v0.22.0
S3 release — universal op contracts plus opt-in runtime enforcement. Any op (inline or subagent) may now declare typed JSON Schema input/output contracts via blockquote markers. The vscode extension (separate package, v0.15.0) walks the binding graph to flag drift between producer and consumer at authoring time. Strict-contract mode (metadata.canopy-contracts: strict) opts skills into per-op runtime validation. Fully backward-compatible — every existing skill executes unchanged.
Added
-
Universal op contracts. Inline ops gain contract markers with the same syntax as the v0.20 subagent marker, minus the dispatch flag:
## RENDER << input >> output > **Input contract:** `assets/schemas/render-input.json` > **Output contract:** `assets/schemas/render-output.json`
Subagent ops continue to declare contracts inside the
> **Subagent.**blockquote. Both forms populate the sameinputContract/outputContractfields. Schema-less ops continue to work unchanged. -
metadata.canopy-contracts: strictopt-in. Skills declare strict mode in frontmatter; the runtime then validates each contract-bearing op's input before firing and output before binding. Halts with[contract-violation]on drift. Default (omitted) keeps contracts descriptive only. -
Schema composition through bindings. A consumer op's input contract may
$refinto the producer op's output schema (same skill). The vscode extension surfaces drift across the binding graph as authoring-time diagnostics. -
/canopy improvecontract-scaffolding pass. New audit step: for each op without contracts, proposeassets/schemas/<op-name>-{input,output}.jsongenerated from the op's<</>>named fields. Permissive defaults (additionalProperties: true, every propertytype: string) — author refines. Opt-in via--scaffold-contractsflag in the apply prompt. -
/canopy validatecontract checks. New error/warning catalog covering missing schema files, schema-vs-signature drift, binding-edge drift between producer and consumer, and the strict-mode-without-contracts no-op case. -
/canopy adviseand/canopy convert-to-canopycontract recommendations. Both ops now propose contract markers for ops with stable signatures, and propose strict mode once the skill carries contracts on the majority of non-trivial ops.
Changed
docs/reference/FRAMEWORK_SPEC.mdgains an "Op Contracts" section + aContract-bearing oprow in the Tree Execution Model node-types table.skills/canopy-runtime/references/skill-resources.mdgains an "Op contracts" section describing the marker syntax, contract composition, strict-contract mode, and the scaffolding pathway.skills/canopy-runtime/references/ops/subagent.mdgains a brief "Contracts on subagent ops" section cross-referencing the universal form so readers don't conclude that contracts are subagent-only.skills/canopy/assets/policies/authoring-rules.mdgains a "Universal op contracts" section covering marker forms, schema location, when to declare, when to skip, and the strict-mode opt-in.skills/canopy/assets/constants/control-flow-notation.mdgains rows mapping (a) signature-stable inline ops to contract-marker adoption and (b) contract-bearing skills to the strict-mode flag.
Notes
- vscode extension v0.15.0 (separate package) ships the static type-flow analyzer + binding-graph builder + new diagnostics, hover, completion, and snippets.
claude-canopy-examples/parallel-reviewretrofitted as the canonical S3 demo: input contracts on every subagent op + universal contracts onMERGE_ASPECT_FINDINGSandREPORT_BY_SEVERITY(the inline ops) +metadata.canopy-contracts: strict. Other example skills intentionally remain contract-less to demonstrate the back-compat path.- Cross-skill
$refis out of scope for this release — single-skill schema composition only.
Verifying this release
# Verify the signed tag (uses GitHub's pubkey for SSH/GPG signatures)
git verify-tag v0.22.0
# Verify SLSA build provenance for the install tarball
gh attestation verify canopy-0.22.0.tar.gz --owner kostiantyn-matsebora