Skip to content

bkit v2.1.17 — CI/CD Hardening, 5-Axis Matrix 5/5 Close

Choose a tag to compare

View all tags
@popup-kay popup-kay released this 20 May 11:21
· 45 commits to main since this release
v2.1.17
39f89e6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

bkit v2.1.17 — CI/CD Hardening, 5-Axis Matrix 5/5 Close

Headline: Permanent closure of the 8-day Invocation Contract Check red incident class from 2026-05-12 to 2026-05-20. CI/CD maturity matrix (Detection / Enforcement / Recovery / Governance / Evolution) closed across all 5 axes. All 11 carryover items resolved.

🎯 Highlights

Incident Class Permanently Closed

On 2026-05-12, commit 967cd8f (refactor v2.1.13) removed six pdca-eval-* agents as dead code cleanup. The baseline v2.1.9 manifest was not updated, and the Agent surface lacked a deprecatedIn governance mechanism (which Skill already had). This caused the Invocation Contract Check workflow to fail on every push for 8 consecutive days. Releases v2.1.15 and v2.1.16 GA shipped while CI was red. This v2.1.17 release closes every known root cause and carryover in the incident class.

5-Axis Matrix Progression

Axis v2.1.16 GA v2.1.17
Detection ◐ L1+L4 only ●● Dual baseline + L2 + L3 + L5 mandatory + MCP schema
Enforcement Branch protection auto-applied (2 Required Status Checks)
Recovery ●● Rollforward SOP + tracked file policy guide
Governance ◐ Skill only ●● Skill + Agent + MCP symmetric + isolated tests (5+6 scenarios)
Evolution ●● Dual baseline + frontmatter util + SoT canonical names

5/5 close

📦 Changes

Detection

  • Dual baseline: v2.1.9 LTS (long-term drift) + v2.1.16 Latest (noise floor) compared simultaneously
  • L2 mandatory: l2-smoke.test.js (98 TC) + l2-hook-attribution.test.js (13 TC) integrated into workflow
  • L3 mandatory: l3-mcp-compat.test.js (92 TC) + l3-mcp-runtime.test.js (48 TC) integrated into workflow
  • L5 mandatory (CO-3): removed continue-on-error: true from invocation-inventory.test.js + added needs: contract-l1-l4 (203 → 210 TC with SoT-driven lists)
  • MCP deprecation schema (CO-2): inline // @deprecated since vX.X.X replacedBy=Y annotation parsing
  • scripts/check-test-tracking.js (CO-7): detects untracked test files across 18 production test paths (CI gate)

Enforcement

  • scripts/setup-branch-protection.sh (CO-1, idempotent gh api wrapper) — auto-applied to main:
    • Required Status Checks: Contract Test (L1 Frontmatter + L4 Deprecation), Contract Test L5 (Invocation Inventory)
    • strict: true, allow_force_pushes: false, allow_deletions: false
    • enforce_admins: false (admin override allowed for emergency hotfixes)

Recovery

  • docs/06-guide/contract-baseline-rollforward.guide.md: LTS vs Latest policy, decision tree, capture/deprecation stub procedures, PR self-review checklist, incident log (8 sections)
  • docs/06-guide/test-file-tracking-policy.guide.md (CO-6): .gitignore policy + PR checklist + incident log (9 sections)
  • docs/06-guide/branch-protection-setup.guide.md (CO-1): admin SOP

Governance

  • Agent deprecation governance: agents/<name>.md frontmatter with deprecatedIn: vX.X.X bypasses L4 — symmetric with the Skill pattern
  • 6 pdca-eval-* deprecation tombstones: agents/pdca-eval-{act,check,design,do,plan,pm}.md (permanent tombstones for the 5/12 cleanup)
  • MCP tool deprecation governance: L4 bypass via baseline JSON deprecatedIn field — full symmetry across 3 surfaces (Skill / Agent / MCP)
  • Agent-deprecation isolated test (CO-4): test/contract/agent-deprecation.test.js, 5 scenario fixture, 5/5 PASS
  • MCP-deprecation e2e test (CO-2.1): test/contract/mcp-deprecation.test.js, 6 scenario fixture, 6/6 PASS

Evolution

  • lib/util/frontmatter.js (CO-5): consolidated 5-site duplication — parseFrontmatter, parseFrontmatterFile, hasDeprecatedInFrontmatter, hasDeprecatedInFrontmatterFile, coerce
  • v2.1.16 baseline captured (test/contract/baseline/v2.1.16/, 106 files)
  • SoT canonical names lists (CO-3.1): added 6 lists to lib/domain/rules/docs-code-invariants.jsEXPECTED_ACTIVE_AGENT_NAMES, EXPECTED_DEPRECATED_AGENT_NAMES, EXPECTED_SKILL_NAMES, EXPECTED_HOOK_EVENT_NAMES, EXPECTED_PDCA_MCP_TOOLS, EXPECTED_ANALYSIS_MCP_TOOLS

Hygiene

  • Removed 12 orphan JSON files from test/contract/baseline/v2.1.9/ (sprint-* agents/MCP tools/skills missing from manifest)
  • Force-tracked 35+ previously untracked test files: tests/qa/ 29 + test/contract/ 5 + test/e2e/ 6 + test/integration/ 3 + test/unit/ 2 + test/v2110-qa/ 2
  • .gitignore narrowed: removed test/ + tests/* blanket ignore → explicit local-only patterns
  • scripts/check-deadcode.js EXEMPT pattern broadened (v2.1.13 sprint barrel, 3 files)

Framework Side-Effect Blocking

  • collect* implicit-write prevention: { persist: false } option blocks baseline self-mutation
  • --version path-injection validation (CO-1.1): regex ^[A-Za-z0-9._-]+$, exits with code 2 on invalid input
  • --project-root flag: makes contract-test-run.js + contract-baseline-collect.js fixture-aware

📊 Quantitative Results

Metric v2.1.16 GA v2.1.17 Delta
qa-aggregate PASS 3,808 4,103 +295
qa-aggregate FAIL 31 0 -31
qa-aggregate Errors 4 0 -4
Mandatory workflow steps 13 18 +5
Baseline snapshots 1 2 (LTS + Latest) +1
Active agents 34 34 0
Deprecation tombstones 0 6 +6
Frontmatter parse sites 5 (duplicate) 1 (lib/util/) -4
Hardcoded EXPECTED lists 7 0 (SoT) -7
Branch protection 2 Required Checks
Carryover items 11 0 -11
5-Axis Matrix 0/5 5/5

🗂 11 Carryover Closures

ID Item Status
CO-1 Branch protection automation ✅ Script + applied
CO-1.1 --version path-injection validation ✅ Regex
CO-2 MCP tool deprecation schema parseMCPToolBlocks
CO-2.1 MCP deprecation e2e test ✅ 6/6 PASS
CO-3 L5 E2E mandatory promotion ✅ Workflow
CO-3.1 L5 dynamic EXPECTED lists ✅ SoT integration
CO-4 Agent-deprecation isolated test ✅ 5/5 PASS
CO-5 frontmatter util extraction ✅ 5 sites → 1
CO-6 Tracked file policy ✅ Narrow + 35+ files
CO-7 tests/qa dependency automation ✅ check-test-tracking
CO-8 branch-protection apply audit ✅ admin applied & verified

🔗 Pull Requests

  • PR #97 (7acdd4f): v2.1.17 main scope — 4/5 axes close
  • PR #99 (39f89e6): v2.1.17 final — 5 carryover items absorbed + 5/5 axes close

📚 Documentation

  • docs/01-plan/features/v2117-ci-cd-hardening.plan.md — Plan
  • docs/02-design/features/v2117-ci-cd-hardening.design.md — Design
  • docs/03-analysis/features/v2117-ci-cd-hardening.analysis.md — Gap analysis
  • docs/04-report/features/v2117-ci-cd-hardening.report.md — Completion report
  • docs/06-guide/contract-baseline-rollforward.guide.md — Baseline SOP
  • docs/06-guide/branch-protection-setup.guide.md — Branch protection SOP
  • docs/06-guide/test-file-tracking-policy.guide.md — Test tracking policy

🙏 Origin

The incident class started with commit 967cd8f (refactor v2.1.13, 2026-05-12) — a 6-agent dead code cleanup combined with an unupdated baseline produced an 8-day red period. This release closes every known framework gap.

🤖 Released with Claude Code

Assets 2
Loading