Skip to content

v0.0.8

Choose a tag to compare

View all tags
@HoRi0506 HoRi0506 released this 20 May 08:38
· 18 commits to main since this release
v0.0.8
4184333

v0.0.8

0.0.8 is the source-level release candidate follow-up to the Cargo-first 0.0.7 release. This note records prepared source/package metadata, implementation evidence for the low-mini default alignment slice, review/verification routing to Verifier/Arbiter by default, LongWay runtime progress percent output on status/app-panel/progress surfaces, the deterministic latency/throughput drift guard, the app-panel fallback fix, the source-level Negative Evidence Memory slice, the Optional UI visual evidence ledger, and the bounded Oracle UI/UX audit gates. The installed CLI/runtime surfaces now report 0.0.8, updateParity is current after setup backfilled the shared config version, and source/package validation is green. The repaired release asset matrix now passes as well, so implementation validation is complete; publication/tag/upload remains a separate release operation if it has not already been done. The broader UI/UX audit stays explicitly deferred outside 0.0.8; Oracle remains read-only.

Publish Blockers Before 0.0.8

  • fix ccc setup so safe missing or stale scalar top-level ccc-config.toml version values migrate to the current package version while unsupported object/table values stay conflict-protected; this is now covered by the release-pass evidence
  • repair the current source test failures for CLI subagent text, status payload keys, delegation-plan key contracts, workspace .ccc/.gitignore mutation-guard behavior, Ghost guard semantics, and host-handle text expectations; this is now covered by the green source/package validation evidence
  • reclassify Waiting for <uuid> host progress labels as host-owned Codex output; 0.0.8 may claim callsign rendering only on CCC-controlled status/projection/check-install/app-panel/subagent text surfaces, with displayAliasContract.host_toast_alias_supported=false
  • update release-work docs so they say the installed CLI/runtime surfaces now report 0.0.8, updateParity is current after setup backfilled the shared config version, and the repaired release asset matrix now passes; keep publication/tag/upload as the remaining release operation if needed
  • rerun ccc setup, ccc check-install --json '{}', full source/package validation, and the black-box runtime matrix until the implementation validation path is complete

Planned Scope

  • record CCC-native concise output defaults as completed implementation evidence for safe status, lifecycle, fan-in, app-panel, and operator-facing surfaces using the repo-local Caveman clone only as reference material; the compact-rendering slice is internal Rust behavior and is not a separate user-facing compact-mode or external Caveman runtime dependency
  • preserve prompt-token optimization as a behavior-preserving source-level contract: compact/trimmed prompt and custom-agent surfaces keep role, routing, safety, approval, sandbox, fan-in, and release guardrail semantics while golden/proxy regressions bound or improve word-count proxies. This is source-level validation only; implementation validation is complete at source/current-runtime/release-asset matrix level, and publication/tag/upload remains a separate release operation if not already done.
  • make ccc_subagent_update Ghost policy-critical blocks atomic across the named persisted CCC state/artifact surfaces before PermissionDenied
  • keep CCC guard distinct from Ghost: guard is the deterministic control-plane policy gate, while Ghost contributes policy or sentinel evidence that can trigger or justify guard decisions without being the guard itself
  • align documented mini-role model/reasoning/fast policy with runtime defaults, setup/backfill behavior, generated custom agents, SSL metadata, planned rows, status, app-panel, and check-install surfaces; Explorer/Scout, Documenter/Scribe, Sentinel/Overseer, companion_reader/Probe, and companion_operator/SCV now default to gpt-5.4-mini with low reasoning and fast_mode = true unless an explicit per-task override is supplied
  • require CCC version updates to migrate or backfill ccc-config.toml, including version, generated_defaults, role model/reasoning/fast defaults, concurrency settings, and CCC-owned hook readiness settings; the implemented 0.0.8 slice now covers the current-binary generated-default backfill path for missing managed role sections and the stale CCC-owned generated-default refresh path while preserving user-owned overrides
  • require active runtime parity before release close: after the version bump/install/setup/restart path, the installed binary, active MCP server identity, plugin cache, packaged $cap, and managed custom-agent sync must all identify the 0.0.8 build before live $cap routing behavior is treated as 0.0.8 proof
  • audit and remediate $cap and per-agent skill overload by splitting routing from task execution, bounding command/action batches, reducing duplicated prompt or skill surface, and validating against performance degradation or behavioral drift; review/verification routing now defaults to Verifier/Arbiter and the deterministic latency/throughput drift guard regression is part of the closure evidence
  • close Scout's SCV overassignment routing drift finding for the implemented behavioral slice: early git/gh/release inference now passes through a narrowness gate, so only narrow git/GitHub/release/operator command cards route to companion_operator, while broad docs/code/review/release implementation stays with Scribe/Raider/Arbiter as appropriate; user-facing status/app-panel text now shows CCC callsigns/stable IDs and assignment reasons without raw host transport labels such as explorer or worker by default
  • keep the broader UI/UX agent improvement audit for product-design / Oracle / ccc_oracle deferred outside 0.0.8, while shipping bounded audit gates backed by source evidence: Oracle remains a read-only review lane, domain-specific briefs are required, screenshots or rendered artifacts trigger visual QA evidence-path requirements or explicit absence/blocker handling, and accessibility/layout/evidence findings stay explicit while implementation and mutation remain with execution specialists. Model design limits remain acknowledged constraints rather than fatal blockers.
  • implement the Optional UI visual evidence ledger as a source-level, CCC-native memory diagnostic for Oracle/UI routes when screenshots or rendered artifacts exist. The ledger records screenshot path, viewport, bbox or region reference, before/after relation, accessibility findings, layout findings, and evidence paths. It is optional and non-blocking when no UI evidence is supplied, and it does not authorize Oracle mutation; implementation ownership stays with execution specialists.
  • keep the desired $cap / auto-enter interaction flow as a LongWay-derived concise progress-update plan: $cap and auto-entry should preserve the LongWay route, recover or replan on route drift, never bypass LongWay with host-side narration, and keep progress updates tied to the current phase/item with completed/total and percent from persisted LongWay phase/checklist/task-card truth; runtime status/app-panel/progress percent output is implemented, while host-side auto-continuation remains unclaimed unless separately validated
  • implement workspace .ccc LongWay/run storage for fresh runs: new run state is written under the enclosing working repo .ccc when cwd is inside a Git repo, or under the Codex-start cwd .ccc fallback; .ccc is created when missing, .ccc/ is added to workspace .gitignore idempotently, Unix central ~/.config/ccc/workspaces/... access is preserved as a compatibility/global alias to the same run state, stale or divergent central paths are rejected, non-Unix new-run central aliasing is explicitly unavailable, and older cwd-local, Codex-home, and central configured run stores remain lookup/status fallbacks
  • close the source-level Codex CLI 0.132 follow-up batch for codex doctor --json runtime-parity validation, Plugin CLI / marketplace metadata parity, hook-contract re-review for the 0.131/0.132 contract changes, permission/profile/effective workspace-root surfacing in ccc status and ccc check-install, and multi-agent namespace/service-tier alignment; implementation validation is complete at source/current-runtime/release-asset matrix level, with publication/tag/upload separate if needed
  • close the source-level display/UX wording slice for host/subagent waiting surfaces and command-execution wording where CCC controls the output; structured payloads still preserve raw ids for machine use, and installed/runtime parity is now current after setup backfilled shared config version
  • validate Ghost visibility and telemetry so the policy work is observable through calls, output, and status
  • keep app-panel in 0.0.8 as the retained MCP Apps render/resource surface. Codex app usage is no longer the driver, but the explicit structured content, resource URI, CLI artifact/output path, and ccc_render_app_panel MCP contract still provide parity that ccc status and ccc check-install do not replace
  • audit whether Graphify, memory, and hooks are actually used well, and keep the implementation and docs organized by module/file/directory if gaps need fixes
  • audit and, if needed, fix routing/status projection so documenter/Scribe work, Arbiter/Verifier review fan-in, Ghost/Sentinel policy evidence, and guard-required review gates are shown distinctly rather than collapsing review fan-in into Raider/code-specialist routing
  • keep restart/cache reload guidance after ccc setup when marketplace, skill, hook, or managed custom-agent surfaces change
  • keep the app-panel reproduce/monitor item closed for 0.0.8: the retained app-panel surface has focused validation coverage, and the prior broader-suite caveat is resolved as keep after the packaging mismatch fix
  • keep public status labeling honest for the guard/Ghost/review slice: Arbiter/Verifier fan-in should not be presented as Raider/code-specialist routing, and required-review artifacts should remain visible when guard gates are active
  • record the mandarange/Sneakoscope-Codex applicability review as follow-up input for proof-first hardening. The intended path is to create or refresh .ccc/clone/Sneakoscope-Codex as a reference/intake clone, record provenance, then selectively transform applicable ideas into CCC Rust-native core/runtime/check surfaces. Intake provenance and proof claims must stay aligned so the docs never imply the upstream runtime shipped, was vendored, or became a default skill. CCC should not ship or vendor the Sneakoscope runtime, add it as a default npm dependency, depend on tmux/Codex App routes, or expose it as a new default agent skill.
  • implement the first Rust-native completion-proof slice as a status/app-panel/run-finalization proof surface: ccc.completion_proof.v1 is computed from existing run/task/fan-in/review/verification truth and reports passed, blocked, failed, stale, or missing proof state with a reason while keeping active runtime parity as a separate release-close gate

Feature Modularity Audit

  • The overloaded-surface audit is closed for the documented scope. $cap stays the public router only, skills/ccc/SKILL.md is install/discovery metadata only, and the public skill no longer carries runbook or orchestration guidance.
  • The routing/batch split is closed for the documented scope. ccc_companion_operator is one approved command batch per task card, ccc_companion_reader is one read-only batch, ccc_scribe is a minimal doc-only patch lane, and ccc_sentinel is one route-decision lane.
  • Prompt and skill-surface pruning is closed for the documented scope. The public skills/cap contract no longer repeats module-policy guidance, and the per-agent manifests keep their responsibilities narrowly scoped instead of overlapping routing or execution prose.
  • Graphify, memory, and hooks usage quality is closed for the documented scope. rust/ccc-mcp/src/status_payload.rs owns the status-facing Graphify/memory/hooks evidence, rust/ccc-mcp/src/memory.rs owns memory storage and mirroring, and rust/ccc-mcp/src/lifecycle_hooks.rs owns hook policy and entry-probe behavior.
  • Implemented: the SCV overassignment drift slice now has runtime narrowness enforcement and focused assignment-quality/status regressions. rust/ccc-mcp/src/request_routing.rs filters companion-operator ownership to narrow git/GitHub/release/operator command cards, rust/ccc-mcp/src/main.rs applies the same bound to planned-row inference, and the status/app-panel surfaces use callsign-first public labels plus assignment reasons.
  • Implemented evidence: routing_and_progress_rendering_batch_stays_bounded_under_latency_guard covers the performance/latency guard slice, ccc_status_surfaces_longway_runtime_progress_percent_concisely covers LongWay progress percent on the runtime status/app-panel/progress surfaces, and host-side auto-continuation remains unclaimed.
  • Implemented: the completion-proof slice now exposes ccc.completion_proof.v1 on status and app-panel surfaces without removing the existing task-card ccc.verification_capsule.v1. Focused regressions cover passed proof, blocked/missing proof, and redaction of secret-shaped evidence or summary text.
  • Implemented: commandBudgetRouteModularity now surfaces a source-level command-budget and route-modularity check in check-install JSON/text. It bounds public $cap text, rejects hidden route-table fragments in the public skill, compares SSL role-family/mutation metadata to Rust specialist-role contracts, keeps SSL scene/action counts bounded, and fails route modularity if category ownership collapses into generic worker/captain/local paths. This is source/static validation only; implementation validation is complete at source/current-runtime/release-asset matrix level.
  • Implemented: scripts/release/verify-black-box-runtime-matrix.sh is the post-install black-box release gate for implementation validation. It validates source/package evidence, the release asset matrix with CCC_VERSION=<expected>, installed binary version, ccc setup, managed custom-agent sync, ccc check-install, CLI ccc server-identity, operator-captured active MCP ccc_server_identity JSON, plugin cache/package/packaged $cap parity, and a live ccc start task_kind=review sequence=EXECUTE_SEQUENCE smoke to Verifier/Arbiter. scripts/release/verify-release-asset-matrix.sh now accepts CCC_VERSION so the asset matrix is usable for 0.0.8. The release-close validation evidence shows this matrix passing against the real 0.0.8 install and active MCP/plugin cache; if publication has not already happened, publication/tag/upload remains separate.
  • Implemented: setup/check-install now exposes ccc.setup_migration_deltas.v1 as setupMigrationDeltas plus config visibility and text output. The source-level surface reports graph, goal, prompt-refinement, LSP, and fallback execution deltas with field-level backfilled, migrated, preserved_current, and preserved_user_override actions instead of silently normalizing those settings. Installed/runtime parity is current; publication/tag/upload remains separate if still pending.
  • Implemented: fresh LongWay/run storage now resolves to the workspace .ccc tree for repo-local visibility while preserving central ~/.config/ccc compatibility access on Unix. rust/ccc-mcp/src/run_locator.rs chooses the enclosing Git repo root or cwd fallback for new runs, creates the .ccc tree during start path setup, adds .ccc/ to the workspace .gitignore idempotently, creates Unix central workspace compatibility aliases to the same run state, rejects stale or divergent central paths with AlreadyExists, writes a non-Unix unavailable marker instead of claiming alias support, and keeps cwd-local, legacy Codex-home, and central config workspace stores in the status/lookup candidate set. Source/runtime/release-asset validation is complete; publication/tag/upload remains separate if not done.

Validation Evidence

  • Source/package metadata identifies 0.0.8: rust/ccc-mcp/Cargo.toml, Cargo.lock, .codex-plugin/plugin.json, and rust/ccc-mcp/assets/plugin/.codex-plugin/plugin.json now identify 0.0.8. The post-install/runtime/release-asset matrix has passed, and publication/tag/upload remains a separate release operation if not already done.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_config_ -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_config_backfills_missing_generated_defaults_from_current_binary_without_overwriting_user_values -- --nocapture passed on 2026-05-19; it backfilled missing current-binary generated role sections and preserved user-owned agents.explorer, runtime.host_subagent_concurrency, and runtime.lifecycle_hooks.tool_guard values while reporting generated_defaults=current, concurrency=current, and hook_settings=current
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_config_upgrades_stale_generated_defaults -- --nocapture passed on 2026-05-19; it refreshed stale CCC-owned generated role defaults to current values, including the Explorer callsign, code-specialist workflows, and Ghost sandbox mode, while keeping the generated-default version current; is_old_generated_ghost_default() now limits ghost refresh to known CCC-generated legacy ghost shapes
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_config_preserves_customized_mini_role_overrides_when_upgrading_generated_defaults -- --nocapture now also covers user-owned runtime.host_subagent_concurrency and runtime.lifecycle_hooks.tool_guard overrides surviving the same backfill slice, with install-check reporting concurrency=current and hook_settings=current
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_config_preserves_customized_ghost_override_when_upgrading_generated_defaults -- --nocapture passed on 2026-05-19 and preserved a stale-version custom agents.ghost sandbox override instead of forcing current generated defaults
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml install_check_surfaces_shared_config_version_current_and_missing -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml install_check_surfaces_shared_config_version_conflict_for_non_string_value -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml install_check_surfaces_0_0_1_config_readiness -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml sync_generated_custom_agents_ -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml companion_tool_route_ -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_start_and_orchestrate_launch_companion_reader_with_mini_profile -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_status_launch_visibility_shows_agent_for_single_worker_tasks -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_status_surfaces_concise_registry_evidence -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml subagent_update_text_line_maps_open_running_completed_and_closed_events -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ghost_signal_round_trips_through_run_state_status_and_checklist_surfaces -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml create_ccc_status_debug_text_shows_ghost_signal_once_with_review_visibility -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_subagent_update_ghost_pre_action_blocks_spawned_update_before_any_write -- --nocapture
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml install_check_surfaces_update_parity_restart_and_cache_reload_guidance -- --nocapture
  • cargo fmt --manifest-path rust/ccc-mcp/Cargo.toml -- --check
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml -p codex-cli-captain passed with 521 passed; 0 failed for the main test binary and 11 passed; 0 failed for tests/plugin_package.rs
  • routing_trace_routes_review_verification_before_operator_control
  • routing_trace_routes_review_verification_before_mutation_words
  • ccc_start_task_kind_review_routes_korean_verification_to_arbiter
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_start_task_kind_review_routes_korean_verification_to_arbiter -- --nocapture passed again on 2026-05-20 with 1 passed; 520 filtered out for the main test binary and 0 passed; 11 filtered out for package tests, confirming the current source routes Korean task_kind=review starts to Verifier/Arbiter.
  • planned_row_git_mutation_infers_companion_operator_before_docs
  • ccc_status_surfaces_longway_runtime_progress_percent_concisely
  • routing_and_progress_rendering_batch_stays_bounded_under_latency_guard
  • ccc_render_app_panel_tool_call_returns_structured_app_panel_payload
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml codex_app_panel_text_surfaces_target_root_confirmation_when_ambiguous -- --nocapture passed on 2026-05-19; it exercised create_codex_app_panel_payload and create_codex_app_panel_text for the ambiguous target-root app-panel text path and finished with 1 passed, 0 failed. No literal 0.0.7 command name was found, so this was the smallest matching focused app-panel text test currently present in main_tests.rs.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml companion_operator -- --nocapture passed on 2026-05-19 with 8 passed; it covers narrow companion-operator command cards, the broad release/docs/code/review anti-drift routing regression, and planned-row inference keeping broad release docs/code work off SCV.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml assignment_quality -- --nocapture passed on 2026-05-19 with 7 passed; it includes the broad companion_operator assignment drift regression and confirms narrow git-tag command cards still match operator_side_mutation.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml callsigns -- --nocapture passed on 2026-05-19 with 2 passed; it covers status/app-panel default text rendering CCC callsigns/stable IDs and assignment reasons without raw explorer/worker transport labels.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml completion_proof -- --nocapture passed on 2026-05-20 with 3 passed; 521 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers passed completion proof, real missing-state proof, blocked proof, status/app-panel rendering, and redaction of secret-shaped proof summaries/evidence.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ccc_status_surfaces_verification_capsule_and_delegated_ownership -- --nocapture passed on 2026-05-20 with 1 passed; 522 filtered out for the main test binary and 0 passed; 11 filtered out for package tests, confirming the existing verification capsule/status path still works with the new completion-proof surface.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml app_panel -- --nocapture passed on 2026-05-20 with 12 passed; 511 filtered out for the main test binary and 0 passed; 11 filtered out for package tests after adding completion_proof to the app-panel payload/key contract.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml command_budget -- --nocapture passed on 2026-05-20 with 3 passed; 531 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers the check-install commandBudgetRouteModularity payload/text and the hidden-routing-policy public $cap rejection.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ssl_manifest_budget_check -- --nocapture passed on 2026-05-20 with 2 passed; 532 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers SSL role-family/mutation drift against Rust specialist-role contracts.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml route_modularity_check -- --nocapture passed on 2026-05-20 with 1 passed; 532 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers generic worker route-category collapse detection.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml negative_evidence -- --nocapture passed on 2026-05-20 with 1 passed; 535 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers all five negative-evidence categories, bounded status/check-install retrieval, stale-runtime non-claiming, and the normal planning-context boundary.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml memory -- --nocapture passed on 2026-05-20 with 12 passed; 526 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers the new UI visual evidence ledger plus existing memory preview/write/status, negative-evidence, Tolaria, and prompt-boundary behavior.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml ui_visual_evidence -- --nocapture passed on 2026-05-20 with 2 passed; 536 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers populated UI visual evidence fields, missing optional evidence, bounded retrieval, status/check-install/app-panel visibility, Oracle read-only ownership, and docs/release non-overclaim. Installed/runtime parity is current; publication/tag/upload remains separate if still pending.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml product_design -- --nocapture passed on 2026-05-20 with 3 passed; 548 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers Oracle routing/read-only review requirements, domain-specific design brief task-prompt requirements, and visual QA evidence-path or absence/blocker handling when screenshots or rendered artifacts are involved.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml custom_agent_instructions_include_role_specific_icl_guidance -- --nocapture and cargo test --manifest-path rust/ccc-mcp/Cargo.toml routing_trace_keeps_design_code_mutation_on_raider_with_oracle_review_evidence -- --nocapture passed on 2026-05-20 with 1 passed; 550 filtered out each for the main test binary and 0 passed; 11 filtered out for package tests; they cover generated Oracle prompt requirements and mixed implementation/design work keeping mutation on Raider while Oracle remains review-only.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml execution_contract_registry_describes_configured_ccc_roles -- --nocapture passed on 2026-05-20 with 1 passed; 550 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers the Oracle ui_ux_review_gate, read-only/mutation-owner boundary, domain-brief fields, visual QA gate, and accessibility/layout/evidence finding requirements. Implementation validation is complete at source/current-runtime/release-asset matrix level.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml skill_ssl_manifest_parser_covers_all_managed_custom_agents -- --nocapture passed on 2026-05-20 with 1 passed; 550 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers the Oracle SSL expected inputs/outputs for domain-specific briefs, visual evidence or absence/blocker handling, visual QA evidence, and evidence paths.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml setup_migration_delta -- --nocapture passed on 2026-05-20 with 2 passed; 538 filtered out for the main test binary and 0 passed; 11 filtered out for package tests; it covers explicit setup/check-install migration delta JSON/text for graph, goal, prompt-refinement, LSP, and fallback execution settings, including migrated/backfilled fields and preserved user-owned overrides.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml prompt_token_optimization_contracts_preserve_semantic_anchors_and_bounds -- --nocapture passed on 2026-05-20 with 1 passed; 540 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. It pins prompt-token optimization semantic anchors for role, routing, safety, approval, sandbox, fan-in, and release guardrails across compact task prompts, Ghost developer instructions, companion-operator release/approval guidance, and review routing summaries while bounding word-count proxies. Existing golden/proxy tests also pin the 174-word explorer task prompt, the 104-word Ghost watchdog instructions, and current-vs-legacy proxy-count improvements for custom-agent, task-execution, routing, and operator-runtime prompt surfaces.
  • bash -n scripts/release/verify-black-box-runtime-matrix.sh, bash -n scripts/release/verify-release-asset-matrix.sh, and scripts/release/verify-black-box-runtime-matrix.sh --help passed on 2026-05-20. The script is the post-install gate for black-box release validation, and the attached session evidence now shows the 0.0.8 install/setup/restart or cache-reload slice completed across installed ccc --version, target/debug/ccc --version where present, and active MCP ccc_server_identity.
  • cargo fmt --manifest-path rust/ccc-mcp/Cargo.toml ran successfully for the workspace .ccc storage slice.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml workspace_ccc -- --nocapture passed on 2026-05-20 with 4 passed; 542 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. It covers workspace .ccc creation, .gitignore insertion/idempotence, permission fallback remaining workspace-local, a real ccc_start LongWay write under repo .ccc, Unix central ~/.config/ccc/workspaces/.../runs/<run-id> compatibility access resolving to the same run state, and rejection of a pre-existing conflicting central run path.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml run_locator -- --nocapture passed on 2026-05-20 with 3 passed; 542 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. It covers repo-root storage resolution from nested cwd, legacy cwd-local .ccc run lookup, and existing central/global run-id fallback compatibility.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml codex_132 -- --nocapture passed on 2026-05-20 with 2 passed; 553 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. It covers the Plugin CLI parity parser, the 0.131/0.132 hook-contract review metadata, and the multi-agent namespace/service-tier runtime contract.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml permission_profile -- --nocapture passed on 2026-05-20 with 1 passed; 554 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. It covers permission/profile/effective workspace-root payload fields used by ccc status and ccc check-install.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml plugin_cli_parity -- --nocapture passed on 2026-05-20 with 1 passed; 554 filtered out for the main test binary and 0 passed; 11 filtered out for package tests.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml hook_schema -- --nocapture passed on 2026-05-20 with 5 passed; 550 filtered out for the main test binary and 0 passed; 11 filtered out for package tests.
  • cargo test --manifest-path rust/ccc-mcp/Cargo.toml check_install -- --nocapture passed on 2026-05-20 with 9 passed; 546 filtered out for the main test binary and 0 passed; 11 filtered out for package tests.
  • git diff --check passed after the workspace .ccc storage slice.
  • jq -e '.skill_id and .scheduling.role_family and (.structural.scenes|type=="array") and (.logical.actions|type=="array")' skills/ssl/*.json passed on 2026-05-20 for all ten public SSL manifests, wc -l skills/cap/SKILL.md skills/ssl/*.json recorded $cap at 69 lines and all public SSL manifests within 83 lines, and git diff --check passed.

These passes covered runtime defaults, setup/backfill, managed custom-agent generation, companion route defaults, status/app-panel projection, lifecycle text rendering, current-binary missing-role backfill, guarded stale CCC-owned generated-default refresh, real old high/medium mini-role backfill, explicit mini-role override preservation, user-owned role/concurrency/hook override preservation reporting, custom ghost sandbox override preservation, non-string shared-config version conflict handling, SCV narrowness routing, broad companion-operator assignment drift detection, callsign-first status/app-panel labels, and source-level command-budget/route-modularity checks.

The broader app-panel-inclusive validation was rerun as cargo test --manifest-path rust/ccc-mcp/Cargo.toml on 2026-05-19. It first failed after 504 passed; 9 failed, with the same failure set recorded in the checklist: install_check::tests::optional_missing_config_surfaces_do_not_block_current_readiness, tests::ccc_orchestrate_collapses_completed_fan_in_and_reopens_captain_advance, tests::ccc_orchestrate_consumes_queued_reassign_follow_up, tests::ccc_orchestrate_dispatches_codex_exec_after_stalled_host_subagent, tests::ccc_orchestrate_marks_turn_failed_worker_as_failed, tests::ccc_start_persists_internal_prompt_refinement_as_disabled_and_status_surfaces_it, tests::ccc_start_persists_planned_longway_rows_without_materializing_task_cards, tests::ccc_status_compact_payload_keeps_subagent_contract_and_command_templates_stable, and tests::ensure_ccc_config_file_keeps_internal_defaults_out_of_minimal_config. After the packaging fixes and SCV routing/display regressions, the same crate run completed with 516 passed; 0 failed for the main test binary and 11 passed; 0 failed for tests/plugin_package.rs, so the app-panel decision is resolved as keep.

After the packaged SSL manifests and packaged $cap skill asset were aligned with the public skills/ssl/*.json and skills/cap/SKILL.md sources, the same crate test was rerun and completed with 521 passed; 0 failed for the main binary and 11 passed; 0 failed for package tests. The focused packaging tests crates_io_packaged_ssl_manifest_assets_match_public_manifests and crates_io_packaged_cap_skill_asset_matches_public_skill also passed, so the packaging mismatches are closed for this turn.

They also covered the Ghost visibility/telemetry evidence slice: ghost_signal now round-trips through run_state, status, and checklist/app-panel surfaces; the debug status text emits the Ghost signal once alongside review visibility; and the Ghost subagent-update policy-critical path is covered by focused test/fixture evidence as a blocked pre-action guard before writes. git diff --cached --check passed for this evidence slice.

The 2026-05-20 verification pass also found and fixed a parallel test environment race: ccc_start_persists_internal_prompt_refinement_as_disabled_and_status_surfaces_it, ccc_start_persists_planned_longway_rows_without_materializing_task_cards, ccc_orchestrate_marks_turn_failed_worker_as_failed, and ccc_run_persists_planned_longway_rows_through_initial_checkpoint could read a temporary XDG_CONFIG_HOME from another fixture and fail with No such file or directory (os error 2) only during parallel full-suite execution. Those tests now hold the shared env lock while creating session/config-sensitive run state. Focused retests passed, and the full crate run completed with 521 passed; 0 failed plus 11 passed; 0 failed for package tests after the fix.

The app-panel follow-up slice now has its targeted text validation re-run and recorded. The broader app-panel reproduce/monitor item is closed for the current turn because the full suite passed after the SSL packaging fix, and the keep/remove/deprecate decision is resolved as keep.

The restart/cache-reload operator guidance slice is now covered as well: rust/ccc-mcp/src/install_check_text.rs renders the updateParity.restart_guidance.summary line that tells operators to restart Codex CLI or reload the plugin cache after ccc setup when marketplace, skill, hook, or managed custom-agent visibility changes need to become visible.

Sneakoscope-Codex Applicability

The 2026-05-20 review of mandarange/Sneakoscope-Codex found proof-first ideas that fit CCC, but the adoption path is selective. CCC should create or refresh .ccc/clone/Sneakoscope-Codex as a local reference/intake clone, record upstream provenance, audit the relevant files, and then port only selected concepts into CCC-owned Rust-native implementation surfaces.

This is not runtime adoption. CCC should not ship or vendor the Sneakoscope runtime, add it as a default npm dependency, depend on npm/tmux/Codex App execution, or make it a default agent skill.

Adopt as follow-up backlog:

  • CCC Completion Proof Capsule: a Rust-native finalization capsule linking run id, task cards, fan-in summaries, validation commands, changed paths, evidence paths, Arbiter outcome, active runtime parity, and unresolved blockers before a completed run is called verified.
    • Current CCC status: the repository now surfaces ccc.completion_proof.v1 as a source-level run-finalization proof on status and app-panel projections, alongside the existing task-card ccc.verification_capsule.v1. Implementation validation is complete at source/current-runtime/release-asset matrix level; publication/tag/upload remains separate if the release has not already been published.
  • Black-box install/runtime matrix: scripts/release/verify-black-box-runtime-matrix.sh now implements the post-install matrix for source tests, release assets, installed binary version, setup, active MCP ccc_server_identity capture, plugin cache/package/packaged $cap, managed custom-agent sync, check-install parity, and a live review-routing smoke after installing the new version. The release-close validation evidence shows this matrix passing against the real 0.0.8 install and active MCP/plugin cache; if publication has not already happened, publication/tag/upload remains separate.
  • Negative Evidence Memory: the Rust memory store now records validated negative_evidence entries for repeated wrong claims, stale runtime proof, failed validation, routing drift, and missing evidence. The bounded ccc.negative_evidence_memory.v1 ledger is retrievable from ccc memory action=status, ccc status under memory.negative_evidence, and ccc check-install under memoryReadiness.negative_evidence. It is diagnostic-only (ordinary_prompt_injection=false) and explicitly does not claim active runtime parity (active_runtime_parity_claimed=false), so it stays as evidence storage rather than a runtime-proof claim.
  • Hook/schema compatibility gate: the Rust source now validates generated CCC lifecycle hook command outputs against focused current Codex runtime semantics for UserPromptSubmit, PreToolUse, PostToolUse, SessionStart, and Stop; this is not a full JSON Schema validator. The gate rejects current unsupported PreToolUse/PostToolUse fields and decisions, requires non-empty reasons for block/deny decisions, and keeps common output fields aligned with the official hook docs. ccc hook run uses the checked output path, and check-install exposes hooksReadiness.schema_compatibility, schema_scope=focused_runtime_semantics_not_full_json_schema, and event/schema names. This is source-level compatibility evidence only; installed/runtime reporting is already current above.
  • Command-budget and route-modularity checks: static checks that fail when $cap, SSL manifests, route modules, or command helpers become overloaded.
    • Current CCC status: check-install now exposes commandBudgetRouteModularity as a source-level static check over public/package $cap, SSL manifests, and Rust route categories. Implementation validation is complete at source/current-runtime/release-asset matrix level.
  • Optional UI visual evidence ledger: the Rust memory surface now accepts bounded ui_visual_evidence entries and exposes ccc.ui_visual_evidence_ledger.v1 through memory status, CCC status, and check-install. It records screenshot path, viewport, bbox/region reference, before/after relation, accessibility/layout findings, and evidence paths for Oracle/UI work when artifacts exist; it stays optional, diagnostic-only, non-blocking for non-UI routes, and explicit that Oracle is read-only while implementation belongs to execution specialists.
  • Coding comment discipline skill: the package now includes skills/coding-comment-discipline/SKILL.md and rust/ccc-mcp/assets/plugin/skills/coding-comment-discipline/SKILL.md. Code-specialist/coding work receives an attached_skill_contracts entry plus generated Raider/Marauder and task-execution prompt references requiring user-language comments, short/easy comments, cumulative top-of-file who/when/what work logs, and modularization before files grow hard to maintain. Read-only exploration, verification-only review, and docs-only work do not receive the comment-policy prompt text.
    • Validation: cargo test --manifest-path rust/ccc-mcp/Cargo.toml coding_comment_discipline -- --nocapture, comment_contract, comment_skill, and custom_agent_instructions_include_role_specific_icl_guidance each passed on 2026-05-20 with 1 passed; 548 filtered out for the main test binary and 0 passed; 11 filtered out for package tests. cargo test --manifest-path rust/ccc-mcp/Cargo.toml cargo_packaged_asset_list_matches_runtime_lookup_contract -- --nocapture passed with 1 passed; 10 filtered out for tests/plugin_package.rs, packaged_plugin passed with 2 passed; 547 filtered out, sync_generated_custom_agents_writes_managed_files_and_preserves_unrelated passed with 1 passed; 548 filtered out, and bash -n passed for both release asset scripts.
  • Boundary: this is source/package-level evidence. The remaining release operation is publication/tag/upload, not implementation validation.

Delivery-surface decision: these should be CCC Rust-native core/runtime/check-install/status/release-check mechanisms first, transformed from reference-clone intake rather than imported from the upstream runtime. Agents should not need a new default skill to use them; they should contribute through existing fan-in fields such as summary, status, evidence_paths, next_action, open_questions, and confidence. A future optional ccc proof show|validate command may expose proof capsules to operators, and a dedicated wrongness-curation skill can be reconsidered only if manual curation becomes a real workflow.

Active Runtime Parity Gate

The source/package metadata identifies 0.0.8, the source-level 0.0.8 routing regression for Korean review requests passes, and the installed CLI/runtime surfaces now report 0.0.8. target/debug/ccc check-install --json '{}' reports updateParity.status = "current" with current package, plugin cache, marketplace, cap skill, and managed custom-agent parity, while target/debug/ccc server-identity reports 0.0.8. The post-install/runtime/release-asset matrix has passed, so source/current-runtime/release-asset validation is complete. If the release has not already been published, the remaining step is publication/tag/upload.

Release close included the post-install runtime parity smoke: bump/package/install 0.0.8, run ccc setup, fully restart Codex CLI or reload the plugin cache, capture active ccc_server_identity JSON with a top-level captured_at timestamp, and run CCC_ACTIVE_SERVER_IDENTITY_JSON=<captured-json> scripts/release/verify-black-box-runtime-matrix.sh 0.0.8. That script passed through source/package checks, check-install/server identity/plugin cache/package/packaged $cap/managed-agent parity, and a live ccc start task_kind=review sequence=EXECUTE_SEQUENCE check that persists assigned_role = "verifier" and assigned_agent_id = "arbiter". If the release has not already been published, the remaining step is publication/tag/upload.

In the attached 2026-05-20 MCP session, the preflight black-box matrix passed with CCC_RUN_SOURCE_TESTS=0 CCC_RUN_RELEASE_ASSET_MATRIX=0 and an active-server-identity JSON capture, and the later asset-backed matrix passed as well. If the release has not already been published, the remaining step is publication/tag/upload.

Carry-Forward Constraints

  • cargo install codex-cli-captain remains binary-only
  • ccc setup remains the CCC registration and config refresh step
  • $cap remains the public skill name; ccc:cap remains host/plugin namespace rendering
  • UserPromptSubmit hook enablement remains opt-in and scoped to the CCC-owned hook state key
  • CCC-native compact rendering stays internal and natural during agent/skill usage; it is not a separate user-facing mode or a user-configurable compact setting
  • release notes must not claim the runtime fixes shipped until implementation and validation evidence is recorded
  • release close records the live $cap routing check as part of the completed post-install/runtime/release-asset matrix; future releases should still verify active MCP server identity and plugin cache after setup and restart/cache reload
  • compact output must preserve full persisted run/task truth and expose full JSON through compact:false or existing full/debug modes
  • Sneakoscope-Codex-inspired proof hardening remains follow-up scope until CCC has concrete implementation and validation evidence; no release note should imply those proof surfaces already exist, and no implementation should treat the upstream reference clone as a shipped runtime, vendored dependency, default npm dependency, or default agent skill.
  • the stale CCC-owned generated-default migration slice is now covered by the focused setup tests above, and this note records the exact fixture-based evidence rather than claiming any live runtime probe; the custom ghost override regression is part of that fixture evidence

Validation

Focused compact-rendering, Ghost atomicity, role/default alignment, setup/config migration, app-panel, SCV narrowness, assignment-quality, callsign display, Graphify/memory/hooks review, LongWay progress percent output, review/verification routing defaults, and bounded latency guard evidence is recorded above. $cap / auto-enter host-side auto-continuation remains unclaimed, but the runtime progress surfaces are implemented and covered by focused tests.

Assets 7
Loading