v2.0.0 — Release Gate v2 + deterministic readiness

Release Gate v2 is complete: mq-mcp is now a deterministic release validator for the MQ stack.

Highlights

Four new deterministic Release Gate v2 checks completing the v2.0.0 scope:

• lint_type_quality — optional --lint-command; warns when not run, blocks on non-zero exit.
• contract_drift — blocks when the @mcp.tool() count in server.py diverges from docs/tool_contracts.json.
• unsafe_commands — blocks ungated shell/eval/exec in server/bridge entrypoints; ignores string-literal pattern definitions and honors # nosec on audited gated lines.
• perception_review — read-only surfacing of mq-image-analyze risk signals (never blocks).

release_gate_run and release-gate run gain a lint_command / --lint-command argument.

Verification

• 225 tests pass; scripts/release-check.sh green (version sync, generated artifacts, CI).
• 123 documented tools, all with safety classes; no contract drift.

See CHANGELOG.md for the full list.

v1.11.0 — Brain/Obsidian tools, zephyr/image/UMS integrations, learn hygiene

What's new

Brain/Obsidian tools (Class C)

• obsidian_writer module: brain_record_insight, brain_record_decision, brain_record_pattern, brain_record_question, brain_promote_learning — routes mq-mcp findings directly into the Obsidian second brain.

New integrations

• Zephyr-workbench: 4 Class B MCP tools exposed via zephyr_* routes.
• mq-image-analyze: 3 Class B MCP tools (image_ocr, image_analyze, image_diff) as first-class mq-mcp tools.
• UMS: ums_command_catalog (Class A) and ums_audit_log (Class A).
• repo-signal: repo_signal_report, repo_signal_suggest, repo_signal_positioning as structured JSON tools.

Learn layer

• mq-agent compatibility aliases: learn_status, search_learned_patterns, explain_learned_pattern.
• learn_hygiene + Release Gate v2 learn_hygiene_pass — flags duplicate, invalid, low-confidence, and unvalidated records before release.
• learn_extract_from_last_review (dry-run).
• Ollama provider scaffold: provider module, schemas, docs, fixtures.

Release gate additions

• Learn hygiene gate, repo-signal readiness gate, perception artifact gate.

Fixed

• Auto-load .env on server startup via python-dotenv.
• record_learning KeyError fix.
• Unwrap single-key wrapper dict in extract_learn_items.
• Four static analysis fixes in server.py.

mq-mcp v1.10.0 — Learning Contract Layer

What's new

Learning Contract Layer — complete

All planned v1.10.0 MCP tools are now implemented:

Class A (read-only):

• learning_status — learn layer stats by source, risk, and repo
• list_learnings, get_learning, search_learnings, summarize_learnings, promote_learning — existing read tools

Class C (controlled write):

• learn_from_review — creates a learning record from the last review findings for a file
• learn_from_diff — creates a learning record with current git diff as context
• bootstrap_learning_memory — seeds the learn layer from architecture memory ADRs; idempotent
• record_learning — existing write tool

Contracts and docs: docs/LEARNING_CONTRACT.md, docs/LEARNING_MODEL.md, schemas/learning.schema.json

Governance Roadmap (Phases 1–9) — complete

All nine governance phases shipped:

Phase	Delivered
1	Version signal sync, GitHub releases v1.6–v1.9
2	check-runtime-truth.sh — 9 automated drift checks
3	tool_registry.py — mq-mcp tools --json/--safety/--markdown/--export
4	Safety class enforcement — Class A/B/C/D contract tests
5	Five system review contracts (runtime-truth, safety-contract, release-readiness, memory-hygiene, orchestration-boundary)
6	Semantic memory policy, schema, audit command
7	docs/orchestration-boundary.md — ecosystem role division
8	Release gate v2 — 12-section release-check.sh with CI check
9	Five deterministic generated artifacts (tool-index, tool-safety, runtime-contract, release-state, profile-index)

Stats

• Tool count: 91 → 95
• Test suite: 135 tests, all passing
• ./scripts/validate.sh: green
• ./scripts/release-check.sh --dry-run: green

mq-mcp v1.9.0 — Tool quality gaps fixed

What's new

• Fixed _detect_security_patterns false positives: Python string literals are now blanked via tokenize before pattern matching.
• Added list_review_skills MCP tool (Class A) — lists available review skills with path-prefix routes, extension routes, and availability status.
• Added ADR-006: documents risk analysis tools pre-scan rationale, CRITICAL severity scope, and string-literal stripping.
• Added §8 WARN acceptance policy to docs/ORCHESTRATION_CONTRACT.md — table defining when each WARN is acceptable vs. requires action.
• Added check 7 to validate_orchestration_contract: Class C tools not in any profile and not in _INTENTIONALLY_PROFILE_FREE emit WARN.
• Fixed missing import re at module level in server.py.
• Tool count: 75 → 76.

Phase 1 (version signal sync)

• README version badge synced to 1.9.0.
• README status line updated to v1.9.0.
• docs/tool_contracts.json version synced to 1.9.0.
• .gitignore now excludes .mypy_cache/.
• All missing tools added to README: list_review_skills, risk_review_file, risk_review_diff, export_symbol_index, repo_signal_status.
• ./scripts/validate.sh passes green.

mq-mcp v1.8.0 — Complete v1.6.0 generated artifacts

What's new

• Added review_engine/generated_artifacts.py with two builders:
  • build_rich_architecture_map() — writes generated/architecture/architecture_map.json (schema architecture_map.v1): per-file role, public symbols, last review timestamp, hub score.
  • build_ownership_map() — writes generated/architecture/ownership_map.json (schema ownership_map.v1): per-file author, change frequency, last modified. Scans last 200 commits.
• Extended build_repo_context (Class C) to call both builders after the callgraph build.
• Updated docs/RUNTIME_CONTRACT.md — added Generated artifacts section under Context model.
• Tool count: 75 → 76. All v1.6.0 ROADMAP items now marked done.

mq-mcp v1.7.0 — Risk analysis layer

What's new

• Added CRITICAL severity level to the severity engine — placed above RISK; has_blocking_findings updated to include CRITICAL.
• Added reviews/contracts/risk-review.md — defines the risk review mode covering approval gate gaps, undeclared side effects, contract staleness, and cross-repo boundary drift.
• Added reviews/skills/security-review.md — file-type-aware security pattern guide injected into security and risk mode prompts.
• Added _detect_security_patterns() — grep-based pre-scan for 11 Python and 3 shell dangerous patterns. No API call.
• Added route_file_for_mode() — overrides skill selection to inject security-review.md for security and risk modes.
• Added risk_review_file MCP tool (Class A) — targeted risk pass with declared mode (security, risk, architecture).
• Added risk_review_diff MCP tool (Class A) — risk pass over all changed files in working tree or staging area.
• Tool count: 73 → 75.

mq-mcp v1.6.0 — Generated artifacts + repo-signal merge

What's new

• Activated repo-signal pack merging in the callgraph builder — reads from .repo-signal/exports/, handles callgraph.v1, symbol_index.v1, repo_summary.v1, and risk_map.v1. Hub files refreshed from merged importers.
• Added generated/ directory structure: symbols/, callgraphs/, architecture/ with .gitkeep files; JSON snapshots excluded from version control.
• Added export_symbol_index MCP tool (Class C) — writes in-memory callgraph symbol map to generated/symbols/symbol_index.json.
• Added repo_signal_status MCP tool (Class A) — reports presence, schema, and age of each .repo-signal/exports/ pack.
• Updated docs/tool_contracts.json — now covers all 73 tools.
• Tool count: 71 → 73.

mq-mcp v1.4.0 — Semantic memory layer

What's new

Semantic memory layer

semantic_memory/ — durable knowledge store separate from review history and ADRs.

5 new MCP tools:

• store_semantic_memory (Class C) — store any knowledge item with tags
• search_semantic_memory (Class A) — ranked keyword search across keys, tags, content
• get_semantic_memory (Class A) — exact-key retrieval of full content
• list_semantic_memory (Class A) — full index with previews, sorted by recency
• bootstrap_semantic_memory (Class C) — ingest README, ROADMAP, RUNTIME_CONTRACT.md, ORCHESTRATION_CONTRACT.md, TOOL_SAFETY.md; idempotent

Integration with review_file:
Semantic memory is injected at priority 0 (above ADRs at priority 1) when items match the file being reviewed.

Context priority order:

0: semantic memory  (new)
1: architecture decisions (ADRs)
2: past review findings
3: cross-file context

Stats

• Tool count: 66 → 71
• All 50 tests pass
• release-check.sh passes

mq-mcp v1.3.0 — Orchestration boundary formalization

What's new

docs/ORCHESTRATION_CONTRACT.md

Formal caller boundary contract with 7 sections:

• Invocation contract (approval gate model: A/B=auto-invoke, C/D=explicit user approval)
• Return contract (fixed severity vocabulary, output structure, freshness guarantees)
• Side effect contract (declared persistent side effects table)
• Context flow diagram (priority order: ADRs > past_context > cross_file_ctx)
• Cross-repo contracts (mq-agent, repo-signal, mq-hal, mq-image-analyze)
• Profile access model (max safety class per profile)
• 7 always-true guarantees (path boundaries, no auto-commit, no secrets, stateless)

validate_orchestration_contract (new MCP tool — Class A)

12 deterministic checks, no API key required:

1. ORCHESTRATION_CONTRACT.md exists and is fresh
   2–3. All profile recommended_tools are registered in server.py
2. Per-profile max safety class enforced
3. All write:true tools are Class C
4. All Class D tools have subprocess:true
5. Error return prefix consistency

Returns [PASS], [FAIL], [WARN] lines and a summary count.

Profile fixes

5 profiles had tools exceeding their declared max safety class — all corrected:

• claude-desktop: removed hal_repo_report (Class D); max class updated to A/B
• codex: removed validate_project (Class D)
• mq-agent: removed hal_repo_report (Class D)
• openai-bridge: removed hal_repo_report (Class D)
• repo-only: removed validate_project (Class D); max class updated to A/C

Error prefix standardisation

review_file and review_diff sub-errors now use {tool_name} failed ({qualifier}): form.

Stats

• Tool count: 65 → 66
• All 48 tests pass
• release-check.sh passes

mq-mcp v1.2.0 — Architecture Memory

What's new

Architecture memory

• architecture_memory/ — ADR-style store with four categories: decisions/, rejected/, boundaries/, philosophy/
• 8 seed entries covering the core invariants: path resolvers, no-auto-commit, safety classes, review contracts, secret handling, cognition ownership, execution vs orchestration, determinism, and context quality
• list_architecture_decisions — lists all entries with ID, status, category, and title (Class A)
• get_architecture_decision — returns full entry text by ID (Class A)
• record_architecture_decision — writes a new ADR to architecture_memory/ (Class C, does not commit)

ADR injection in reviews

Architecture decisions are now injected into every review_file call at priority 1 — the highest priority in ContextSelector, before past findings and cross-file context. The model sees the codebase invariants before it sees the file.

Coding convention extraction

• review_engine/convention_extractor.py — single model call extracts generalizable rules from review findings in CONVENTION / AREA / RATIONALE format
• extract_coding_conventions — extracts conventions from the last review of a file and persists them to architecture_memory/decisions/ with status: convention (Class C). Conventions inject into future reviews automatically

Tool count

64 → 65 tools.

Upgrade

cd mq-mcp
./scripts/upgrade.sh