Releases: gugu9999gu/leerness
Releases · gugu9999gu/leerness
v1.33.0 (Stable) — 15th리뷰 수정 + 정직성 calibration + A3 fencing
🛡️ [안정화/Stable] 1.33.0 — 15th리뷰 수정 + 정직성 calibration + A3 fencing
직전 minor(1.32.0) 이후 누적 패치 3건(1.32.1~1.32.3)을 검증·통합해 npm 공개. R-0011 24번째 stable minor.
이번 minor 의 핵심은 정직성 — 1.32.2 에서 calibrate 한 정직 README(self-administered 클린룸·성숙도 라벨)가 그동안 GitHub 에만 있었고 npm 엔 1.32.0 과장본이 남아 있었습니다. 1.33.0 이 정직한 게시본을 npm 에 올립니다 (false-"done" 을 막는 도구가 자기 자신에 대해서도 과장하지 않도록).
이번 minor 통합
- 🔍 15th 외부/멀티에이전트 리뷰 수정 (1.32.1) — parent/constraints
--json에러 구조화(C2) + adopt 에러경로 비공백(A1) +--select정합(A2). 사이트 verify-deploy.cjs C1(stale false-pass)/C3/C4/C5. - 🪞 정직성 calibration (1.32.2, 웹 Opus 4.8 외부리뷰·맹신X) — clean-room "independent" → "self-administered (not third-party human audits or peer review)" 인라인 + ko "객관 리뷰" 교정 + 성숙도 정직 라벨. 강제력/clean-room 자기보고는 이미 정직(미수정).
- 🛡️ parent adopt 임베드 fencing (1.32.3, A3) — 부모 자산 verbatim 임베드를 동적 코드펜스로 격리(마커/
##헤더 spoofing 차단).
검증
- selftest 257 · e2e 377/377 · 게시본 클린룸 재실증(번들 수정 + 정직 README).
opt-in 영어: --language en / LEERNESS_LANG=en. 기본 한국어.
v1.32.0 (Stable) — UR-0010 영어화 3종 안정 minor
🛡️ [안정화/Stable] 1.32.0 — UR-0010 영어화 3종 안정 minor
직전 minor(1.31.0) 이후 누적된 UR-0010 CLI 영어화 패치 3건(1.31.1~1.31.3)을 검증·통합해 npm 공개. R-0011 정책의 23번째 stable minor. 한국어 우선 기본은 그대로.
이번 minor 통합 (1.31.1~1.31.3)
- install-safety 영어화 (1.31.1) — 셸-무관 가드(npx --yes/PowerShell/no npm_config prefix) 양 언어 보존
- constraints 영어화 (1.31.2) — catalog detailEn(6 플랫폼) + suggestion + 한글-only alias 표시 숨김(매칭 무회귀)
- capabilities + team reminder 영어화 (1.31.3) — CAPABILITY_SURFACE descEn/optOutEn + POWERFUL_COMMANDS noteEn(보안 disclosure) + _teamHandoffReminders lang(handoff 전체 배선)
- 공통: 카탈로그 데이터까지 영어화(반쪽 영어 회피) · 순수 함수 optional lang(기본 ko, 기존 호출 무회귀) · ko verbatim 보존
검증 (회귀 0)
- selftest 257 · e2e 375 · 게시본 클린룸 재실증(install-safety/constraints/capabilities/team en 4표면)
opt-in: --language en / LEERNESS_LANG=en / .harness/manifest.json language. 기본은 한국어.
v1.31.0 — Stable: 14th review 7/7 + sub-project (detect/adopt)
🛡️ leerness v1.31.0 — [Stable] 14th review 7/7 + sub-project (detect/adopt)
직전 minor(1.30.0) 이후 누적 패치 5건(1.30.1~1.30.5)을 검증·통합한 22번째 stable minor. 한국어 우선 기본, 영어는 --language en/LEERNESS_LANG=en/manifest opt-in.
이번 minor 통합 (1.30.1~1.30.5)
- 🔒 보안 정직성 (1.30.1, 14th리뷰 F1+F2):
audit/check가 커밋된 시크릿을 failure 로 승격(scan secrets 와 일관, gitignored FP 0) · handoff 보안 요약이.env없어도 커밋 시크릿 노출(값 미출력). - 🔗 하위 프로젝트 부모 자산 탐지 (1.30.2, 사용자 명시 #157):
leerness parent detect [--json](read-only) + handoff 헤드라인🔗 부모 프로젝트 (N 자산·미적용). 외부AI(codex)+Claude(Plan) 교차검토 → 방향 C "탐지+게이트". - 🔗 하위 프로젝트 부모 자산 적용 (1.30.3, #158):
leerness parent adopt [--select] [--apply]— dry-run 기본 +--apply(사용자 결정) 시 자식-로컬inherited-from-parent.md+PARENT_LINK.json기록, 자식 design-system.md 무변경(비파괴). - 🧹 cli-ux 일관성 (1.30.4, F5+F6+F7): decision/lesson dedup · rule/lesson 빈입력 --json 구조화 · bogus subcommand 토큰 명시.
- 🌐 i18n (1.30.5, F3+F4):
--language enhandoff 본문 4블록 + verify-claim/optimism-check 에러 영어화. - 🐛 인프라:
VERSION === package.jsonselftest 가드 · e2e flake 하드닝.
🎉 14번째 외부 멀티모델 리뷰 7/7 완료
bounded 3-에이전트 리뷰 → 맹신 X 7/7 재현검증 → F1~F7 전부 수정·배포.
검증 (회귀 0)
- selftest 257 · E2E 372 (신규 행위가드: 보안정직성/parent detect/adopt 비파괴/cli-ux/i18n).
- npm 배포(R-0011 stable) + annotated tag(Stable) + 게시본 클린룸 재실증.
잔여 (UR-0010)
팀 reminder 본문 · capabilities/commands/constraints/install-safety · init en seed 템플릿.
v1.30.0 — Stable: handoff body i18n (4 blocks)
🛡️ leerness v1.30.0 — [Stable] handoff 본문 i18n 4종 안정 minor
직전 minor(1.29.0) 이후 누적된 패치 4건(1.29.1~1.29.4)을 검증·통합한 21번째 stable minor. 한국어 우선 기본은 그대로, 영어는 --language en/LEERNESS_LANG=en/manifest opt-in.
이번 minor 통합 (1.29.1~1.29.4) — handoff 본문 4블록 영어화
- 🔒 보안 요약 섹션 (1.29.1): 영어 사용자가 커밋된 시크릿을 가질 때 노출되는
## 🔒 보안 요약/🚨 CRITICAL/ 자동회복 /💡 자동 실행 옵션. + lib/ 전수 i18n-coupling 감사(1.28.1hasSecurityFired류 라벨-결합 버그 추가 탐색 → 0건). - 🖥 env-detect 블록 (1.29.2): 실행 환경 PATH 누락/변동 감지 + 상세 안내.
- 🐚 shell-guard 블록 (1.29.3): 터미널 셸 가드 헤더 + 환경 버전 변동 재검토 + 최근 셸 실패 + 명령 실행 전 점검.
- 🤖 CLI 에이전트 슬래시 블록 (1.29.4): 활성 에이전트 sub-agent 슬래시 명령 요약.
핵심 교훈 (defense-in-depth)
4블록 모두 headline t() 스코프 밖이라, 번역 헬퍼를 그대로 두면 ReferenceError가 블록 try/catch에 삼켜져 표면 전체가 (양 언어 모두) 사라진다. selftest 소스가드(문자열 존재)는 통과하지만 런타임 출력이 0 — 행위 검증 + e2e 가드로만 잡힌다. 각 블록에 로컬 t()/_uiLang(root)를 정의해 해결.
검증 (회귀 0)
- selftest 250→254 (4블록 영어/한국어 보존 소스가드, split-literal로 self-reference 회피).
- E2E 368/368 — i18n 행위가드 ⑧~⑪ 신규: 4 시나리오(보안요약/env-detect/shell-guard/agent-slash)를 실제 발동시켜 en 영어(블록 한글 0, Node 탐지) + ko 보존 검증.
- npm 배포(R-0011 stable) + annotated tag(Stable) + 게시본 클린룸 재실증.
잔여 (UR-0010 백로그)
capabilities/commands/constraints/install-safety 영어화 · init en seed 템플릿 i18n · handoff 본문 잔여 표면 점진 영어화.
v1.29.0 (Stable) - drift auto-fix + diagnostics English
1.29.0 — Stable minor: drift auto-fix English (+bug fix) + diagnostics commands English
🛡️ Stable release. Bundles patches 1.28.1 + 1.28.2.
Highlights
- drift --auto-fix English + bug fix (1.28.1) — the
drift check --auto-fixprogress logs now render in English. Also fixed a latent bug: in the previous release, translating the security-signal label broke the internal check that string-matched the Korean label, so under--language enthe security auto-fix silently did not fire. It now matches the language-stable field.drift checkis fully English (output + auto-fix). - Diagnostics commands English (1.28.2) —
doctor(install/environment),which(version conflicts / npx cache / PATH), andwhats-new(CHANGELOG diff) render in English under--language en. - Korean-first preserved — English is opt-in (
--language en/LEERNESS_LANG=en/ English-initialized project). Korean output is unchanged byte-for-byte; internal callers are unaffected.
Verification (zero regression)
- selftest 250/250 · E2E 368/368 (Korean-default path unchanged; i18n behavioral guard covers lens + health + drift + doctor en/ko) · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
v1.28.0 (Stable) - honesty + drift English
1.28.0 — Stable minor: honesty follow-ups + drift check English
🛡️ Stable release. Bundles patches 1.27.1 + 1.27.2.
Highlights
- Honesty follow-ups (1.27.1) —
auditon an uninitialized path no longer reports design/reuse checks against a non-existent harness (it short-circuits to the summary);verify-claim --run-testswith a non-test--test-cmdthat exits 0 but yields no parseable test summary now prints "✓ ran (exit 0) — test count unconfirmed" instead of "✓ all passed" (verdict/exit unchanged, so genuine exotic test runners are not rejected). - drift check English (1.27.2) — the default
drift checkoutput (path, status, signal table, security signals, recommended actions) renders in English under--language en. The--auto-fixprogress logs are deferred to a later phase. Internal callers (handoff/health) keep Korean labels. - Korean-first preserved — English is opt-in (
--language en/LEERNESS_LANG=en/ English-initialized project). Korean output is unchanged byte-for-byte.
Verification (zero regression)
- selftest 248/248 · E2E 368/368 (Korean-default path unchanged; i18n behavioral guard covers lens + health + drift en/ko) · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
v1.27.0 (Stable) - security fixes
1.27.0 — Stable minor (security): private-key scan FN + DB placeholder FP + retro --json
🛡️ Stable release. An early minor to ship the 1.26.1 security fixes (found in the 13th external clean-room review). A security FN/FP — a false "secure OK" over a committed private key, and a placeholder false-positive that breaks CI — warrants publishing now rather than waiting to accumulate patches.
Highlights
- 🔒 Private-key file scan FN closed —
scan secretsskipped private-key/cert files (.pem/.key/.crt/.p8/.pfx…) via the extension allow-list, so a committed private key passed clean ANDhandofffalsely reported security OK. Fixed with a basename override so the private-key detector actually runs on those files. (Gitignored keys stay info-downgraded.) - 🔒 DB-URI placeholder FP closed — textbook placeholders in
.env.example(user:password@,root:root,yourpassword) were flagged as committed secrets, breakinggate/CI. Fixed by checking only the password component + known placeholder markers. Real high-entropy DB passwords are still caught (no false negative). - 🔧 retro --json contract —
retro --days <non-numeric> --jsonpreviously leaked a plain-text error to a JSON consumer; now returns a structured error with a numeric guard.
Verification (zero regression)
- selftest 246/246 · E2E 367/367 (behavioral regression guard: private-key caught, placeholder skipped, real password caught, retro JSON structured) · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
v1.26.0 (Stable) - i18n guard + health English
1.26.0 — Stable minor: i18n behavioral guard + health diagnostics English
🛡️ Stable release. Bundles patches 1.25.1 + 1.25.2.
Highlights
- i18n layer hardening (1.25.1) — adversarially verified the whole 8-phase English layer: no runtime bugs (uiLang crash-safe,
--languagevalue never leaks as a positional,--language=enworks,--jsonstays valid under en, flag > env > manifest). Added a behavioral e2e regression guard that closes the source-guard blind spot which let an earlier overstatement slip. - health diagnostics English (1.25.2) —
leerness healthrenders fully in English under--language en: section labels, the 6-capability matrix evidence, security issues, and summary. - Korean-first preserved — English is opt-in (
--language en/LEERNESS_LANG=en/ English-initialized project). Korean output is unchanged byte-for-byte.
Verification (zero regression)
- selftest 245/245 · E2E 366/366 (Korean-default path unchanged; i18n behavioral guard covers lens + health en/ko) · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
- Patches 1.25.1 / 1.25.2 are not separately on npm (accumulated here per the minor-only publish policy).
v1.25.0 (Stable) - honesty fix + lens English
1.25.0 — Stable minor: session-close body honesty fix + lens flagship English
🛡️ Stable release. Bundles patches 1.24.1 + 1.24.2.
Highlights
- Honesty fix (1.24.1) — a self-scan (run every published English surface under
--language en, detect Korean leakage) found the 1.23.0 "session close fully English" claim was overstated. Fixed the report-body leaks: empty placeholder- 없음→- none, the progress one-line (done N/M · decisions N accumulated), and the roadmap auto-update log. - Lens flagship English (1.24.2) — the per-domain quality self-question lens (
leerness lens) now renders in English under--language en: all 5 domains (code / design / docs / test / security) with English questions, personas, and cross-domain causality. - Korean-first preserved — English is opt-in (
--language en/LEERNESS_LANG=en/ English-initialized project). Korean text and lens questions are unchanged byte-for-byte.
Verification (zero regression)
- selftest 244/244 · E2E 365/365 (Korean-default path unchanged) · en-leak scan: session-close body & lens have 0 Korean under en, Korean preserved · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
- Patches 1.24.1 / 1.24.2 are not separately on npm (accumulated here per the minor-only publish policy).
v1.24.0 (Stable) - full help-surface English
1.24.0 — Stable minor: full help-surface English coverage
🛡️ Stable release. Bundles patches 1.23.1 (Phase 6) + 1.23.2 (Phase 7). English users can now read every help surface end to end: main help → command-group help → usage hints.
Highlights (UR-0010 CLI English)
- Phase 6 — curated English main help under
--language en, grouped into 8 categories (Setup · Diagnostics · Verification · Security · Handoff · Memory · Skills · Agents · Reuse · Release · More), free of legacy version-tag noise.status(path-not-found + healthyMeaning) and thesubcommand_requirederror are English too. - Phase 7 — 5 group-help blocks (requests / constraints / wakeup-interval / idempotency / intent) and
_GROUP_USAGEplaceholders (<text>/<trigger>/<key>/<name>). - Korean-first preserved — English is opt-in via
--language en/LEERNESS_LANG=en/ an English-initialized project. The Korean help and usage maps are unchanged byte-for-byte.
Verification (zero regression)
- selftest 242/242 · E2E 365/365 (Korean-default path unchanged) · post-publish clean-room re-verification.
Notes
- 0 runtime deps · 0 install scripts · Node ≥ 18 · MIT.
- Patches 1.23.1 / 1.23.2 are not separately on npm (accumulated here per the minor-only publish policy).