Autonomous Dev Kit v6.5.0

ADK path canonicalization + write-location transparency + artifact hygiene

Fixes the #70 worktree-fragmentation residual (v6.4.0 retro) and generalizes it into a consistent solution for three directory-confusion problems.

• Consistent ADK state location. New shared resolver hooks/lib-autodev-paths.sh (autodev_repo_root) anchors .claude/autodev-state + .autodev/state to the git-common-dir's parent — the one root all worktrees share, surviving worktree removal — with AUTODEV_STATE_ROOT override, pwd -P normalization, cwd fallback, and a declare -f guard so a missing/broken lib degrades to prior behavior (hooks never break). Retrofitted across all 11 state-writing hooks; the retro reads the canonical activation log, closing #70.
• Subagent write-location ledger. Every subagent ends with a Writes: ledger (repo-relative paths + OUT-OF-TREE: flag) so the orchestrator can verify and relocate state — added to team-conventions + the 3 prompt templates + the SKILL.
• No operator-home paths in committed artifacts. Placeholder-aware tests/no-machine-paths.sh in a dedicated always-on path-hygiene.yml workflow (scans docs/, decisions/, skills/, agents/; state logs exempt); 4 pre-existing leaks fixed; one-line repo-relative-paths rule added to 5 artifact-writing skills.

Resolver proven against a real temp git + linked-worktree fixture (main & worktree resolve to the identical physical root); a worktree-prune regression test (Group D) guards the one Critical the adversarial code review caught. Shipped via the full autonomous pipeline (design ×2 + plan ×3 adversarial cycles + alignment + scope-lock + adversarial code review). PR #75.

Autonomous Dev Kit v6.4.0

Pipeline evidence + doc-sync hardening (#69 #70 #71 #72)

Four pipeline self-consistency fixes — zero new skills/scripts, no heuristic scanner.

• #69 — committed adversarial-review report. adversarial-design-review now mandates committing its findings report (existing <stem>-design-review.md / <stem>-plan-review.md convention) with stable finding IDs (D1/P1, sequential across severities) + optional end-state Resolution. Closes a phantom dependency: post-merge-retrospective read a report that was never written. Survives long/compacted contexts — retros read a committed file, not a lost transcript.
• #70 — retro reads the activation log, not a kit-local script. post-merge-retrospective now reads .claude/autodev-state/in-progress.jsonl (written by the record-activity hook in any repo) as the primary activation source; the kit-dev-only tests/skill-activation-audit.sh is demoted; absent log degrades to "activation log unavailable" (never "script does not exist").
• #71 + #72 — pre-PR doc-reconciliation gate. finishing-a-development-branch gains Step 1e (body + Autonomous Mode list): committed docs/examples must mark forward-refs Planned (PR #N) (#71) and match the built code's identifiers (#72), with a PR-body Doc-reconciliation: accountability token the retro consumes. Plus a new plan-phase Identifier / naming-convention match row in adversarial-design-review (catch drift before code).

New regression test tests/pipeline-evidence-doc-sync.sh guards all four contracts, wired into skill-content-check.yml CI (which now also runs skill-cross-refs.sh).

Shipped via the full autonomous pipeline (3 design-adversarial cycles + plan-adversarial + alignment + scope-lock + adversarial code review). PR #73.

Autonomous Dev Kit v6.3.1

Bug fix for #66 — PreCompact hook returned invalid JSON on Codex.

• Root cause: hooks/pre-compact-snapshot emitted empty stdout on its no-locked-plans
  path (the common case at compaction) and other guard paths. Claude Code tolerates empty
  PreCompact output; Codex rejects it as "invalid PreCompact hook JSON output". The v6.3.0
  wrapper recovered JSON behind diagnostics but still emitted nothing for empty output.
• Fix (defense-in-depth, both invocation paths): every exit path now emits a valid JSON
  object — hooks/pre-compact-snapshot emits a {} no-op instead of empty (covers Codex
  invoking the hook directly), and hooks/run-hook.cmd emits {} for any empty hook output
  (covers the wrapper path for every hook). {} is a universal no-op on Claude Code and
  valid JSON for Codex.
• New regression tests/hook-contracts.sh::test_pre_compact_snapshot_emits_json_when_no_locked_plans
  runs the installed hook the way Codex invokes it (directly, no wrapper) and asserts valid
  JSON on the no-locked-plans + disabled paths; tests/hook-stdout-discipline.sh case (e)
  asserts the wrapper emits {} for empty output. Both CI-gated by hooks-check.yml.

Autonomous Dev Kit v6.3.0

Pipeline-hardening release closing five recurring gate-miss / context-waste issues
observed across autonomous runs and Codex compaction.

• adversarial-design-review — auth/authz chain-composition bug-class (#59): a new
  plan-phase row that walks the design's auth/authz chain component-by-component against
  the plan's wiring and flags any gate enforced by a client-asserted value
  (evidence.granted_permissions, a header) instead of server-side against an
  authenticated principal.
• pr-monitoring — sanctioned bash poll-loop (#60): documents the host-scoped
  CI-wait pattern. Under Claude Code, a bounded run_in_background bash sleep-loop that
  blocks to completion and re-invokes the lead once on settle (the prior background-Agent
  monitor early-exited ~6× per run); Codex/Cursor use a self-poll-on-wakeup fallback.
• subagent-driven-development / team-conventions — completion trust-boundary (#58,
  ADR 0003): a flipped Implement: N is a claim, not evidence — the lead must run
  verification-before-completion before trusting it. A deterministic hook-block is
  infeasible (the pre-tool payload lacks the task subject + caller identity), so
  correctness rests on lead verification, not on who flipped the checkbox.
• run-hook.cmd — stdout JSON discipline (#41): the wrapper now captures each hook's
  stdout and emits only valid-JSON-or-empty to the host's hook parser, recovering a block
  decision even when a locale/diagnostic warning precedes it (previously such noise could
  invalidate the hook's JSON). Diagnostics are routed to stderr; jq-absent hosts pass
  through unchanged. New tests/hook-stdout-discipline.sh.
• pretool-pr-review-reminder — once-per-session (#61): the gh-version/Copilot
  reviewer reminder now emits once per session (deduped via a .claude/autodev-state
  marker, quote-strip-matched so a quoted --body mentioning gh pr create no longer
  trips it) and is reset by pre-compact-snapshot so it re-emits once after a compaction.
• adversarial-design-review — artifact-class precedent (#63): a new design-phase row
  that surveys how the codebase already implements an artifact class (where a scenario
  stands up a server, where a fixture lives — ls scenarios/*/cmd/server/main.go), not
  just the mechanism; grep for sibling instances and follow the established shape or
  justify divergence.
• session-start — Linux time-dedup fix (#64): the SessionStart hook tried BSD
  stat -f %m before GNU stat -c %Y; on Linux stat -f succeeds-but-wrong (fs info),
  so the time-based dedup never suppressed re-fires. Now GNU-first with a numeric guard —
  fixing re-fire spam for all Linux autodev users.
• CI: new hooks-check.yml runs the hook contract + stdout-discipline tests on any
  hooks//test change, so these fixes are regression-gated.

Autonomous Dev Kit v6.2.2

v6.2.2 — 2026-05-31

New Existence / runtime-validity bug-class in adversarial-design-review
(design-phase checklist, inherited by the plan phase), closing a 2-retro gap
where a review verified an artifact's intended content but never that the
artifact exists or runs as the design assumed (issue #55).

• skills/adversarial-design-review/SKILL.md: one new design-phase row. (a) For
  any artifact a design edits but did not create, require an ls/gh
  existence check before mutation (the required_secrets sweep hit a missing
  workflow-registry manifest at execution). (b) For any artifact a design
  emits, require verifying the consumer surface is real (the smart-CI gen
  emitted wfctl ci run --phase migrate, no such phase). Explicit Clean
  escape hatch for designs that neither edit nor emit a consumed artifact.
  Complements demonstration-fidelity by pushing the check upstream.

Autonomous Dev Kit v6.2.0

v6.2.0 — 2026-05-29

New skill demonstration-fidelity + an advisory write-time hook, closing a verification-theater gap: an agent writes real code, then "demonstrates" it with a demo that never executes the real artifact — reimplementing the logic, hard-coding the output, or rewriting it in another language. The demo proves nothing yet is presented as proof.

• skills/demonstration-fidelity/SKILL.md (host-neutral, load-bearing on every harness): a demonstration MUST execute the real artifact and show output produced by that run. Forbids reimplementation, hard-coded output, stubbing the artifact-under-demonstration, and detached prototypes — regardless of language. Allows substituting a dependency at a real interface seam with disclosure. Establishes "fidelity, not language sameness" (a real cross-language client crossing a real interface is valid), a 3-question fidelity test, a fake-vs-faithful example, and a rationalization table seeded from RED-baseline transcripts.
• hooks/pretool-demo-fidelity-guard (advisory, NEVER blocks; Claude + Codex + Cursor via hooks.json): on a Write/Edit to a demo-like path, injects a fidelity reminder pointing at the skill. Heuristic is anchored to path segments (demos/examples) + basename prefixes (demo*/example*/showcase*/quickstart*) with segment/suffix exclusions (test/spec/testdata/fixtures/vendor segments, *_test.*/*.spec.* basenames) — so example_test.go/testdata/ are skipped while examples/latest-feature-demo.py still fires. Session dedup keyed on basename(transcript_path); fails open (fires) on state I/O failure; honors SUPERPOWERS_HOOKS_DISABLE=1.
• Pipeline wiring: new runtime-launch-validation "Demonstration / example / showcase" change-class row (carving out artifact-stub-forbidden vs. disclosed-dependency-seam-allowed so it does not contradict RLV's "no stub on either end"); a verification-before-completion demo/example works claim-matrix row; a finishing-a-development-branch Step 1b demo note; using-autodev cross-cutting listing; README + tests/cross-llm-coverage.md rows.
• Tests: 22 tests/hook-contracts.sh assertions for the new guard (fires/silent/excluded/dedup/fail-open/disable-env/malformed-stdin/never-blocks). Skill is host-neutral (skill-content-grep.sh) and cross-refs resolve (skill-cross-refs.sh).

Autonomous Dev Kit v6.0.2

v6.0.2 (2026-05-26)

Marketplace rename

• Renamed the Claude Code/Codex marketplace from claude-marketplace to
  autodev-marketplace because Claude Code rejects marketplace names that
  impersonate official Anthropic/Claude marketplaces.
• Updated README install/remove commands and release dispatch workflow targets
  to use GoCodeAlone/autodev-marketplace.

Autonomous Dev Kit v6.0.1

v6.0.1 (2026-05-26)

Documentation

• Clarified that npx skills add installs Codex skills only, not the Codex
  plugin wrapper, hooks, trust state, or marketplace config.
• Added native Codex plugin install and old-plugin removal commands to the
  README.

Debugging workflow

• Added an explicit bug-backpropagation invariant step to
  systematic-debugging: after a root-cause fix, agents must identify the
  durable "System must always/never ..." invariant that would have caught the
  bug, or state why no durable invariant exists.

Autonomous Dev Kit v6.0.0

v6.0.0 (2026-05-25)

Rename and ownership

• Renamed the project from claude-superpowers to autonomous-dev-kit.
• Renamed the skill namespace from superpowers: to autodev:.
• Renamed the Claude plugin from superpowers to autodev.
• Renamed the entry skill from using-superpowers to using-autodev.
• Updated author metadata to Jon Langevin / jon@gocodealone.com.
• Updated repository references to GoCodeAlone/autonomous-dev-kit.
• Updated the Claude marketplace target to GoCodeAlone/claude-marketplace.

Hook and workflow hardening

• Fixed hook JSON output to use host-compatible hookSpecificOutput.additionalContext.
• Added hook contract tests for SessionStart, UserPromptSubmit, PR reminders,
  PreCompact snapshots, Stop-hook phase continuation, compact state rows, and
  locked-plan design backports.
• Relaxed adversarial review loops so tangible issues continue driving
  revisions, while nitpicks no longer keep the loop alive.
• Changed scope locks to hash only the ## Scope Manifest block, allowing
  design/backport notes without invalidating locked scope.
• Added phase-completion introspection and compressed phase-progress JSONL.

Design pipeline additions

• Added project-design-guidance for durable project-wide design constraints.
• Added condensed-pipeline-writing for compact internal design/review/plan
  artifacts and compact JSONL state.
• Added required security, infrastructure, and multi-component validation
  checks across brainstorming, planning, adversarial review, and retros.
• Updated README and install docs with npx skills add commands for Claude
  Code and Codex.

v5.7.0

What's Changed

• Tighten subagent-driven-development reviewer prompts by @intel352 in #21
• chore: bump plugin manifests to v5.2.0 by @intel352 in #22
• feat: compaction-recovery hooks + subagent watchdog & quality-rotation patterns by @intel352 in #23
• scope-lock: prevent agent rescoping, PR collapse, and demo-rush on locked plans by @Copilot in #24
• Add PR lifecycle hooks: Copilot reviewer enforcement, monitoring reminder, and monitor agent tuning by @Copilot in #25

Full Changelog: v5.1.0...v5.7.0