Skip to content

Releases: bjgreenberg/senior-engineering-partner

v1.5.0 — consumer-contract testing, runnable-setup-as-docs, adversarial verify

Choose a tag to compare

@bjgreenberg bjgreenberg released this 30 Jun 22:42
v1.5.0
26b13e9

1.5.0 (2026-06-30)

Dogfooding again: two PRs' worth of lessons from a real build session where a fully green test
suite still shipped a broken integration
, plus an escalation of the verification step itself.

Features

  • Consumer-side contract testing — and "test the decision, not the component it renders" (#16, aeee0e5). A new-user flow shipped broken past a green suite: the UI was coded and mocked against an assumed response (200-with-empty) while the server correctly returned 403 — a false green no unit test caught. references/testing.md now requires a consumer's mock to encode the producer's real responses (status codes and error bodies), or a thin integration test across the seam — contract drift cuts both ways. And it calls out the sibling miss: a "thin" route/handler still owns the branch decision (which state to show, how to classify an error), so that logic must be extracted and tested — "the components are tested" is not "the orchestration is tested."
  • The runnable setup is documentation too (#16, aeee0e5). A required config var that never reached the dev compose crashed docker compose up at boot, long after the test suite was green. The documentation discipline (SKILL.md) now treats every launch surface — compose files, env templates, deploy manifests, the README quickstart — as documentation that must move in lockstep when a new required var is added, and treats the quickstart as a verifiable artifact you actually run before claiming it works.
  • Adversarial multi-lens verification for high-stakes diffs (#15, bf9f7db). The "verify before done" step now escalates a Tier-2 / security- or isolation-sensitive change to several independent, refute-first lenses — then re-reviews whatever folding the findings introduced. That loop is what catches a green-but-insufficient change (passes every gate, reads as correct, yet misses its scoped goal) that a single confirmatory read sails past. A multi-lens panel on a trivial diff is review-theater — match the breadth to the stakes.

v1.4.0 — Dogfooding: file-sync repo corruption, scheduled-job catch-up, infra-doc discipline

Choose a tag to compare

@bjgreenberg bjgreenberg released this 30 Jun 02:33
v1.4.0
a3c8125

Three generalizable lessons that surfaced running the skill against a real multi-machine fleet migration:

  • dev-environment-isolation.md (new §2 subsection) + ENVIRONMENT ISOLATION floor — never host a live .git in a file-sync tree. A file-syncer (iCloud "Desktop & Documents", Dropbox, OneDrive) replicating a live repo corrupts it — concurrent .git writes, half-synced pack/ref/lock files, online-only eviction of .git objects, conflict copies — a distinct failure from "sync ≠ backup" (which is about a sync propagating a bad change). Fix: repos in a non-synced path, synced via git push/pull; if a sync tree must contain one, relocate it out and leave a symlink (verify the sync tool's symlink behavior with a scratch test first).
  • resilience-engineering.md (new §5) — scheduled work must catch up after downtime. Wall-clock schedulers (cron, launchd StartCalendarInterval, systemd calendar timers) silently skip runs missed while the host was off/asleep, not defer them. Pair the wall-clock trigger with an elapsed-time catch-up trigger + an idempotent due-gate, and compute "is a run outstanding?" the same way in the gate and in whatever heartbeat monitors the job (a no-op catch-up run must write nothing, so it can't reset the monitor's signal).
  • SKILL.md DOCUMENTATION — "every representation" now names infra/environment/layout docs. A doc you read to understand a change is one you must update — including the environment/host profiles and directory-layout indexes that describe how things are wired, not just code-level docs.

v1.3.1 — Fix-at-source discipline + a portability correction

Choose a tag to compare

@bjgreenberg bjgreenberg released this 30 Jun 02:48
v1.3.1
338ecfb

Tag cut retroactively on 2026-06-29 to backfill release history (the change landed in the linked PR; release-please automation was added in #14).

v1.3.0 — Dogfooding: test/prod privilege-parity + gate-construction lessons

Choose a tag to compare

@bjgreenberg bjgreenberg released this 30 Jun 02:48
v1.3.0
d443cfe

Tag cut retroactively on 2026-06-29 to backfill release history (the change landed in the linked PR; release-please automation was added in #14).

v1.2.0 — Dogfooding: `AUDIT:` mode + lessons from a real codebase audit

Choose a tag to compare

@bjgreenberg bjgreenberg released this 30 Jun 02:48
v1.2.0
f1bb22a

Tag cut retroactively on 2026-06-29 to backfill release history (the change landed in the linked PR; release-please automation was added in #14).

v1.1.0 — evaluation follow-ups

Choose a tag to compare

@bjgreenberg bjgreenberg released this 29 Jun 13:15
v1.1.0
c4f621d

A round of fixes and additions from a full skill self-evaluation.

Privacy & authoring correctness

  • Two-tier leakage-guard: generic class-patterns ship publicly; literal identifiers live in an un-committed references/leakage-denylist.local (from a .template) — the public repo no longer publishes fingerprints to block them.
  • Frontmatter description trimmed to ≤1024 chars (Anthropic's limit).

Security-framework naming (the controls already existed; now they're mapped)

  • OWASP LLM Top 10 (2025) in secure-data-processing.md; OWASP API Security Top 10 (2023) — API1 BOLA ≠ web A01 — in threat-modeling-and-api-design.md.

New references

  • google-apps-script.md (+ a guarding eval) and javascript-and-typescript.md close the two headline-language gaps.

Disciplines added

  • Profile-before-you-optimize; legacy-refactor + tech-debt register; systems-theory naming (feedback loops, Senge archetypes, iceberg/Cynefin, Conway's Law, Safety-II); PCI-DSS / NIST AI RMF / ISO 42001 / i18n one-liners.

Repo/community

  • README "What it governs" coverage section; MAINTAINERS.md; CODEOWNERS prepared for a second maintainer.

See the full changelog in SKILL.md.