Skip to content

v0.12.0

Choose a tag to compare

@solomonneas solomonneas released this 16 Jun 20:38
88c0fe8

[0.12.0] - 2026-06-16

Added

  • brigade doctor --json and brigade status --json emit machine-readable output (target, harnesses, owner, depth, per-check status/name/detail, summary counts, and a ready flag), so the two most diagnostic surfaces can feed scripts and a future fleet aggregation instead of being text-only.
  • brigade security diff --base <dir> --against <dir> [--json] compares two security reports and reports new, resolved, and persisting findings (matched by the scan's stable per-finding fingerprint). It returns nonzero when there are new findings, so a change that introduces a finding can be caught in review or CI.
  • brigade operator checkup [--json] runs every read-only first-run doctor (doctor, operator doctor, handoff doctor, tools doctor, skills doctor, security doctor) in one pass and rolls them up to a single ready / blocking_surfaces verdict with the next command to run, so a new operator no longer has to copy-paste each doctor from the first-10-minutes guide.
  • brigade doctor now lints AGENTS.md quality: it warns (never fails) when the file lacks a "Definition of Done" section or a memory-handoff section, since agents work better with explicit done criteria and a handoff footer. The Brigade-seeded AGENTS.md now ships a Definition of Done section (issue #84).
  • brigade run --read-only now warns when an assigned agent cannot hard-enforce read-only. Each adapter is classified hard (native sandbox or tool allowlist), soft (prompt-only), or none; soft and none agents are listed on stderr and recorded in a read-only-enforcement.json run receipt, and a writable --sandbox override downgrades even natively-sandboxed CLIs to best-effort (issue #87).
  • brigade repos doctor --deep runs the operator checkup (every first-run doctor) in each enabled fleet repo and aggregates a fleet-wide ready / blocking_repo_count verdict, so you can health-check many repos in one pass instead of cd-ing into each (issue #78).
  • brigade completions bash|zsh|fish prints a static shell completion script generated from the CLI's own command tree (zero runtime dependencies; the tree is embedded, not shelled out). bash completes the full command tree, zsh reuses it via bashcompinit, and fish completes the top level plus one subcommand level (issue #89).
  • brigade memory search <query> [--json] runs a deterministic keyword search over memory cards, ranking title, tag, and summary matches above body matches (the stdlib precursor to the roadmapped on-device semantic retrieval) (issue #90).
  • brigade memory serve-mcp --stdio exposes memory cards over a read-only MCP stdio server under a card:// scheme (resources plus list_cards / get_card / search_cards tools), reusing the proven skills MCP pattern; reads are scoped to the configured card roots and it never edits canonical memory (issue #88).
  • brigade projects doctor adds the station doctor that every peer station already has, reporting project-consolidation health and exiting nonzero on issues (issue #90).
  • brigade skills uninstall <skill> --target <harness|all> removes an installed skill (the inverse of skills install), records an uninstall receipt in the install history, and refuses cleanly when nothing is installed (issue #90).
  • brigade friction show [--severity] [--json] reads back the latest friction scan, which previously could only be written (issue #90).

Changed

  • Internal: the skills and memory MCP stdio servers now share one harness (mcp_server.serve_stdio) instead of carrying near-identical JSON-RPC loops. No command surface or protocol change; a new read-only MCP surface is now a few callbacks.
  • The repo fleet scan now summarizes repos on a small thread pool instead of serially. Each summary is independent and IO-bound (git calls plus file stats), so a multi-repo fleet scans noticeably faster while output stays in config order; a single-repo fleet is unchanged.
  • brigade doctor now groups host-global findings (OpenClaw config, the content-guard clone, uninstalled managed tools) under a "machine-level (not specific to this repo)" header in text output and tags each check with a scope of repo or machine in --json, so a single-repo run no longer reads as if the repo is responsible for machine-wide state (issue #80).
  • brigade security suppress and brigade security unsuppress gain --json, so an agent or CI step can parse the suppression result (issue #90).
  • brigade scrub gains --json and now writes a summary-only .brigade/scrub/latest.json receipt (verdict, policy, exit code, never the matched snippets), with --no-receipt to opt out, giving the egress gate the audit trail every other station already has (issue #90).
  • brigade runbook closeout --import-issues [--dry-run] routes each failed step of a runbook run into the work import inbox (deduped by run id and step), so a mid-run failure reaches the same review queue every other station's failures land in (issue #90).
  • brigade init --git-exclude writes Brigade's ignore block to the local-only .git/info/exclude instead of the tracked .gitignore, for third-party clones you do not want to commit Brigade ignores into (issue #81). Automatic detection of a third-party clone is intentionally deferred: there is no reliable repo-owner signal, and a guess would false-positive on your own published repos.

Fixed

  • brigade init --no-gitignore is now honored. The flag was parsed but never forwarded to the installer, so a .gitignore was written anyway; install_selection now takes update_gitignore and skips the write when asked.
  • brigade init --git-exclude now resolves a linked-worktree .git file (gitdir: <path>) to write the exclude under the worktree's own git dir, instead of silently falling back to a tracked .gitignore.
  • The seeded pre-push content-guard hook no longer reports a scanner error as a content leak. It now discriminates content-guard's exit codes: exit 1 (findings) blocks with the leak message, any other nonzero exit is reported as "scanner failed to run" rather than mislabeled as violations (issue #82).
  • brigade doctor memory-care freshness no longer reports a same-day scan as "in the future". The scanner stamps scan_date in UTC, but doctor compared it against the host's local date, so an evening run in a behind-UTC timezone warned falsely (issue #83). Doctor now compares in UTC.
  • brigade init --depth workspace now creates .brigade/memory-care/decay, the directory doctor actually checks, instead of the legacy memory/cards/decay. A fresh workspace no longer draws a "staleness scanner not wired" warning on first contact (issue #79).
  • localio.write_json now writes receipts atomically (temp file plus os.replace), so a reader or a crashed writer never observes a half-written JSON receipt; on failure the original file is left intact and the temp file is removed.
  • Apply the v0.11.0 subprocess hang-guard (closed stdin plus a timeout) to the remaining direct subprocess.run sites that lacked it: localio.check_git_ignored, the work-family _git helper, and scrub's git probes. A stuck git call now fails fast instead of hanging the command.
  • brigade scrub fails closed when the content-guard scan times out: a hung scanner is reported as blocked (exit 124) instead of being able to let content past the egress gate.