up-docs v0.8.0

[0.8.0] - 2026-05-08

Added

• hooks/hooks.json — plugin-shipped hook component (PreToolUse + PostToolUse) at the supported plugin path; replaces v1's invalid .claude/settings.json packaging.
• scripts/deny-guard.sh — PreToolUse forbidden-command validator. Parses pipes, redirects, && chains, $(), backticks; mirrors the auditor's <forbidden_commands> table. Defense-in-depth, NOT an enforced security boundary. 13 bats tests.
• scripts/capture-transcript.sh + scripts/_capture-redactor.py — opt-in PostToolUse capture hook. No-op unless UP_DOCS_TRANSCRIPT_LOG is set; uses umask 077; redacts Bearer/ghp/ghs/AKIA/BAO_TOKEN/password/token/sk-ant-/aws_secret patterns; truncates output at 4 KiB; Bash only (Read excluded — file contents leak per GH-44868). 10 bats tests.
• tests/pyproject.toml — pinned test deps (pydantic ≥2.5, pytest ≥8.0, fastmcp optional, deepeval optional). Run from plugins/up-docs/tests/.venv.
• tests/validate_output.py — Pydantic v2 discriminated-union validators for all four agent outputs. Layered reports use Annotated[Union[RepoReport, WikiReport, NotionReport], Field(discriminator="layer")]; structural mismatch produces union_tag_invalid naming the bad tag and the expected literals. NotionReport additionally rejects IPv4 leaks; totals are reconciled against row actions.
• tests/verify_evidence_grounded.py — structured-evidence transcript verifier. Requires expected_output_signature to literally appear in tool_response.output of a transcript record matching evidence.command; closes the v1 audit's CR-003 gap (the command-but-output-contradicts case).
• tests/test_validate_output.py and tests/test_verify_evidence_grounded.py — 26 self-tests including a CR-003-specific contradiction case and a Bug #4 no-record case.
• CLAUDE_CODE_SESSION_ID-based default state file in convergence-tracker.sh — replaces v1 plan's broken -$$.json default. Persists state across the multiple separate invocations the drift skill makes per session. 3 new bats tests.
• README §Security — documents the plugin's defense-in-depth deny-guard.sh and recommends a consumer-side permissions.deny block for projects that want a hard security boundary.

Changed

• Auditor (up-docs-audit-drift) prompt: evidence is now a structured object {command, expected_output_signature, source_tool_use_id?} instead of a free-form string. New no-fabrication rule in <verification_discipline>: when expected_output_signature was not literally observed in tool output, the auditor MUST set confidence: "unverifiable" and evidence: null rather than inventing a signature. All 4 examples + the output_format JSON updated to the structured shape.
• tests/run-bats.sh honors explicit path arguments (single files, directories, multiple files), falling back to the top-level glob when called bare. Closes CR-004's wrapper-side gap.
• All five skill files now check for python3 in PATH at Step 1 and exit with a clear ERROR message if missing.

Fixed

• v1 plan's CR-001 through CR-008 audit findings — see docs/plans/2026-05-08-up-docs-hardening-plan-v1-audit.md for the full list of structural defects this release closes.

Notes

• Phase 2 hook-firing smoke test (Task 8) result: PASS (2026-05-08, claude 2.1.133). See plugins/up-docs/docs/phase-2-smoke-result.txt.

up-docs v0.7.2

[0.7.2] - 2026-05-08

Fixed

• README "Known Issues" no longer claims drift analysis is "designed for Opus 4.6" — auditor runs Sonnet by frontmatter; Opus is opt-in via the escalation block.
• Stale Claude Code v2.1.92 MCP-loading mitigation note removed from Known Issues.
• Duplicate ## [0.3.0] CHANGELOG entry merged into one block.
• tests/link-audit.bats no longer breaks on inputs containing single quotes; added a red-first regression test that exercises the O'Reilly-style failure case using the OLD pattern, then rewrites all 8 invocations to the safe printf '%s\n' "$1" form.

Added

• README §Requirements now lists Python 3.x in $PATH as a hard prerequisite (used by all four helper scripts under scripts/).

release-pipeline v2.2.0

[2.2.0] - 2026-05-07

Changed

• Direct-commit-to-main workflow. Templates no longer assume a testing branch. The L3DigitalNet/Claude-Code-Plugins repo retired testing on 2026-05-07; pipeline templates updated to match. All Phase 3 flows replaced git checkout main && git pull && git merge testing --no-ff with a single git pull --rebase origin main step. The trailing git checkout testing step is removed throughout — releases stay on main.
• Mode 1 renamed: Quick Merge → Quick Push. With no testing branch to merge, the mode now stages uncommitted changes (if any), commits, and pushes directly to main. Same auto-staging UX, simpler underlying git flow. Filename mode-1-quick-merge.md retained for router-table backward compatibility.
• Rollback suggestions for Phase 3 (before push) no longer include git checkout testing. The git tag -d ... && git reset --soft HEAD~1 rollback now runs in place on main.
• README mermaid diagram updated to show the simpler Phase 3 flow (no merge step).

Notes

• This release was bootstrapped manually (commit + tag + gh release create) because the v2.1.2 templates require the testing branch and would have failed if used to release v2.2.0. Subsequent releases use the new (working) pipeline.
• No interface changes for users on the main-only convention. Repos that intentionally use a testing branch must fork the templates or pin to v2.1.x.

qdev v1.5.0

Changed

• qdev: bump to v1.5.0 — qdev-researcher subagent
• qdev(README): fix mermaid label, prune-cmd safety, prose polish
• qdev: README — document qdev-researcher and handoff protocol
• qdev(research): fix callout ordering, summary early-exit, hint shape
• qdev: rewrite /qdev:research as thin orchestrator
• qdev(researcher): drop dead Glob/Grep permissions; fix Step 8 ordering
• qdev: add qdev-researcher subagent (Sonnet)

qdev v1.4.0

[1.4.0] - 2026-05-07

Changed

• qdev v1.4.0 — add Tavily MCP support across all commands and agents

plugin-test-harness v0.7.5

[0.7.5] - 2026-05-07

Changed

• plugin-test-harness: bypass workstation pre-commit hook in fix/ tests
• plugin-test-harness: Phase 2 — convergence + gap-analyzer + registry-shape (18 cases)

home-assistant-dev v2.2.8

[2.2.8] - 2026-05-07

Changed

• home-assistant-dev v2.2.8 — drop WebSearch from VALID_AGENT_TOOLS allowlist

docs-manager v0.2.4

[0.2.4] - 2026-05-07

Changed

• docs-manager v0.2.4 — replace forbidden WebSearch with MCP search backends

up-docs v0.7.1

[0.7.1] - 2026-04-24

Fixed

• up-docs-propagate-repo agent now audits AGENTS.md and AGENTS.reviews.md as mandatory targets on every run (same discipline as CLAUDE.md). These are Codex CLI's equivalent of CLAUDE.md; v0.7.0's mandatory-audit list omitted them, so a V2 migration could leave their "Session handoff: docs/handoff.md" pointers unchanged — Codex sessions would then try to read a deleted file. Discovered by the drift auditor on the homelab /up-docs:all run that ran immediately after v0.7.0 shipped. The auditor caught 4 findings; 2 of them were these two files.
• up-docs-propagate-repo V2 mandatory-audit block gains a post-split self-reference check: after Phase 1 has moved content from docs/handoff.md into docs/state.md (and siblings), grep the new files for literal docs/handoff.md strings. Pre-migration Session Instructions text frequently contained self-references like "Check docs/handoff.md (this file)" that became stale after the file was renamed to state.md. The check covers state.md, deployed.md, architecture.md, credentials.md — any of which may have inherited handoff.md references from their source sections. Fix in-place. Drift auditor caught this on homelab (docs/state.md:11 was the offender).
• Stale-file-scan NEVER-flag list extended to include AGENTS.reviews.md (was only AGENTS.md in v0.7.0).

Notes

Both fixes traced to the same root cause — v0.7.0's mandatory-audit list was modeled on Claude Code's file set (CLAUDE.md + docs/) and didn't account for Codex-specific files or self-reference drift from renames. Neither was caught in v0.7.0's example block, which kept the gaps invisible until a real-world /up-docs:all invocation exercised the full audit path.

up-docs v0.7.0

[0.7.0] - 2026-04-24

Changed

• Handoff-system-v2 adaptation. up-docs-propagate-repo, /up-docs:repo, and /up-docs:all now target the post-2026-04-24 handoff layout (docs/state.md + docs/deployed.md + docs/architecture.md + docs/credentials.md + docs/sessions/<YYYY-MM>.md + docs/bugs/<NNN>-*.md + docs/conventions.md + .claude/rules/*.md) while preserving full backward compatibility with the legacy docs/handoff.md layout via probe-based detection. Rationale: 23 repos in the author's fleet migrated to v2 during the 2026-04-24 batch (pre/post reduction 91.1% aggregate); the plugin now matches.

  • Layout detection: agent probes docs/state.md first. If present → V2; if absent and docs/handoff.md present → V1 legacy; otherwise NONE. No CLI flag or user input required.
  • V2 mandatory-audit rewrite: docs/state.md (**Last updated:** + 🔴/🟡/🟢 active-incidents block under ## Session Instructions, 2 KB hard cap), docs/deployed.md (deployment-truth rows + What Remains), docs/architecture.md (system graph, optional), docs/credentials.md (secret paths, optional), docs/sessions/<current-month>.md (append row with ≤20-word headline + commit SHAs + bug refs; update INDEX.md row count), docs/bugs/<NNN>-<slug>.md (create one per session-fixed bug with frontmatter; run docs/bugs/_regen_index.py after), docs/conventions.md (numbered skeleton; full rule body may live in .claude/rules/ after Phase 5 of migration), .claude/rules/<topic>.md (path-scoped behavioral rules, ≤200 lines per file), CLAUDE.md (usually no-change post-migration — pure index).
  • V1 legacy fallback: repos that haven't run the v2 migration still work. Agent falls back to the pre-0.7.0 audit (docs/handoff.md + docs/conventions.md) and includes an advisory note in its output suggesting the migration.
  • Handoff brief (Step 6/7 in skills) upgraded: sources fields from the matching layout. V2 brief pulls Last-work from docs/sessions/<current-month>.md, deployed from docs/deployed.md, active incidents from docs/state.md, open bugs from docs/bugs/INDEX.md (rows with status != fixed). V1 brief unchanged. NONE skips the brief silently.
  • Append-only bug KB rule codified: creating a new bug file uses max(existing_ids) + 1; editing or renumbering prior bug files is forbidden. Supersession handled via supersedes: / superseded_by: frontmatter fields, both files kept.
  • Stale-file scan NEVER-flag list extended to include v2 files (docs/state.md, docs/deployed.md, docs/architecture.md, docs/credentials.md, docs/specs-plans.md), the docs/sessions/ and docs/bugs/ directories (persistent logs), and everything under .claude/ (plugin-lifecycle-managed).
  • python3 docs/bugs/_regen_index.py is a sanctioned Bash call in the agent's guardrails (only destructive-adjacent operation allowed; rewrites docs/bugs/INDEX.md idempotently from frontmatter).

• templates/drift-finding.md example row updated: docs/handoff.md → docs/deployed.md to reflect the new layout's deployed-truth file.

Notes

Rule-body migration decision per repo:

• Phase 5 run (rule bodies in .claude/rules/): extend the matching rules file; leave docs/conventions.md pointer unchanged.
• Phase 5 deferred (real conventions.md still full-body): append to docs/conventions.md using the six-field schema + Quick Reference row.
• Template DOC-001/002/003 conventions.md: extend docs/conventions.md for now; Phase 5 backfill will migrate to rules later.

The plugin does not enforce one or the other — it adapts to what exists.