pakka v0.11.0

Eight PRs since v0.10.0. Added: performance reviewer agent — fourth parallel review lens with 3 perf eval seeds (#16); claude-code OAuth A/B bench harness via claude -p with a PAKKA_DISABLED kill-switch and zero API-key dependency (#13); guard learned per-repo allowlist (.pakka/guard-allowlist.json) with override-count decay, secret categories never allowlistable (#12); semantic rewriter injection gate with strict fallback and audit on rejection (#15). Changed: guard hook matcher widened Read|Bash to Read|Write|Edit|MultiEdit|Bash — secret-write protection is now active; RECEIPTS output-tokens figure re-based to ~1,019,833 cumulative — the previously published 5,939,566 summed repo-wide snapshots and overcounted; corrected measurement, not a regression (#10). Fixed: [skip pakka] honored on AST reject paths (#8); skill-check requires directive intent, bounded ~1ms scan (#11); canonical repo_root attribution with historical backfill retag (#10); pricing entries for claude-fable-5, claude-mythos-5, claude-opus-4-8 plus dated-ID prefix fallback (#25).

pakka v0.10.0

Whole-codebase audit hardening.

Fixed: commit-gate bypass via exec-wrappers (xargs/env/sudo/...); per-Bash-command hot-path latency; missing verdicts on chained/wrapped commits; cross-session meter-file collisions (session-id truncation); recall FTS5 query crashes on operator characters; report output-tokens accounting (max repo-filtered cumulative snapshot, not triangular sum); unbounded debug.log (now rotated at 2MB).

Changed: status-line meter reads cached; $ savings labeled (est) to mark the modeled output component; marketplace README synced to the 8-hub command surface.

pakka v0.9.0

v0.9.0 ships the AST-based commit-gate built atop mvdan.cc/sh/v3 — chained shapes, env-prefixed commits, subshells, and redirects are now correctly handled. Output-token meter writes per session-end so the RECEIPTS figure no longer shrinks across releases as Claude Code rotates transcripts. New backfill-output-tokens subcommand recovers historical sessions where transcripts still exist; first cumulative figure under the new persistence model is 5,939,566 output tokens (~$59.10 saved). Release checklist updated.

pakka v0.8.1

Hotfix: commit-gate's substring fallback was quote-unaware and rejected diagnostic commands like grep/echo whose quoted arguments contained the phrase. Replaced with the quote-aware token scan already used elsewhere in the gate. Closes #3.

pakka v0.8.0

User edit preservation release.

Fixes silent data loss when a user edits a live compressed file (CLAUDE.md, DESIGN.md) then changes the compression level. Previously the orchestrator would silently overwrite those edits with re-compressed stale content.

Fix: orchestrator now records the SHA of each compression output (OutputSHA). On subsequent runs, if the live file differs from the last output SHA, user edits are detected and adopted as the new baseline before re-compressing. Snapshot write failures abort the pass rather than overwriting user edits.

All 19 orchestrator tests pass including 3 new behavioral tests.

pakka v0.7.0

Validator hardening and calibration consistency release.

12 fixes across validator, meter, recall, report, stackgate, and a new shared claudecli package:

• report: fmtInt MinInt64 guard (stack overflow on crafted input)
• validator: single-char inline code ({1,}), braced/lowercase env vars, semver pre-release suffixes, case-insensitive markers, c#/f#/.proto fence language tags, trailing punctuation stripped from path captures
• meter: estimateTokens calibrated to 3.5 bytes/token (was 4, consistent with WriteSavings)
• recall: rune-safe preview truncation (no more split UTF-8 in JSON)
• stackgate: reject quote chars — explicit unquoted-argv contract
• claudecli: new internal package centralises claude -p argv construction
• orchestrator: RunAsync returns error, fork failures logged

pakka v0.6.0

Correctness and performance hardening release.

13 fixes across compression, validator, recall, statusline, and commitgate:

• recall: non-EOF read errors no longer advance last_offset (silent index data loss fixed)
• compress: language tags preserved on code fences in non-strict modes
• compress: consecutive-only heading dedup (non-consecutive headings preserved)
• compress: inflations now metered (honest savings accounting)
• linguistic: maybe/perhaps removed from drop list (no more epistemic inversion)
• linguistic: article-a rule case-sensitive (Plan A, vitamin A preserved)
• validator: reInteger (ports/timeouts/counts), extended rePathAbs delimiters
• commitgate: session nonce in Reviewed-by-pakka trailer (forgery prevention)
• audit/meter/commitgate: shortSID sanitized to [A-Za-z0-9_-] (path traversal fixed)
• statusline: transcript cache with mtime/size invalidation (O(1) hot render)
• statusline: git rev-parse memoized within render (O(1) subprocess calls)

Identified by 4-agent adversarial review. See adversarial-review-2026-05-08.md.

pakka v0.5.3

Security hardening release.

10 fixes across guard, commitgate, and semantic validator:

• [CRITICAL] Git hook RCE via last-pass-ts arithmetic — POSIX case guard added
• [CRITICAL] Commit-gate ; bypass — unrecognized git commit shapes now blocked
• [CRITICAL] Negation/percentage validator gap — reNegation and rePercent rules added
• guard: Write/Edit/MultiEdit/NotebookEdit now routed through checkPath (was Allowed unconditionally)
• guard: isDeniedPath extended — gh CLI, kube, docker, npm, pypi, shell history, key file patterns
• guard: evalRe bypass via bash -c quoted arg fixed (bashCEvalRe)
• guard: pipeShellRe extended to dash/fish/ksh/ash/csh; downloadExecRe added
• guard: absolute system path deny for /etc/passwd, /root, /proc/self/environ, /sys/kernel
• commitgate: [skip pakka] bypass now emits stderr notice and neutral audit note
• semantic/statusline: default level aligned to super-ultra across all fallback sites

Identified by 4-agent adversarial review. See adversarial-review-2026-05-08.md in repo root.

pakka v0.5.2

Status-line fixes: bug count now aggregates across sub-repos (4→7), savings aggregation also fixed. Persistent '! 1 stale' resolved: transient rewrite errors no longer record validator failures, and ClaudeCLI timeout raised 60s→180s (measured 92s actual for 15KB super-ultra). [level] bracket now amber to match pakka label. 298 sessions · 242,664 bytes compressed · ~$64.16 saved.

pakka v0.5.1

Patch: rebuild binaries so status-line color changes from v0.5.0 (savings green, bugs red) actually appear. Binary was built before the color commit landed.