diff --git a/CHANGELOG.md b/CHANGELOG.md index 6daa5b2b..12bde790 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.2.0] — 2026-07-13 + ### Changed +- **Hawk/Eyrie production boundary completed**: Hawk owns the product face, + sessions, tools, permissions, and public schemas while Eyrie v0.2.1 owns + credentials, catalog resolution, provider transport, resilience, and usage + telemetry behind the stable `eyrie/engine` facade. +- **Provider routing and usage attribution hardened**: resolved route changes, + continuation segments, and terminal usage are propagated without duplicate + accounting, and production Eyrie calls use exactly one resilience layer. +- **Daemon conversations are durable**: JSON and SSE chat requests create or + resume persisted sessions, expose stable session IDs, preserve metadata, and + distinguish invalid, missing, and corrupt state. +- **Release and supply-chain gates strengthened**: exact ecosystem Gitlinks, + module/tag parity, Trivy enforcement, public-module builds, SBOM generation, + and cross-platform artifacts are part of the release path. - **Fixed `/mode auto` misclassifying plain English as shell commands**: `shellmode.ClassifyInput` trusted `exec.LookPath(firstWord)` alone, so any sentence starting with a word that's also a real Unix binary (`make sure this works`, `find the bug in this file`, `kill the old branch`, `sort out the imports`...) was silently executed as a shell command instead of being sent to the model — confirmed 18 of 20 sampled sentences misclassified before the fix. Now a curated allowlist of unambiguous dev-tool names (`git`, `npm`, `docker`, `ls`, `cat`, ...) is trusted immediately, while every other PATH match requires real shell-syntax evidence (a flag, a path, a file extension, or an operator like `|`/`>`/`&&`) before being trusted as a shell command — matching the same ambiguity Warp's own terminal autodetect documents and resolves with a user-configurable denylist. - **Permission system unified into two independent axes**: the old `PermissionMode` (`default`/`acceptEdits`/`bypassPermissions`/`dontAsk`/`plan`) is removed. `/autonomy` now controls the 5-tier trust ladder (`Always Ask`/`Scout`/`Builder`/`Operator`/`Autonomous`, bare `/autonomy` opens a picker), and `/spec` controls an independent, orthogonal spec-driven workflow gate (`Specify → Plan → Tasks → ApproveImplementation`, bare `/spec` opens a picker) that blocks Write/Edit/Bash regardless of trust tier — including at Autonomous. Fixes a real bug where the old Plan Mode's write-block could be silently bypassed at high autonomy tiers, since tier and mode were checked independently with no ordering guarantee. - **Fixed `PermissionService.SetAutonomy`/`Autonomy()`**: previously wrote to/read from a shadow field the permission engine's `CheckTool` never consulted, meaning autonomy tier changes may not have reliably taken effect. Now both read/write the same `PermissionEngine.Autonomy` field the check logic uses. diff --git a/README.md b/README.md index 3c4c70fa..7a974c68 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ See [docs/SECURITY-DEVELOPER.md](docs/SECURITY-DEVELOPER.md) for the credential Optional for contributors: ```bash -go install github.com/GrayCodeAI/hawk@latest # only after Hawk and support repo tags are published +go install github.com/GrayCodeAI/hawk/cmd/hawk@latest ``` ## Features diff --git a/VERSION b/VERSION index 6e8bf73a..0ea3a944 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.0 +0.2.0 diff --git a/docs/architecture/hawk-eyrie-engine-migration.md b/docs/architecture/hawk-eyrie-engine-migration.md index 5835461d..e7bacd53 100644 --- a/docs/architecture/hawk-eyrie-engine-migration.md +++ b/docs/architecture/hawk-eyrie-engine-migration.md @@ -124,9 +124,7 @@ readers remain backward-compatible for at least one release cycle. ## Verification and release status -See `verification-status-2026-07-13.md` for the current evidence ledger and -remaining blockers. In particular, the audited workspace's committed Eyrie -Gitlink, checked-out submodule and `go.mod` module revision do not match. The -source boundary is implemented locally, but that mismatch must be resolved and -verified in both workspace and `GOWORK=off` builds before the migration can be -called release-complete. +See `verification-status-2026-07-13.md` for the evidence ledger. The committed +Eyrie Gitlink, checked-out submodule, and `go.mod` revision now converge on the +published Eyrie v0.2.1 commit. Hawk passed both workspace and `GOWORK=off` +verification, and the final migration revision passed hosted CI before merge. diff --git a/docs/architecture/verification-status-2026-07-13.md b/docs/architecture/verification-status-2026-07-13.md index 8be56211..d8bde9db 100644 --- a/docs/architecture/verification-status-2026-07-13.md +++ b/docs/architecture/verification-status-2026-07-13.md @@ -2,10 +2,10 @@ ## Verdict -The audited revision set now has a release-aligned Hawk-face/Eyrie-engine -boundary. Local gates and Eyrie's hosted release gates are green; the final -Hawk revision still requires successful hosted CI before the ecosystem can be -declared production-ready. +The audited revision set has a release-aligned Hawk-face/Eyrie-engine boundary. +Local gates, Eyrie's release gates, and Hawk's final hosted pull-request gates +are green. The remaining publication step is the signed Hawk release tag and +its generated artifacts. The architecture and focused hardening tests support this responsibility split: @@ -25,9 +25,9 @@ Eyrie engine facade model providers ``` -The prior Eyrie release-parity mismatch is resolved by v0.2.1. Final Hawk -hosted CI on the reviewable commit remains the publication gate for a -whole-ecosystem production-readiness claim. +The prior Eyrie release-parity mismatch is resolved by v0.2.1. Hawk PR #92 and +its follow-up documentation sync in PR #93 passed their hosted checks and were +merged to `main`. ## Verified responsibility boundary @@ -186,7 +186,7 @@ replace final remote CI. | Python SDK | 288 tests, Ruff check/format and strict mypy | Passed | | Hawk Cloud queue | focused and full tests, type-check, format, Wrangler checks, direct SQLite check | Passed | | Hawk full integration | isolated full tests, full race tests, vet and all architecture guards against the completed workspace | Passed | -| Published release graph | Eyrie v0.2.1 gitlink/module parity; two full Hawk passes in workspace and `GOWORK=off` modes | Passed locally; final Hawk hosted CI pending | +| Published release graph | Eyrie v0.2.1 gitlink/module parity; two full Hawk passes in workspace and `GOWORK=off` modes | Passed locally and in Hawk hosted CI | | Community skills | 303 tests; 12,167 skills passed; zero failures and zero warnings; Ruff, boundary and registry gates | Passed locally with a zero-warning budget | | Adjacent GrayCode Core | forced 266-test run, lint, type-check, production build, Hawk Cloud contract comparison and package audit | Passed; not a runtime dependency | @@ -227,12 +227,12 @@ workspace race-and-coverage run passed at 69.0% total statement coverage. Vet, lint, formatting, all architecture guards, module verification and both workspace/module vulnerability scans passed. -### Final Hawk hosted CI remains +### Hawk hosted CI passed -The completed local change set must still be committed and exercised by Hawk's -hosted pull-request CI. A production-ready claim depends on those hosted test, -race, coverage, boundary, security, public-module and submodule-parity jobs -passing on the exact reviewable Hawk revision. +The completed architecture change set passed Hawk's hosted test, race, +coverage, boundary, security, public-module, compatibility-matrix, Docker, and +submodule-parity gates on the exact reviewable revision before merge. Release +publication still independently verifies the tagged revision and artifacts. ## Production-readiness exit criteria