v0.3.0

What's Changed

• refactor(solid): harden policy extension seams by @paudley in #38
• feat(agent): add remediation evidence payloads by @paudley in #39
• feat(hooks): centralize agent routing and code intel by @paudley in #40
• feat(code-intel): store remediation and SARIF evidence by @paudley in #41
• feat(code-intel): expand AST evidence storage by @paudley in #42
• feat(policy): add AST-backed CEL enforcement by @paudley in #43
• chore(repo): add code owners by @paudley in #44
• docs(trust): document OpenSSF Gold evidence and Best Practices automation by @paudley in #50
• chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 by @dependabot[bot] in #49
• refactor(go): unify hook runtime and lint gates by @paudley in #51
• test(e2e): stabilize managed lint output assertions by @paudley in #63
• Harden managed diagnostics and non-mutating test targets by @paudley in #64
• Harden policy drift diagnostics and SARIF publishing by @paudley in #66
• Harden hook policy and diagnostics workflows by @paudley in #67
• feat(ast): incremental indexing, rename detection, and markdown support by @paudley in #68
• feat(mcp): end-to-end workflow tests and pure-Go diffing by @paudley in #70
• feat(ast): complete Phase 2 graph edges and chunk-level invalidation by @paudley in #69
• feat(ast): MinHash code similarity detection and parallel hook execution by @paudley in #72
• chore(deps): bump tombi from 0.9.26 to 0.10.2 by @dependabot[bot] in #73
• chore(deps): bump golang.org/x/sys from 0.42.0 to 0.44.0 in /go by @dependabot[bot] in #74
• test(mcp): exercise stdio workflow end to end by @paudley in #75
• feat(similarity): expose MCP preflight checks by @paudley in #76
• feat(eslint): add full integration by @paudley in #95
• feat(parent): add parent lint workflow by @paudley in #96
• [codex] Add managed TypeScript compiler diagnostics by @paudley in #97
• [codex] Add managed kube-linter diagnostics by @paudley in #98
• feat(agent-proxy): compress verbose tool output by @paudley in #99
• Prevent branch history rewrites in git policy by @paudley in #100
• Refresh code intelligence during hook workflows by @paudley in #101
• Add directory anatomy listing enrichment by @paudley in #102
• feat(proxy): cache repeated file reads by @paudley in #104
• fix(parent-runtime): scope protected branch policy by @paudley in #105
• [codex] Preserve original proxy output evidence by @paudley in #106
• Close agent proxy output-compression gaps by @paudley in #107
• Fix code-intel stale hash detection by @paudley in #108
• Enrich directory listings with AST anatomy maps by @paudley in #109
• feat(proxy): paginate large file reads by @paudley in #110
• feat(proxy): inject startup repo map by @paudley in #111
• Derive linter config from ETHOS principles by @paudley in #113
• test(mcp): cover real stdio workflow resources by @paudley in #115
• chore(deps): roll up Dependabot updates by @paudley in #128
• test: add sandbox workflow e2e coverage by @paudley in #133
• chore(license): relicense project under AGPLv3 by @paudley in #135
• Fix pre-push warning debt by @paudley in #145
• Use native sandboxing for managed runtime builds by @paudley in #146
• Add managed git commit workflow E2E coverage by @paudley in #148
• Make sandboxing platform-determined by @paudley in #150
• Add hook debug logging and harden Git enforcement by @paudley in #153
• Enforce agent shell runner boundary by @paudley in #154
• Fix hook proxy token ledger budget enforcement by @paudley in #155
• Enforce search/replace edit blocks by @paudley in #156

Full Changelog: v0.2.1...v0.3.0