Skip to content

v0.8.0 — trust layer

Choose a tag to compare

@mohamedzhioua mohamedzhioua released this 23 Jun 23:21

v0.8.0 — the trust layer

Turns "a check passed" into "the required checks passed," and makes a
completion claim shareable. Built cross-engine (bash + PowerShell + Node), zero
new dependencies, and dogfooded through the gate itself: 77 passing, 0 failed
(incl. the PowerShell parity suite).

Added

  • Required-checks policy — an optional agent-done.json declares required
    labels, each with an optional command_regex, plus ttl. assert reads it
    when no --label is given. Resolution order: explicit --label (legacy) →
    policy → most-recent receipt. Policy mode searches all run dirs per label,
    so checks captured in separate runs still count. New --policy / --no-policy
    flags; assert --json gains a policy key. Parsed dependency-free in bash +
    PowerShell. Documented in the new policy.schema.json. A present-but-unparseable
    policy fails closed — it never silently degrades to the latest receipt.
  • Wrong-check detection — a label strength taxonomy (strong: test/build/
    typecheck/e2e/smoke…; weak: lint/format/style/manual/docs). When the only
    passing evidence is weak, assert and report emit an advisory
    latest proof is lint-only — … warning. Advisory only; never changes an exit code.
  • report --format pr — a sticky, paste-ready PR comment wrapped in
    <!-- agent-done-or-not:proof --> markers, plus a human "Proof of Done" card
    on the markdown report.
  • Action PR commentpr-comment + github-token inputs upsert a sticky
    proof comment via gh api, without changing the job's pass/fail (assert still decides).
  • init polish--claude alias for --claude-hook; --policy scaffolds
    an agent-done.json (never overwriting an existing one).

Changed

  • assert --json now includes a top-level policy field (empty in legacy/--label modes). All existing keys unchanged.

Hardening (from an adversarial cross-model review, all with regression tests)

  • Present-but-unparseable policy now fails closed (was a wrong-PASS that fell back to latest-receipt).
  • report --format pr escapes </> so a crafted command can't inject the proof marker.
  • PowerShell -match on an invalid command_regex is now caught (was throwing → no JSON); --ttl non-integer fails exit 2 in both engines (parity).

Release

  • Tag v0.8.0 pushed; agent-done-or-not@0.8.0 published to npm.
  • Homebrew + Scoop pinned to the v0.8.0 tarball (sha256 25bf2050…).

🤖 Generated with Claude Code