
feature-evidence/change-<ULID>/bundle,
stage-evidence.jsonl,report.html,receipt.json,ai-bom.json,rag.jsonl,
and_session/<id>.json— were created for every workflow, not only
feature-development. Aroot-cause-analysis(or any non-feature) session that emitted
paqad:stagemarkers and reached Stop still minted achange-<ULID>bundle and a
report.html, because both the marker-driven auto-open and the report/receipt render
gated only on "is a feature pointer active?" (currentFeature() != null), never on the
routed workflow.Both seams now consult the persisted route via
isFeatureDevelopmentRoute(a new
routeIsAffirmativelyNonFeaturehelper), not the working-tree diff:parseAndRecordMarkersrecords nothing when the route is affirmatively
non-feature-development, so no bundle or_sessioncontrol is minted.- The per-feature receipt/AI-BOM projection and
renderActiveFeatureReportin
run-repository-verification.tswrite nothing when the route is affirmatively
non-feature-development, even if a pointer leaks through.
Cross-provider safe by design: suppression fires only on a route we can prove
is non-feature. The route seam runs only in Claude's UserPromptSubmit hook, so
Codex/Gemini sessions — which record markers through the same recorder but never write
route state — have no route state; an absent route is treated as "unknown" and
preserves today's recording behaviour rather than silently killing all cross-provider
feature-evidence. Feature-development behaviour is unchanged. -
9467f47: feat(#388): stop auto-opening report.html in the browser and remove the
feature_report_auto_openconfig optionThe per-feature
report.htmlno longer opens in the OS browser. The auto-open-on-completion
path (fired by the completion hook) and the manualpaqad-ai feature report --openpath are
both removed, and the sandbox-aware opener (report-open.ts) is deleted — no code path opens a
browser anymore.Removed config key:
feature_report_auto_openis gone from the config registry, resolver,
serializer, listing, the project-profile type and JSON schema, the onboarding default seed, and
the generated config templates. On the next onboard/update the config-split reconcile (#227)
prunes the key from team/local.config.*files, so existing projects stop opening the browser
without manual edits — every still-valid value is preserved.Report generation is unchanged: the
feature_reportflag (default on) and
renderActiveFeatureReportstill writereport.htmlinto the feature bundle exactly as before.
Patch Changes
-
9467f47: fix(#387): reject sequential decision ids at write, migrate legacy fixtures
Decision packets could still be minted with sequential
D-{number}ids when an
agent bypassed the sanctioned writer and hand-authored the JSON, seeded by legacy
D-1/D-2/D-3example packets. The creation paths now funnel through a single
canonicalD-<ULID>guard —DecisionStore.writePendingrejects a caller-supplied
non-ULID id, andcreatePendingDecisionalready mints one — while read, validate,
and list stay tolerant of legacy ids so pre-existing packets keep working. Onboard
and update now best-effort migrate any.paqad/decisions/{pending,resolved}/D-{N}.json
to a minted ULID id (updating the in-file id and index reference, idempotent on
already-ULID packets), the repo's own legacy fixtures are migrated, and the bootstrap
now states imperatively that packets are created only via thedecisionskill,
never by hand — including on advisory hosts with no Decision-Pause hook. -
9467f47: Close two CodeQL high-severity findings surfaced on the evidence/decision paths:
- Resource exhaustion (
js/resource-exhaustion-from-deep-object-traversal) —SchemaValidatorno longer sets ajvallErrors: true, so validation short-circuits at the first error instead of traversing an entire (potentially deeply nested, caller-influenced) object to collect every error.verboseis retained so error output still carries the offending value; results now report the first failure rather than all of them. - File-system race (
js/file-system-race) — the legacy decision-id migration'sremapIndexdropped itsexistsSynccheck-then-writeFileSyncsequence, which was a time-of-check/time-of-use race. It now relies on the existingtry/catch(a missing index throwsENOENT, treated as "nothing to remap"), with identical behaviour and no race window.
- Resource exhaustion (
-
9467f47: fix(#386): batch onboarding's git check-ignore to a single call
Repository discovery spawned two synchronous
git check-ignoresubprocesses per
visited directory, so onboarding stalled for seconds before the provider prompt on
large repositories. It now walks the tree once into memory and resolves all
git-ignored paths with a single batchedgit check-ignorecall, cutting spawns
from O(directories) to O(1) with identical detection output.
v1.60.2
v1.60.1
Patch Changes
-
54d949b: fix(#380): stage-integrity fixes from the 1.59.0 #356 dogfood RCA
Two deterministic stage-evidence defects surfaced by the #380 RCA are fixed:
- Orphan feature bundle ("bug #5"). The SessionStart hook now aligns the
machine-local ledger-session cache to the live host session id. Previously the
single-slot cache could still hold a prior session's id at the start of a new
session, so a shellpaqad-ai stage start --titleinvoked before the first edit
minted its feature bundle under a stale session while the PreToolUse gate keyed on
the true host session — orphaning the bundle and blocking the first edit. This
extends the bug #5 mitigation from finalization to bundle minting. documentation_syncleft start-only.recordMarkedStagenow forward-closes any
earlier still-open stage before opening a marked (non-mutation) stage, symmetric with
the live edit writer. Previously the last mutation stage (e.g.documentation_sync)
had no later mutation edit to close it, so a following markedreviewstage opened
without closing it and the change was left with a dangling open stage.
- Orphan feature bundle ("bug #5"). The SessionStart hook now aligns the
v1.60.0
Minor Changes
- 2b2ee2c: Planning now sees the codebase: on the feature-development route, the background context
worker composes a token-capped## Existing surfacesection into the session-context
artifact. It lists the exported symbols that already exist for the files/modules the prompt
and working set implicate — as signature cards (name(signature) — file:line · called from N places · module) ranked by the repo-map's structural importance (PageRank) — so the model
reuses what exists instead of rewriting it. Signatures and caller counts come from the
code-knowledge index when present, falling back to name-only cards otherwise. The section is
budget-capped (configexisting_surface_tokens, default 1000) with an honest truncation
line, appears only for feature-development (every other route stays token-neutral), and rides
the existing artifact so Codex/Gemini/advisory hosts get it through the same file. This gives
the built-but-unconsumed repo-map its first live consumer.
v1.59.0
Minor Changes
-
deb1cb9: Make the end-of-change verdict visible, honest, and enforced (#368). The completion backstop now surfaces the one end-of-change receipt to the developer whether the verdict passes, fails, or is inconclusive — a failing "Needs your attention" verdict can no longer be hidden on stderr while a PR ships. A hard-failing feature-development change now blocks the turn at the Stop seam via the documented
decision:blockchannel (exit 2 is a no-op there), bounded by the stop-hook loop guard. A feature-development change with no realpaqad-ai checks runreport reads as Inconclusive and shows itschecksstage as unverified rather than done. Thechecks.block_on_failureescalation stays script-enforced;review_findings/stale_docsare documented as agent-raised and Decision-Pause-enforced rather than falsely claiming script enforcement. The cross-provider verdict tiering (hook-surfaced on Claude, agent-narrated on Codex/Gemini/advisory) is documented so the promise is truthful per host.Also (AC-D2, from the second reproduction on the #355 session): the evidence receipt's
verification_resultis now three-way —FAILEDonly on a genuine failure,INCONCLUSIVEwhen a measure could not run (ablockedratchet from unwired/absent tooling) or could not be judged, andPASSEDwhen every row passed. A couldn't-verify is no longer reported as a failure, so an unwired quality-ratchet measure can no longer manufacture a falseFAILEDon the attestation.
v1.58.0
Minor Changes
-
ee46d89: New routed workflow #10 codebase-health (backed by health-retest): a project health check-up on demand, at the same tier as pentest and design-test. Say "check my project's health" and paqad scans for six kinds of junk — dead code, unused packages, outdated or risky packages, leaked secrets, stale docs, and copy-paste AI slop — and lands every finding in one report with proof (real tool output, never an AI opinion), a plain-words reason it matters, and what to do about it.
Detection is a single deterministic verb,
paqad-ai health run, that costs zero model tokens: it reuses the code-knowledge index (dead code, unused deps), the 9-ecosystem dependency inventory, OSV/native-audit vulnerability data, registry deprecation metadata, and the chunk-similarity index, shelling out toosv-scanner,gitleaks,jscpd, andknipwhen they are on PATH and degrading gracefully (labelled fallbacks orblocked_checks) when they are not. Findings carry stable content-addressedHL-ids, split honestly into a "Proven" section (deterministic) and a "Needs judgment" section (ai-judged, confidence-scored), and never expose secret bytes — only a file:line + rule + fingerprint.Finding fingerprints use SHA-256 (a stable content-addressed dedup key, not a security primitive; secret bytes never reach it). All scanners are invoked from Node, so the workflow is cross-platform (Windows included). A baseline ratchet marks findings
new-since-baselinevspre-existingso a legacy project isn't drowned,--offlineskips the network categories, andpaqad-ai health retestre-runs the evidence and reclassifies each findingfixed | still-open | needs-manual-verificationby its stable id. The workflow is classifier-routed (health phrasings route to codebase-health; pentest phrasings still route to pentest), surfaces in the dashboard, and its run summaries flow to the SIEM export.
v1.57.0
Minor Changes
-
f76f2dd: Per-feature evidence report (issue #371): a feature's whole on-disk record — plan, frozen spec, every stage with real durations, the rules that ran, what retrieval found, the verification receipt, the AI-BOM, the commit trail, and the review — is now rendered into one self-contained, human-readable
report.htmlby a pure script (no LLM, no network), saved next to the JSON it came from and byte-for-byte identical on every provider. A normal person can read it, it prints cleanly to PDF for an auditor, it stays local and git-ignored, and it makes zero external requests.Every section communicates gracefully when its data is absent: a missing plan, an unrun retrieval, or (on a non-enterprise install) an absent verification receipt and AI-BOM each render an explicit plain-English note instead of a blank gap. The verification receipt honestly says whether its hash-chain integrity recomputes, and a failed gate is shown as plainly and prominently as a passing one.
New:
paqad-ai feature report [ref] [--out <file>] [--open] [--quiet]. The report is regenerated automatically at end-of-change (covering Claude Code, Codex, and Gemini through the one verification backstop) and after every commit/merge (covering advisory hosts through the git hooks), always best-effort so it can never disrupt the feature-development stages or the verification verdict. Two config flags:feature_report(default on) andfeature_report_auto_open(default off; sandbox-aware, skips CI/SSH/remote/headless).The page is laid out like a dashboard: a
▸ paqadheader, an at-a-glance overview of stat tiles (verdict, stages, duration, rules, retrieval, receipt, AI-BOM, delivery) with colored indicators, and a CSS-only submenu that drills into each section's detail — so the first glance is the summary and every detail is one click deeper, all still zero-JS and self-contained.
v1.56.0
Minor Changes
-
997bbc0: RAG retrieval was dark: local-model cosine scores on hybrid-fused results rarely reached the 0.75 precision floor, so every query fell back below-floor and the model never received a slice. Retrieval now uses floor-with-relief — the 0.75 floor still marks high-confidence hits, but when nothing clears it the top slices at or above a new
rag_relief_floor(default 0.35, chosen from live probe data) are delivered tagged low-confidence instead of nothing. When retrieval still finds nothing, the session-context artifact carries one honest line naming the best score instead of silently omitting the section.Also wires the previously-defined-but-never-recorded
usedRAG-evidence event: the background context worker now records what it actually delivered into the artifact (injected sections, slice/pointer counts, top score, bytes) into the per-feature.paqad/ledger/feature-evidence/<feature>/rag.jsonl, so you can see whether RAG was used — not just that retrieval ran. Adds apaqad-ai rag probe "<query>"verb that prints pre-floor top-10 fused scores for diagnosis.