Skip to content

Releases: aligned-team/cospec

v0.5.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 23:47
Immutable release. Only release title and notes can be modified.
4818e30

v0.5.0: Full opsx workflow parity

This release closes cospec's workflow-parity gap with OpenSpec 1.5.0's opsx command set: five new generated agent workflows — including the /cospec:verify command a user reported missing — are now rendered across every supported harness, each adapted to cospec's typed, gated model. It also documents a mise install gotcha that made fresh releases look "not found".

Added

  • Full opsx 1.5.0 workflow parity (#23 by @replygirl) — prompted by a report that /cospec:verify was missing from the generated harnesses, this audits the whole opsx 1.5.0 workflow set and brings cospec's generated commands and skills to parity. Each is generated for the Claude, Codex, and OpenCode harnesses (as slash commands and/or skills):

    workflow what it does
    /cospec:new scaffolds a change and shows its typed artifact plan, then stops before authoring
    /cospec:ff fast-forwards an already-scaffolded change through every remaining artifact and validates
    /cospec:verify dress-rehearses a change: cospec validate --strict, walks the verification ledger, and names the two hard archive gates (archive/verification-incomplete, archive/scenario-preservation) — no --force escape hatch
    /cospec:bulk-archive archives a batch of completed changes in dependency order, one gated cospec archive call at a time
    /cospec:onboard walks a first-time user through one real change end to end via the real CLI path

    Every rendered workflow body — new and existing — is scanned to confirm it contains no bare openspec invocation and no manual mv/mkdir of an openspec/changes/ entry: all change-lifecycle operations route through cospec subcommands. opsx's sync workflow is intentionally not a new command (it maps 1:1 onto the existing sync-specs skill), and opsx's update path and feedback loop are deliberately out of scope pending a proper design pass.

Documentation

  • mise release-age cooldown note (#22 by @replygirl) — investigation of a reported @aligned-team/cospec@0.5 not found install failure traced the issue entirely to the mise client, not cospec's release pipeline: mise's github backend applies a default minimum_release_age cooldown that hides just-shipped releases from "latest"/fuzzy resolution, and a partial pin like @0.5 never matches cospec's exact 3-part tags. Every documented mise use github:aligned-team/cospec snippet now carries a note explaining the cooldown and recommending an exact-version pin (e.g. @0.5.0) when testing a fresh release.

Full Changelog: v0.4.0...v0.5.0

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:01
Immutable release. Only release title and notes can be modified.
7cee9ba

v0.4.0: Full OpenSpec parity, no more bare openspec

This release closes the OpenSpec command-parity gap: every everyday OpenSpec operation now has a first-class cospec command, so you never have to drop out to bare openspec. It also ships a public documentation site (cospec.aligned.team) and hardens the release pipeline.

Added

  • Full OpenSpec command coverage (#19 by @replygirl) — cospec now wraps every OpenSpec surface it previously left native, reversing v0.3.0's "store management stays native" split that forced manual openspec calls and a two-step store setup. New commands:

    command what it does
    cospec store <sub> manage stores: setup/register (auto-init) / unregister / remove / ls / doctor
    cospec context a store's cross-repo working-set brief (--json, --code-workspace)
    cospec workset <sub> personal cross-repo working views: create / list / remove / open
    cospec show <item> read a change or spec as markdown or JSON
    cospec view the OpenSpec dashboard
    cospec schemas / cospec schema which|validate|fork|init inspect and fork resolvable schemas
    cospec templates list per-artifact template paths

    Store setup is now one command — cospec store setup <id> --path <p> registers the root and stamps it with cospec's typed schemas (cospec init <root> --harness none), eliminating the old manual second step (opt out with --no-cospec-init):

    cospec store setup platform --path ./platform-store   # register + auto-init

    validate now accepts --all/--changes/--specs, list --specs lists living specs, and cospec doctor folds in OpenSpec's own root-relationship, reference, and store-health diagnostics (read-only, never repair) when the operating root is store-backed or declares references:. Every new read-only/personal command is a disciplined passthrough — a version-asserted spawn, an exit-code allow-list, a stdout deny-list, and a guaranteed single JSON document on --json — while mutating store subcommands verify their own disk/registry post-condition rather than trusting the wrapped exit code.

  • Legacy (forked) schema changes (#19 by @replygirl) — cospec new <legacy-schema> <slug> runs a change against a project-local schema created by cospec schema fork/init, riding the legacy lane through validate/apply/archive while keeping cospec's schema-agnostic hard gates (tasks, scenario preservation, filesystem move, blocker fan-out) and delegating structural checks to OpenSpec. It prints a reduced-guarantees note and stamps no schemaVersion. schema fork/init refuse (exit 1, before spawning the binary) any destination name that collides with one of the 11 canon cospec types, so a fork can never overwrite a canon schema.yaml.

  • Public docs site (cospec.aligned.team) (#17 by @replygirl) — a VitePress documentation site under apps/docs with guides (installation, workflow, harness setup), concept pages (relation to OpenSpec, types & artifacts, apply & archive, verification, blocking changes), and full reference (commands, configuration, validation rules), plus generated llms.txt/llms-full.txt. The site builds and deploys per release, so it always matches the released CLI.

Fixed

  • Managed files stamped with the correct version on release (#18 by @replygirl) — managed files that embed the cospec version (generatedBy: cospec@X.Y.Z) under .claude/, .codex/, .opencode/, and openspec/.cospec-manifest.json are now regenerated inside the version-bump commit, rather than trailing a release by one version until a separate restamp. Also caught and corrected 31 files that had drifted since v0.3.0.

  • Release bump survives large lockfiles (#21 by @replygirl) — the release bump commit step was passing its GraphQL payload (embedding base64-encoded bun.lock) through jq's argv, which failed with Argument list too long as the lockfile grew. The payload is now aggregated and submitted entirely through temp files, so it no longer depends on ARG_MAX.

Full Changelog: v0.3.0...v0.4.0

v0.3.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 03:55
Immutable release. Only release title and notes can be modified.
99197c4

v0.3.0: Store-aware change lifecycle

This release makes cospec store-aware: a new --store <id> global flag runs the entire typed change lifecycle against a registered OpenSpec store — a standalone, shared planning repo for cross-repo work — instead of the local repo. Nothing about the workflow changes; only the operating root does. With no flag and no config pointer, behavior is byte-identical to before.

Added

  • --store <id>: the change lifecycle, over a store (#16 by @thoughtpunch) — OpenSpec 1.5.0 ships stores (registered planning repos several code repos can plan against), but cospec was single-tree: every command keyed on the invocation cwd and assumed openspec/ lived beneath it, so a cross-repo epic authored in a store lost cospec's typed schemas, the apply gate, the verified archive, and the blocking-changes ledger. Now new, validate, apply, archive, status, list, instructions, sync-blockers, and migrate all honor --store:

    cospec new feat cross-repo-epic --store platform
    cospec validate cross-repo-epic --store platform --strict
    cospec apply cross-repo-epic --store platform      # the gate, over the store
    cospec archive cross-repo-epic --store platform    # verified move, in the store

    A code repo can point at a store by default instead of passing --store on every call, via its own openspec/config.yaml:

    schema: feat
    store: platform # cospec + openspec resolve commands against this store
    references:
      - platform    # read-only upstream context surfaced in instructions

    Resolution mirrors OpenSpec's own precedence — explicit --store flag, else a store: config pointer, else the local repo — with the store path resolved from the machine registry via openspec store ls --json. A references: list is read-only context and never a root override. An unregistered --store id fails loudly (naming the registered stores) rather than silently falling back to local, so a typo can never write a change to the wrong place.

    Store management stays native — openspec store setup|register|ls, context, and workset are local/read-only and carry no cospec gate. To give a store cospec's typed schemas, run cospec init <store-path> --harness none. Full details in docs/stores.md.

New Contributors

Full Changelog: v0.2.1...v0.3.0

v0.2.1

Choose a tag to compare

@github-actions github-actions released this 08 Jul 08:16
Immutable release. Only release title and notes can be modified.
d4f89f2

v0.2.1: Doctor trusts the embedded OpenSpec

A small follow-up to v0.2.0 that finishes teaching cospec about its own embedded OpenSpec bundle: cospec doctor no longer reports a healthy standalone install as broken.

Fixed

  • cospec doctor false failure on standalone installs (#15 by @replygirl) — v0.2.0 gave every wrapped command an embedded-OpenSpec fallback, but doctor never learned it: checkOpenspecVersion resolved @fission-ai/openspec only from the project's node_modules. On a runtime-free mise/GitHub-release install (no project install), that produced a false openspec-resolve ERROR ("run bun install") and a non-zero exit, even though every wrapped command worked via the embedded bundle. Spawns and diagnostics now share one resolveOpenspec() path so they can't drift, and doctor reports the embedded pin as INFO while staying read-only (it reads the compile-time pin and extracts nothing):

    INFO openspec-resolve: no project @fission-ai/openspec; wrapped calls use the embedded pinned 1.5.0
    

    Project-copy diagnostics are unchanged — an in-range copy produces no finding, and an out-of-range copy still raises the existing openspec-version ERROR. The now-obsolete doctor caveat was also removed from both READMEs.

Changed

  • npm trusted publishing with provenance (#14 by @replygirl) — the release pipeline now publishes all packages via npm trusted publishing (OIDC) with --provenance, so published artifacts carry verifiable build provenance attestations.

Full Changelog: v0.2.0...v0.2.1

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 07 Jul 19:34
Immutable release. Only release title and notes can be modified.
1b2938b

v0.2.0: Batteries-included standalone binary

This release makes the cospec standalone binary truly self-contained: it now embeds the pinned OpenSpec CLI and runs it with its own bun runtime, so wrapped commands work with no JS runtime and no project install.

Added

  • Self-contained standalone binary (#13 by @replygirl) — previously the binary resolved @fission-ai/openspec only from your project's node_modules, so a mise-only install still needed npm i -D @fission-ai/openspec before wrapped commands (new, validate, apply, archive, …) would run. That caveat is gone. The binary now embeds the pinned OpenSpec CLI (1.5.0) as a minified single-file bundle and extracts + spawns it on demand under ${XDG_CACHE_HOME:-~/.cache}/cospec/. A fresh, runtime-free install just works:

    mise use github:aligned-team/cospec
    cospec init
    cospec new feat demo

    A project-installed @fission-ai/openspec (any >=1.0.0 <2.0.0) still takes precedence — you keep your pin override and existing dev behavior — with the embedded copy used only as a fallback. (cospec doctor still resolves OpenSpec from node_modules and needs a project install.) The bundled OpenSpec dependency closure's MIT/ISC/Apache license notices ship as a generated THIRD-PARTY-LICENSES.md alongside the main package, all seven platform packages, and every release archive.

Fixed

  • --json corruption on a fresh HOME (#13 by @replygirl) — OpenSpec prints its first-run telemetry notice to stdout, which corrupted every --json read for standalone users (who always start from a fresh HOME). Wrapped calls now set OPENSPEC_TELEMETRY=0.

Full Changelog: v0.1.1...v0.2.0

v0.1.1

Choose a tag to compare

@github-actions github-actions released this 07 Jul 09:00
Immutable release. Only release title and notes can be modified.
26d8488

v0.1.1: Unblock the release pipeline

A maintenance release that repairs the automated release/publish workflow after the v0.1.0 dispatch failed to publish to npm. There are no application code changes — this release exists to get cospec reliably onto npm.

Fixed

  • npm publish path classification (#11 by @replygirl) — npm publish was handed a bare relative tarball path (npm-dist/<pkg>.tgz), which npm's argument classifier treats as GitHub owner/repo shorthand, causing it to attempt an SSH git ls-remote and fail with Permission denied (publickey). Publishes now pass a ./-prefixed path, forcing the correct local-tarball interpretation.
  • Safe failure rollback (#11) — the cleanup job previously deleted the GitHub release on any failure, which in the v0.1.0 incident tore down an already-public release while a tag-protection ruleset kept the dangling tag. Rollback is now gated on npm liveness: it checks all eight packages (main + seven platform packages) and only removes the tag/release when nothing is live, otherwise leaving everything intact for a clean resume.
  • Resumable release dispatch (#11) — the version job's tag-exists guard now distinguishes a genuine conflict (tag on a different commit) from a safe resume (tag on the current bump commit with the package not yet published). The resume case proceeds and finishes the remaining publishes; the conflict case still fails.

Full Changelog: v0.1.0...v0.1.1