Skip to content

v2.93.0: agent capability manifest, JSON next_steps, generated skill tables

Choose a tag to compare

View all tags
@BartWaardenburg BartWaardenburg released this 11 Jun 14:57
· 64 commits to main since this release
v2.93.0
This tag was signed with the committer’s verified signature.
BartWaardenburg Bart Waardenburg
GPG key ID: 0F3DC0B8D9F6E258
Verified
Learn about vigilant mode.
2754523
This commit was signed with the committer’s verified signature.
BartWaardenburg Bart Waardenburg
GPG key ID: 0F3DC0B8D9F6E258
Verified
Learn about vigilant mode.

This release makes fallow's capability surface fully introspectable for AI agents: a complete fallow schema manifest, JSON next_steps[] follow-up commands computed from each run, and bundled agent-skill tables that regenerate from that manifest instead of drifting by hand. It also fixes a Playwright page-object false positive, tsconfig path aliases mislabeled as unlisted dependencies, and a couple of filter and CI-template issues.

Agent-facing capabilities

  • JSON output now carries a top-level next_steps[] array of read-only follow-up commands. fallow dead-code, health, dupes, bare fallow, and audit add a next_steps array to their --format json output (and a one-line Next: hint to bare fallow's human output on a TTY), computed from the run's actual findings. Each entry is { id, command, reason }: a stable kebab-case id for machine dispatch, a runnable command string, and a short reason. Commands point at fallow's own verification surface that agents and humans rarely discover from the output alone (tracing an export before deleting it, drilling into a clone, per-decision-point complexity, scoping a monorepo to a branch's packages, gating only changed files). Every entry is guaranteed to be non-mutating and runnable as-is with no placeholders. The array is deduplicated, priority-ordered, capped at three, and omitted when empty; it never contributes to total_issues. Set FALLOW_SUGGESTIONS=off to suppress it. Additive-optional field, no schema-version bump.

  • fallow schema is now a complete capability manifest for agents. The introspection JSON now derives one issue_types row per registered rule across every analysis (dead-code, boundary and policy violations, stale suppressions, catalog and dependency-override hygiene, health complexity/coverage/refactoring/runtime verdicts, duplication, feature flags, and all security categories). Each row carries the bare rule id, the SARIF rule id, the owning command, category, filter flag, fixable/suppressible markers, a copy-pasteable suppress_comment verified to round-trip through the suppression parser, a license marker, and a docs URL. New top-level blocks: manifest_version, mcp_tools (kept in sync with the live server by drift tests), plugins (count and names from the live registry), and a complete environment_variables set. fallow explain feature-flag now works too.

  • The bundled agent skill's command, issue-type, and MCP-tool tables now regenerate from the capability manifest. The SKILL.md tables shipped in the npm package previously drifted behind the CLI by hand-maintenance; they are now marker-wrapped and rendered from fallow schema at release time with merge semantics: identity columns regenerate while curated explanation cells stay hand-owned and survive regeneration. (Refs #1188.)

Bug fixes

  • unused-class-members no longer fires on Playwright page-object methods reached through an imported fixture-type alias. When a class instance is exposed lazily behind a getter on a factory class, surfaced through a nested base.extend(...) fixture whose shape is declared via an imported object type alias, methods on the target page-object class were still reported as unused. Extraction now emits fixture-type sentinel accesses for imported alias bindings and expands them before correlating Playwright fixture definitions with uses, so a used chain is credited while an actually-unused method on the same class still reports. Thanks @vethman for the report. (Closes #1190.)

  • tsconfig path aliases no longer surface as unlisted dependencies. When a bare specifier matched compilerOptions.paths but its local alias target was missing, resolution fell through to a package lookup and reported the import (for example @app/foo) as an unlisted package.json dependency. Local tsconfig path aliases now resolve before the package fallback, and an alias is marked unresolved only after package and workspace-package fallbacks have had a chance to resolve it, so a genuine unlisted scoped package in the same project still reports.

  • Issue-type filter flags no longer leak test-only-dependency findings. The --unused-deps clear arm was missing test_only_dependencies, so a focused run like fallow dead-code --unused-files could report a test-only finding alongside the requested issue type. --unused-deps now groups test-only-dependency with the other dependency kinds. (Closes #1192.)

  • The GitLab CI template now runs Bash-only setup blocks through Bash explicitly. GitLab Runner jobs on Alpine can start before_script entries with /bin/sh, but the fallow template used Bash-specific syntax. Those blocks now invoke bash -eo pipefail explicitly after installing Bash, so the template no longer depends on the runner's default shell. Thanks @KudrinOleg for the report. (Closes #1182.)

Full Changelog: v2.92.1...v2.93.0

Assets 58
Loading