Skip to content

v1.2.5

Choose a tag to compare

View all tags
@greenarmor greenarmor released this 15 Jun 04:01
· 14 commits to master since this release
v1.2.5
f611c7a

Release v1.2.5

Previous release: v1.2.3
Release date: 2026-06-15

Highlights

Unified Activity Log — Dashboard is now the official recorder

Every GESF operation performed via CLI or MCP is now recorded in .ges/activity-log.json and surfaced in the web dashboard under a new Activity Log tab. This makes the dashboard the single source of truth for what GESF did to your project.

Dashboard reflects all packs, controls, and implementations

The web dashboard now dynamically picks up packs installed after ges init, controls implemented via implement_control, and manual overrides — all without requiring a separate ges audit or ges score run first.

Empty dashboard tabs fixed

The Findings, Traceability, and Fixes Detail tabs were blank when audit findings were empty. They are now populated from non-passing control statuses so every tab stays interconnected.

Dashboard header cleanup

The header title is now the project name (not a generic label), and the subtitle shows GESF v{version}.

What's New

Activity Log System

New module: @greenarmor/ges-corepackages/core/src/activity-log/

  • ActivityLogEntry type — captures source (cli/mcp), action, title, description, status (success/partial/failed/info), and structured details
  • recordActivity() — one-line helper that writes to .ges/activity-log.json
  • loadActivityLog() / appendActivityLog() / clearActivityLog() / createActivityLogEntry()

Commands wired (21 total):

Source Commands
CLI (10) ges init, ges audit, ges fix, ges policy install, ges policy remove, ges control, ges score, ges scan, ges validate, ges generate, ges hooks install/uninstall
MCP (11) run_audit, auto_fix, apply_control_override, implement_control, init_project, run_scans, validate_project, policy_install, policy_remove, install_hooks, start_dashboard

Shared Controls Utilities

New module: @greenarmor/ges-corepackages/core/src/controls/

Function Purpose
loadControlsFromDisk Reads controls from controls/<pack>/controls.json
loadControlOverrides Loads .ges/control-overrides.json
saveControlOverride Writes/updates a single control override
applyOverridesToControls Merges overrides into a control list
addFrameworkToConfig Adds a framework to .ges/config.json
removeFrameworkFromConfig Removes a framework from .ges/config.json
getInstalledPackIds Scans controls/ for installed pack IDs

Dashboard — Activity Log Tab

New 6th nav tab in the web dashboard:

  • Summary cards: total operations, success/fail counts, CLI vs MCP source breakdown
  • Operations by Type: action labels with counts
  • Timeline table: time, source badge (CLI/MCP), action badge, status badge, description, impact details
  • New /api/activity-log API endpoint

Bug Fixes

Dashboard didn't reflect installed packs (fixed)

Installing an AI pack (or any pack) via ges policy install after ges init wrote controls/<pack>/controls.json but the dashboard never read it. Now:

  • loadControlsForConfig merges controls from both the in-memory registry AND the controls/ directory on disk
  • policy install (CLI + MCP) now calls addFrameworkToConfig() to sync .ges/config.json
  • policy remove (CLI + MCP) now calls removeFrameworkFromConfig() to clean up

implement_control didn't mark status (fixed)

After implementing a control via MCP implement_control, nothing was recorded — the dashboard still showed "not-implemented". Now:

  • implement_control calls saveControlOverride() to write a pass override to .ges/control-overrides.json automatically
  • The dashboard picks this up immediately on next page load

Empty dashboard tabs (fixed)

When .gesignore excluded all source files (or a project had no audit findings), the Findings, Traceability, and Fixes Detail tabs were completely blank. Now:

  • Compliance issues are built from non-passing control statuses regardless of audit findings
  • Findings page: severity tabs, By Pack grouping, audit evidence cards
  • Traceability page: full control → framework → pack matrix
  • Fixes Detail: Pending Fixes uses compliance fix cards with expandable details

Dashboard header (fixed)

  • Before: <h1>GESF Compliance Dashboard</h1> with subtitle showing ProjectName | project-type | GESF vX.Y.Z
  • After: <h1>{ProjectName}</h1> with subtitle GESF v{version}

New Types

export type ActivityAction =
  | "init" | "audit" | "fix" | "policy_install" | "policy_remove"
  | "control_override" | "implement_control" | "score" | "scan"
  | "validate" | "generate" | "hooks_install" | "hooks_uninstall"
  | "dashboard_start" | "badge_generate";

export type ActivityStatus = "success" | "partial" | "failed" | "info";

export interface ActivityLogEntry {
  id: string;
  timestamp: string;
  source: "cli" | "mcp";
  action: ActivityAction;
  title: string;
  description: string;
  status: ActivityStatus;
  details: {
    packs_affected?: string[];
    controls_affected?: string[];
    files_created?: string[];
    files_modified?: string[];
    findings_count?: number;
    fixes_applied?: number;
    score?: number;
    frameworks_added?: string[];
    [key: string]: unknown;
  };
}

Files Changed

Area Files Lines
Core (types, controls, activity-log) 5 +568
Web Dashboard (index, template, tests) 3 +516
MCP Server (server.ts) 1 +122
CLI Commands (10 files) 10 +148
Version bumps (all packages) 20 +214

Test Results

  • 412 tests passing (up from 391 in v1.2.3)
  • All 16 packages build clean
  • E2E verified: CLI init → audit → policy install → validate → score, plus MCP policy_install, all recorded in activity log and visible in dashboard

Upgrade Guide

No breaking changes. Existing .ges/activity-log.json is created on first operation after upgrade.

npm update @greenarmor/ges
# or
pnpm update @greenarmor/ges

To view the activity log:

ges dashboard
# Then open the "Activity Log" tab

Or via API:

curl http://localhost:3001/api/activity-log

Full changelog: https://github.com/nickframanta/gesf/compare/v1.2.3...v1.2.5

Assets 2
Loading