Skip to content

Releases: varmabudharaju/agent-pd

v0.2.0

11 Jun 16:19
@varmabudharaju varmabudharaju
v0.2.0
eba4d67

Choose a tag to compare

View all tags
v0.2.0 Latest
Latest

First release since 0.1.0 hit PyPI. Bundles the session-identity and live-feed work that landed after 0.1.0 packaging.

Added

  • Session identity everywhere (#31) — pd list is now a table (id · project · last activity · first user prompt); pd watch headers name the session. Derived at read time from existing log data, so it works retroactively for every session.
  • pd watch streams only new activity by default (#29) — --replay shows the full backlog when you want it.
  • Full-width live feed (#30) — names the offense on each line, with clearer agent tags.
  • Multi-session fleet demo (examples/demo-sessions.sh) — the source of every README screenshot.

Fixed

  • pd watch --all no longer fuses agents across sessions — live records are now keyed per (session, agent), so the main agent (id "") no longer inherits the first session's project root.

Full changelog: v0.1.0...v0.2.0

Assets 2
Loading

v0.1.0

08 Jun 18:22
@varmabudharaju varmabudharaju
v0.1.0
f7dba8f

Choose a tag to compare

View all tags
v0.1.0

Changelog

All notable changes to agent-pd are documented here.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

Unreleased

Nothing yet.

0.1.0 — 2026-06-08

First public release. A logging-only hook records every tool & permission event from
the main Claude Code agent and its subagents; the pd CLI replays that log through
deterministic detectors and reports rule offenses with quoted evidence. Catch-and-report
— it never blocks.

Added

  • Logging hook — registered on PostToolUse / PermissionDenied / SubagentStart /
    SubagentStop; appends one normalized, hash-chained line per event to a per-session
    audit log and always exits 0 (never blocks, never loses an event).
  • Six deterministic detectors (zero token cost): permission_bypass, out_of_scope
    (project-boundary + sensitive paths), self_permission, tool_not_allowed,
    redundant, off_task.
  • pd judge — opt-in, cost-capped LLM pass to confirm/drop noisy off_task flags,
    via the claude CLI (your subscription) or the Anthropic API (pip install "agent-pd[judge]").
  • CLI: pd install-hook, list, report (md/json, --verbose, --agent),
    watch (live "police scanner", --all, --crimes-only), verify, compact,
    sink push|status, and pd --version.
  • Permission-aware severity — offenses matching your permissions.allow rules are
    downgraded to info, with faithful Claude Code matching semantics (see SYSTEM-DESIGN §9).
    Sensitive-path access and categorically-catastrophic commands are never downgraded.
  • Tamper-evident audit log — per-session SHA-256 (or HMAC with PD_AUDIT_KEY) hash
    chain; pd verify detects edits/reordering/truncation. Optional off-host append-only
    sink (pd sink) closes the retroactive-deletion gap.
  • Configurationpd-rules.yaml is auto-discovered (cwd → project root → ~/.claude;
    --rules overrides); configurable audit-log location via --audit-dir / PD_AUDIT_DIR
    (always resolved to an absolute path).
Loading