Skip to content

Releases: corca-ai/nose

0.18.0 - 2026-07-06

Choose a tag to compare

@github-actions github-actions released this 06 Jul 09:30

Release Notes

Added

  • Added #687 divergent gate productization evidence: history-mining artifacts now
    have a validator, hardened provenance/counts, and checked nose-on-nose
    maintainer-pilot summaries that keep history mining offline and the PR gate
    observe-only unless explicitly enforced.
  • Added #686 GitHub Actions divergent-edit rollout examples for observe-only
    SARIF reporting and enforcing strict failures, with step-summary counts and
    docs-example validation.
  • Added #685 divergent-edit gate hardening fixtures for report-only and suppression
    edges: base= now honors config-relative ignore-file, malformed ignores fail
    before empty-diff short-circuiting, path/language suppressions keep all-members
    semantics, and copied/new-copy plus deletion/insertion/rename edge cases are pinned.
  • Added the #684 divergent-edit strict-policy taxonomy audit: checked policy
    artifacts now record gate.fail_default-based tier/taxonomy confusion counts,
    strict false-positive buckets, and strict-positive retention against the
    2026-07-06 labelset, while preserving the runtime v2 strict gate unchanged.
  • Added query-base wrapper compatibility guardrails: nose capabilities now
    advertises divergent-edit JSON v8, SARIF, gate.fail_default, and structured
    ignore support as explicit query capability flags, with tests pinning v8 closed
    enum values and JSON/SARIF policy-field parity.
  • Added the #678 semantic-pack default-promotion audit: a checked
    bench/semantic_pack/default_promotion_audit_678.v1.json artifact and docs
    page now record the current builtin lane state, row-level coverage refs,
    promotion-candidate decision, rollback requirements, and external
    metadata-only policy.
  • Added checked divergent-edit v2 final closeout artifacts for the clean
    a38ecb8b replay summary and policy reproduction, and extended
    eval/divergence_fire/replay.py check-artifacts to validate that final
    replay evidence instead of relying only on /tmp scratch summaries.
  • Added the #677 Rust block_on residual closeout: the async scheduling
    hard-negative suite now covers nested runtime drive, wrapper-returned
    Runtime values, and constructor-assigned runtime fields, with a checked
    artifact documenting why exact block_on recovery remains reporting-only.
  • Added a divergent-edit history-mining harness for bounded commit-range audits.
    scripts/divergent-history-mining.py replays the existing base=<parent>
    JSON view in temporary worktrees, emits deterministic
    nose.divergent_history.v1 JSON, groups repeated findings across commits, and
    documents the offline workflow separately from the PR-time base=<ref> gate.
  • Added the divergent-edit v2 new-copy report-only lane for base=<ref>:
    added/copied/renamed current-tree clone relationships now appear in human,
    JSON, and SARIF output with base_family_id=null, current_only[] current-tree
    provenance, and a non-failing gate.
  • Implemented the divergent-edit v2 strict gate for base=<ref>: JSON base output
    now emits schema v8 tier/gate fields, SARIF uses tiered rule ids and levels, and
    mixed/test-scope evidence is report-only instead of default-failing.
  • Documented the divergent-edit v2 gate contract: strict, review, report-only,
    and suppressed tiers; stable false-fire taxonomy; query-JSON v8 base
    fields; and SARIF rule/severity mapping.
  • Added a runtime-triage harness and maintainer runbook for classifying query-runtime
    regressions as noise, capability-growth cost, lower/front-end cost, value-graph cost,
    or mixed hot paths before optimizing. The runtime-triage and query-regression harnesses
    can now select every checked-out corpus repo with --all-repos.
  • Added a pre-push Cargo target prune step that removes stale
    target/debug/deps/*.rcgu.o files before the fast local CI gate, avoiding
    macOS dyld/code-signing stalls when local debug target directories grow very
    large.
  • Added a self-test for the Cargo target prune script and a shellcheck gate for
    versioned hooks plus scripts/*.sh in local and GitHub CI.

Changed

  • Tightened the dogfooding duplication ratchet from 29 to 26 reviewed
    default-surface families by sharing admission-resolver provenance test
    helpers for Rust HashMap::from, Java Map.of, and JavaScript Set/Map
    constructor scenarios.
  • Clarified the #681 divergent-edit opt-in gate closeout docs: gate.fail_default
    remains the sole default CI authority, the checked strict precision baseline is
    0.562, and non-strict tiers remain advisory.
  • Polished divergent-edit v2 CI documentation and output copy: SARIF messages now name
    strict/review/report-only tiers directly, human base=<ref> output explains report-only
    reasons more specifically, and CI examples pin detection modes plus top=0 SARIF uploads.
  • Removed the retired nose-cli legacy prelude and tightened its ratchet into a
    zero-budget reintroduction guard.

Fixed

  • Fixed divergent-edit diff parsing for source paths containing spaces, so the
    report-only new-copy lane preserves the full current-tree path instead of
    splitting diff --git headers on whitespace.

Performance

  • Completed the 0.18.0 pre-release performance pass without changing product output:
    inline nose-ignore suppression now prescreens candidate marker starts with
    memchr, the immediate all-120-repo query regression kept 120/120 hashes,
    family counts, and byte counts identical while measuring 58,555.18ms -> 57,323.32ms (-2.10%), and the release-candidate v0.17.0 comparison
    measured 60,162.97ms -> 56,068.77ms (-6.81%) with the crates
    recall-loss gate at 0 false merges and 0 canon-preservation violations. See
    the 0.18.0 release evidence.
  • Recorded #688 divergent-gate product-output and runtime evidence: all 120
    non-base= corpus queries kept identical hashes, byte counts, and family
    counts across the #681 productization range, the focused nose slice stayed
    stable, and bounded base= replay counts/timings stayed below the runtime
    investigation threshold.
  • Verified the #677 Rust block_on residual closeout with no product-output
    drift or reproduced runtime degradation: the focused Rust query-regression
    slice kept identical hashes and family counts across hyperfine, nushell,
    and tokio, while same-binary runtime triage measured 1542.89ms -> 1451.96ms aggregate median (-5.89%).
  • Closed the divergent-edit v2 epic with final replay and product-output evidence:
    the 560-record replay completed with 0 errors, v2 strict retained 45/45 confirmed
    v1 missed-propagation positives while improving strict precision from 0.479 to
    0.562, and a 10-repo non-base= query regression kept identical product hashes,
    family counts, and byte counts with aggregate median 5957.65ms -> 5930.96ms
    (-0.45%, below the same-binary control's +1.18%), so no performance
    degradation was confirmed.
  • Completed a 20-commit profile-guided runtime pass after the runtime-triage setup.
    The final all-120-repo run compared ca48518d with a0bfc252 and measured
    66,498.30ms -> 70,626.21ms (+6.21%) with 120/120 identical product hashes
    and unchanged family counts. A same-binary all-corpus control measured +7.38%,
    and a focused 7-iteration recheck of the largest apparent regressions measured
    14,874.05ms -> 14,551.12ms (-2.17%) with identical hashes, so this pass records
    targeted hot-path wins without a confirmed product-output drift or reproduced broad
    runtime degradation. See the 20-optimization runtime pass.

Install nose-cli 0.18.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.18.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.18.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.17.0 - 2026-07-02

Choose a tag to compare

@github-actions github-actions released this 02 Jul 08:46

Release Notes

Added

  • Added the semantic-kernel recall-loss recovery loop around nose verify --recall-loss-report, including obligation rollups, deterministic diff
    tooling, checked artifacts, corpus-priority census workflows, and the new
    oracle_exclusions.by_classification rollup for distinguishing semantic
    boundary attribution, missing oracle support, path exploration budget, oracle
    cost budget, empty fingerprint, and core-span failures.
  • Added and expanded the nose.protocols.string_affix_predicates protocol pack
    across Python, Java, Rust, Swift, JavaScript, TypeScript, Go, and Ruby, with
    receiver, direction, mutation, shadowing, offset, and dynamic-affix hard
    negatives.
  • Added import-backed immutable provenance and Rust import-snapshot resolution
    for safe provider literals, selected collection factories/constructors,
    same-crate module lookup, one-hop public re-exports, residual boundary
    attribution, and relative super resolution.
  • Added corpus-driven stdlib audit and prioritization scripts for JS/TS,
    Python, Rust, Swift, Java, and Go, plus first support slices for Go
    strings.Join and Java Optional. Java Arrays/Collections, Go
    sort/slices/maps, Python HOF/runtime, Rust stdlib, Swift stdlib, and
    JS/TS builtin coverage are recorded as explicit audit artifacts.
  • Added bounded Promise recovery for safe Promise.resolve, local
    .then/.catch/.finally continuations, imported settled-value contracts,
    Node timers/promises domains and safe payloads, and literal-array
    Promise.all, Promise.allSettled, Promise.race, and Promise.any
    aggregate slices. Dynamic iterables, unsafe thenables, executor timing,
    cancellation/liveness, scheduler APIs, interval streams, and broad scheduling
    remain fail-closed.
  • Added cross-language scheduling, channel, callback, lifecycle, aggregate, and
    exception-channel obligation reporting across JS/TS, Python, Rust, Go, Java,
    Swift, and Ruby. New executable hard negatives pin Promise, timer, channel,
    async runtime, Future, task, continuation, yield, and exception boundaries.
  • Added reporting-only async/runtime coverage for Swift structured concurrency
    and try, Java CompletableFuture/Future/Executor receivers, Rust
    block_on runtime provenance, Go channel/goroutine/defer protocols, Python
    async lifecycle and generator yield, and Ruby raise/rescue, Thread/Fiber,
    and block-yield boundaries.
  • Added the #653 semantic-kernel capability vocabulary audit and obligation
    label cleanup. The current diagnostics prefer reusable capability and
    async-* obligation labels while preserving legacy aliases for historical
    artifacts.

Changed

  • Split exact-admission recall-loss attribution into capability-oriented buckets
    for callee identity, receiver domain, library API occurrence, HOF
    demand/effect, source surface, mutation/effect, unsupported runtime
    boundaries, value-fingerprint floors, import-snapshot misses, and oracle
    exclusions.
  • Renamed await, async-function, and async-block diagnostics to language-neutral
    scheduling obligations. Promise-shaped producer and continuation labels now
    describe missing Promise proof, not generic async syntax.
  • Refined runtime/protocol diagnostics so units excluded before oracle
    interpretation can still carry diagnostics-only obligation attribution under
    oracle_exclusions.by_obligation; top-level by_obligation remains limited
    to oracle-interpretable admission rejections.
  • Closed the current Promise/scheduling and semantic-admission guardrail cycles
    as measured boundaries: exact admissions are limited to checked safe slices,
    and remaining executor, cancellation, scheduler, interval, lifecycle, and
    cross-language convergence work is represented as named closed obligations.
  • Reclassified broad audit buckets that are now accounted for by source-backed
    or proof-backed rows, including Swift throws/try, Java Future/Executor type
    mentions, Java stream lifecycle rows, Python generator yield, direct
    asyncio.sleep, and Ruby raise/rescue.

Fixed

  • Updated the locked anyhow dependency to clear RUSTSEC-2026-0190 in the CI
    advisory gate.
  • Fixed repository CI ratchets by splitting overlong Rust files and updating the
    async-mirror query JSON test to assert the documented near/shared-core witness
    contract.
  • Fixed scripts/check-docs.sh for both awiki lint --root docs and awiki
    versions that lint the current wiki directory.
  • Hardened JS/TS string-affix receiver proof so wrappers, untyped receivers,
    borrowed prototype calls, custom same-name methods, offsets, shadowed names,
    and String.prototype patching stay out of primitive prefix/suffix families.
  • Fixed dataflow normalization across try boundaries so temporary inlining no
    longer moves a potentially erroring RHS from before a try into the catch
    region.
  • Fixed release-candidate runtime regressions by indexing imported-binding
    call-target evidence per file, indexing lowering-time domain evidence by anchor,
    lazily building import mutation/use indexes, and using compact Rust module
    identities instead of absolute-path suffix hashes.

Performance

  • Preserved zero false merges and zero canon-preservation violations across the
    checked local crates recall-loss gates for this cycle.
  • Kept representative product query-regression slices within budget: Java
    CompletableFuture constructor reporting measured -0.45%, Java receiver
    settlement reporting measured +0.41%, Go protocol reporting measured
    +0.08%, and the final oracle-exclusion classification report measured
    +0.34% median wall time with a +0.05% report-size increase.
  • Re-ran the hazard release refresh, full local CI, all-pinned-corpus product
    query-regression, and release-level v0.16.0..HEAD output/runtime comparison for the 0.17.0
    release candidate. The final all-120-repo query-regression run measured
    59666.48ms -> 63410.42ms aggregate median runtime (+6.27%), with product
    hash drift in 120 repos and family-count drift in 30 repos. The current
    recall-loss gate passed with 0 false merges and 0 canon-preservation
    violations; nose 0.16.0 did not yet support --recall-loss-report, so
    recall-loss diffs begin from 0.17.0 artifacts. See
    0.17.0 release evidence for details.

Install nose-cli 0.17.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.17.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.17.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.16.0 - 2026-06-26

Choose a tag to compare

@github-actions github-actions released this 26 Jun 06:46

Release Notes

Added

  • Added query JSON graded and graded_pair evidence for on-demand spotclass
    enrichment, including same-language shared-core (subdag) families that expose
    async/sync async-mirror transformations.
  • Added the builtin Java Guava immutable collection factory pack for
    ImmutableList.of, ImmutableSet.of, and ImmutableMap.of, with exact
    com.google.common.collect import-backed provenance and hard-negative
    boundaries for copyOf, missing imports, wrong packages, local type shadows,
    static null elements/key-values, duplicate static map keys, and unsupported
    ImmutableMap.of arities.
  • Added Java stdlib Collections factory contracts for emptyList,
    emptySet, singleton, singletonList, emptyMap, and singletonMap,
    moving those surfaces behind pack-owned factory evidence and fixed-arity
    fail-closed result-domain checks.
  • Added Swift stdlib collection factory semantics for Array(sequence),
    Set(sequence), and Dictionary(uniqueKeysWithValues:), with pack-owned
    provenance and hard negatives for shadowed types, wrong labels, tuple-entry
    shape, and duplicate static keys.
  • Added Go strings.Contains as a string-containment semantic capability
    distinguished from slices.Contains by imported namespace proof.
  • Added JS/TS Object.keys map-key-view semantics for proven static objects,
    sharing the map-key-view capability while keeping dynamic objects, unsafe
    mutation, wrong globals, and unsupported wrappers closed.
  • Added Rust Result channel capability for Ok/Err constructor provenance
    and exact-Result is_ok/is_err predicates, without opening callback,
    defaulting, or panic-like Result APIs.
  • Added the sequence-HOF and iterator-materialization capability tranche:
    Rust iterator HOFs, Python iterator builtins, JS/TS Array HOFs, Swift
    Sequence HOFs, and Ruby Enumerable HOFs now use pack/protocol-owned evidence,
    receiver/source proof, callback demand/effect boundaries, and adjacent hard
    negatives. The tranche moved builtin packs 46 -> 48, exact-capable packs
    36 -> 38, positive fixtures 150 -> 177, hard negatives 102 -> 139, and
    conformance refs 252 -> 316.
  • Added durable semantic-pack closeout requirements and #533 closeout evidence,
    including linked independent review artifacts, query-regression evidence
    requirements, per-leaf before/after metrics, and explicit process-gap
    labeling for historical missing pre-merge review evidence.

Changed

  • Tightened spotclass=leaf-only to require graded.equal_modulo_holes=true, so
    demoted witnesses such as async/sync transformation twins classify as structural
    instead of clean parameterization candidates.
  • Narrowed the numeric clamp frontier packet: controlled two-comparison and library
    bridge surfaces are now recorded as covered, leaving real-corpus bound-order proof
    as the remaining blocker.
  • Strengthened clamp min/max proof so branch-local positive bound-order guards
    can prove the safe lo <= hi path while keeping the inverse guard scoped.
  • Hardened Swift factory mutation boundaries so mutation-sensitive factory
    evidence stays closed unless the required place/effect proof is present.
  • Tightened semantic-pack review discipline: future behavior-changing
    semantic-pack leaf or migration PRs must preserve two durable independent
    review artifacts, resolve blocking findings before merge, and keep product
    query-regression evidence out of scratch-only /tmp state.

Fixed

  • Resolved the Rust Result API evidence runtime trigger by caching repeated
    proof work around existing pack evidence while preserving clone output; the
    focused serde_json comparison stayed at 0 query-regression triggers.

Performance

  • Re-ran product query-regression for the sequence-HOF tranche across the
    selected Rust, Python, JS/TS, Swift, and Ruby representatives. All five leaf
    comparisons recorded 0 investigation triggers. JS/TS axios showed a small
    in-budget median wall-time increase (167.22 ms -> 171.97 ms), while the Swift
    and Ruby representatives improved on their saved comparisons.
  • Re-ran the hazard release refresh on the 12-repo calibration corpus for
    nose 0.16.0. The shipped hazard formula stayed stable (v5 G1 AUC 0.691,
    logistic G1 AUC 0.659), so no hazard() recalibration was needed.

Install nose-cli 0.16.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.16.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.16.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.15.0 - 2026-06-22

Choose a tag to compare

@github-actions github-actions released this 22 Jun 06:40
a5945eb

Release Notes

Added

  • Added the builtin semantic-pack operating model: compiled builtin pack descriptors,
    query JSON semantic_packs provenance, nose capabilities semantic-pack support
    fields, and the nose semantic-pack inventory report for auditing shipped pack
    ownership, conformance refs, fixture counts, and coverage gaps.
  • Added builtin semantic-pack adoption and compatibility reports:
    nose semantic-pack adoption-gates for optional/default promotion gates and
    nose semantic-pack compatibility for manifest API, installed-version, kernel
    vocabulary, and external-influence policy.
  • Added semantic-pack conformance report schema v2 with executable fixture-expectation
    gates and row-level external influence preflight blockers.
  • Added documentation for the builtin-first semantic-pack architecture, compatibility
    policy, adoption gates, ecosystem candidate matrix, and the pre-release kernel/pack
    boundary review.

Changed

  • Renamed the current official semantic ownership model from first-party wording to
    builtin semantic packs. The broad nose.first_party id remains only as a legacy
    compatibility descriptor; new official language, stdlib, protocol, library, and law
    support should use narrow builtin pack ids.
  • Moved active official semantic ownership behind narrow builtin descriptors for
    language packs, stdlib/library slices, protocol packs, and value-graph laws while
    preserving existing product behavior except for additive provenance/reporting
    metadata.
  • Kept local external semantic-pack manifests explicit opt-ins and metadata-only.
    Local manifests are validated and reported, but they do not influence clone
    families, ranking, witnesses, exact/near results, or value-law provenance.

Fixed

  • Split Go stdlib namespace-call ownership out of the generic builtin method-call
    compatibility pack into nose.go.stdlib.namespace_calls.
  • Aligned semantic-pack conformance documentation examples with the current inventory
    and check JSON report shapes.

Performance

  • Kept builtin descriptor and external metadata handling out of per-node and per-unit
    analysis hot paths. The new semantic-pack diagnostics are static/reporting surfaces,
    and adoption/inventory/compatibility reports are checked independently from query
    analysis.

Install nose-cli 0.15.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.15.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.15.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.14.0 - 2026-06-20

Choose a tag to compare

@github-actions github-actions released this 20 Jun 04:42

Release Notes

Added

  • Added explicit multi-root query analysis with repeatable nose query --root/-r <path>, while
    keeping the single positional-root form compatible. nose capabilities now advertises
    query.capabilities.multi_root.
  • Added a hidden nose gap-impact research diagnostic that ranks remaining lowering gaps by
    affected files, detection units, unit node/line mass, repositories, and parser-error status
    instead of by Raw count alone.

Changed

  • Tightened the nose query machine-readable contract. Query JSON is now schema v4, family
    locations carry member ids, --baseline families carry baseline_status, query rows expose
    source_comparable, family objects carry raw detector metrics for evaluation tooling,
    dashboard JSON exposes the stable families[] key, verified evidence labels distinguish
    exact from shared-core, and cross-language rows report repeated semantic volume instead of
    ~0 removable.
  • Redesigned query baselines as schema v2 accepted-duplication files with family ids, member
    ids, and member source digests. Pre-v2 baseline arrays are no longer supported; regenerate with
    nose query <path> --baseline <file> --write-baseline.
  • Production reinvented-helper suggestions that only point at test helpers are now omitted with
    explicit counts.
  • Split benchmark corpus pruning internals behind the stable bench/prune_corpus.py wrapper,
    moving manifest mechanics into bench/corpus_prune/core.py and CLI/self-test orchestration into
    bench/corpus_prune/cli.py.

Fixed

  • Corpus lowering now skips source-extension artifacts that are not analyzable source: binary
    files with source suffixes, ANSI-highlighted output files, and obvious C++ .h headers that
    were previously routed to the C parser. On the pinned bench/repos corpus this cuts parser
    ERROR Raw from 56,895 to 25,219 and full lowering-gap Raw from 60,332 to
    28,444.
  • Closed measured high-impact language-lowering gaps across Python, Go, Java, Swift, Rust, Ruby,
    and TypeScript. The pass covers Python comments/continuations/dict unpack, Go type switches,
    generic/index ambiguity, iota, labels, and fallthrough, Java declaration/module and unsigned
    shift surfaces, Swift macros/directives/accessors/operators/literals/ranges/selectors/control
    flow, Rust nested constructor patterns, macro token roots, shorthand projections, and let
    chains, Ruby regex/case/rescue/lambda/interpolation/operator/modifier forms, and TypeScript
    decorators/static blocks. Ambiguous, type-only, and macro-only syntax is now exact-closed or
    fail-closed instead of leaking actionable Raw wrappers.
  • Made checked-out benchmark corpus setup reproducible after pruning: pinned repos are reset
    before pruning, .DS_Store is excluded from prune/digest accounting, and the prune manifest was
    refreshed for the fresh-corpus result. Manual corpus-verify runs also have a longer timeout and
    upload logs on cancellation.
  • Fixed repository CI by splitting overlong frontend test modules below the file-length ratchet
    limit and cleaning up clippy ratchet failures without changing covered behavior.

Performance

  • Re-ran representative release-build performance gates throughout the lowering work; no
    systematic slowdown was observed. Final post-change wall times on the same workspace were
    stats bench/repos --top 40 19.90s, gap-impact bench/repos --top 40 21.97s,
    query sympy 3.80s, query raylib 3.25s, and query alacritty 0.19s.

Install nose-cli 0.14.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.14.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.14.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.13.3 - 2026-06-19

Choose a tag to compare

@github-actions github-actions released this 19 Jun 05:15

Release Notes

Changed

  • Removed the old scan and review CLI surfaces. Use nose query <path> ... for clone-family
    exploration and nose query <path> base=<ref> for divergent-edit gates.
  • Bulk nose query ... all top=0 --format json rendering now reuses one source-line cache while
    preserving byte-identical JSON. This keeps the existing all-copies params contract but avoids
    re-reading and anti-unifying every family independently during JSON output.
  • Rebased the CI line-coverage ratchet to 83% after the query-only CLI deletion and
    legacy-prelude merge. Current local cargo llvm-cov --workspace --summary-only line coverage is
    83.68%; keep the workflow and scripts/check-ci-local.sh in sync.

Performance

  • Re-profiled the checked-out bench/repos corpus with a release build after the render fix:
    150/150 repos succeeded, 0 repos >= 4s, 82.063s total, max 3.989s (sympy).
    Representative byte-identical stage checks: raylib query_render 5284.7ms → 67.3ms,
    sympy 778.7ms → 166.7ms, and bulma 3124.8ms → 87.9ms.

Install nose-cli 0.13.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.13.3/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.13.3

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.13.0 - 2026-06-18

Choose a tag to compare

@github-actions github-actions released this 18 Jun 09:45
51ac49e

Release Notes

Adds a Swift language frontend and brings Markdown near-duplicate prose detection into
nose query as a new domain (alongside code, CSS, and HTML), plus a Type-4 soundness fix and a
higher cross-language Type-4 coverage floor. Detection of the existing languages and the
--format json query-JSON v2 contract are unchanged.

Added

  • Swift language frontend (#442). Swift joins the first-party languages (Python, JavaScript,
    TypeScript, Go, Rust, Java, C, Ruby) with tree-sitter lowering and semantic coverage, so Swift
    copy-paste, renamed, and Type-4 same-logic clones are detected and proven like the others.
  • Markdown same-language near-duplicate prose as a nose query domain (epic #435). nose query now reports near-duplicate prose across Markdown documents alongside code clones. Per
    capabilities over features, duplication has one entry point, so markdown is surfaced
    through nose query exactly as the CSS/HTML declarative track is — a "markdown near-duplicates"
    section in the human dashboard and a top-level markdown array under --format json — not as a
    separate command. Prose is not code, so it uses a deliberately separate nose-markdown engine:
    a character-n-gram pipeline (MinHash-LSH + winnowing + containment candidate generation →
    IDF-weighted TF-IDF verify/rank → line-level Smith-Waterman span witness), not the value-graph
    IL. Reports ranked families with a relation tier + score, an exact span witness, and
    orthogonal evidence (commonness/DF, removable lines, files). Honesty contract:
    "near-duplicate (score + witness + commonness)", never "same meaning" or "worth removing" —
    boilerplate copies are true duplicates surfaced with high commonness, never suppressed.
    Same-language only (cross-lingual/paraphrase need an LLM, out of scope). Deterministic
    (byte-identical output). Measured against frozen, LLM-built goldens (bench/markdown/, no
    human in the loop: 3 heterogeneous judges, Fleiss κ 0.70/0.71, anchor self-calibration 1.0):
    PR-AUC 0.995 / R@P95 0.96 on the code-of-conduct corpus, and an honest multi-genre baseline of
    PR-AUC 0.944 / R@P95 0.74 across 5 doc genres, candidate-recall 1.0. Built on the
    algorithm survey in docs/markdown-dup-detection-algorithm-survey-2026-06-18.md. See
    docs/markdown-duplication.md.
    (#435 #436 #437 #438 #439 #440 #441 #444)
    • Field-evaluation precision/usefulness fixes (#443, #447). (P0) default vendor-dir excludes
      (node_modules, vendor, target, …) + nose.toml exclude globs, so a non-git project's
      node_modules no longer floods the report (one field project went 145 noise families → 0); a
      min-shared-grams match-substance floor drops thin overlaps. (P1) strip GFM table
      scaffolding (pipes/separator rows are format, not content); strong-edge clustering (weak
      edges corroborate but don't chain mega-families); confidence-weighted ranking. (P2) large
      multi-file clusters are reported as templated sections ("skeleton repeated N× across M
      files"), not a clone family — so a templated-doc blob no longer masquerades as one family.
    • Containment-witness gate (P3, #449). A size-disparate small-in-large containment match
      must now have a real contiguous shared-line block, not just scattered char-gram overlap — a
      small generic stub no longer gets pulled into a large unrelated doc by common-morpheme
      coincidence. Surgical: one field project's spurious mixed-granularity families dropped 8 → 5
      with genuine small-in-large and reworded same-size near-dups preserved.
    • Synthetic recall-vs-edit-ratio benchmark + recall gate (#443, #450). The golden gates
      precision; this adds the missing recall gate — a deterministic, self-contained benchmark
      (nose-markdown::synth, committed base corpus) that injects controlled edits at known ratios
      and asserts recall floors (1.00 / 0.95 / 0.85 / 0.65 at 0/0.1/0.2/0.35 edit ratio), so a
      future change that silently sacrifices recall fails CI.
    • Multi-domain precision golden + regression gate (#443, #454). The original precision
      golden was single-genre boilerplate (Contributor Covenant CoC), which over-stated precision.
      Added a frozen multi-domain golden — bench/markdown/corpus-docs/ (165 files across 5
      genres: CLI reference, function/API reference, guides, framework docs, READMEs) +
      golden.docs.v1.json, built the same no-human way (Fleiss κ 0.71), wired into a precision
      regression gate (eval::docs_golden_precision_floor). The golden-build scripts now take paths
      so any corpus can be golden'd.

Changed

  • Swift Type-4 exact coverage parity slice. Swift now has evidence-backed exact-query
    coverage for five previously-open matrix cells: typed flatMap vs nested append builders,
    module import identity, Dictionary[key, default:] map-default lookup, literal Int
    clamp ternaries vs min(max(...)), and integer-gated total-order comparison absorption.
    The implementation is deliberately proof-bounded: wrong module/member/key/default
    coordinates, optional ?? defaulting, Double clamp forms, and overloaded/String
    comparisons remain adjacent hard negatives. The checked-in Type-4 matrix moves Swift from
    15/24 to 20/24 applicable cells, and focused probes now run through
    nose query ... witness=exact rather than the deprecated scan path.
  • Type-4 coverage floor raised to ≥50%. The checked-in coverage matrix
    (bench/type4/coverage_matrix.v1.json) now keeps every primary language at or above 56% of
    covered applicable cells, backed by new evidence-carrying probes (extract-method-inline,
    numeric tail recursion, …) for C, Go, and others.

Fixed

  • structural_fold reassociation gated to integer heads (#434). A Lean obligation audit (all
    24) found the right-fold→left-fold loop rewrite — proven sound over Int only — could admit a
    float-valued head via the coarse ValueDomain::Number, and float +/* is non-associative, so
    results could change. Added head_possibly_float (rejects float literal / Op::TrueDiv /
    float-typed param), measured byte-identical on all 135 corpus repos (0 recall cost,
    soundness gain), plus added Lean theorems for previously-unproven firing rewrites
    (eq_commutes/ne_commutes, guard merges, and a structural_fold float counterexample).
  • Swift implicit-member lowering gap (#452, #455). Swift implicit-member expressions now lower
    correctly, closing a coverage gap.

Install nose-cli 0.13.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.13.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.13.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.12.0 - 2026-06-18

Choose a tag to compare

@github-actions github-actions released this 17 Jun 23:39
73e14b9

Release Notes

Reworks the nose query terminal output to match the project's reporting philosophy —
scope-blind, plain-language, colour-aware — and sweeps the user-facing docs for drift and
consistency. Detection behavior and the machine contract are unchanged: --format json still
emits query-JSON v2 and spells the witness subdag.

Changed

  • nose query human-output redesign (#431). Families now rank purely by extractability,
    scope-blind — test and production are treated alike. The old prod-first partition, the
    "(production first)" label, and the pushed scope=prod recommendation are gone; scope
    stays a neutral filter. The opaque subdag witness reads as shared-core throughout the
    human output, and the confidence line regroups as proven (exact + shared-core) /
    copy-paste / similar with a one-line legend. New TTY-gated colour (zero-dependency
    mod style): witness tags colour-coded, paths dimmed, symbols bold — disabled under
    NO_COLOR, when piped, and for the JSON/Markdown/SARIF formats, with column alignment
    computed on visible width so ANSI never skews the columns. The terse grammar: block
    becomes a runnable explore cheatsheet.
  • CLI surface cleanup (#431). The deprecated scan/review and the experimental
    behavioral-gate are hidden from top-level --help (they still work, still warn on a TTY,
    and stay listed under capabilities.commands.deprecated); flag docs are self-contained
    instead of "(same as scan)"; count nouns are pluralized; empty/single-directory dashboards
    no longer emit dead next-commands.

Documentation

  • User-facing docs drift, consistency, and IA sweep (#431, #432). Re-verified every
    user-facing page against the live CLI (clap help, query DSL parser, query/scan JSON,
    capabilities). Reconciled the witness vocabulary (shared-core human ↔ subdag JSON);
    corrected scan-JSON-v1-only fields wrongly attributed to query-JSON v2 (baseline_status,
    ignore.expired, ignored_families) and pointed query users at the since=<baseline> term;
    clarified that the top config key bounds nose scan only; documented that sort=sites/
    hazard work under query and that behavioral-gate is hidden; renamed usage "Scan modes"
    → "Detection modes"; added a canonical "default surface" section; de-duplicated the CSS/HTML
    detail against languages.md; gave Vue/Svelte their own extension table; and fixed broken
    cross-links (awiki lint clean).

Notes

  • Control-flow lowering converged on shared lower.rs helpers (#430). The per-language
    if/for/while/stmt-as-block lowering for C/Java/JS/TS collapsed onto three
    closure-parameterized helpers; the emitted IL is byte-identical by construction (verified on
    redis/guava/axios/bat/black), eliminating three of nose's own flagged self-clones. No
    behavior change.

Install nose-cli 0.12.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.12.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.12.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum

0.11.0 - 2026-06-17

Choose a tag to compare

@github-actions github-actions released this 17 Jun 11:08
dcee93d

Release Notes

Adds a declarative clone-detection track — CSS and HTML/markup, by computed-style and
rendered-DOM equivalence — alongside the imperative value-graph engine, plus a cross-dialect
markup model that converges the same component across HTML/Vue/Svelte/JSX/TSX.

Added

  • Declarative CSS clone detection by computed-style equivalence (#413, #415, #416). CSS is
    now a first-class language on a new DECLARATIVE track that sits alongside (not inside) the
    imperative value-graph moat. A new Lang::Css + CssRule/CssSelector/CssDecl IL feeds an
    exact fingerprint that is the rule's canonical computed/declared style — value
    canonicalization in css_value (color #fff#ffffffwhite over the full 148-entry
    named-color table, length 0px0, box-shorthand collapse, url()/hsl() spelling
    normalization) and selector/order-independent matching, but cascade-preserving (repeated
    property last-wins; shorthand+longhand co-occurrence kept order-sensitive). At-rule preludes
    (@media/@supports/@container) are canonicalized so equivalent conditions converge while
    distinct ones stay apart (closes a latent prelude false merge). Soundness is by construction
    (fingerprint is the computed style, no IL rewrite) plus adversarial per-rule batteries and a
    domain-namespaced hash that can never collide with an imperative one; registered as the
    normalize.css.computed_style (empirical-only) obligation. Measured by a labeled
    benchmark (tests/css_html_quality.rs): recall 13/13, soundness 14/14, verify gate 0 false
    merges on the frontend corpus.
  • Declarative HTML markup clone detection by rendered-DOM equivalence (#413). New
    HtmlElement/HtmlAttr/HtmlText IL; every element subtree is a unit. The exact fingerprint
    is the canonical rendered DOM — a recursive subtree hash over lowercased tag + attribute
    set + ordered children, canon over attribute order, boolean-attr form
    (disableddisabled=""), class-token set, tag/attr case, and whitespace
    (<pre>/<textarea> kept verbatim). Inline style="…" reuses the full CSS computed-style
    canon. The structural near channel abstracts declarative leaf values, so a repeated component
    shell with different content surfaces as similar while identical DOM surfaces as exact.
  • <script>/<style>/markup multi-region files (#413). A container file
    (.html/.vue/.svelte) lowers to several region ILs — <script> as JS/TS, <style> as
    CSS, the markup tree as HTML — all sharing the container's path, so a duplicated block in a
    component's <style> and a standalone .css form one cross-file family.
  • Cross-dialect markup clones across HTML/Vue/Svelte/JSX/TSX (#417). All five dialects lower
    into the common declarative markup IL so the same component converges across dialects. JSX/TSX
    now lower to HtmlElement/HtmlAttr/HtmlText (was an imperative Call-tree); a new
    HtmlControl node wraps repeat/conditional idioms (Vue v-for/v-if, Svelte
    {#each}/{#if}, JSX .map/&&/ternary). Dialect-idiom normalization
    (classNameclass, htmlForfor, router-link/Linka, tohref, :srcsrc)
    runs in the handlers. The exact channel stays sound — a loop wrapper is structurally distinct
    from a single element and never exact-merges with it; bound-attribute expressions are kept
    verbatim — so cross-dialect matches land on near unless the rendered DOM is genuinely
    identical. Measured on a realworld React+Vue+Svelte corpus: cross-dialect markup families
    0 → 9 (3 three-way), pinned by a six-test adversarial soundness battery.
  • async↔sync twins converge in the near channel — dual-view await (#412). The #1
    real-world Type-4 gap (§K/§CU): an async fn and its sync twin (identical body modulo await)
    were 0 families. A dual view of the value graph keyed by Builder.await_transparent evaluates
    await e → e for the fingerprint (twins converge) while the witness keeps an
    Opaque(VG_PROTOCOL_AWAIT,[e]) wrapper so the graded witness labels them async-mirror (a
    transformation, never equal_modulo_holes). The exact channel is provably inert
    (await→Raw→exact_safe=false): verify clean, exact families byte-identical. Synthetic recall
    0 → 6/6, hard-negative FP 0/3; modest real-corpus lift (httpx +1, most twins already converge
    via the anchor path).
  • Rust match-arm payload bindings now converge bound-name copies (#404, #390 follow-up). A
    match arm's payload binder (the v in Some(v)) lowers to a projection assignment prepended to
    the body (v = scrutinee.0), so it is alpha-canonicalized and Some(a) => f(a)
    Some(b) => f(b). Conservative (rust_bind_arm_pattern): only unambiguous single-payload
    tuple-struct bindings and named struct-field projections; multi-element/nested patterns stay
    unbound. nose verify --max-violations 0 clean, cross-variant (Some vs Ok) stays distinct.

Changed

  • Compiled/distributed CSS is kept off the default surface (#424, #426). The frontend gold
    set measured the CSS-framework default surface at ~10% worthy, mostly preprocessor output. A
    content-based filter (looks_compiled_css) now treats a .css carrying a build marker — a
    preserved /*! license banner, a versioned header, a trailing sourceMappingURL, a sibling
    .css.map, or a .min.css name — as generated (off the default surface), and
    family_is_compiled_css_pipeline demotes an all-CSS family with at most one non-compiled member
    (a source partial echoed through source→compiled→minified). Preprocessor source files stay on
    the surface; a genuine dedup spanning ≥2 source files stays. Measured on the gold set:
    0 worthy dropped, default-surface worthy-rate 20% → 41% (framework 11% → 31%).
  • nose stats JSON moved under the tool-wide --format json (#420). The one-off --json
    flag is removed (not aliased — one way, not two; pre-1.0 diagnostic command, sole in-repo
    consumer migrated), so stats follows the same --format contract as query/scan/il.
  • tree-sitter core upgraded 0.240.25, grammars tree-sitter-c0.24.2,
    tree-sitter-python/tree-sitter-javascript0.25.0
    (#403, unblocks the reverted
    #399/#400/#401). The bumped grammars compile to grammar ABI 15; core 0.25 accepts ABI 14
    and 15
    , so the still-pinned 0.23 grammars (java/ruby/typescript) keep loading
    alongside them. Internal-only — no Rust API changes were needed, and nose query --format json output is byte-identical across the bump on C/Python/JS corpora (the normalizer
    absorbs the CST-shape deltas), with the soundness gate (verify --max-violations 0) clean.
    Validated on a cargo clean release build (the stale-grammar-object trap that produced the
    #402 false-green; with core at 0.25 both ABI versions load, so it can no longer recur).
  • tree-sitter-rust upgraded 0.230.24.2 (ABI 15; follows #403). Behavior-neutral:
    nose query --format json is byte-identical before/after on the Rust dogfood tree
    (crates/) and a Rust corpus (alacritty), with the dup-gate and soundness gate clean.
  • tree-sitter-go upgraded 0.230.25.0 (ABI 15; follows #403), with the required
    go.rs migration: go 0.25's one structural change is wrapping block / switch-case /
    select-case statements in a new statement_list node, so the frontend now flattens that
    wrapper (stmt_children) — without it every nested statement orphans to Raw, spiking the go
    Raw ratio 0.7% → 29%. With the migration the Raw ratio is restored to 0.7% and nose query
    output is byte-identical to go 0.23 on 12/16 go corpus repos; the remaining four differ by
    ≤4 families from go 0.25's own parse-behaviour refinements (Raw ratio equal-or-lower, soundness
    gate clean — not a lowering regression). (type_alias also gained a type_parameters field for
    generic aliases; the frontend ignores type declarations, so it has no effect.)

Fixed

  • False merge closed: JS nullish-coalesce map default (adversarial co-evolution series 10,
    #411, §CT).
    A latent oracle-blind merge — JS m.get(k) ?? d (nullish coalesce) shared an
    exact fingerprint with the absence-only defaults (has/in/getOrDefault/.get(k, d)/
    === undefined), though they diverge on a present null-valued key. The null-guarded map default
    now lowers to the faithful ValueOrDefault (not GetOrDefault), and the eval.rs
    === undefined-over-map.get exception is dropped. Corpus byte-identical; closes #409, #410.
  • nose query report locations bounded to EOF + markdown drill-down (#428: #419, #421, #422).
    Frontend::span() read tree-sitter's end_position().row + 1 verbatim, so a unit ending in a
    trailing newline reported end_line = content_lines + 1 (past EOF); the column-0 correction
    already used in declaration_facts.rs is now applied, dropping out-of-bounds locations across
    the corpus to 0 (family/location counts unchanged). id=<fam> --format markdown now renders the
    all-copies extraction skeleton (and full the representative diff), composing with the
    human/JSON views; help/usage/query-json wording corrected so the value sort key reads as
    duplicated volume, not the removable field.
  • nose query top=0 now shows all families (matching nose scan --top 0), instead of
    returning an empty result. The dataset build already used top=0 for "every family"; the
    display paths (list, base, reinvented, and the --format markdown/sarif report) now
    agree, so nose query <path> --format sarif top=0 is the complete-upload spelling and query
    fully subsumes scan's truncation control. No top= term still defaults to 30.

Notes

  • value-graph opaque census instrument (#405, #391 prevalence probe). A hidden
    nose value-census (env-gated, zero fingerprint impact) attributes every ValOp::Opaque to its...
Read more

0.10.0 - 2026-06-15

Choose a tag to compare

@github-actions github-actions released this 15 Jun 04:16
e038931

Release Notes

Breaking: nose query becomes the primary surface and nose scan/nose review are
deprecated
(both still work, with an interactive one-line nudge; removal is slated for a
later release).

Added

  • nose query is now a complete surface over the same dataset scan computes:
    • Explorability (#374): DSL negation (field!=value / path!~substr), set-membership
      OR
      (witness=exact,subdag matches either; != over a comma-set drops all of them), an
      at=FILE:LINE selector (a stable family handle across edits), a same_symbol evidence field
      • facet (the parallel-variant signal), an existing_helper field on call-existing-helper
        families (names the member to call — and marks it role: "existing-helper" — so it isn't read
        as one more copy to fold), and a spotclass facet (leaf-only vs structural) that
        separates near families whose varying spots are clean value-leaves from those with genuine
        logic divergence (computed on demand from the graded witness — only when queried, for cost).
    • Analysis flags: --mode/--min-*/--exclude/--cache-dir/--ignore-file/
      --semantic-pack/--config, configured identically to scan.
    • CI gate: --fail-on any/new with --baseline/--write-baseline, reusing scan's
      gate/baseline/ignore logic — nose query <path> --fail-on any is a drop-in gate.
    • A structured, versioned JSON contract (query-json, schema v2)
      across every view, advertised as capabilities.schemas.query_json, plus --format markdown/sarif report output (reusing scan's formatters over the query selection).
    • Object model — query the whole dataset, not just families: group= buckets now carry
      summed removable lines and rank by them (group=dir/group=file is a duplication hotspot
      map), file is a new group key, the family view emits fold-graph links
      (subsumes/subsumed_by — the related id= handles, not just a count), and a new
      reinvented view surfaces the reinvented-helper channel ("call the existing helper") that
      was previously scan --show reinvented only.
    • Decision completeness — act in one turn: full skeletons annotate each varying spot
      with a coarse value-class hint (⟨param N: literal|name|call|expr|block⟩) for the helper
      signature (#374 item 6), and the family object carries proof depth — value_nodes (the
      shared value-multiset size an exact family proves identical) and per-location
      shared_subdag spans (where a sub-dag clone's proven shared computation lives).
    • Temporality — query the loop, not a snapshot: since=<baseline> exposes each family's
      status (new/changed/unchanged) against a saved snapshot as a queryable field —
      status=new filter, group=status facet, status in JSON. Unlike --baseline (which
      hides accepted families for the gate), since= hides nothing; since=B status=new --fail-on any is the composable equivalent of --baseline B --fail-on new.
    • Divergent-edit view — base=<git-ref>: the nose review pipeline
      surfaced under query. Detects families at the ref and flags the ones a diff changed in one
      copy but not its siblings (a likely un-propagated fix), each item carrying fire_eligible
      (the §BV proven-shared-logic verdict); base=REF --fail-on any is the CI gate, firing only
      on the proven case. Reuses review's detection verbatim, so the fire precision is identical.
  • Analysis — nose stats separates protocol-boundary Raw from lowering-gap Raw (#390).
    Constructs lowered as deliberate fail-closed boundaries (await, try/?, defer, go,
    channel_*, select, yield) are Raw by design, not coverage gaps. stats now reports
    boundary_raw (overall + per-language) and tags each unhandled kind boundary/gap, so the
    lowering worklist (coverage_attribution.py) isn't misled into unsoundly "fixing" a boundary.
    Corrected corpus picture: rust/go genuine lowering gap is 0.37%/0.18% (the rest is
    boundaries); the remaining fixable mass is parse-failure ERROR (a grammar axis) and
    low-value C type-level declarations. See experiments §CR.
  • Analysis — Rust constructor patterns now lower as variant tests (#390). A match/if let/while let test on Some(v)/Ok(_)/Point { x, y } lowered the whole pattern to an
    opaque Raw node (and split copies differing only in binding name); it now lowers to the
    constructor path (the discriminant), parallel to a unit variant like None. Measured: corpus
    Rust Raw ratio 2.623% → 1.347%, soundness clean (0 false merges), gold-set Rust
    worthy-recall +1 with no regression elsewhere. (The variant condition is now Raw-free;
    whole-family convergence for copies differing only in the bound name needs binding extraction,
    a follow-up.) See experiments §CP (the coverage worklist) and §CQ.
  • nose scan is deprecated in favour of nose query. It still works (an interactive run
    prints a one-line nudge); capabilities moves it from commands.stable to
    commands.deprecated; docs lead with query. Removal is slated for a later release.
  • nose review is deprecated in favour of nose query <paths> base=<ref> (which runs the
    same detection — a parity test holds them identical). It still works (interactive nudge);
    capabilities moves it to commands.deprecated. Removal is slated for a later release.

Deprecated

  • nose scan (and the scan-JSON v1 contract) and nose review — migrate to nose query
    (query <path>, query <path> base=<ref>) and the query-JSON v2 contract.

Documentation

  • The docs lead with nose query. README, the wiki home,
    getting-started, and the full usage reference now
    present nose query as the everyday command — explore, one-shot report (--format markdown),
    PR check (base=<ref>), CI gate (--fail-on), and the versioned JSON contract. nose scan/nose review are documented as deprecated aliases, and usage is reordered so the
    primary command and the shared Ranking / detection-mode sections come before the deprecated
    scan reference. The CLI --help text (long_about, the scan/query summaries) was
    updated to match.
  • Code↔docs drift sweep. Fixed the capabilities example
    (commands.stable no longer lists review; deprecated adds it; schemas.query_json added);
    migrated the agent-recipe decision procedure to query-JSON v2 field
    names; added a deprecation banner to scan-json pointing to query-JSON v2;
    corrected clone-types (near is part of the default surface, not
    opt-in); updated languages for the #390 boundary/gap Raw split; and
    refreshed the stale nose query dashboard examples against the shipped output.

Install nose-cli 0.10.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/corca-ai/nose/releases/download/v0.10.0/nose-cli-installer.sh | sh

Install prebuilt binaries via Homebrew

brew install corca-ai/tap/nose

Download nose-cli 0.10.0

File Platform Checksum
nose-cli-aarch64-apple-darwin.tar.xz Apple Silicon macOS checksum
nose-cli-x86_64-apple-darwin.tar.xz Intel macOS checksum
nose-cli-aarch64-unknown-linux-gnu.tar.xz ARM64 Linux checksum
nose-cli-x86_64-unknown-linux-gnu.tar.xz x64 Linux checksum