This repository was archived by the owner on Feb 14, 2026. It is now read-only.
Closed
Conversation
* feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: main scope agent privilege flag (#278) * feat: allow main scope to inherit agent privileges * docs: clarify main scope agent flag impact * Merge dev into main (v8.20.89) (#273) (#280) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * Merge dev into main (v8.20.89) (#273) (#281) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev into dev-workflows (#283) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: main scope agent privilege flag (#278) * feat: allow main scope to inherit agent privileges * docs: clarify main scope agent flag impact * Merge dev into main (v8.20.89) (#273) (#280) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * Merge dev into main (v8.20.89) (#273) (#281) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: enforce reviewed workflow sequence when enabled * fix: match workflow steps against expected tool * fix: respect agent privileges in project-scope enforcement * fix: keep install protection when main scope is agent (#285) * infra: harden doc fast-path and register workflow hook * config: relax project boundary in main-scope-dev preset * scope: allow parent docs for main-scope-dev and fix marker tests * pm-constraints: honor env allow_parent_allowlist_paths in markdown fast-path * pm: let docs bypass pm blacklist fast-path * Merge dev-workflows fixes into dev (#292) * pm: let allowlisted docs bypass PM tool blacklist * infra: honor parent allowlist in doc fast-path * docs routing: allow docs segment anywhere; enable constraints output in main-scope preset * infra: ignore destructive keywords inside quotes (allow grep kubectl apply) (#294) * chore: bump version to 8.20.93 (#295) * infra: markdown allowlisted fast-path; quoted keyword guard; bump 8.20.94 (#296) * infra/main-scope: full bypass; codex review reminder enabled in main-scope preset (#297) * stop: schema-safe output; bump 8.20.95 (#298) * pm: let allowlisted docs bypass PM tool blacklist (#291) * chore: align root VERSION to 8.20.95 (#299) * chore: bump version to 8.20.96 and align changelog (#301) * infra: respect ICC_TEST_MARKER_DIR; honor env main bypass; block quoted destructive cmds * infra: align ICC_MAIN_SCOPE_AGENT parsing with other hooks * infra: env false overrides main-scope bypass * infra: env override explicitly supports false; remove redundant keyword matches * infra: block quoted destructive cmds and align marker cleanup * infra: avoid false positive on quoted markdown heredocs * infra: catch quoted substitutions in doc writes * routing: allow memory writes in memory/memories folders * v9: slim CC-native framework, minimal hooks * Harden git privacy flags and heredoc guard * Allow gh pr --fill under git.privacy * Block gh pr --fill under git.privacy * Fix ansible-lint violations * Fix ansible role lint issues * Broaden heredoc detection and update docs * Ignore quoted heredoc markers * Detect heredocs only with valid delimiters * Ignore arithmetic shifts in heredoc detection * Handle quoted/backtick heredoc operators * Harden heredoc parsing for quoted continuations * Avoid line-joining inside heredoc bodies * feat: Convert to cross-platform Skills architecture (v10.0.0) Major architectural change from behaviors-heavy (51 files) to skills-first: - Add 34 cross-platform SKILL.md files: - 14 role skills (pm, architect, developer, etc.) - 4 command skills (icc-version, icc-init-system, etc.) - 12 process skills (thinking, memory, validate, etc.) - 3 enforcement companion skills - 1 meta skill (skill-creator) - Remove obsolete files: - 14 role definitions (replaced by role skills) - 7 commands (replaced by command skills) - 47 behavior files (replaced by process skills) - Keep 4 structural behaviors (config, directory, file-location, naming) - Update deployment scripts to install skills and clean up obsolete dirs * perf: Optimize ansible fact gathering for faster local installs Use gather_subset to collect only environment variables instead of full system facts. Significantly speeds up local installations. * docs: Update documentation for v10.0.0 skills architecture * fix: Resolve YAML syntax and security issues in templates and ansible - Fix invalid YAML structure in AgentTask templates where blocked_patterns and error_message were incorrectly nested under list items. Added explicit 'requirements' sub-key to properly separate list items from map keys. Affected: medium, nano, tiny templates. - Remove debug statements that exposed environment variables (potential secrets) in process_single_mcp.yml - Fix regex extraction bug where var_name_match[0] extracted first character instead of full capture group. Now uses var_name_match directly. * feat: Add workflow skills * refactor: Remove git-enforcement hook, enhance skills - Remove git-enforcement.js hook (moved to deprecated/) - Update /branch-protection skill to be standalone guidance - Enhance /process skill Step 3.2 with explicit PR review steps - Skills now provide guidance, no hook enforcement * refactor: Replace AgentTask system with work-queue (v10.1) - Add work-queue skill for cross-platform task management (.agent/queue/) - Deprecate agenttask-create and agenttask-execute skills - Update all role skills to reference work items instead of AgentTasks - Remove git-enforcement.js hook (was non-existent) - Add cleanup task for obsolete git-enforcement.js on existing installs - Add skills and hooks directories to uninstall playbook - Update Makefile tests to check skills instead of agents - Update architecture.md to v10.1 with 33 skills and 2 hooks * fix: Address review findings for v10.1 - Remove git-enforcement.js from Windows installer (install.ps1) - Update docs to reflect 2 hooks (removed git-enforcement.js references) - Reconcile skill counts: 35 skills across all documentation - Command Skills: 5 (added icc-setup) - Process Skills: 12 (added process, commit-pr) - Fix icc-setup symlink commands (missing slashes in paths) - Fix README clone path (cd intelligent-claude-code, not intelligentcode-ai/...) - Add .agent/ to .gitignore for work queue directory - Fix Makefile macOS glob detection (unquoted glob for expansion) * fix: Rewrite skill descriptions for agent recognition Skill descriptions must start with trigger conditions ("Activate when...") not functionality descriptions. Updated 8 skills: process, thinking, reviewer, commit-pr, developer, validate, best-practices, icc-search-memory. Also fixed: - Ansible installer messages (removed stale git hook references) - Ansible skill count (30 → 35) - test-framework-docs.md (note git-enforcement removal) - reviewer/SKILL.md (removed git-enforcement reference) * fix: Update 5 more skill descriptions for agent recognition Updated work-queue, story-breakdown, parallel-execution, icc-setup, and skill-creator to start with "Activate when..." trigger conditions. * fix: Update all skill descriptions and address review findings Skill descriptions (22 remaining): - Updated all role skills (pm, architect, ai-engineer, etc.) - Updated all utility skills (autonomy, workflow, mcp-config, etc.) - All 35 skills now use "Activate when..." pattern Review findings addressed: - HIGH: Fixed token-handling docs (no echo $TOKEN, use export) - HIGH: Fixed CHANGELOG git-enforcement claim (deprecated, not removed) - MEDIUM: Fixed skill count messaging (35 active + 2 deprecated) - MEDIUM: Narrowed process skill trigger (explicit workflow requests only) - LOW: Updated test-framework-docs Last Updated date * feat: Add release skill, remove deprecated, fix skill counts - Add release skill for version bumps, changelog, merge, GitHub releases - Remove deprecated skills (agenttask-create, agenttask-execute) - Remove deprecated hook (git-enforcement.js) - Update all docs: 35 → 36 skills, 12 → 13 process skills - Fix skill description prefixes (after/before → when) * refactor: Remove redundant icc-skills, update to 33 skills - Remove icc-init-system (system auto-initializes via CLAUDE.md) - Remove icc-search-memory (just file search, no special skill needed) - Remove icc-setup (belongs in documentation, not a skill) - Update all docs: 36 → 33 skills, Command Skills 5 → 2 * feat: Rewrite reviewer skill, add suggest skill Reviewer skill changes: - Stage 1 (pre-commit): Works in current directory with git diff - Stage 2 (post-commit/pre-PR): Works in current directory with branch diff - Stage 3 (post-PR): MUST use temp folder with gh pr checkout - Added semantic analysis: logic errors, regressions, edge cases, security, test gaps - Added project-specific linting: Ansible, HELM, Node, Python, Shell New suggest skill: - Separate from reviewer (problems vs improvements) - Context-aware improvement proposals - Prioritized by impact - Includes anti-patterns to avoid Skill count: 33 → 34 (14 process skills) * feat: Make suggest skill mandatory in process workflow - Step 1.4: Suggest improvements after pre-commit review passes - Step 3.3: Suggest improvements after PR review passes - User can implement, skip (with documentation), or proceed - Quality gates now include "suggest addressed" requirement * refactor: Make process/reviewer/suggest skills autonomous Process skill: - Runs autonomously by default - Only pauses for genuine human decisions - Auto-fixes and auto-implements, then re-tests Reviewer skill: - FIXES findings automatically (don't ask permission) - Only pauses for architectural decisions or ambiguity - Removed user-specific credential paths Suggest skill: - AUTO-IMPLEMENTS safe improvements (low effort + no behavior change) - Only pauses for high-risk or architectural suggestions - Re-runs tests after auto-implementing The process now loops until clean, only stopping when human input is genuinely required. * feat: Add memory skill with SQLite + FTS5 + local embeddings Implements persistent knowledge storage for ICC agents: Memory System: - SQLite database with FTS5 full-text search - Local vector embeddings via @xenova/transformers (384-dim) - Hybrid search: 40% keyword + 40% semantic + 20% relevance - Markdown exports for git-trackable, human-readable storage - Relevance-based archival (not time-based) Skill Integration: - process skill: Auto-check memory before implementing, auto-save after - reviewer skill: Auto-remember recurring issues - best-practices skill: Search memory alongside best-practices directory Development: - make dev-setup: Symlink skills from src/ to ~/.claude/skills/ - make dev-clean: Remove development symlinks - Installers (Ansible/PowerShell) auto-install memory skill dependencies * fix: Cross-platform bug in memory CLI findProjectRoot() The while loop condition `dir !== '/'` would infinite loop on Windows since Windows paths use drive letters like 'C:\' not '/'. Fixed by using `dir !== path.dirname(dir)` which correctly detects the filesystem root on both Unix and Windows systems. * docs: Update skill count from 34 to 35 (memory skill added) Updated references in: - README.md (line 7, line 71) - docs/installation-guide.md (line 23) * fix: Resolve ansible-lint and yamllint violations - Add .yamllint config (120 char line limit, truthy values) - Add .ansible-lint config (skip var-naming prefix rule) - Fix FQCN: use ansible.builtin.* for all modules - Fix truthy values: yes/no -> true/false - Fix trailing whitespace and missing newlines - Break long lines with YAML multiline syntax * perf: Skip Ansible collection scanning in tests ANSIBLE_COLLECTIONS_PATH=/dev/null prevents loading ~90 duplicate collections on each ansible-playbook invocation, reducing CPU usage and test time significantly. * perf: Skip npm install if node_modules already exists * fix: Address v10.1 review findings and test performance Performance fixes: - Remove synchronize module (rsync), use copy instead - Delete orphaned node_modules from src/skills/memory/ (265MB) - Tests now complete in ~2.5 min instead of 10+ min Security improvements: - npm install for memory skill now opt-in (install_memory_deps=true) - Avoids supply-chain risk from auto-running npm install Lint fixes: - Fix yamllint errors: trailing spaces, brackets, document-start - Update yamllint config for GitHub Actions compatibility - Fix ansible conditional for skipped npm install task Documentation fixes: - Remove reference to git-enforcement.js (was removed, not deprecated) - Fix package.json: remove duplicate @xenova/transformers, fix test script * fix: Remove redundant git-enforcement.js cleanup, fix truthy lint - Remove obsolete task that deletes git-enforcement.js (no longer shipped) - Fix yaml[truthy] warning: backup: no -> backup: false * fix: Make reviewer skill mandatory before commits/PRs - Add PREREQUISITES section to commit-pr skill requiring tests and review - Update Quality Gates section in process skill to show BLOCKING actions - Add explicit gate enforcement language to prevent skipping review * fix: Split long line in memory-check.yml to satisfy yamllint * style: Fix ansible-lint key-order warnings in mcp-integration tasks * fix: Add ansible-lint required yamllint settings (octal-values, comments-indentation) * refactor: Remove memory protection, track .agent/memory and .agent/queue - Delete obsolete memory-check.yml workflow (memory should be in git) - Update .gitignore to track .agent/memory/ and .agent/queue/ - Include existing memory entries from memory skill --------- Co-authored-by: Karsten Samaschke <karsten@management.local>
- Dev-first workflow enforcement in skills - ansible-lint compliance (mcp_integration role rename) - Version example updates to v10.x.y
release: v10.2.0
* fix: remove broken icc-setup symlink (#316) * chore: bump version to 10.1.1 (#317) * sync: merge main into dev (#319) * feat: Convert to cross-platform Skills architecture (v10.0.0) (#308) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: main scope agent privilege flag (#278) * feat: allow main scope to inherit agent privileges * docs: clarify main scope agent flag impact * Merge dev into main (v8.20.89) (#273) (#280) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * Merge dev into main (v8.20.89) (#273) (#281) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev into dev-workflows (#283) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: main scope agent privilege flag (#278) * feat: allow main scope to inherit agent privileges * docs: clarify main scope agent flag impact * Merge dev into main (v8.20.89) (#273) (#280) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * Merge dev into main (v8.20.89) (#273) (#281) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: allow markdown when any path segment is docs (#259) * fix: allow markdown docs in any path segment * fix: use configured allowlist for markdown in any path segment * fix: allow markdown by path segment and clean path normalization * fix: guard pm markdown allowlist and inherit parent-path rules * fix: enforce parent-path rules before markdown allow segments * fix: enforce parent-path before markdown segment allowlist (#261) * fix: enforce parent-path rule before markdown segment allowlist * test: cover parent-path markdown allow when setting enabled * fix: run markdown segment allowlist after parent-path guard * feat: add configurable auto commit review reminder * fix: markdown segment allowlist respects parent-path gate (#262) * fix: ensure markdown segment allowlist honors parent gate * docs: add sample ICC configs for main/sub-agent and strict/relaxed * feat: parametrized config deployment and sample icc configs * chore: snapshot current config and tighten main-scope sample agents block * fix: preserve existing icc.config.json unless override provided * chore: rename local config backup and document it * chore: clarify/preserve existing icc.config on ansible reinstall * fix: enforce infra policy on full command including ssh wrapper (#264) * fix: apply infra policy checks to full command incl. ssh wrapper * fix: tighten docs fast-path (no heredoc/chaining; only under project docs) * docs: fix duplicate Added header in 8.20.88 changelog * fix: docs fast-path requires path under cwd with segment boundary * fix: make doc fast-path allow literal markdown code (#269) * fix: doc fast-path only blocks unquoted substitution * fix: aggressive ALL-CAPS detection handles mixed separators * fix: treat double-quoted substitution as unsafe doc fast-path * fix: respect escaped substitutions in doc fast-path * fix: support nested markdown allowlist segments (#266) * fix: allow nested allowlist paths for markdown * chore: dedupe markdown allowlist sequences * feat: linux main-scope friendly config + guardrail defaults (#272) * feat: add main-scope dev preset and config-driven bash allowlist * fix: scope config main-scope bash allowlist to main-role * fix: doc fast-path & constraint display (#274) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * chore: sync dev with main (#275) * Release 8.20.89 (dev -> main) (#252) * feat: surface MCP availability hints and gate MCP tools via config * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * Release 8.20.89 (dev -> main) (#253) * feat: surface MCP availability hints and gate MCP tools via config (#246) * fix: allow docs/documentation writes in main scope allowlist (#247) * chore: add config presets and docs allowlist coverage (#248) * docs: streamline README and docs index (#249) * fix: allow docs heredoc writes without infra blocking (#250) * feat: inject best practices & memory guidance; keep exec pattern in all-caps block (#251) * fix: tighten docs heredoc allow to prevent infra bypass (#254) * fix: allow nested docs paths and harden docs write allowlist (#255) * feat: enforce reviewed workflow sequence when enabled * fix: match workflow steps against expected tool * fix: respect agent privileges in project-scope enforcement * fix: keep install protection when main scope is agent (#285) * infra: harden doc fast-path and register workflow hook * config: relax project boundary in main-scope-dev preset * scope: allow parent docs for main-scope-dev and fix marker tests * pm-constraints: honor env allow_parent_allowlist_paths in markdown fast-path * pm: let docs bypass pm blacklist fast-path * Merge dev-workflows fixes into dev (#292) * pm: let allowlisted docs bypass PM tool blacklist * infra: honor parent allowlist in doc fast-path * docs routing: allow docs segment anywhere; enable constraints output in main-scope preset * infra: ignore destructive keywords inside quotes (allow grep kubectl apply) (#294) * chore: bump version to 8.20.93 (#295) * infra: markdown allowlisted fast-path; quoted keyword guard; bump 8.20.94 (#296) * infra/main-scope: full bypass; codex review reminder enabled in main-scope preset (#297) * stop: schema-safe output; bump 8.20.95 (#298) * pm: let allowlisted docs bypass PM tool blacklist (#291) * chore: align root VERSION to 8.20.95 (#299) * chore: bump version to 8.20.96 and align changelog (#301) * infra: respect ICC_TEST_MARKER_DIR; honor env main bypass; block quoted destructive cmds * infra: align ICC_MAIN_SCOPE_AGENT parsing with other hooks * infra: env false overrides main-scope bypass * infra: env override explicitly supports false; remove redundant keyword matches * infra: block quoted destructive cmds and align marker cleanup * infra: avoid false positive on quoted markdown heredocs * infra: catch quoted substitutions in doc writes * routing: allow memory writes in memory/memories folders * v9: slim CC-native framework, minimal hooks * Harden git privacy flags and heredoc guard * Allow gh pr --fill under git.privacy * Block gh pr --fill under git.privacy * Fix ansible-lint violations * Fix ansible role lint issues * Broaden heredoc detection and update docs * Ignore quoted heredoc markers * Detect heredocs only with valid delimiters * Ignore arithmetic shifts in heredoc detection * Handle quoted/backtick heredoc operators * Harden heredoc parsing for quoted continuations * Avoid line-joining inside heredoc bodies * feat: Convert to cross-platform Skills architecture (v10.0.0) Major architectural change from behaviors-heavy (51 files) to skills-first: - Add 34 cross-platform SKILL.md files: - 14 role skills (pm, architect, developer, etc.) - 4 command skills (icc-version, icc-init-system, etc.) - 12 process skills (thinking, memory, validate, etc.) - 3 enforcement companion skills - 1 meta skill (skill-creator) - Remove obsolete files: - 14 role definitions (replaced by role skills) - 7 commands (replaced by command skills) - 47 behavior files (replaced by process skills) - Keep 4 structural behaviors (config, directory, file-location, naming) - Update deployment scripts to install skills and clean up obsolete dirs * perf: Optimize ansible fact gathering for faster local installs Use gather_subset to collect only environment variables instead of full system facts. Significantly speeds up local installations. * docs: Update documentation for v10.0.0 skills architecture * fix: Resolve YAML syntax and security issues in templates and ansible - Fix invalid YAML structure in AgentTask templates where blocked_patterns and error_message were incorrectly nested under list items. Added explicit 'requirements' sub-key to properly separate list items from map keys. Affected: medium, nano, tiny templates. - Remove debug statements that exposed environment variables (potential secrets) in process_single_mcp.yml - Fix regex extraction bug where var_name_match[0] extracted first character instead of full capture group. Now uses var_name_match directly. * feat: Add workflow skills * refactor: Remove git-enforcement hook, enhance skills - Remove git-enforcement.js hook (moved to deprecated/) - Update /branch-protection skill to be standalone guidance - Enhance /process skill Step 3.2 with explicit PR review steps - Skills now provide guidance, no hook enforcement * refactor: Replace AgentTask system with work-queue (v10.1) - Add work-queue skill for cross-platform task management (.agent/queue/) - Deprecate agenttask-create and agenttask-execute skills - Update all role skills to reference work items instead of AgentTasks - Remove git-enforcement.js hook (was non-existent) - Add cleanup task for obsolete git-enforcement.js on existing installs - Add skills and hooks directories to uninstall playbook - Update Makefile tests to check skills instead of agents - Update architecture.md to v10.1 with 33 skills and 2 hooks * fix: Address review findings for v10.1 - Remove git-enforcement.js from Windows installer (install.ps1) - Update docs to reflect 2 hooks (removed git-enforcement.js references) - Reconcile skill counts: 35 skills across all documentation - Command Skills: 5 (added icc-setup) - Process Skills: 12 (added process, commit-pr) - Fix icc-setup symlink commands (missing slashes in paths) - Fix README clone path (cd intelligent-claude-code, not intelligentcode-ai/...) - Add .agent/ to .gitignore for work queue directory - Fix Makefile macOS glob detection (unquoted glob for expansion) * fix: Rewrite skill descriptions for agent recognition Skill descriptions must start with trigger conditions ("Activate when...") not functionality descriptions. Updated 8 skills: process, thinking, reviewer, commit-pr, developer, validate, best-practices, icc-search-memory. Also fixed: - Ansible installer messages (removed stale git hook references) - Ansible skill count (30 → 35) - test-framework-docs.md (note git-enforcement removal) - reviewer/SKILL.md (removed git-enforcement reference) * fix: Update 5 more skill descriptions for agent recognition Updated work-queue, story-breakdown, parallel-execution, icc-setup, and skill-creator to start with "Activate when..." trigger conditions. * fix: Update all skill descriptions and address review findings Skill descriptions (22 remaining): - Updated all role skills (pm, architect, ai-engineer, etc.) - Updated all utility skills (autonomy, workflow, mcp-config, etc.) - All 35 skills now use "Activate when..." pattern Review findings addressed: - HIGH: Fixed token-handling docs (no echo $TOKEN, use export) - HIGH: Fixed CHANGELOG git-enforcement claim (deprecated, not removed) - MEDIUM: Fixed skill count messaging (35 active + 2 deprecated) - MEDIUM: Narrowed process skill trigger (explicit workflow requests only) - LOW: Updated test-framework-docs Last Updated date * feat: Add release skill, remove deprecated, fix skill counts - Add release skill for version bumps, changelog, merge, GitHub releases - Remove deprecated skills (agenttask-create, agenttask-execute) - Remove deprecated hook (git-enforcement.js) - Update all docs: 35 → 36 skills, 12 → 13 process skills - Fix skill description prefixes (after/before → when) * refactor: Remove redundant icc-skills, update to 33 skills - Remove icc-init-system (system auto-initializes via CLAUDE.md) - Remove icc-search-memory (just file search, no special skill needed) - Remove icc-setup (belongs in documentation, not a skill) - Update all docs: 36 → 33 skills, Command Skills 5 → 2 * feat: Rewrite reviewer skill, add suggest skill Reviewer skill changes: - Stage 1 (pre-commit): Works in current directory with git diff - Stage 2 (post-commit/pre-PR): Works in current directory with branch diff - Stage 3 (post-PR): MUST use temp folder with gh pr checkout - Added semantic analysis: logic errors, regressions, edge cases, security, test gaps - Added project-specific linting: Ansible, HELM, Node, Python, Shell New suggest skill: - Separate from reviewer (problems vs improvements) - Context-aware improvement proposals - Prioritized by impact - Includes anti-patterns to avoid Skill count: 33 → 34 (14 process skills) * feat: Make suggest skill mandatory in process workflow - Step 1.4: Suggest improvements after pre-commit review passes - Step 3.3: Suggest improvements after PR review passes - User can implement, skip (with documentation), or proceed - Quality gates now include "suggest addressed" requirement * refactor: Make process/reviewer/suggest skills autonomous Process skill: - Runs autonomously by default - Only pauses for genuine human decisions - Auto-fixes and auto-implements, then re-tests Reviewer skill: - FIXES findings automatically (don't ask permission) - Only pauses for architectural decisions or ambiguity - Removed user-specific credential paths Suggest skill: - AUTO-IMPLEMENTS safe improvements (low effort + no behavior change) - Only pauses for high-risk or architectural suggestions - Re-runs tests after auto-implementing The process now loops until clean, only stopping when human input is genuinely required. * feat: Add memory skill with SQLite + FTS5 + local embeddings Implements persistent knowledge storage for ICC agents: Memory System: - SQLite database with FTS5 full-text search - Local vector embeddings via @xenova/transformers (384-dim) - Hybrid search: 40% keyword + 40% semantic + 20% relevance - Markdown exports for git-trackable, human-readable storage - Relevance-based archival (not time-based) Skill Integration: - process skill: Auto-check memory before implementing, auto-save after - reviewer skill: Auto-remember recurring issues - best-practices skill: Search memory alongside best-practices directory Development: - make dev-setup: Symlink skills from src/ to ~/.claude/skills/ - make dev-clean: Remove development symlinks - Installers (Ansible/PowerShell) auto-install memory skill dependencies * fix: Cross-platform bug in memory CLI findProjectRoot() The while loop condition `dir !== '/'` would infinite loop on Windows since Windows paths use drive letters like 'C:\' not '/'. Fixed by using `dir !== path.dirname(dir)` which correctly detects the filesystem root on both Unix and Windows systems. * docs: Update skill count from 34 to 35 (memory skill added) Updated references in: - README.md (line 7, line 71) - docs/installation-guide.md (line 23) * fix: Resolve ansible-lint and yamllint violations - Add .yamllint config (120 char line limit, truthy values) - Add .ansible-lint config (skip var-naming prefix rule) - Fix FQCN: use ansible.builtin.* for all modules - Fix truthy values: yes/no -> true/false - Fix trailing whitespace and missing newlines - Break long lines with YAML multiline syntax * perf: Skip Ansible collection scanning in tests ANSIBLE_COLLECTIONS_PATH=/dev/null prevents loading ~90 duplicate collections on each ansible-playbook invocation, reducing CPU usage and test time significantly. * perf: Skip npm install if node_modules already exists * fix: Address v10.1 review findings and test performance Performance fixes: - Remove synchronize module (rsync), use copy instead - Delete orphaned node_modules from src/skills/memory/ (265MB) - Tests now complete in ~2.5 min instead of 10+ min Security improvements: - npm install for memory skill now opt-in (install_memory_deps=true) - Avoids supply-chain risk from auto-running npm install Lint fixes: - Fix yamllint errors: trailing spaces, brackets, document-start - Update yamllint config for GitHub Actions compatibility - Fix ansible conditional for skipped npm install task Documentation fixes: - Remove reference to git-enforcement.js (was removed, not deprecated) - Fix package.json: remove duplicate @xenova/transformers, fix test script * fix: Remove redundant git-enforcement.js cleanup, fix truthy lint - Remove obsolete task that deletes git-enforcement.js (no longer shipped) - Fix yaml[truthy] warning: backup: no -> backup: false * fix: Make reviewer skill mandatory before commits/PRs - Add PREREQUISITES section to commit-pr skill requiring tests and review - Update Quality Gates section in process skill to show BLOCKING actions - Add explicit gate enforcement language to prevent skipping review * fix: Split long line in memory-check.yml to satisfy yamllint * style: Fix ansible-lint key-order warnings in mcp-integration tasks * fix: Add ansible-lint required yamllint settings (octal-values, comments-indentation) * refactor: Remove memory protection, track .agent/memory and .agent/queue - Delete obsolete memory-check.yml workflow (memory should be in git) - Update .gitignore to track .agent/memory/ and .agent/queue/ - Include existing memory entries from memory skill --------- Co-authored-by: Karsten Samaschke <karsten@management.local> * chore: Bump version to 10.1.0 (#311) * chore: Bump version to 10.2.0 - Dev-first workflow enforcement in skills - ansible-lint compliance (mcp_integration role rename) - Version example updates to v10.x.y * fix: remove broken icc-setup symlink (#316) --------- Co-authored-by: Karsten Samaschke <karsten@management.local> * chore: bump version to 10.2.1 (#320) --------- Co-authored-by: Karsten Samaschke <karsten@management.local>
Collaborator
Author
|
Superseded by #323 (same README changes, rebased/cleaned to a single commit for easier review). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
@User-Tester(was@User-Role).dev, releasesdev->main).Test Plan
make test-hooks