Skip to content

0.9.0 — sanitized instrumentation telemetry

Choose a tag to compare

@jason-minervit jason-minervit released this 13 Jul 00:47

[0.9.0] - 2026-07-11

Sanitized instrumentation replaces narrative session-journal publication. A
session journal narrates the adopter's product work, so it can never be proven
safe to publish; 0.9.0 disables narrative publication entirely and introduces a
closed-vocabulary instrumentation record with zero product-information capacity
as the only session evidence that can reach a remote.

Added

  • Sanitized instrumentation record and CLI (experimental):
    publish-instrumentation-record recomputes a closed-vocabulary record
    (enumerated event codes plus numbers, no repo/branch/project/path/freeform
    fields) from the local observability event log and publishes it to the
    constant tautline-telemetry-archive branch via a hardened push path — pinned
    adopter-neutral commit identity/date, whole-branch fail-closed hygiene,
    closed-set commit-object parse, byte-compare readback, branch-tip ancestry
    guard, and recompute-at-publish so a tampered preview cannot influence what
    publishes. prepare-instrumentation-record and
    validate-instrumentation-record round out the surface.
  • Additive instrumentation adapter key (experimental):
    {enabled (default false), cadence (default milestone)}. enabled alone
    permits publishing; cadence gates only boundary prompting.
    instrumentation.enabled requires observabilityEvents.enabled, and unknown
    instrumentation.* subkeys are rejected (remote metadata is a fixed constant).
  • docs/reference/instrumentation.md documenting the record shape, guarantees,
    and the explicit threat model; the generated
    methodology/instrumentation-schema.json is registered as public-contract
    surface.

Changed

  • The session-journal opt-in hint, generated-adapter guidance, goal kickoff
    prompt, and lane-start/status lines now describe the local-only reality and
    point at instrumentation for upstream contribution.

Deprecated

  • publish-session-journal and publish-pending-session-journals are deprecated
    (removal >= 1.0.0), replaced by publish-instrumentation-record.

Security

  • Narrative session-journal publication is disabled: both publish commands refuse
    for every adapter in every mode (--commit --push, bare --file,
    --allow-release-checkout-write). No new narrative content can reach any remote
    from any adapter; journals remain local-only evidence. This invokes a new
    deprecation security-exception clause allowing a stable surface confirmed to
    expose adopter data to a remote to be hard-disabled ahead of its deprecation
    window with a required migration note and named replacement.