Skip to content

crewhaus v0.1.3

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Jun 13:19
· 3 commits to main since this release
v0.1.3
22b3646

What's Changed

  • Add module catalog for the meta-harness by @crewhaus in #1
  • Scaffold TS+Bun monorepo and CLI vertical slice by @crewhaus in #2
  • feat: foundations (errors, logging) + CI by @crewhaus in #3
  • feat: foundations infra-utils + catalog progress tracking by @crewhaus in #4
  • fix(runtime-core): exit chat loop cleanly on stdin EOF by @crewhaus in #5
  • feat(r3): tool layer foundation — catalog, builder, validate, permission, executor by @crewhaus in #6
  • feat(pipeline): thread tools through spec → IR → codegen → runtime by @crewhaus in #7
  • feat(r4): built-in tools — tool-fs, tool-bash, tool-todo (Section 3) by @crewhaus in #8
  • feat(runtime): turn state machine + token budget + compaction (R1/R2/R6) by @crewhaus in #9
  • feat(cli): section 5 — init / run / doctor subcommands by @crewhaus in #10
  • feat: add workflow target shape (Section 6) by @crewhaus in #11
  • Section 7: recovery + permission engine + abort tree by @crewhaus in #12
  • Section 8: tool-orchestrator + loop-detection + result-store + streaming executor by @crewhaus in #13
  • Section 9: MCP host + tool-mcp + mcp_servers pipeline by @crewhaus in #14
  • Section 10: state-store + session-store + event-log + runtime-core persistence by @crewhaus in #15
  • Section 11: hooks-engine + skills-registry + slash-commands by @crewhaus in #16
  • Section 12: channel-bot target + channel-adapter-slack + tool-message-channel by @crewhaus in #17
  • Section 13: sub-agents and the Task tool by @crewhaus in #18
  • Section 14: tool-web, tool-image, tool-fetch by @crewhaus in #19
  • Section 15: trace-event-bus + otel-exporter + metrics-collector + structured-event-printer by @crewhaus in #20
  • Section 16: eval-dataset, eval-grader, eval-judge, eval-runner, eval-report + crewhaus eval CLI by @crewhaus in #21
  • Section 17: multi-provider model layer (adapter-{anthropic,openai,gemini,bedrock} + model-router) by @crewhaus in #22
  • Section 18: production safety floor (sandbox + tool-code-execution + prompt-injection-detector) by @crewhaus in #23
  • Section 19: GRPH target shape (checkpoint-store + graph-engine + branch-history + durable-execution + target-graph) by @crewhaus in #24
  • Section 20: MGD target shape + governance (gateway + policy + tenancy + audit-log + target-managed) by @crewhaus in #25
  • Section 21: RAG target shape (chunker + embedder + vector-store + pipeline-engine + tool-retrieve + target-pipeline) by @crewhaus in #26
  • docs: roadmap update for Sections 1–21 complete + scope Sections 22–26 by @crewhaus in #27
  • Section 22: CRW target shape (multi-agent crew) by @crewhaus in #28
  • Section 23 RES: research bundle target (planner + crawler + citation-tracker + report-writer) by @crewhaus in #29
  • Section 23 BATCH: queue worker target (queue-protocol + queue-consumer + idempotency-keys + target-batch-worker) by @crewhaus in #30
  • Section 24: VOICE target shape (voice-runtime + vad-engine + barge-in + call-session + target-voice) by @crewhaus in #31
  • Section 25: BROW target shape (computer-use-driver + tool-screen-capture + tool-mouse-keyboard + tool-vision-grounding + target-browser-driver) by @crewhaus in #32
  • Section 26: Studio (studio-server + studio-ui + trace-viewer + graph-visualizer + wizard + scaffold-templates + plugin-sdk) by @crewhaus in #33
  • docs: roadmap update for Sections 1–26 complete + scope Sections 27–31 by @crewhaus in #34
  • docs: mark Sections 24–26 complete in build-roadmap.md by @crewhaus in #35
  • Section 27: Production hardening (cost-tracker + rate-limiter + circuit-breaker + prompt-cache-manager + secrets-manager) by @crewhaus in #36
  • Section 28: Deployment + canary + migration (spec-registry + ir-passes + migration-engine + migration-runner + deployment-controller + canary-controller) by @crewhaus in #37
  • Section 29: Evaluation depth + EVAL target shape (dataset-registry + grader-registry + regression-runner + prompt-optimizer + target-eval-bundle) by @crewhaus in #38
  • Section 30: Backend adapter completions (queue + vector + embedder + telephony + realtime + browser) by @crewhaus in #39
  • Section 31: Studio v1 (studio-server SSE + studio-ui dashboard + trace-viewer replay + graph-visualizer live + plugin-sdk content sandbox) by @crewhaus in #40
  • docs: roadmap update for Sections 1–31 complete + scope Sections 32–35 by @crewhaus in #41
  • Section 32: Distribution & packaging (docker-images + single-binary-cli + helm-chart + crewhaus-cloud) by @crewhaus in #42
  • Section 33 (1/4): channel-adapter-telegram + multi-channel scaffolding by @crewhaus in #43
  • Section 33 (2/4): channel-adapter-discord by @crewhaus in #44
  • Section 33 (3/4): channel-adapter-whatsapp by @crewhaus in #45
  • Section 33 (4/4): channel-adapter-imessage — completes channel breadth by @crewhaus in #46
  • Section 34: Federation (federation-protocol + federation-discovery + federation-router) by @crewhaus in #47
  • Section 35 (1/3): vscode-extension by @crewhaus in #48
  • Section 35 (2/3): jetbrains-plugin by @crewhaus in #49
  • Section 35 (3/3): crewhaus-playground — completes v1.1 surface by @crewhaus in #50
  • docs: roadmap refresh + scope v1.2 (Sections 36-40) by @crewhaus in #51
  • Section 36 (1/8): sandbox-image-registry — sequential prereq by @crewhaus in #52
  • Section 36 (2/8): sandbox-image-go — Go 1.23 polyglot image by @crewhaus in #53
  • Section 36 (3/8): sandbox-image-rust — Rust stable polyglot image by @crewhaus in #54
  • Section 36 (4/8): sandbox-image-java — JDK 21 polyglot image by @crewhaus in #55
  • Section 36 (5/8): sandbox-image-ruby — Ruby 3.3 polyglot image by @crewhaus in #56
  • Section 36 (6/8): sandbox-image-r — R 4.x polyglot image by @crewhaus in #57
  • Section 36 (7/8): sandbox-image-dotnet — .NET 8 polyglot image by @crewhaus in #58
  • Section 36 (8/8): sandbox-image-php — closes §36 polyglot surface by @crewhaus in #59
  • Section 37 (1/4): exporter-datadog — Datadog APM adapter by @crewhaus in #60
  • Section 37 (2/4): exporter-honeycomb — Honeycomb tracing adapter by @crewhaus in #61
  • Section 37 (3/4): exporter-splunk — Splunk Observability adapter by @crewhaus in #62
  • Section 37 (4/4): exporter-newrelic — closes §37 by @crewhaus in #63
  • Section 38 (1/4): grader-nlg-metrics — ROUGE / BLEU / METEOR by @crewhaus in #64
  • Section 38 (2/4): grader-semantic-similarity — embedding-cosine grader by @crewhaus in #65
  • Section 38 (3/4): grader-safety-classifiers — toxicity / bias / pii_leak by @crewhaus in #66
  • Section 38 (4/4): grader-multimodal — closes §38 by @crewhaus in #67
  • Section 39 (1/4): pii-redactor — composable PII redaction by @crewhaus in #68
  • Section 39 (2/4): audit-encryption — AES-256-GCM envelope encryption by @crewhaus in #69
  • Section 39 (3/4): data-retention-engine — GDPR retention + sweeper by @crewhaus in #70
  • Section 39 (4/4): compliance-controls — closes §39 by @crewhaus in #71
  • Section 40 (1/3): template-registry — sequential prereq by @crewhaus in #72
  • Section 40 (2/3): template-marketplace-client by @crewhaus in #73
  • Section 40 (3/3): example-corpus CI matrix — closes §40 + v1.2 phase by @crewhaus in #74
  • docs: roadmap refresh — Sections 36-40 closed; v1.2 phase complete; v1.3 scoped by @crewhaus in #75
  • docs: v1.3 roadmap detail — Sections 41-45 specs + kickoff prompts by @crewhaus in #76
  • docs: onboarding guide + 40 recipe stubs by @crewhaus in #77
  • docs: complete first five recipes + automated recipe testing by @crewhaus in #78
  • fix: declare every workspace dep the example bundles import by @crewhaus in #79
  • Pillars realignment: compiler-as-protagonist, active eval, security fabric by @crewhaus in #80
  • docs: restructure Module Catalog around role-based reading paths by @crewhaus in #81
  • docs: complete the 35 stub recipe walkthroughs by @crewhaus in #82
  • docs: install security mindset early; demystify the compiler abstraction by @crewhaus in #83
  • fix: stop generated workflow/graph agents from hanging on TTY stdin by @crewhaus in #84
  • fix: recipe walkthrough — five bug fixes across workflow / adapter / managed / crew by @crewhaus in #85
  • fix: close the four open follow-ups from the recipe walkthrough by @crewhaus in #86
  • docs: 3-panel YAML→IR→trace walkthrough; trust-boundary matrix; target funnel by @crewhaus in #87
  • fix(target-crew): mark truncated final-output preview so it doesn't look like a crash by @crewhaus in #88
  • feat(§47): blockchain shapes slice 0 — cross-cutting subsystem + read tools by @crewhaus in #89
  • feat(§47): blockchain shapes slice 1 — wallet-engine + signing + tx-policy enforcement by @crewhaus in #90
  • feat(§47): blockchain shapes slice 2 — IrChainV0/IrChainGameV0 + target emitters + recipes 43-47 by @crewhaus in #91
  • docs(recipes): interleave theory with shape recipes + diagnostic tree by @crewhaus in #92
  • feat(recipes): recipe 48 — harness designer (meta-recipe) by @crewhaus in #93
  • fix(tests): resolve fixtures from src/ when tests run from compiled dist/ by @crewhaus in #95
  • chore: launch prep — rename to factory, add governance + CHANGELOG by @crewhaus in #94
  • fix(doctor): point Pillar 1 audit at sibling docs checkout by @crewhaus in #96
  • docs: point relocated doc URLs at their new repos by @crewhaus in #97
  • feat: showcase-demos infrastructure — Phase 2 (15 gaps) + Phase 3 (OpenClaw imitation) by @crewhaus in #98
  • feat(v0.2.x): reference-corpus integrations — egress + justification + 12-metric + curator + codegraph + context-bundle by @crewhaus in #99
  • feat(v0.2.x): complete PR #99 wiring — compaction.curate* spec schema + tool-codegraph BUILTIN_TOOL_MAP by @crewhaus in #100
  • refactor: adopt AGENTS.md as vendor-neutral contributor compass by @crewhaus in #101
  • docs: cloned-repo install workflow + PACKAGES.md publish surface by @crewhaus in #102
  • docs: align README Quickstart with actual CLI surface by @crewhaus in #103
  • docs: fix multi-shape README example + add slack/triage specs by @crewhaus in #104
  • docs: simplify multi-shape README example to cli + browser by @crewhaus in #105
  • feat(cli): add target: browser support to crewhaus run by @crewhaus in #106
  • feat(target-browser-driver): honor ir.tools + ir.toolConfigs in emitted bundle by @crewhaus in #107
  • feat(tool-navigate): Navigate(url) tool so browser agents can bootstrap by @crewhaus in #108
  • feat(smoke-harness): compile-time smoke matrix across all 14 target shapes by @crewhaus in #109
  • feat(smoke-harness): runtime smoke for the browser target (Phase 3) by @crewhaus in #110
  • feat(smoke-harness): runtime smoke for the cli target by @crewhaus in #111
  • feat(smoke-harness): service-backed runtime scaffolds + activation plan by @crewhaus in #112
  • docs: point Studio + IDE links at new crewhaus/utilities repo by @crewhaus in #113
  • fix(target-eval-bundle): drop doubled quotes around escapeJsonString by @crewhaus in #114
  • fix(target-eval-bundle): align emitted bundle with current runEval signature by @crewhaus in #115
  • docs: update demos/recipes/ → demos/walkthroughs/ + examples/ → smoke/ by @crewhaus in #116
  • docs: sweep remaining demos/recipes/ URLs missed in PR 116 by @crewhaus in #117
  • feat(cloud-adapter-render): §44 one-click deploy adapter for Render by @crewhaus in #118
  • feat(cloud-adapter-flyio): §44 one-click deploy adapter for Fly.io by @crewhaus in #119
  • feat(cloud-adapters): §44 Railway + Heroku deploy adapters by @crewhaus in #120
  • feat(plugin-sdk): §41 v2 — typed surface for third-party extension by @crewhaus in #121
  • feat(plugin-loader): §41 runtime activation with signature verification by @crewhaus in #122
  • feat(plugin-registry): §42 discovery + pinning + signature verification by @crewhaus in #123
  • feat(module-marketplace-client): §42 search/install/update/publish by @crewhaus in #124
  • feat(§55-§59): integration batch — eight tracks from five arxiv papers + three reference repos by @crewhaus in #125
  • docs: fix broken support link + cross-repo doc reference by @crewhaus in #126
  • iPad Studio: compiler-worker + cf-worker target emitters by @crewhaus in #127
  • docs: align contributor compass + README + changelog with current code by @crewhaus in #128
  • Cut v0.1.1 initial private-npm release for @crewhaus/* by @crewhaus in #129
  • docs: phrase target-shape counts generically in README + ROADMAP by @crewhaus in #131
  • feat(compiler): compile-time external-sink scope enforcement (FR-002) by @crewhaus in #132
  • feat(optimize): --budget-usd cost gate for model-driven optimization (FR-003) by @crewhaus in #133
  • feat(security): first-class model-backed justification judge (FR-004) by @crewhaus in #134
  • feat(security): classify boundaries at channel + federation ingress (FR-005) by @crewhaus in #135
  • feat(security): pluggable egress-matching strategy (FR-006) by @crewhaus in #136
  • feat(security): close FR-002 and FR-006 (default-on scope gate + cli bundle egress emission) by @crewhaus in #137
  • fix(cli): route bundle emitter errors through die() instead of crashing by @crewhaus in #138
  • docs(readme): add MCP tools + richer-shape (channel/eval) examples by @crewhaus in #139
  • feat(security): isolate verifier code execution in a sandbox (FR-007) by @crewhaus in #167
  • fix(security): remediate 3 critical audit findings (RCE, SSRF, cross-tenant bleed) by @crewhaus in #168
  • fix(security): high-severity audit fixes batch 1 (tool-fs symlink, Bash egress, cf-worker name) by @crewhaus in #169
  • fix(security): harden boundary classifier — obfuscation bypass + ReDoS (#143, #153) by @crewhaus in #170
  • fix(security): spec-name comment injection + per-tenant eval/tool-result roots (#147, #150) by @crewhaus in #171
  • fix(security): wallet policy gates — bind tx.to to contractId + value caps (#151, #152) by @crewhaus in #172
  • fix(security): permission decoy bypass + skill frontmatter classification (#145, #154) by @crewhaus in #173
  • fix(security): make the egress block tier reachable via sink-scope (#144) by @crewhaus in #174
  • fix(security): 5 medium audit findings + #151 binding activation (#155-#159) by @crewhaus in #175
  • fix(security): final 7 low-severity audit findings → audit 27/27 (#160-#166) by @crewhaus in #177
  • test(rate-limiter): de-flake token-bucket "acquire below capacity" via frozen clock by @crewhaus in #176
  • chore(security): complete 5 post-audit follow-ups (#156/#160/#162/#163/#164 hardening) by @crewhaus in #178
  • security: close residual Gate-1 audit findings (H-7/H-8 live sites, H-1, schema floor) by @crewhaus in #179
  • chore(phase0): repoint build-roadmap links + fix SUPPORT/TRADEMARK copy (GO-PUBLIC Pre-flight) by @crewhaus in #180
  • chore(phase0): Gate-4 framing, drop paid-support block, scrub private paths, link guard by @crewhaus in #181
  • feat: enable vector-store backend selection (lance/qdrant/pinecone/weaviate) by @crewhaus in #182
  • docs(readme): refresh "Why CrewHaus?" and tighten the security pillar by @crewhaus in #183
  • fix: move issue templates into .github/ISSUE_TEMPLATE/ directory by @crewhaus in #184
  • fix: replace CODE_OF_CONDUCT placeholder with Contributor Covenant 2.1 text by @crewhaus in #185
  • fix(tests): eliminate cross-file mock.module leaks (flaky discord CI failure + 14 latent leaks) by @crewhaus in #186
  • fix: workspace path containment for IngestDocument and ReadImage by @crewhaus in #187
  • fix(spec): reject sandbox-override keys in code-execution tool_config by @crewhaus in #188
  • fix(tool-navigate): SSRF + scheme guard before driver.goto by @crewhaus in #189
  • fix(crawler): SSRF floor in fetchHttp + symlink-safe fetchFile containment by @crewhaus in #190
  • fix(permissions): make builtin safety floor outrank sub-agent replace allows by @crewhaus in #191
  • fix(egress-classifier): decode-aware matcher (JSON-escape + base64/hex/percent) by @crewhaus in #192
  • fix(tool-mcp,runtime-core): classify + tag tool error results before model sees them by @crewhaus in #193
  • fix(crawler): pin HTTP connection to the validated IP (DNS-rebinding TOCTOU) by @crewhaus in #194
  • ci: pin third-party GitHub Actions to commit SHAs (supply-chain) by @crewhaus in #195
  • fix(prompt-injection-detector): complete lowercase homoglyph fold symmetry by @crewhaus in #196
  • fix(tool-task): reject path traversal in Task subagent_type by @crewhaus in #197
  • fix(tool-web): IP-pin WebFetch + broaden isPrivateIp (DNS-rebinding TOCTOU) by @crewhaus in #198
  • fix(channel-adapter-discord): enforce signature timestamp replay-window by @crewhaus in #199
  • fix(channel-adapter-whatsapp): bound webhook replay via messages[].timestamp by @crewhaus in #200
  • fix(tool-fs): bound Grep regex against ReDoS by @crewhaus in #201
  • fix(spec,ir,compiler,target-onchain): make maxValueWei reachable from the spec by @crewhaus in #202
  • fix(compliance-controls): verify audit chain + commit digest to full records by @crewhaus in #203
  • fix(run-context): tag per-line so partial reflection is tracked by @crewhaus in #204
  • fix(runtime-core): classify model-destination sinks as external-dynamic by @crewhaus in #205
  • fix(gateway-server): reserve in-flight budget to close the check/record TOCTOU by @crewhaus in #206
  • fix(crawler): enforce body cap while streaming (memory-exhaustion DoS) by @crewhaus in #207
  • fix(wallet-engine): fail closed on empty allowedContracts (was allow-all) by @crewhaus in #208
  • fix(permission-engine): fail the rule-based justification gate closed in production by @crewhaus in #209
  • fix(plugin-registry): verify manifest signatures at register time (fail-closed) by @crewhaus in #210
  • fix(runtime-core): enforce a per-turn tool-iteration cap (runaway loop bound) by @crewhaus in #211
  • fix(plugin-sdk,plugin-loader): bind the signature to the entrypoint code by @crewhaus in #212
  • fix(wallet-engine): simulate from the signing wallet, not address(0) by @crewhaus in #213
  • fix(tool-fs,tool-image,tool-document-ingest): close resolveSafe read TOCTOU (CWE-367) by @crewhaus in #214
  • fix(boundary-classifier,runtime-core): wire Layer-3 LLM classifier at every boundary by @crewhaus in #215
  • fix(computer-use-driver): DNS-pinning egress proxy for the chromium backend (audit R1) by @crewhaus in #216
  • fix(run-context,egress-classifier): token-level lineage for short/embedded secrets (audit R2) by @crewhaus in #217
  • feat(durable-state): pluggable cross-process dedup + budget stores (audit R3) by @crewhaus in #218
  • chore(egress-classifier): update test comments stale after the R2 floor change by @crewhaus in #219
  • fix: accept Bedrock cross-region inference-profile model ids by @crewhaus in #220
  • feat(adapter-bedrock): ConverseStream path — Nova/DeepSeek/Cohere/AI21/Qwen/gpt-oss + tool use for Llama/Mistral by @crewhaus in #226
  • feat(cli,runtime-core,targets): remove Anthropic-only assumptions from model-string consumers by @crewhaus in #227
  • feat(adapter-gemini): Vertex AI mode + tool round-trip, Gemma, caching, and thinking fixes by @crewhaus in #221
  • fix(adapter-openai): reasoning-model params + OpenAI-compatible server robustness by @crewhaus in #222
  • feat(model-router): named compat hosts, azure/ + vertex/ routes, local/ defaults, key isolation by @crewhaus in #225
  • docs(circuit-breaker): drop fictional fallbackModels from package description by @crewhaus in #228
  • fix(runtime-core,cost-tracker): publish wire model id on model events so prefixed models price by @crewhaus in #229
  • chore(release): v0.1.2 — lockstep bump across all @crewhaus packages by @crewhaus in #230
  • chore(release): harden release tooling after the v0.1.2 cut by @crewhaus in #231
  • feat(release): ownership guard — refuse to publish over a foreign npm name by @crewhaus in #232
  • fix(release): lint fix for the ownership-guard message by @crewhaus in #233
  • feat(cli): add version / --version / -v subcommand by @crewhaus in #234
  • docs(cli): add README for the published @crewhaus/cli package by @crewhaus in #235
  • ci: pin actions to Node24 SHAs, least-privilege perms, dispatch-only smoke by @crewhaus in #236
  • Ship the bare crewhaus package across npm/brew/apt/scoop/winget by @crewhaus in #237

New Contributors

Full Changelog: https://github.com/crewhaus/factory/commits/v0.1.3

Contributors

crewhaus
Assets 7
Loading