@windyroad/retrospective@0.25.0

Minor Changes

• 649b20f: run-retro Step 2b: ADR-073 auto-create-RFC reassessment advisory

  The fix-time RFC-trace gate auto-creates skeleton RFCs when a fix is proposed on a Known Error that has no RFC. Until now the only record of those auto-create events was an ephemeral line in the work-problems iteration summary, so the question ADR-073 asks you to revisit — are auto-created RFCs systematically under-scoped? — had no durable signal behind it.

  A new advisory detector (check-autocreate-rfc-scope.sh, run via the wr-retrospective-check-autocreate-rfc-scope PATH shim) reads the auto-created skeleton RFCs left on disk and surfaces the ones whose traced problem's fix has already shipped while the RFC's scope was never filled in. run-retro Step 2b reports them in the retro summary's Pipeline Instability section. The detector is advisory only — it always exits 0 and never blocks a commit. A one-off finding is the normal living-RFC pattern; a recurring population across retros is the ADR-073 reassessment trigger. (P314, RFC-005 B9)

@windyroad/itil@0.51.0

Minor Changes

• b3010ed: Add a --catchup migration mode to /wr-itil:update-upstream (P080 Phase 2). The per-ticket lifecycle-update path only fires on transitions that happen after it ships, so any problem ticket reported upstream and transitioned beforehand never received its fix-released or closed comment — leaving upstream issues looking abandoned even though the work landed. /wr-itil:update-upstream --catchup walks the existing .verifying.md and .closed.md corpus, finds tickets carrying a ## Reported Upstream section, and posts the lifecycle update each one should already carry.

  The mode is idempotent: a ticket whose ## Upstream Lifecycle Updates log already records the current target state is skipped, so re-running is safe. Each catchup comment passes the same external-comms risk and voice-tone gates as the per-ticket path, with the same above-appetite queue-and-continue behaviour — catchup does not bypass the gates. A read-only worklist scanner (wr-itil-catchup-scan) builds the list with no network calls, keeping the scan testable and safe to run unattended.

@windyroad/voice-tone@0.5.14

Patch Changes

• 98fc479: External-comms gate: voice-tone skips commit messages

  The voice-tone external-comms gate used to fire on git commit -m and require a subagent review. The voice-and-tone policy already excludes commit messages, so every review passed without doing any work and wasted a round-trip. The gate now reads a per-package EXTERNAL_COMMS_SKIP_SURFACES setting and silently passes any surface a policy disclaims. Voice-tone skips commit messages; risk-scorer still scans them for leaked credentials. (P360)

@windyroad/voice-tone@0.5.13

Patch Changes

• 70a62ee: Stop the external-comms gate from blocking git commit messages in private and internal repositories. A commit message only reaches an external audience once it lands in a public repository's history, pull request list, release notes, or changelog. In a private or internal repository there is no external reader, so the review prompt fired on every commit as a false positive. The gate now checks repository visibility on the commit-message surface and passes silently when the repository is not public, or when visibility cannot be determined. The credential and production-URL leak scan still runs in every repository, so secrets are still caught before they enter git history. Other surfaces (issues, pull requests, npm publish, changeset bodies) are unchanged.

@windyroad/voice-tone@0.5.12

Patch Changes

• 2412d62: Fix the external-comms gate so a reviewed outbound body that contains markdown code spans unlocks the post. The gate read the body from the raw shell command text, where backticks inside double quotes are backslash-escaped to survive bash parsing, while the post-review marker was keyed on the plain reviewed draft. The two keys differed, so an approved draft re-blocked indefinitely. The gate now reverses bash double-quote escaping on the extracted body, restoring the match. Single-quoted and heredoc bodies are left untouched.

@windyroad/voice-tone@0.5.11

Patch Changes

• 8ed545a: P276 — substance-aware draft normalization in compute_external_comms_key (orchestrator salvage of iter 24)

  compute_external_comms_key (in packages/{shared,risk-scorer,voice-tone}/hooks/lib/external-comms-key.sh) now applies substance-aware normalization to drafts before hashing: CRLF/CR → LF, per-line trailing-whitespace strip, whole-draft trailing-whitespace strip. This brings parity with the ADR-009 _substance_normalize_then_hash precedent.

  Key shape unchanged — sha256(normalize(draft) + '\n' + surface) with NO trailing \n appended to the normalized draft, so existing session markers and all prior key computations are byte-stable.

  Conservative boundary preserved — single-numeral edits and frontmatter-key changes stay substantive (key changes, review re-fires); leak-detection guarantee never weakened. Only interior CRLF / per-line trailing-whitespace reformatting (semantically PASS-class) now survives without redundant re-review.

  ADR-028 carries the Amendment 2026-06-16 P276 follow-on entry. 7 new behavioural bats GREEN.

@windyroad/risk-scorer@0.13.4

Patch Changes

• 98fc479: External-comms gate: voice-tone skips commit messages

  The voice-tone external-comms gate used to fire on git commit -m and require a subagent review. The voice-and-tone policy already excludes commit messages, so every review passed without doing any work and wasted a round-trip. The gate now reads a per-package EXTERNAL_COMMS_SKIP_SURFACES setting and silently passes any surface a policy disclaims. Voice-tone skips commit messages; risk-scorer still scans them for leaked credentials. (P360)

@windyroad/risk-scorer@0.13.3

Patch Changes

• 70a62ee: Stop the external-comms gate from blocking git commit messages in private and internal repositories. A commit message only reaches an external audience once it lands in a public repository's history, pull request list, release notes, or changelog. In a private or internal repository there is no external reader, so the review prompt fired on every commit as a false positive. The gate now checks repository visibility on the commit-message surface and passes silently when the repository is not public, or when visibility cannot be determined. The credential and production-URL leak scan still runs in every repository, so secrets are still caught before they enter git history. Other surfaces (issues, pull requests, npm publish, changeset bodies) are unchanged.

@windyroad/risk-scorer@0.13.2

Patch Changes

• 2412d62: Fix the external-comms gate so a reviewed outbound body that contains markdown code spans unlocks the post. The gate read the body from the raw shell command text, where backticks inside double quotes are backslash-escaped to survive bash parsing, while the post-review marker was keyed on the plain reviewed draft. The two keys differed, so an approved draft re-blocked indefinitely. The gate now reverses bash double-quote escaping on the extracted body, restoring the match. Single-quoted and heredoc bodies are left untouched.

@windyroad/risk-scorer@0.13.1

Patch Changes

• 8ed545a: P276 — substance-aware draft normalization in compute_external_comms_key (orchestrator salvage of iter 24)

  compute_external_comms_key (in packages/{shared,risk-scorer,voice-tone}/hooks/lib/external-comms-key.sh) now applies substance-aware normalization to drafts before hashing: CRLF/CR → LF, per-line trailing-whitespace strip, whole-draft trailing-whitespace strip. This brings parity with the ADR-009 _substance_normalize_then_hash precedent.

  Key shape unchanged — sha256(normalize(draft) + '\n' + surface) with NO trailing \n appended to the normalized draft, so existing session markers and all prior key computations are byte-stable.

  Conservative boundary preserved — single-numeral edits and frontmatter-key changes stay substantive (key changes, review re-fires); leak-detection guarantee never weakened. Only interior CRLF / per-line trailing-whitespace reformatting (semantically PASS-class) now survives without redundant re-review.

  ADR-028 carries the Amendment 2026-06-16 P276 follow-on entry. 7 new behavioural bats GREEN.