Releases: samartomar/ai-harness
Releases · samartomar/ai-harness
Release list
v2.11.0
What's Changed
- fix(mcp): enforce enterprise managed allowlists by @samartomar in #453
- feat: add repo-scoped AI token tooling by @samartomar in #454
- fix: expose graph MCP to Codex by @samartomar in #455
- Fix Token Savior MCP runtime callability by @samartomar in #456
- fix: make baseline vet-once reproducible by @samartomar in #457
- perf(trust): make many-finding scans near-linear by @samartomar in #458
- fix(mcp): preserve concurrent configuration edits by @samartomar in #459
- fix(mcp): complete managed policy lifecycle by @samartomar in #460
- feat(policy): add standalone projection command by @samartomar in #461
- fix(mcp): normalize exact resolver pin semantics by @samartomar in #462
- fix(workspace): accept populated child graphs by @samartomar in #463
- fix(trust): restrict GitHub fetch redirects by @samartomar in #464
- fix(trust): preserve external input integrity by @samartomar in #468
- feat(baseline): report detector timing by @samartomar in #469
- fix(ecc): align Codex preflight with pinned defaults by @samartomar in #470
- docs: clarify Comby optionality on Windows by @samartomar in #471
- docs: clarify release verification evidence by @samartomar in #472
- test: remove no-op module URL replacement by @samartomar in #473
- chore(release): prepare v2.11.0 by @samartomar in #475
Full Changelog: v2.10.0...v2.11.0
v2.10.0
What's Changed
- fix(baseline): evaluate every catalog in the installable release gate by @samartomar in #446
- fix(baseline-evidence): pull SkillSpector by digest instead of rebuilding in vet-once by @samartomar in #445
- feat(trust): detector precision — negated-prohibition guardrails and missing-license reclassification by @samartomar in #447
- feat(baseline-evidence): incremental vet — reuse per-component receipts when content and analyzer identity are unchanged by @samartomar in #450
- Release v2.10.0 by @samartomar in #452
Full Changelog: v2.9.0...v2.10.0
v2.9.0
What's Changed
- fix(trust): require team legal-text acknowledgement by @samartomar in #426
- fix: treat unavailable sandbox smoke as skip by @samartomar in #427
- feat: narrow trust findings and stabilize fingerprints by @samartomar in #428
- feat(ecc): install authorized component subset by @samartomar in #429
- fix(prune): report cross-target divergence without advancing ledger by @samartomar in #430
- feat(release): bind escalation acknowledgement to GitHub evidence by @samartomar in #431
- fix(trust): make scans observable and self-cleaning (#421) by @samartomar in #432
- docs: record v2.9 field-findings design and execution by @samartomar in #433
- ci(release): require an installable shipped baseline by @samartomar in #425
- fix: English-only ECC baseline + required analyzers — offline preflight + diagnostics by @samartomar in #437
- fix(release-preflight): resolve issue refs to their closing merged PR via GitHub evidence by @samartomar in #441
- Release v2.9.0 by @samartomar in #443
Full Changelog: v2.8.0...v2.9.0
v2.8.0
What's Changed
- feat: gate baseline installs on signed component evidence by @samartomar in #410
- feat(ecc): register scoped component unions by @samartomar in #411
- feat(prune): reconcile scoped ECC registration ledger by @samartomar in #412
- feat(release): gate bump escalation on declared intent by @samartomar in #413
- feat(trust): classify legal-text detector findings by @samartomar in #414
- Release v2.8.0 by @samartomar in #416
Full Changelog: v2.7.0...v2.8.0
v2.7.0
What's Changed
- docs(canon): cross-repo contract binding and merge-authority deferral by @samartomar in #401
- fix(canon): fail closed without code-review-graph by @samartomar in #403
- docs: align support-policy claims and overview journey with latest-minor policy; widen versioned-surface lock by @samartomar in #404
- Release v2.7.0 by @samartomar in #406
Full Changelog: v2.6.0...v2.7.0
v2.6.0
What's Changed
- chore(build): emit declarations with tsc instead of tsup's vendored dts by @samartomar in #396
- feat(release): add release-preflight check with machine-readable cut manifest by @samartomar in #397
- chore(deps): bump the codeql group across 1 directory with 2 updates by @dependabot[bot] in #391
- chore(deps-dev): bump fast-check from 4.8.0 to 4.9.0 in the dependencies group across 1 directory by @dependabot[bot] in #393
- chore(deps-dev): bump the toolchain group across 1 directory with 2 updates by @dependabot[bot] in #392
- Release v2.6.0 by @samartomar in #400
Full Changelog: v2.5.1...v2.6.0
v2.5.1
What's Changed
- docs: align release runbook with the release-train flow by @samartomar in #381
- fix: refresh stale versioned SVGs and lock surfaces to VERSION by @samartomar in #383
- ci: require exactly one semver label per PR by @samartomar in #384
- docs: address the semver-label check to maintainers, not contributors by @samartomar in #386
- fix(tests): resolve noUnsafeOptionalChaining findings for Biome 2.5.3 by @samartomar in #387
- chore(deps): apply safe dev dependency updates and split the toolchain group by @samartomar in #388
- test: add fast-check fuzz coverage for platform parsers by @samartomar in #389
- chore(deps): bump anthropics/claude-code-action from 1.0.169 to 1.0.170 by @dependabot[bot] in #385
- ci(deps): group CodeQL actions so init/analyze bump together by @samartomar in #390
- Release v2.5.1 by @samartomar in #395
Full Changelog: v2.5.0...v2.5.1
v2.5.0
What's Changed
- chore(deps): bump github/codeql-action/upload-sarif from 4.36.2 to 4.37.0 by @dependabot[bot] in #354
- chore(deps): bump anthropics/claude-code-action from 1.0.162 to 1.0.169 by @dependabot[bot] in #355
- chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.1 by @dependabot[bot] in #356
- fix: harden nightly safety evidence by @samartomar in #371
- fix: resolve scoped skill license evidence by @samartomar in #376
- Skill vet: record curated subset evidence by @samartomar in #378
- Fix trust scan visible Unicode classification by @samartomar in #379
- Release v2.5.0 by @samartomar in #380
Full Changelog: v2.4.3...v2.5.0
v2.4.3
What's Changed
- Release v2.4.3 upgrade regeneration by @samartomar in #364
Full Changelog: v2.4.2...v2.4.3
v2.4.2
What's Changed
- Release v2.4.2 enterprise hardening by @samartomar in #359
Full Changelog: v2.4.1...v2.4.2