Skip to content

v1.12.1

Latest
Latest

Choose a tag to compare

View all tags
@thettwe thettwe released this 06 Jun 10:02
· 1 commit to main since this release
v1.12.1
d74d0e8

1.12.1 — 2026-06-06

Theme: Pre-release hardening

A correctness, security, and contract hardening pass over the whole codebase (three review rounds, ~83 confirmed issues fixed — each reproduced against live code and locked behind a regression test). Test suite 1449 → 1583.

Security

  • gen-ci: validate profile-derived package_manager / *_version fields before they reach generated CI run: steps (command injection).
  • undo-bootstrap: reject .. / non-basename pre-state blobs (path traversal that could copy arbitrary files into the repo).
  • reorganize-docs: git mv -- to stop option injection; gh-integration: numeric-validate require_pr_reviews.
  • _lib.sh: path_under_target / safe_mkdir_under_target no longer glob-expand path segments (canonicalization bypass).

Data-loss / corruption fixes

  • README badge / stack-icon --apply: single-shot marker state machine + full symlink canonicalization + path-under-target guard + idempotency (could destroy README content).
  • optimize-claudemd: fix marker-on-line-1 duplication and code-fence-aware section removal (was bricking CLAUDE.md).
  • merge-profiles: stop deleting null elements inside overlay arrays.

Guards, release & git workflow

  • block-main hook + undo: lowercase branch match — fixes fail-open on Main/Master on case-insensitive filesystems; clause-scoped --no-verify in the no-python fallback.
  • merge-conflict guard: stop hard-blocking commits on a bare ======= line.
  • release: monorepo non-batch now tags the changelog commit; tag-failure rollback + changelog-dup guard; prerelease versionsort. --push now CI-gates by default (GitHub origin + authed gh) with graceful degrade and a --no-wait-for-checks opt-out.

Contracts, templates & detection

  • team-sync-result schema allows updates_available; new derived-codeowners schema; producer-mapping corrections.
  • governance-check.yml: correct GitHub owner + current version pin (generated governance CI was failing for every user).
  • gen-ci empty-matrix + non-JS install-cmd; gen-templates config.yml YAML validity; derive-codeowners all-bot abort; modern bun.lock detection; core.quotePath filenames.

Health, docs, tests & CI

  • compute-health-score: deduct for an absent CLAUDE.md (no more 100/100 while doctor warns).
  • persist-health-score: lock the read-modify-write (lost-update race).
  • README / CHANGELOG / architecture / RELEASING: counts, archetypes, stacks, link defs, exit codes corrected.
  • Output-quality eval tier now gates CI; added a self-contained plugin-manifest validation step (+ bats); removed a vacuous assertion.

Full detail and the per-finding breakdown: #29.

Assets 2
Loading