Releases: mohamedzhioua/agent-done-or-not
Release list
v0.9.0 — state-bound trust
v0.9.0 — state-bound trust
v0.8.0 defined what counts as done. v0.9.0 binds every receipt to the source
it verified and closes the Windows and setup gaps that blocked adoption. A
green receipt from before your last edit no longer looks identical to a fresh
one, and the hard Stop gate is now as strict as assert.
Highlights
- Git-state binding.
capturenow records thecommit(full HEAD SHA),
tree, anddirtyworking-tree state in every receipt. Empty/falseoutside
a git repo, so nothing breaks off-VCS. - State-drift detection.
assert, the Stop gate, andreportwarn when the
newest passing receipt was captured against a different commit (or a dirty
tree) — the stale-CI-cache / edit-after-check gap. Advisory by default; set
AGENT_DONE_BIND_STATE=1to make drift a hard failure/block. - Policy-aware Stop gate.
stop-gate.sh/stop-gate.ps1now enforce an
agent-done.jsonpolicy — a single passing receipt of any label no longer
clears the gate when a policy requires more (parity withassert). Fails
closed if it can't evaluate the policy. - Test-file-diff guard.
reportflags a "done" claim sitting on uncommitted
changes to test/spec files (advisory) — the most-cited agent check-gaming
pattern. npx agent-done-or-not stop-gate. Run the Stop hook with no vendored
scripts; it pipes the hook payload on stdin.
Fixes (adoption blockers)
init --claude-hooknow installs a working hook — it copies the gate
scripts into the repo, so the generated hook resolves instead of pointing at
missing files.- Windows PowerShell 5.1 encoding — removed non-ASCII characters from
done-gate.ps1that broke WinPS 5.1's UTF-8-no-BOM parse. All engine.ps1
files are pure ASCII now. - npm wrapper Windows/WSL trap — the wrapper tries PowerShell first on
Windows, so a WSLbash.exethat chokes on a Windows path no longer aborts
before the native.ps1engine. - Windows CI matrix — CI runs the PowerShell parity suite under both Windows
PowerShell 5.1 and PowerShell 7+, plus an npm-wrapper smoke, so these stay
fixed.
Positioning
The receipt is a verification receipt — evidence that the configured check
ran and passed against a specific commit. The SHA-256 is proof of the command's
output; it is not proof of semantic correctness. You still choose a command
that verifies what you claim.
Full details in CHANGELOG.md.
v0.8.0 — trust layer
v0.8.0 — the trust layer
Turns "a check passed" into "the required checks passed," and makes a
completion claim shareable. Built cross-engine (bash + PowerShell + Node), zero
new dependencies, and dogfooded through the gate itself: 77 passing, 0 failed
(incl. the PowerShell parity suite).
Added
- Required-checks policy — an optional
agent-done.jsondeclares required
labels, each with an optionalcommand_regex, plusttl.assertreads it
when no--labelis given. Resolution order: explicit--label(legacy) →
policy → most-recent receipt. Policy mode searches all run dirs per label,
so checks captured in separate runs still count. New--policy/--no-policy
flags;assert --jsongains apolicykey. Parsed dependency-free in bash +
PowerShell. Documented in the newpolicy.schema.json. A present-but-unparseable
policy fails closed — it never silently degrades to the latest receipt. - Wrong-check detection — a label strength taxonomy (strong: test/build/
typecheck/e2e/smoke…; weak: lint/format/style/manual/docs). When the only
passing evidence is weak,assertandreportemit an advisory
latest proof is lint-only — …warning. Advisory only; never changes an exit code. report --format pr— a sticky, paste-ready PR comment wrapped in
<!-- agent-done-or-not:proof -->markers, plus a human "Proof of Done" card
on the markdown report.- Action PR comment —
pr-comment+github-tokeninputs upsert a sticky
proof comment viagh api, without changing the job's pass/fail (assert still decides). initpolish —--claudealias for--claude-hook;--policyscaffolds
anagent-done.json(never overwriting an existing one).
Changed
assert --jsonnow includes a top-levelpolicyfield (empty in legacy/--labelmodes). All existing keys unchanged.
Hardening (from an adversarial cross-model review, all with regression tests)
- Present-but-unparseable policy now fails closed (was a wrong-PASS that fell back to latest-receipt).
report --format prescapes</>so a crafted command can't inject the proof marker.- PowerShell
-matchon an invalidcommand_regexis now caught (was throwing → no JSON);--ttlnon-integer fails exit 2 in both engines (parity).
Release
- Tag
v0.8.0pushed;agent-done-or-not@0.8.0published to npm. - Homebrew + Scoop pinned to the v0.8.0 tarball (
sha256 25bf2050…).
🤖 Generated with Claude Code
v0.7.0
v0.7.0 — init flow, proof report, GitHub Action job summary
Adds a 60-second onboarding flow and an inspectable proof report.
Added
agent-done-or-not init— detects the stack (npm/pnpm/yarn, Python, Go, Cargo, Maven/Gradle), infers conservativetest/build/lintlabels, and patches a managed proof block into agent instruction files (AGENTS.md,CLAUDE.md,.cursorrules, …) with backups. Supports--dry-run,--label/--command,--claude-hook.agent-done-or-not report --format markdown|html|json— proof summary from.agent-proofledgers with an explicit non-green state vocabulary (missing/failed/stale/bypassed/local-only), commit + dirty-tree status. Bypassed/stale/missing/failed are never shown as verified.- GitHub Action proof job summary via
$GITHUB_STEP_SUMMARY;npm run smoke.
Hardened (review pass)
reportescapes agent-controlled receipt fields in markdown + HTML;--format htmlrenders a real table.initpreserves block/content separation on re-run and never overwrites a backup.- Action summary writes gate output into an HTML-escaped
<pre>(no markdown injection). - Fixed a job-summary
printfregression caught by CI (leading-dash format aborted the step).
Install: npx agent-done-or-not init --yes · npm i -g agent-done-or-not@0.7.0
Tests: 65 bash scenarios + the PowerShell parity suite, green.
v0.6.0 - Windows-native engine + full agent roster
What's new in v0.6.0
Completes Windows-native support and broadens agent coverage to every major AI coding tool on the skills.sh platform.
Added
done-gate.ps1— native PowerShell port of the engine (capture / assert / verify / show,--json, all flags). Runs on Windows PowerShell 5.1 and PS 7+ with built-ins only — Windows no longer needs Git Bash. Receipts from both engines are interchangeable.stop-gate.ps1— native PowerShell Stop-event hook, full parity port ofstop-gate.sh. All 13 trust rules preserved.- Homebrew formula (
packaging/homebrew/agent-done-or-not.rb) and Scoop manifest (packaging/scoop/agent-done-or-not.json) — pinned to v0.6.0 source tarball + SHA-256. - Agent rules files for Windsurf (
.windsurfrules), Cline (.clinerules), Roo (.roo/rules/done-or-not.md), Zed (.zed/prompts/done-or-not.md), Goose (.goosehints). - CI templates for GitLab CI and Azure DevOps, joining the existing GitHub Actions composite action.
- Improved
skills/done-or-not/SKILL.mdwith PowerShell usage examples and fuller installation table.
Fixed
- Packaging tests no longer hardcode stale v0.5.0 values.
- Windows Git Bash path handling in
done-gate.sh/stop-gate.sh. - npm wrapper falls back to native PowerShell on Windows when Bash is unavailable.
- Scoop manifest now launches
done-gate.ps1so Windows users do not need Git Bash.
Install
# npm
npx agent-done-or-not capture --label check -- <your-command>
# Homebrew
brew tap mohamedzhioua/agent-done-or-not
brew install agent-done-or-not
# Scoop
scoop bucket add agent-done-or-not https://github.com/mohamedzhioua/agent-done-or-not
scoop install agent-done-or-notRun the gate straight from npx
v0.5.0 — run the gate straight from npx
v0.5.0 adds an npm package wrapper so you can run the proof-of-done gate
without cloning the repo — handy in a CI step or an npm script.
What's new
- npm / npx —
agent-done-or-noton npm:A zero-dependency Node shim (npx agent-done-or-not capture --label test -- npm test npx agent-done-or-not assert --label test --ttl 3600
bin/agent-done-or-not.js) forwards every
argument to the bundleddone-gate.sh, preserves the caller's working
directory (so.agent-proof/lands in your repo), and exits with the
underlying command's own code. Requiresbashon PATH — Git Bash on Windows.
The published tarball bundles only the engine, the scripts, the schema, and
the drop-in rules (10 files).
Notes
- 49-test suite, green on Ubuntu + macOS (plus the action self-test); the npm
shim is covered end-to-end (capture writes a receipt in cwd; assert
propagates pass/fail exit codes). - Thin wrapper — the canonical bash core is unchanged.
Full changelog: see CHANGELOG.md.
Claude Code plugin + skills.sh Agent Skill
v0.4.0 — native packaging for the agent-skill ecosystems
v0.4.0 makes agent-done-or-not installable as a first-class citizen of the two
agent-skill ecosystems — a Claude Code plugin and a skills.sh Agent
Skill. Both are thin wrappers; the canonical bash core stays the source of
truth (no duplicated logic).
What's new
- Claude Code plugin — hard "prove done" enforcement in one install:
Ships
claude plugin marketplace add mohamedzhioua/agent-done-or-not claude plugin install agent-done-or-not
.claude-plugin/plugin.json, a Stop hook (hooks/hooks.json→
bash "${CLAUDE_PLUGIN_ROOT}/stop-gate.sh"), and a single-plugin
self-marketplace (.claude-plugin/marketplace.json). Validated with
claude plugin validate. - Agent Skill (skills.sh) — install the proof-of-done rule for any agent:
npx skills add mohamedzhioua/agent-done-or-not
skills/done-or-not/SKILL.mdpackages the rule; the README carries the live
skills.sh install-count badge. The nested skill also rides along as bundled
context for the Claude plugin.
Notes
- 44-test suite, green on Ubuntu + macOS (plus the action self-test).
- Completes the P1 distribution arc: installer + Action + pre-commit (v0.3.0)
and plugin + skill (v0.4.0).
Full changelog: see CHANGELOG.md.
Three drop-in ways to adopt the gate
v0.3.0 — three drop-in ways to adopt the gate
Distribution release. The proof-gate core was already stable; v0.3.0 makes it
trivial to add to any repo without copy-pasting files. Builds on the assert +
--json contract from v0.2.0.
What's new
install.shone-liner — bootstrap any repo in one command:Conservative, inspectable POSIXcurl -fsSL https://raw.githubusercontent.com/mohamedzhioua/agent-done-or-not/main/install.sh | shsh: dropsdone-gate.sh+stop-gate.sh
into the current repo, marks them executable, and adds.agent-proof/to
.gitignore(idempotent). Pin a ref withREF=v0.3.0; offline installs via
AGENT_DONE_LOCAL_SRC. Prefer to inspect first? The manual two-file method is
still documented.- GitHub Action — gate a CI job on proof-of-done:
A composite action that resolves its own
- uses: actions/checkout@v4 - uses: mohamedzhioua/agent-done-or-not@v0.3.0 with: mode: assert labels: "test build" ttl: "3600"
done-gate.shand asserts the
consumer's receipt ledger. Self-test workflow dogfoods both the pass and the
expected-failure path. - Pre-commit framework hook — block commits that lack a fresh passing receipt:
repos: - repo: https://github.com/mohamedzhioua/agent-done-or-not rev: v0.3.0 hooks: - id: agent-done-assert
Notes
- 38-test suite, green on Ubuntu + macOS (plus the action self-test).
- Every new surface is a thin wrapper — the canonical bash core is unchanged.
Full changelog: see CHANGELOG.md.
Useful beyond the agent loop (CI / pre-commit) + machine-readable
v0.2.0 — useful beyond the agent loop (CI / pre-commit) + machine-readable
v0.2.0 takes the proof-gate from an in-loop guardrail to something you can also
gate CI, pre-commit, and release on — and makes every decision
machine-readable so other tools can build on it.
What's new
done-gate.sh assert— verify the ledger without running anything, for
CI / pre-commit / release gates. Require one or more labels (--label,
repeatable), reject stale receipts (--ttl), and constrain the recorded
command class (--allow-command-regex/AGENT_DONE_ALLOWED_COMMANDS).bash done-gate.sh assert --label test --label build --ttl 3600--jsononcapture,assert,verify, andshow— stable,
dependency-free decision objects for Actions, hooks, and editor integrations.- Trust pack: README badges, a comparison table (vs a plain
CLAUDE.md
rule), a "how it can and can't be fooled" threat model, an FAQ,SECURITY.md,
examples/proof.jsonl, and an asciinema cast atdocs/demo.cast.
Changed
epochis documented inproof.schema.json; freshness is judged from the
recorded epoch, never file mtime.- Tests: 18 → 28 (assert pass/fail/all-labels/ttl/regex +
--jsonparse checks),
green on Ubuntu + macOS.
Notes
- Backward compatible with v0.1.0 —
capture/verify/showare unchanged;
assertand--jsonare additive.
Full changelog: see CHANGELOG.md.
Make your AI agent prove "done"
v0.1.0 — make your AI agent prove "done"
Your AI agent just said "Done ✅" — but did it verify? agent-done-or-not is
a single-file, zero-dependency proof-gate that forces it to back the claim with a
hash before it can finish. Works with Claude Code, Cursor, and Codex.
What's in it
done-gate.sh— runs your real check, streams output, records a
tamper-evident receipt (command + exit code + SHA-256), and exits with the
command's own code so a failing check can't be dressed up as green.stop-gate.sh— a Stop-event hook that blocks "done" unless the most
recent receipt is passing, fresh, and not already used. It fails closed
and can't be looped forever (bounded safety valve).- Drop-in rules for all three tools (
CLAUDE.md,.cursorrules,AGENTS.md),
a documented receipt schema, and an 18-test suite (green on Ubuntu + macOS).
Install (60 seconds)
curl -O https://raw.githubusercontent.com/mohamedzhioua/agent-done-or-not/main/done-gate.sh
curl -O https://raw.githubusercontent.com/mohamedzhioua/agent-done-or-not/main/stop-gate.sh
chmod +x done-gate.sh stop-gate.sh
echo '.agent-proof/' >> .gitignoreThen wire it for your tool — see examples/install.md.
Notes
- Hardened with an independent cross-model (Codex) security review before release.
- It's a forcing function, not a semantic oracle — it makes the agent run a
check and proves it passed; you choose the check. Task-specific proof binding
is on the v0.2 roadmap.
Full changelog: see CHANGELOG.md.