Skip to content

Releases: cham-space/AICAM

AICAM v1.3.3 Release

Choose a tag to compare

@cham-space cham-space released this 25 Apr 09:32

AICAM v1.3.3 Release Notes

Release Date: 2026-04-25
Since: v1.3.2
Type: Minor β€” security hardening + new command


πŸ” Security

Anti-Silent-Bypass Gate (P0-1 Fix)

security.gate.md gains Layer 0: Tool Availability Pre-check β€” executed before any scan:

Condition Action
β‰₯1 native tool (gitleaks/semgrep) available Proceed to actual scan
All native tools missing + Docker available Use Docker fallback commands
All tools missing + no Docker Present user with install options or CONFIRM-SKIP
No resolution achieved ❌ BLOCKED β€” commit refused

Docker fallback commands:

  • gitleaks: docker run --rm -v "$(pwd)":/src zricethezav/gitleaks detect --source /src --no-git
  • semgrep: docker run --rm -v "$(pwd)":/src returntocorp/semgrep semgrep scan --config=auto --error

commit.md security scan restructured from advisory step to 3-step mandatory hard gate:

  1. Tool Availability Check (Layer 0)
  2. Execute Available Scans (run whichever layers are actually executable)
  3. Gate Decision (read Gate Status Determination table β†’ act on result)

diagnose.md Section 5 adds Security Gate Viability row:

Condition Status
β‰₯1 native tool available βœ… Gate functional
Docker available as fallback ⚠️ Reduced β€” Docker-based scanning
No tools + no Docker ❌ Gate non-functional β€” commits unprotected

Tool table expanded: +Docker (fallback) row, +Commit-msg hook symlink check.

.gitleaks.toml Fix

Removed unsupported top-level title key that caused gitleaks 8.x to fail config parsing (toml: expected character =). Replaced with comment to preserve the label.


πŸš€ New Command

/aicam β€” Interactive Workflow Guide

In-app reference manual with 6 entry points, callable anytime without arguments for an interactive menu:

Option Content
1. Workflow Overview 5-Phase ASCII diagram + typical scenarios + quick-jump paths
2. Command Reference 16 commands grouped by Phase, one-line purpose each
3. Navigate by Phase "I'm at Phase X, what next?" β€” guidance per phase with gate rules and next-step prompts
4. Skill Reference 4 workspace skills + 4 superpowers skills, auto-trigger conditions, common traps
5. Gate Reference 6 gates with blocking conditions, exemption rules, and tool coverage
6. Enablement Paths L0-L3 with prerequisites, command sets, and guidance ("start with L1, upgrade anytime")

Direct command lookup: /aicam /execute, /aicam hotfix β€” shows description, arguments, phase, pre-conditions, trigger type, related skills/gates, artifacts, and typical usage.

16-command reference table in the guide file provides phase association, trigger type, pre-condition, and next-step for every command in the system.


πŸ“ Documentation

WORKFLOW.md

  • Version header updated to v1.3.3
  • Version history: +v1.3.3 entry (security anti-bypass + /aicam)
  • System components table: commands 15β†’16, /aicam added to command list
  • Progressive enablement L0: /hotfix β†’ /hotfix, /aicam
  • Directory structure comment: 15β†’16 commands
  • New principle #19: Security scanning must not be silently skipped

README.md / README.en.md / README.zh.md

  • All three variants synced to v1.3.3
  • Version headers, history tables, system composition tables, L0 enablement paths updated
  • Command count: 15β†’16 across all three files

diagnose.md

  • Section 5: +Security Gate Viability assessment, +Docker availability check
  • Section 6.5: Chinese annotations translated to English
  • Output format: Security section expanded with viability + Docker status

πŸ“ Files Changed

File Action Lines
.claude/gates/security.gate.md Modified +52 lines β€” Layer 0 pre-check + Docker fallback + resolution protocol
.claude/commands/commit.md Modified +36 / βˆ’14 β€” 3-step mandatory security scan flow
.claude/commands/diagnose.md Modified +20 / βˆ’14 β€” Security Gate Viability + English localization
.claude/commands/aicam.md New 387 lines β€” Interactive workflow guide
.claude/WORKFLOW.md Modified +10 / βˆ’8 β€” v1.3.3 sync + principle #19
README.md Modified +4 / βˆ’2 β€” v1.3.3 sync
README.en.md Modified +16 / βˆ’2 β€” v1.3.3 sync
README.zh.md Modified +16 / βˆ’2 β€” v1.3.3 sync
RELEASE-v1.3.3.md New This file
.gitleaks.toml Fixed 1 line β€” removed unsupported title key

πŸ“Š Commit History (since v1.3.2)

Commit Message
d8025ad feat(workflow): update to v1.3.3 β€” security gate anti-silent-bypass + /aicam interactive guide
81239af docs: add AICAM maturity assessment v1.3.2
6fe78a6 fix: remove unsupported 'title' key from .gitleaks.toml
c0dd6b7 docs: release v1.3.3 β€” update README and create release notes

⬆️ Upgrade from v1.3.2

# Copy changed files to your project
cp .claude/gates/security.gate.md /path/to/project/.claude/gates/
cp .claude/commands/commit.md /path/to/project/.claude/commands/
cp .claude/commands/diagnose.md /path/to/project/.claude/commands/
cp .claude/commands/aicam.md /path/to/project/.claude/commands/
cp .claude/WORKFLOW.md /path/to/project/.claude/

# Install at least one security tool (recommended):
brew install gitleaks

# Verify:
/diagnose

No breaking changes. All existing commands and gates continue to work as before.

Full Changelog: v1.3.3...v1.3.3

AICAM v1.3.2 Release

Choose a tag to compare

@cham-space cham-space released this 25 Apr 02:51

AICAM v1.3.2 Release Notes

Release Date: 2026-04-25
Since: v1.2.1
Assessment: 5 rounds of independent review, scoring 3.6 β†’ 4.0 (L4 maturity)


πŸ—οΈ Architecture

Gate Adapter Layer

  • New .claude/gates/ directory with 6 independent gate definition files:
    • tdd.gate.md β€” TDD red-green-refactor gate with exemption/non-exemption checklist
    • smoke.gate.md β€” Smoke test gate with runtime health checks
    • security.gate.md β€” Security scanning gate (gitleaks + semgrep + dependency audit)
    • contract.gate.md β€” API contract/naming consistency gate
    • destructive-op.gate.md β€” Destructive operation detection (CRITICAL/HIGH/MEDIUM)
    • coverage.gate.md β€” Coverage gate with per-project-type thresholds
  • Gates are decoupled from command scripts β€” reusable, independently maintainable

Eco-Adaptive CI Pipeline

  • New .github/workflows/aicam-gates.yml β€” fully automated quality gates
  • Preflight job auto-detects ecosystem (npm/python/go/cargo) and project type (web/rest-api/cli/worker/mobile/tauri)
  • Conditional steps adapt to detected ecosystem β€” no manual configuration needed
  • Security jobs: secrets-scan (gitleaks), sast-scan (semgrep), dependency-audit (ecosystem-specific)
  • Test jobs: unit-tests + coverage per ecosystem, smoke-test with per-type branching
  • oasdiff breaking change detection step in unit-tests job
  • Mobile smoke generates actionable warning (requires device/emulator β€” not available in standard CI)

πŸ” Security

Three-Layer Security Scanning

  • Local (pre-commit): .githooks/pre-commit runs gitleaks + Spec-Lite existence check + large file detection
  • CI (PR gate): gitleaks (secrets) + semgrep (SAST) + ecosystem-specific dependency audit (npm/cargo/pip/govulncheck)
  • Config files: .gitleaks.toml (45 lines, 3 custom rules: generic-api-key, private-key, jwt-token), .commitlintrc.yaml

Git Hooks

  • pre-commit β€” gitleaks secrets detection + CLAUDE.md size check + Spec-Lite existence + large file warning
  • commit-msg β€” enforces Conventional Commits via commitlint, blocks malformed messages
  • Both installed via /onboard L3: ln -sf ../../.githooks/{hook} .git/hooks/{hook}

Gitleaks License Documentation

  • CI gitleaks-action@v2 configured with continue-on-error: true β€” private repo without license degrades to warning
  • /onboard L3 documents the license requirement and trufflesecurity/trufflehog@main as free alternative

πŸš€ New Commands

/diagnose β€” One-Click Health Check

  • Section 1-7: file existence, gate integrity, security tools, skills inventory, reference docs, template health
  • Section 5: commit-msg hook symlink check (added v1.3.2)
  • Section 6.5: Gate Execution Completeness β€” cross-references TDD/Smoke Log entries vs expected counts (anti-truncation)

/onboard β€” Interactive Setup

  • Progressive 4-level enablement: L0 (zero-config, <5min) β†’ L1 (minimal, <15min) β†’ L2 (standard, <1hr) β†’ L3 (advanced, <2hr)
  • Each level has concrete steps with copy-paste commands
  • L3 includes gitleaks/semgrep install, git hooks symlink, CI config, commitlint, MCP setup

/backend-test Skill

  • New .claude/skills/backend-test/SKILL.md
  • Covers REST API integration tests, database tests, and mock strategies
  • Auto-triggers on backend test file creation, API integration test writing, DB fixture setup

πŸ“Š Metrics & Quality

M1-M5 Five-Dimensional Metrics

  • M1 Phaseε‘¨ζœŸ (cycle time) β€” git log auto-calculation with cross-platform fallback
  • M2 δΈ€ζ¬‘ι€šθΏ‡ηŽ‡ (first-pass rate) β€” formula defined
  • M3 ζ΅‹θ―•ε―†εΊ¦ (test density) β€” per-AC coverage calculation
  • M4 δΈŠδΈ‹ζ–‡εŽ‹ηΌ©ζ•ˆηŽ‡ (context compression efficiency) β€” pre/post archive line ratio
  • M5 ι—¨η¦η»•θΏ‡ηŽ‡ (gate bypass rate) β€” ⏸️ status tracking

Anti-Truncation & Anti-Bypass

  • /diagnose Β§6.5: compares non-exempt task count vs TDD Log entries, Smoke Test checklist vs log entries
  • /verify-phase: mandatory TDD/Smoke entry count vs gate comparison β€” mismatch blocks phase completion
  • CLAUDE-template: Known Issues persistent section (excluded from 150-line limit, auto-maintained by /close-phase)

πŸ› Bug Fixes

Python Rest-API Smoke Fallback (v1.3.2)

  • Replaced dead [ -n "$SERVER_PID" ] check with python -c "import uvicorn" availability detection
  • Flask/Django projects now correctly fallback to python app.py instead of silently failing
  • uvicorn absent β†’ falls back to Flask/Django; uvicorn present β†’ uses python -m uvicorn

CI Needs Chain Completeness (v1.3.1)

  • Fixed missing preflight in job needs arrays β€” eco-adaptive detection was silently returning empty strings
  • All needs.preflight.outputs.* references now resolve correctly

Output Key Consistency (v1.3.1)

  • Unified project-type (hyphen) β†’ project_type (underscore) across outputs declaration and all references

Coverage Gate Heading (v1.3.1)

  • Fixed corrupted ##εœ°ε›žη­”Hard Rules β†’ ## Hard Rules

πŸ—‘οΈ Removals

agent-browser Skill Directory Cleaned Up

  • .claude/skills/agent-browser/ removed β€” had been deprecated and merged into e2e-test since v1.3.0
  • Skills directory now matches WORKFLOW.md declaration exactly (4 skills)

πŸ“ Documentation

WORKFLOW.md

  • Version history extended through v1.3.2 (3 new entries)
  • Progressive enablement L0-L3 section added
  • System components table: 15 commands, 6 gates, updated skills list
  • Full MCP installation guide (serena + typescript-lsp) with hooks config

README.md (Root)

  • Rewritten from minimal placeholder to comprehensive project landing page
  • Version badge, key features table, quick start, directory structure overview, version history

README.en.md & README.zh.md

  • Synced from v1.2.1 to v1.3.2
  • Version history updated with v1.3.0 / v1.3.1 / v1.3.2 entries
  • System components table: commands 13β†’15, skills list updated, gates row added
  • Progressive enablement L0-L3 section added

CLAUDE-template.md

  • Security scanning guidance section added
  • Known Issues & Deferred Risks persistent section added
  • Skill activation rules: backend-test added
  • Reference docs: coverage.gate + security.gate loading triggers added

Coverage Gate β€” Ecosystem Tool Table

  • 5 rows covering npm (Vitest/Jest), cargo (tarpaulin/llvm-cov), python (pytest-cov/coverage.py), go (built-in)

Contract Gate β€” oasdiff Protocol

  • Spec archival protocol: cp openapi-current.yaml archive/openapi-phase-{N-1}.yaml
  • Breaking change detection: oasdiff breaking <prev> <current>

πŸ§ͺ Test Strategies

  • 6 type-specific strategy documents in .claude/reference/test-strategies/: cli, mobile, rest-api, tauri, web, worker
  • Web strategy: Environment Variable Isolation with Vitest vi.stubEnv pattern
  • Per-project-type coverage thresholds in coverage.gate.md

πŸ“Š Commit History (since v1.2.1)

Commit Message
e784374 feat(workflow): upgrade AICAM from v1.2.1 to v1.3.2 β€” 5 rounds of independent assessment

Quick Start

git clone https://github.com/cham-space/AICAM.git
cd AICAM
cp -r .claude/ /path/to/your/project/
cp .githooks/ .commitlintrc.yaml .gitleaks.toml /path/to/your/project/
cp -r .github/workflows/ /path/to/your/project/.github/

Then in Claude Code, run /onboard for interactive guided setup.

AICAM v1.2.1 Release Notes (2026-04-24)

Choose a tag to compare

@cham-space cham-space released this 24 Apr 05:46

πŸš€ New Features

/hotfix Command

  • New emergency fix command β€” skip Phase 1 planning, jump directly to
    TDD fix flow
  • Smoke Test + Code Review gates still apply, ensuring quality is not
    compromised
  • Command count updated 12 β†’ 13 across all documentation

Smoke Test Mandatory Gate in /execute

  • After all validation commands pass, Smoke Test Checklist must be
    executed before Phase can proceed
  • Missing ## Smoke Test Checklist in plan β†’ hard STOP, requires user
    written confirmation to skip
  • Any ❌ entry β†’ enters bug fix flow, re-runs full Smoke Test after fix
  • Results written to summary.md ## Smoke Test Log

AC↔Task Mapping Check in /execute

  • Cross-checks Spec-Lite AC list against plan Tasks
  • ⚠ AC-{N} has no corresponding Task β†’ potential feature gap
  • ⚠ Task "{name}" not linked to any AC β†’ scope creep risk
  • Warning only, does not block execution

Critical Workspace Size Warning in /plan-feature

β–Ž 300KB: WARNING β€” suggests running /close-phase
β–Ž 500KB: CRITICAL β€” planning quality will degrade significantly,
β–Ž prompts immediate archival before continuing

Phase Number Automatic Derivation

  • /close-phase and /verify-phase now auto-detect Phase number from:
    a. Plan filename prefix: phase{N}- β†’ use N
    b. Plan content: # Phase N or Phase N: declaration
    c. Falls back to asking the user if undetermined
  • Eliminates manual Phase number input for archive file naming

Flat Archive Structure

  • archive/Phase{N}/ subdirectories replaced with flat files:
    • archive/PHASE{N}_VERIFICATION_REPORT.md
    • archive/phase{n}-code-review.md
    • archive/phase{n}-*.md
  • Traceability chain updated: plans β†’ .agents/plans/archive/,
    reports β†’ archive/

MCP Installation & Configuration Guide

  • Added complete setup instructions for serena and typescript-lsp:
    • Prerequisites table (uv, Node.js + npm)
    • Step-by-step install commands
    • serena hooks configuration (PreToolUse, SessionStart, Stop)
    • Verification command claude mcp list

🌐 Documentation

TypeScript-LSP Capability Update ...

Read more

AICAM v1.2.0 β€” CLAUDE-template Enhancement, Full English

Choose a tag to compare

@cham-space cham-space released this 23 Apr 08:30

πŸš€ New Features

CLAUDE-template Simplicity First Rules

  • Added Simplicity First section for Phase 2 implementation β€” write
    minimum code to meet Spec-Lite AC, no speculative features, no
    abstractions unless reused β‰₯2 places
  • Added Surgical Changes section β€” touch only what the request
    requires, follow existing code style, never silently delete unrelated dead
    code

Explicit Skill Activation Rules

  • CLAUDE-template now enforces explicit Skill loading (not relying on
    auto-match):
    • Frontend components/pages β†’ frontend-design
    • API definition/field mapping β†’ api-contract-first
    • Business workflow testing β†’ e2e-test

Test Command Categories

  • Test section split into 3 categories: Unit tests / Business workflow
    tests / Single file targeted
  • Strategy documents reference
    .claude/reference/test-strategies/{type}.md

Web Test Strategy Enhancement

  • Added Environment Variable Isolation section with Vitest
    vi.stubEnv pattern to prevent state leakage between tests

πŸ—‘οΈ Removals

ui-ux-pro-max Skill Removed

  • Core functionality non-operational (missing scripts/search.py and CSV
    data files)
  • Trigger conditions merged into frontend-design
  • Reduces workspace skills from 5 β†’ 4

🌐 Documentation

Full English CLAUDE-template

  • All remaining Chinese content translated to English
  • Simplicity First header, Skill ζΏ€ζ΄»θ§„εˆ™ block fully English
  • reference/index.md also fully English (local, project-specific)

WORKFLOW.md & READMEs Synced

  • CLAUDE-template key features added to WORKFLOW.md
  • README.zh.md and README.en.md fully synchronized

πŸ“Š Commit History (since v1.1.0)

Commit Message
6a46bc8 docs: translate CLAUDE-template.md remaining Chinese to
English
c0ac8c0 docs: sync CLAUDE-template features into WORKFLOW.md and
READMEs
06de5f4 enhance: CLAUDE-template Simplicity First rules, web test
strategy, e2e-test fix
2e1c4ba remove: ui-ux-pro-max skill (non-functional β€” missing
scripts/search.py + CSV data)

Quick Start

git clone https://github.com/cham-space/AICAM.git
cp -r AICAM/.claude/ /path/to/your/project/

Then in Claude Code, run /discover to begin.

---

AICAM v1.1.0 β€” Smoke Test Gate, TDD Tightening, TEST_DASHBOARD

Choose a tag to compare

@cham-space cham-space released this 21 Apr 08:13

πŸš€ New Features

Smoke Test Gate (Phase 2)

  • Added mandatory Smoke Test step in /execute β€” runs after all verification commands pass
  • Plan files now require ## Smoke Test Checklist section (operation β†’ expected result format)
  • Missing checklist β†’ execution STOPs until user confirms or adds one
  • Results written to ## Smoke Test Log in summary.md
  • Verified in /verify-phase as a separate gate with dedicated pass/fail status

TEST_DASHBOARD Tracking (Phase 4)

  • /close-phase now automatically updates .agents/reports/TEST_DASHBOARD.md
  • Tracks per-Phase coverage matrix, cross-Phase trends, and detailed test breakdowns
  • Includes Gate summary, unit test details, Smoke Test results, and business workflow test details
  • Not loaded into CLAUDE.md context β€” for human review only

Type-Specific Test Strategies

  • Added .claude/reference/test-strategies/ with 6 tailored strategies:
    • cli.md β€” CLI project testing
    • mobile.md β€” Mobile app testing
    • rest-api.md β€” REST API testing
    • tauri.md β€” Tauri desktop app testing
    • web.md β€” Web app testing
    • worker.md β€” Worker/server-side testing

πŸ”’ Enforcement Improvements

TDD Non-Exempt Scope (Tightened)

Previously, most non-logic changes could be exempted from TDD. Now the following require TDD
without exception:

  • Cross-boundary integration layers (IPC commands, REST endpoints, event pub/sub, message queue
    consumers)
  • Frontend/UI components with conditional logic, state management, or data transformation
  • Any serialization/deserialization logic
  • Error handling paths

Exemption requests for these types must include an alternative verification method. "Manual
runtime inspection" is no longer an acceptable answer.

⏸️ State Hard Rule

⏸️ Requires manual verification is now treated as ❌ failed in any gate. This prevents
deferring verification indefinitely. Specific rules:

  • Business Workflow Tests at ⏸️ must provide executable automated scripts (using mock/fixture), or
    explicit written user confirmation with risk noted in report
  • Smoke Test Log missing or containing ⏸️ entries β†’ Smoke Test Gate = ❌, blocks Phase closure

Phase Closure Prerequisites

/close-phase now performs mandatory pre-conditions checks before any archival:

  • Verification Report must exist with status βœ… or ⚠
  • Smoke Test Log must be all βœ… (no ❌ or ⏸️ )
  • No ⏸️ unclosed Gate items
  • All P0 bugs must be resolved

πŸ“ Documentation Updates

WORKFLOW.md v1.1.0

  • Added Node 2-E: Smoke Test
  • Added Node 4-B: TEST_DASHBOARD update
  • Updated Mermaid workflow diagram with new nodes
  • Added frontend-design skill to the skills list (replaces skill-creator)
  • Updated reference docs section with test-strategies/ directory
  • Updated key principles with Smoke Test gate, ⏸️ hard rule, TDD non-exempt scope

Bilingual README

  • README.zh.md and README.en.md synchronized with all v1.1.0 changes
  • README.md serves as a bilingual index linking both versions

πŸ“Š Full Commit History (since v1.0.0)

  • 50ebdc7 β€” enhance(workflow): v1.1.0 β€” Smoke Test gate, TDD tightening, TEST_DASHBOARD
  • 5fcd46a β€” enhance(workflow): add smoke test, strict gates, and TDD exemptions
  • 40b575c β€” ι’ˆε―Ήcodereview ε’žεŠ εΌΊεˆΆζ–°δΌšθ―ιΏε… δΈŠδΈ‹ζ–‡ζ±‘ζŸ“
  • bfc464f β€” docs: add bilingual README and remove .DS_Store files
  • a9fa7ae β€” docs: add README.md with AICAM workflow documentation

Quick Start

git clone https://github.com/cham-space/AICAM.git                                                  
cp -r AICAM/.claude/ /path/to/your/project/                                                        
                                                                                                   
Then in Claude Code, run /discover to begin.                                                       
                                                                                                   
---                

AICAM v1.0.0

Choose a tag to compare

@cham-space cham-space released this 20 Apr 06:28

Features

  • 5-Phase Lifecycle: Requirements β†’ Planning β†’ Implementation β†’ Verification β†’ Archival
  • 12 Slash Commands: /discover, /create-prd, /ref-research, /create-rules,
    /init-project, /prime, /plan-feature, /execute, /code-review, /verify-phase,
    /close-phase, /commit
  • 5 Domain Skills: agent-browser, api-contract-first, e2e-test, ui-ux-pro-max,
    skill-creator
  • TDD Iron Rule: Tests must fail before business logic is implemented
  • Dual-Layer Test Gates: Unit tests + business workflow tests required for Phase
    completion
  • API Contract First: Spec-Lite + naming mapping table for all API features
  • Progressive Disclosure: Context loaded on demand to avoid context inflation
  • Self-Maintaining Context: Auto-compress historical knowledge during archival
  • Bilingual Docs: Full workflow documentation in English and Chinese

Quick Start

git clone https://github.com/cham-space/AICAM.git                                           
cp -r AICAM/.claude/ /path/to/your/project/                                                 
                                                                                          
Then in Claude Code, run /discover to begin.'