Releases: tyroneross/build-loop
Release list
v0.36.4
v0.36.4 — Release reconciliation: security-gate reliability, eager inline Learn, hook classifier fix, isolation widening
First published release since v0.36.1. Two prior version bumps — 0.36.2
(2f3e007) and 0.36.3 (e5162fc) — updated only the plugin/marketplace
manifests and CHANGELOG; they were never tagged, never released on GitHub, and
never published to npm, and they left package.json, the lockfile, the Claude
marketplace metadata, and the README pins at 0.36.1. This release reconciles
every enforced surface to one version (scripts/verify_release_surface.py)
and ships everything on main since the v0.36.1 tag (bd883b9..673a7fa,
45 commits).
Highlights
- Pre-push security gate scans the push delta, not the whole tree
(06b392d,33e2dc9,c401f68,578dc7a— staged as 0.36.2). A
pre-existing HIGH in an unrelated file no longer hard-blocks unrelated
pushes; 9 false-negative closures plus a conservative-by-construction
classifier. perturbation_spotcheck --check-cmdruns as an argv list (shell=False)
(a652cc6— staged as 0.36.2), closing an A03/LLM02 shell-injection HIGH.- Eager Phase-6 Learn detector-pass for inline runs (
02b4db6— staged as
0.36.3).stop_closeout.pyruns the deterministic pattern detector at
closeout and folds an owed "Phase-6 Learn drafting" item into the
closeout-pendingmarker whenruns[] >= 3and a root-cause cluster has no
experimental draft yet — inline runs no longer leave the learning loop dark. - Git-command classifier: segment-parse instead of substring glob
(54268bd). The hook trigger tokenizes command segments, ending false-fires
on prose, paths, or heredoc content that merely contains "git commit" /
"git push". - Temporal-membership preflight for retrospectives (
422a5c1). Records
are checked for run-window membership before attachment, stopping wrong-run
records from contaminating a run's retrospective. - Worktree-isolation doctrine widened to commit-less writers (
e45cfa6).
Any long-running background writer that edits files must use a dedicated
worktree — commit authority is no longer the trigger. Motivated by a
commit-less subagent that outlived its dispatch ~8h and re-applied stale
edits onto the live checkout; lint rulewake-path-grew-a-file-editadded
toscripts/worktree_isolation_lint.py. - Hook hardening follow-ups (
93fe6c8,673a7fa): wrapper-push
detection, heredoc over-strip fix, audit-guard test, and idle-scan skip when
an unterminated heredoc contains no git command. - runtime-parity-verification: doc↔interface parity checks for CLIs, tools, and flows (
7dc1854)
Also included since v0.36.1: durable memory identity (stable project ID +
alias-walking registry, ad70a82), retro enforce-candidate triage +
implementation (d86b8c3, 0617c01), cost-ledger attribution activation
(869044e), native-marketplace-first install docs (718f361), four dormant
review producers activated (b36c7e9), and the release preflight CI gate
(2a1b433).
Versioning note
pyproject.toml (0.12.16) is the Python package's own version line and is
intentionally not part of the plugin release surface — it is not checked by
verify_release_surface.py and is unchanged here.
Verification
python3 scripts/verify_release_surface.py --version v0.36.4 --branch main
with the CI-preflight skip set (tag/remote checks excluded pre-publish) — pass.python3 scripts/test_verify_release_surface.py— pass.python3 scripts/test_command_surface_policy.py— pass.- Tag/GitHub-release/npm-publish checks complete only after the user publishes
(.github/workflows/publish-npm.ymlgates the tag againstpackage.json).
v0.36.1
v0.36.0
v0.35.0 — structural closeout + agent-spec hardening
Structural run-close (f6 arc)
- Stop-hook closeout: inline runs are recorded to
runs[]with no human prompt;judgment_gateWARN surfaces when a stakes-gated run skipped the Frontier judgment layer;closeout-pendingmarker surfaces once at next SessionStart. - Crash-orphan sweep: SIGKILL/529-killed runs get recorded at the next session start (stale-heartbeat gate; live peers never touched).
- Terminal identity release: a recorded
passcloses the run identity (archived tohistoricalExecutions) so the next effort mints fresh instead of silently resuming a finished run; partial/blocked keep identity for crash-resume;collapse_runrecovers worktrees from the archive. state_finalizehonors both phase conventions (orchestratorexecution.phase+ inline top-levelphase) and stamps at most once; fresh-mint clears stale per-run state (phase/triggers/execution residue).
Agent-spec hardening (2026 enterprise-agent research pass)
activation-map-requiredplan-verify rule: plans proposing event-driven components (hooks, cron, watchers, webhooks) must map each to a real trigger +verified-livestate — targets the dormant-machinery failure class (4 live instances motivated it; rule probed against their exact phrasing).acceptance-criteriaas the 7th MECE brief field: hard-linted at dispatch (brief_mece_validator); optional-but-validated on rally packets (mece_gate).- Role-taxonomy corrections: core = verdict-contingent; tier follows role; no-sub-sub-agents documented as a delegation-depth-2 security cap; C5 = the sanctioned handoff detection phase.
- Codex Stop/SessionStart hooks now ship in-repo (
.codex/hooks.jsontracked; repo-level firing verified dormant under codex exec 0.139.0 — documented honestly in AGENTS.md).
All changes Fable-audited (two adversarial passes + closure verification with independent repros). Full battery: plan-verify suite, 79 pytest, 19 rally hook tests, self-mod gate 149/0.
v0.34.0
First release since v0.30.3 — publishes the accumulated 0.33.0-line work as 0.34.0 to npmjs + GitHub Packages.
Highlights
- Rally coordination:
rally_poll_gate.py(poll-after-post enforcement + poster-side fallback),rally_merge_gate.py(pre-merge conflict gate),.rallyexcluded from plugin-cache sync. - Telemetry + tier enforcement: Phase-5
item_iterationproducer (exec_state.py) recording tier/model,judgment_gate.pyenforcing Frontier (Fable) judgment dispatch at Review-G, cross-vendor model registry. - build-loop-memory: self-contained, privacy-safe seed folder (
templates/memory/) — templates + complete structure spec + README; private store still ships nothing. - Plugin manifests (claude + codex) + npm package all aligned at 0.34.0.
v0.30.3
$Build Loop 0.30.3 publishes the current main build after the v0.30.2 tag.\n\n- Bumps npm, Claude, Codex, and Agents release surfaces to 0.30.3.\n- Keeps the package aligned with current main.\n- Excludes Python bytecode cache artifacts from the published package tarball.\n\nValidation: npm run build; npm test; npm publish --dry-run; .venv/bin/python -m pytest tests/test_phase_6_gating_docs.py scripts/test_verify_release_surface.py scripts/test_check_private_slugs.py.
v0.12.16 — Rally Point: Cross-Session Agent Coordination
v0.12.16 — Rally Point: Cross-Session Agent Coordination
Headline
Build-loop becomes multi-session-aware. Rally Point is a new substrate that lets concurrent build-loop runs across Claude Code, Codex, and CI discover each other, coordinate ownership of files via MECE handoff, lease leadership, and surface escalations — without colliding, double-editing, or losing run identity. Phase 1 Assess and Phase 4 Review now consume it automatically. Companion: an independent commit auditor with parallel research+trajectory context, a capability registry that keeps Phase 1 inside Anthropic's ≤8-candidate Tool Search guidance, and a hardened security posture (private-slug guard + SEC-001 through SEC-011 remediation).
What changed
Rally Point — multi-session coordination substrate
The headline subsystem. Renamed from the original "app-pulse" prototype to rally_point/ (R1 C10). Solves the silent-collision problem when 2+ build-loop runs operate on the same repo concurrently.
- Channel resolver (
scripts/rally_point/channel_paths.py) — worktree-aware channel path resolution, honors policy on legacy mirror vs canonical-only. - Append-only change log +
fcntl-locked monotonic revision counter (T2/T3) — every state mutation is auditable and ordered. - Presence + reaper + per-session cursor (T4) — sessions register on
SessionStart, stale sessions are reaped, each session reads only what it hasn't seen. - Active session_probe + announce-and-listen hook — R2 auto-invoke wires a hook into
SessionStartso fresh agents announce themselves and discover existing peers before acting. - MECE handoff validator (R1 C4) —
scripts/rally_point/post.pyrejects malformed handoff payloads at write time; rejections counted and surfaced viarejection_countin status (R1 C8 follow-up). - Lease-based leadership (G1) — agents lease leadership of a chunk;
lead-*andescalationkinds added; leadership wired into the orchestrator + slash command (G1 integration). - Tool-level lateral limits (G2) — handoff packets capped per tool to prevent runaway broadcast.
- Escalation salience (G3) —
coordination_statussurfaces escalations prominently. - Host-neutral CLI (
scripts/agent_rally.py, G4) — same command surface for Claude Code, Codex, and CI. - Relevance-aware capability lifecycle (G5) — registry weights decay; unused capabilities demoted.
- Discovery bridge + producer metadata (β1, β1.2) — fresh agents discover channels via
rally where; producer metadata tags every record with what produced it (orthogonal to run identity). build_loop_idrun-identity layer — stable per-run handle (bl-<TS>-<tool>-<6digit>) attached to rally records as top-level fields. Closes the 37%run_id=unknowngap observed during β1. Generated/resumed viascripts/rally_point/build_loop_id.py; orthogonal toproducer_metadata.- Post-cutover channel_paths audit — verifies cutover invariants hold after the legacy-mirror window closes.
- CLI ergonomics —
agent-rally-preflightwired intoAGENTS.md+CLAUDE.md;rally wheredelegates toagent-rally-point discoverfor canonical resolution. - Coordination cache parity check — guards against drift between in-memory and on-disk coordination state.
Independent commit auditor
Two-tier review at every commit boundary:
- Deterministic boundary hook (primary) —
scripts/audit_before_commit.pyruns as a PreToolUse hook on everygit commit. It gathers diff scope, owned-files, intent/PRD/constitution snapshot, and prior judge decisions into a context packet, then emits a verdict in the four-option taxonomy (clean | warn | block | escalate). independent-auditoragent (escalation) —agents/independent-auditor.mdis the LLM-grade deep read invoked only when the orchestrator wants a second opinion (e.g., before squash-merging a multi-chunk build, or when a chunk's diff is unusually large or crosses an architectural boundary).- Parallel research + trajectory context (#46) — research-arm and trajectory-arm run in parallel; anti-bias reconciliation gates the verdict; hook-path persistence keeps audits available across resumed sessions.
- Consolidation (#47) — old
commit-auditoragent collapsed intoindependent-auditoras the single source of truth.
Capability registry + native architecture
- Native architecture package —
src/build_loop/architecture/(scanner, analysis, digest, enrich, diagram, lessons, adapter). Invoked aspython -m build_loop.architecture <subcmd>forscan,impact,trace,rules,dead,connections. Escalates to NavGator (--mode=navgator) only forllm-map,schema,diagram— capabilities not yet ported. architecture-scoutagent — read-only dispatcher for five Phase 1/2/4/6 task types (baseline,chunk-impact,review-rules,iterate-subgraph,learn-sync, plusenrichandschema-map). Decides native-vs-NavGator per task; returns a ≤500-word structured JSON envelope.- Freshness state manager —
scripts/architecture_freshness.pytracks staleFiles and lastFreshAt instate.json.architecture; wired intohooks/hooks.jsonso Phase 1 fan-out and Phase 2 chunk-impact analysis only re-scan when needed. - Capability registry (
scripts/build_capability_registry.py) + shortlist (scripts/capability_shortlist.py) — Phase 1 Assess loads ≤8 candidates per Anthropic Tool Search guidance, with trigger-aware demotion and plugin-surface collapse (P13). - Memory facade (
scripts/memory_facade.py) — unifiedrecall(query, kind=None, project=None, limit=10)over four backends:.build-loop/state.json.runs[],.episodic/decisions/*.md,agent_memory.<schema>.semantic_facts(Postgres), and the claude-code-debugger MCP search tool. Graceful degradation when a backend is missing.
Observability + auto-version-bump
judge_decisionsenvelope (#42) — every judge run emits a structured envelope; Phase 4G writes.build-loop/judge-decisions.jsonand folds the entries intostate.json.runs[-1].judge_decisions[]. Dispatch-path-independent — fires every time, regardless of how the orchestrator was invoked (Skill, Agent tool, per-commit, resume). Reports MUST end with a## Judge decisionsblock sourced verbatim from the envelope.- Plugin-drift
SessionStarthook (#43) — warns when the installed plugin version drifts from the repo manifest. - Auto-version-bump in Phase 4G (#43) — patch-segment only; runs LAST before any push/merge when
plugin.jsonor.claude-plugin/plugin.jsonis present; bumps only when changed paths fall outsidedocs/,tests/,*.md. Also updates every locally-known.claude-plugin/marketplace.jsonthat references this plugin. Minor/major bumps remain user-initiated. - Report evidence enforcement — Phase 4 Report fails if claimed metrics lack
observer=... method=... artifact=....
Synthesis methodology
- systemic-rca-doe (PR #53) — Design-of-Experiments evaluation harness for systemic root-cause analysis. Includes golden corpus (
docs/test-fixtures/systemic-rca/golden-corpus.json), factor matrix, negative-example test (shallow-actor-blame), and eval scripts (scripts/systemic_rca_doe.py,scripts/systemic_rca_eval.py). - IBR explicit-only policy (PR #53) — IBR is no longer auto-routed into the build; Sub-step B uses the project-native
ui-validatorfirst. IBR remains available via explicit invocation. - Recent design structures gate — when
uiTarget != null, the design-contract specialist consultsskills/build-loop/references/recent-design-structures.mdafter the UI input/output contract exists. Backed by long-term memory decision0094-2026-05-24-build-loop-design-structure-memory-policyinbuild-loop-memory/decisions/build-loop/, which keeps cross-project UI structure history outside the build-loop repo so it survives project deletion.
MCP + attribution + security
- Stage-aware MCP security model (#40) — MCP tools gated by build phase; api-registry doc-cache bridge replaces direct vendor lookups where a registered source exists.
- Canonical Apache 2.0 attribution (#41) —
Tyrone Ross, Jr+ GitHub noreply email tail; REUSE 3.3 + NOTICE + canary markers; auto-applied by build-loop'sattribution-standardskill + Phase 1 detector. - Private-slug guard + CI enforcement — pre-commit + GitHub Actions guard scrubs private app slugs from this open-source repo; secret-driven denylist with
re.escapehardening; SEC-001 through SEC-011 remediated.
Apple/SourceKit triage
- SourceKit ghost-diagnostic triage helper (R2 Wave 2) — distinguishes the two Xcode 26 false-positive modes (new-file-not-in-pbxproj vs cross-file index lag) so the build doesn't chase ghost errors.
Migration
For users on v0.10.0:
# 1. Pull the latest build-loop and update the plugin cache
cd ~/dev/git-folder/build-loop && git pull origin main
# 2. Reinstall the plugin so .codex-plugin/ and .claude-plugin/ sync
# (Claude Code: /plugin reinstall build-loop@rosslabs-ai-toolkit)
# The SessionStart hook will auto-invoke rally_point.session_probe on
# the next session — no manual probe call is needed.
# 3. Install the per-repo post-commit hook so commits land in rally
python3 scripts/rally_point/install_git_hook.py --workdir .
# 4. (Optional) Inspect coordination state from any host
python3 scripts/agent_rally.py status --session-id <your-session-id>
python3 scripts/agent_rally.py whereNo data migration required for v0.10.0's repo-episodic-memory store — that subsystem is unchanged. The long-term memory repo at build-loop-memory/ (per-project decisions under decisions/<project>/) continues to receive captures via the existing stop hook.
Compatibility
- Wire-format: rally records carry
build_loop_id,build_loop_started_at,build_loop_run_labelas top-level fields starting this release. Older records without them ...
v0.10.0 — Repo-Episodic-Memory Framework
Headline
Episodic memory framework migrated from per-repo .episodic/decisions/ + per-project Postgres schema to a global private repo (build-loop-memory) + single personal_memory schema, tagged by project. Lessons learned now survive project deletion and are scoped via project tags rather than directory boundaries.
What changed
New: global path/schema resolver
scripts/_paths.py— single source of truth foragent_memory_root(),decisions_dir_for_project(project),default_schema(). Env-overridable via$AGENT_MEMORY_ROOT,$AGENT_MEMORY_SCHEMA.scripts/project_resolver.py— maps cwd → project tag via<root>/.config/projects.yaml. Longest-prefix-match; falls back to_unscoped.- New
--all-projectsflag onrecall.py. Default scope: current project +_unscoped(universal lessons always visible).
SQL parameterization
init_agent_memory_schema.sqlandmigrate_schema_to_1024.sqlnow take:schemaas a psql variable. Default:personal_memory. Apply withpsql -d agent_memory -v schema=<name> -f scripts/init_agent_memory_schema.sql.
Codex plugin parity
.codex-plugin/plugin.jsonsynced to current version (was stuck at 0.4.0). New manifest-parity test enforces Claude/Codex sync going forward.
Security hardening
- SQL injection allowlist on
recall.pyfield filters. - Path-traversal guard + canonical-root assertion on
decisions_dir_for_project. - Test suite isolated from real memory store via
_test_helpers.MemIsolationMixin. - Personal data leaks (private paths in SQL comments, hardcoded test paths, project names in test fixtures) replaced with generic placeholders.
- Remaining medium/low findings tracked in
docs/SECURITY_FOLLOWUP_2026-05-05.md.
Migration
For existing users: run once to bootstrap the global memory store.
# 1. Create the private memory repo (or use any path via $AGENT_MEMORY_ROOT)
mkdir -p ~/dev/git-folder/build-loop-memory/decisions/_unscoped
mkdir -p ~/dev/git-folder/build-loop-memory/.config
# 2. Create the projects.yaml mapping
cat > ~/dev/git-folder/build-loop-memory/.config/projects.yaml <<YAML
default: _unscoped
projects:
- path: ~/dev/git-folder/your-project
project: your-project
YAML
# 3. Bootstrap the personal_memory Postgres schema
psql -d agent_memory -v schema=personal_memory -f scripts/init_agent_memory_schema.sql
# 4. (Optional) Migrate existing .episodic/decisions/ from per-repo to global
cp -r ~/your-project/.episodic/decisions/*.md ~/dev/git-folder/build-loop-memory/decisions/your-project/
python3 scripts/sync_db_from_files.py --workdir ~/dev/git-folder/build-loop-memory --include-historyCompatibility
- Stop hook command in
hooks/hooks.jsonunchanged — firesscan_transcript_for_decisions.pywhich now writes to the global location automatically. - Scripts honor
$AGENT_MEMORY_ROOTfor testing/staging environments. - Phase D 7-day soak in progress; legacy
build_loop_memoryPostgres schema and per-repo.episodic/decisions/retained as backup until checkpoint passes (~2026-05-12).
Files
- 24 changed files in scripts/, +884/-91 over the v0.9.0 release.
- New:
_paths.py,project_resolver.py,test_project_resolver.py,_test_helpers.py,SECURITY_FOLLOWUP_2026-05-05.md,HANDOFF_2026-05-05_repo-episodic-memory.md.
🤖 Generated with Claude Code
v0.2.0
Install
/plugin marketplace add tyroneross/build-loop
/plugin install build-loop@build-loop
What is build-loop?
An orchestrated 8-phase development loop for Claude Code: assess → define → plan → execute → validate → iterate → fact-check → report.
Built-in eval grading, fact verification, mock data scanning, and Sonnet-heavy execution with adversarial critic pass. Typical build: Opus plans once, Sonnet handles bounded execution and adversarial review, Haiku does pattern matching — estimated 4x cheaper than single-pass Opus.
Changes
- Dropped pre-release designation — build-loop is now stable at v0.2.0
- No breaking changes from 0.2.0-alpha