Skip to content

Releases: CodeBlackwell/crg-debug

v0.23.0 — node-matched judging + evidence-carrying escalation

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 10 Jul 04:05

Lessons from the first live /crg-ui repair run, verified by replaying its recorded verify sets through the new judge.

Fixed

  • The class-flip regression trap: the verify judge matches regressions by NODE, not class-qualified key. A unit node the fix materialized-but-missed is a transition (red with feedback), the same flip on another unit's baseline node is a tolerated warning, destruction (any flip TO missing-element) and brand-new failing nodes stay regressions. Token keys keep exact-key semantics.
  • A dead subagent (StructuredOutput failure / terminal API error) now spends its shot or fails its cell — never kills the run.
  • End-of-ladder revert covers the union of every tier's touched files.
  • Relay-retry parity: assemble cross-seal gets one sharpened retry; measure/scorecard retries say why they're retrying.

Added

  • Escalation carries evidence everywhere there is a ladder: crg-ui's escalated tiers are briefed with the failed attempt's verdict + a dirty-tree disclosure; the farm bypass passes priorFailure into escalated crg-debug invocations, fenced into every fix brief.
  • Containment unit grouping: a missing-element container's expected box absorbs contained discrepancies — one root cause, one fix, one verify (capped, spill logged).
  • Fix briefs name the on-disk source of truth (capture/<slug>.figma.json, the crg-debug/crg-build/crg-integrations ledgers) and explain the coordinate/pairing contract.
  • Repair accepts allowlistedKeys — blessed deviations fold into the no-regression baseline.

Full changelog: https://github.com/CodeBlackwell/crg-debug/blob/main/CHANGELOG.md

v0.22.0 — harnessed /crg-ui-prep + sealed ready packet for /crg-ui

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 10 Jul 02:56

Added

/crg-ui-prep harnessed — the prep walkthrough gets the same deterministic leg as the other four skills, and its output becomes a machine-checked hand-off:

  • New tool core lib/ui-prep.mjs. Every scorecard status is a computed fact: audit-repo (framework/dev scripts, data-component coverage, raw-hex count outside token files, render-seam greps, routes from router source, Storybook, graph freshness vs HEAD — non-computable judgments come back unknown with raw evidence, never guessed), audit-env, normalize-figma-audit (frame pairing + exact sizes, variable count, code-token name mirroring, component census, Code Connect coverage — over VERBATIM MCP dumps), scorecard (settled human decisions are NEVER downgraded; sealed over id=status), record (prep.json's only writer), verify <item> (one item's audit check as an exit code), and packet / verify-packet.
  • New workflows/crg-ui-prep.js. AUDIT fans out repo+env+figma audits with the scorecard relay proven by recomputing its seal from the relayed items. PROPOSE returns one structured read-only artifact per gap for the skill's wizard gates — item 1.1 (bootstrap design generation) is never proposed by the harness. APPLY executes gate-approved proposals byte-exact, fences touched files to the proposal, verifies each gap by exit code, and records green items. PACKET assembles + verifies the ready packet.
  • The ready packet. .crg-ui/prep-packet.json = profile + attestations + pairing under ONE FNV-1a seal recomputed from the LIVE files at verify time. /crg-ui's Stage 0 now runs verify-packet first: exit 0 skips intake entirely (perfect-user Story 9 as an exit code); any drift fails the seal and falls back to the normal GATE-PROFILE.
  • Skill dispatch (deterministic / --prose), plain-language gate copy, explicit mirror-the-app vs design-something-new bootstrap doors, enabler installs the new leg, 18 new tests.

Fixed

  • crg-ui.js variables agent invented node idsget_variable_defs requires a nodeId; the brief now anchors it on the first profile cell's frame id. Found live on the first end-to-end measure run.
  • crg-ui.js slice relay gets one seal-checked retry — a relay substituted one discrepancy's ledger id for its key; the seal caught it. The brief now warns against the substitution and retries once before refusing.

Full details in CHANGELOG.md.

v0.10.1 — no silent candidate drops under --auto-bypass

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 20:56

Bugfix. Under /crg-farm --auto-bypass, a candidate whose per-candidate pipeline stage errored (e.g. a subagent completing without structured output) was silently dropped — pipeline() nulled the slot and filter(Boolean) discarded it, so the candidate vanished from the run outcome (observed live: elastic/kibana #241563).

The run aggregation now recovers dropped slots by index and surfaces each as outcome: 'errored' with the candidate's original repo/issue identity and a reason, kept distinct from handedOff. New errored bucket in the summary and workflow return.

All 41 tests pass. Full changelog: https://github.com/CodeBlackwell/crg-debug/blob/main/CHANGELOG.md

v0.10.0 — auto-route security bugs to the advisory track under --auto-bypass

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 20:11

Under /crg-farm --auto-bypass, security-sensitive bugs now auto-route to the advisory track instead of being excluded and handed off untouched.

The bypass harness runs the full track itself in a new Advisory pipeline stage — PoC-VERIFY → TRACE-EXPLOIT-PATH → SEVERITY-CALIBRATE → COMPILE-REPORT — auto-passing GATE-ADVISORY-REVIEW to save-only and writing a report to ~/.claude/crg-farm/advisories/.

Safety invariants unchanged: security-sensitive candidates never enter FIX/PR-prep; the harness never files, emails, commits, PRs, or transmits the report (on-disk report is the only deliverable); GATE-SUBMIT is still never crossed by any flag. The prose path is unchanged (human reviews at GATE-ADVISORY-REVIEW).

Docs synced (SKILL.md, methodology.md, README.md). All 41 tests pass.

Full changelog: https://github.com/CodeBlackwell/crg-debug/blob/main/CHANGELOG.md

v0.7.0 — --auto-bypass (harness-held, draft-only)

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 03:00

Added

  • --auto-bypass — a fully unattended /crg-farm run through commit and an opened draft PR. A separate, standalone flag from --auto (never implied by it): auto-passes every gate up through GATE-DIFF (commit) and a HARD-promoted GATE-ESCALATE on regression, which climbs to the next, strictly higher tier — never a retry of the tier that just failed. Every tier gets exactly one shot, always. Truncates ranked candidates to the top 5 and runs their pipelines concurrently, capped at 5 in-flight. GATE-SUBMIT is never bypassed by any flag — every PR stops at draft; flipping one to ready-for-review stays a deliberate, separate human action. See skills/crg-farm/methodology.md §Auto-bypass mode.

  • workflows/crg-debug.farm-bypass.js — the harness-held option for --auto-bypass. A deterministic Workflow, installed by the existing crg-deterministic enabler, that owns RECON (dedup + rank + the top-5 cap), TRIAGE, FIX/escalation, and PR-prep in real JS instead of prompt compliance. Composes crg-debug.js unmodified via the workflow() nesting primitive. /crg-farm --auto-bypass prefers it automatically once installed; --prose forces the prompt-driven path.

Full changelog: https://github.com/CodeBlackwell/crg-debug/blob/main/CHANGELOG.md#070---2026-06-30

v0.6.0 — RECON ranks candidates by impact × review-likelihood

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 01:48

Added

  • /crg-farm RECON now ranks fresh candidates by impact × review-likelihood instead of showing an unordered dump. Per distinct repo it pulls stargazerCount (blast-radius proxy) and the last 5 merged-PR timestamps (review-cadence proxy — tight spacing means active review, a stale gap since the last merge demotes a repo even if its historical cadence looked fast), combined with an impact read of the issue body itself (data-loss/security/safety-relevant bugs outrank functional breakage, which outranks cosmetic ones). Candidates sort impact-first, cadence as tiebreaker/demotion, with signals recorded on each candidate's farm-DB row (rankSignals). select-subset at GATE-RECON becomes a two-step pick when the ranked list exceeds the gate's 4-option cap: full list as plain text, then a compact Top-5/Top-10/Top-N/Custom follow-up.

See full details in CHANGELOG.md.

crg-debug 0.5.1

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 00:36

Fixed

  • /crg-farm no longer defaults RECON to the current-directory repo. RECON now resolves a sourcing mode from direction: scoped (a named repo, or --issue) runs /xplore against that repo; themed (free-text topic, no repo) and wildcard (no direction at all) run a cross-repo gh search issues instead, since Explore agents can't reach remote GitHub. repoRoot resolution moves to a lazy, persistent clone cache at ~/.claude/crg-farm/repos/<owner>/<repo> per candidate repo.

See full details in CHANGELOG.md.

v0.5.0 — /crg-farm bug-farming loop

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 01 Jul 00:22

Added

  • /crg-farm — a bug-farming loop over crg-debug. A user_invocable main-loop orchestrator
    that sources real open bugs, triages them cheaply, escalates model capacity only where repair
    struggles, and ships draft PRs — with formal human approval at every consequential boundary. It
    calls crg-debug as a primitive (zero Workflow changes). Stages: RECON (/xplore) → dedup →
    TRIAGE (--detect-only) → FIX (--from-ledger, escalating haiku→sonnet→opus) → PR-prep. See
    skills/crg-farm/.
  • Two-pass duplicate-fix check in RECON — before any triage spend, each candidate is verified
    as genuinely open AND not already being fixed: pass 1 dedups against our own farm history; pass 2
    checks the upstream repo (gh issue view / gh search prs / gh pr list) and classifies each
    candidate fresh / in-flight / already-fixed, dropping the latter two so the farm never produces a
    duplicate PR for a bug someone else already has in flight.
  • Named-Gate Protocol — five repeatable approval gates (RECON, TRIAGE, ESCALATE, DIFF, SUBMIT)
    via AskUserQuestion. GATE-DIFF (working-tree→commit) and GATE-SUBMIT (fork→upstream) are
    HARD stops that --auto never bypasses; soft gates auto-pass under --auto.
  • Orchestrator-driven model escalation — reads the Workflow's ret.fix return, narrows the
    ledger to just the unfixed bugs (lib/ledger-slice.mjs), and re-invokes --from-ledger at the
    next tier, so a stronger model only ever re-runs the hard bugs. Branches on failure channel
    (RED-not-observed vs a regressing final gate).
  • Farm databaselib/farm-db.mjs, a global append-only JSONL at
    ~/.claude/crg-farm/history.jsonl recording every run, candidate, gate decision, fix attempt,
    and PR across all repos. Enables cross-run candidate dedup (never re-work a shipped bug) and a
    full audit trail. CRG_FARM_DB overrides the path.
  • lib/ledger-slice.mjs + lib/farm-db.mjs — standalone importable + CLI helpers (mirroring
    issue-ref.mjs), each with a zero-dependency node --test suite. Installed next to the workflow
    by the crg-deterministic enabler.

Changed

  • Hardened the TDD RED step (methodology + fix-agent prompt): a test that asserts the current
    buggy output or expects the reported exception (assert_raises on the very error) is INVALID —
    it codifies the bug and falsely "passes" RED. This is the guard the numpy einsum experiment
    showed was needed (the fix agent had degenerated to asserting the symptom).
  • Final gate narrows to the CRG blast radius of touched files (impact radius + tests_for +
    affected flows) instead of running the whole suite — a fix run can no longer hang polling a giant
    test suite while still catching cross-file regressions.

crg-debug 0.4.0

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 30 Jun 22:46

Resumable fix-from-ledger hand-off.

Added

  • --from-ledger <path> — resume from a prior --detect-only run's .crg-debug/ledger.json and skip straight to Phase 4 fix waves over the already-confirmed bugs. Enables a serialized detect → review → fix hand-off.

Changed

  • The deterministic workflow now resolves methodology.md's path at runtime via args.methodologyPath instead of having it baked in by sed at install time.
  • README restyled with badges and section emojis (no content changes).

Full notes: CHANGELOG.md

crg-debug 0.3.0

Choose a tag to compare

@CodeBlackwell CodeBlackwell released this 30 Jun 20:46

Point the sweep at an issue/ticket.

Added

  • --issue <ref> — point crg-debug at a GitHub issue (#n, owner/repo#n, or an issue URL, also auto-detected in freeform args). The issue is fetched via gh, resolves the file set, and is threaded into the discovery finders so they hunt the specific reported symptom. The reference lands in the run header, ledger, and report.
  • Paste fallback — for Jira/Linear/etc., paste the ticket text as --issue "<text>" and it becomes the focus.
  • lib/issue-ref.mjs — standalone, importable + CLI reference parser the skill calls to classify input deterministically (resolves owner/repo from the git origin for bare #n). Installed next to the workflow by the crg-deterministic enabler.
  • Tests (node --test, zero dependencies) — every reference form, plus the workflow's pure helpers tested directly against the shipped source.

Changed

  • The run model now defaults to haiku, overridable with --model <name> (--model session inherits the session model).
  • Issue text is treated as untrusted input — it only reaches an agent through the existing fence() / UNTRUSTED guard.

Full notes: CHANGELOG.md