Skip to content

v0.1.2

Choose a tag to compare

@leodavidsec leodavidsec released this 02 Jul 12:24

Tooling + docs release. The decision engine and the WordPress gate are unchanged from v0.1.1; this release ships the reproducibility fix for the operator verify tool and re-emits the full package set so "latest" carries everything.

Changed

  • reeflex-verify — fresh agent session per run. The CLI now sends a unique Mcp-Session-Id on every run (override with --session-id to pin one). The core binds cumulative anti-fragmentation policy state to session_id (SPEC §4.1); without a fresh session, repeated runs against the same site accumulate into one per-session delete budget and eventually the gate holds even read-only actions (rule reeflex.policy/session_delete_budget) — producing false mismatches. Validated 5/5 on a live WordPress site in both the standard and must-use (mu) install forms.

Docs

  • reeflex-verify/README.md shows a real clean-run screenshot.
  • ROADMAP.md records the open policy decision on R5 scope (all-verbs vs destructive-verbs-only).

Packages

  • reeflex-gate-wordpress-standard.zip — WordPress gate, standard plugin form (Upload Plugin UI + Settings page).
  • reeflex-gate-wordpress-mu.zip — WordPress gate, must-use form (drop into wp-content/mu-plugins/, config via wp-config.php constants).
  • reeflex-verify.zip — the operator verify CLI, with the fresh-session-per-run fix.
  • reeflex-test-abilities.zip — safe test abilities to exercise the gate.