v2.13.0

Release v2.13.0

Released: 2026-05-04

Added

• do:review now flags architectural pattern divergence. Added a top-level meta-rule to lib/review-cross-file-contract.md and lib/code-review-checklist.md (the cross-file tracing agent explicitly hands this concern off to the cross-file contract agent) that catches new code introducing a parallel implementation when the project already has an established pattern for the same class of concern — data storage & persistence, content/template management, API endpoints & validation, auth/authz, error handling, structured logging, configuration loading, transport clients, caching, background work, state management, testing infrastructure, and inter-service communication. Detection methodology: classify the concern, inventory peer patterns (sibling registry/repository/service directories, loader/helper modules, shared types, centralized utilities), compare to the dominant peer pattern, flag every divergence, and recommend either adopting the established pattern or extending it to cover a structural gap. Originated from a real example where a *Prompts.js module hardcoded prompts in JS while the project already managed prompts via a registry directory + loader.

Changed

• Review agents split to reduce attention dilution. Refactored the do:review pipeline so each review agent has a tighter focus area and shorter prompt. The pipeline now dispatches FIVE specialized agents in parallel: review-surface-scan.md (per-file runtime correctness), review-surface-quality.md (per-file quality, conventions, tests, documentation drift), review-security-audit.md (secrets, auth, supply-chain, prompt-injection), review-cross-file-tracing.md (state, lifecycle, concurrency across files), and review-cross-file-contract.md (schemas, validation parity, error classification, architectural-pattern adherence). Reduces the chance that an individual agent silently drops a checklist tier when the diff is large.
• do:review checklist learnings from PR feedback rounds. Extended the master checklist and the five review agents (review-surface-scan.md, review-surface-quality.md, review-security-audit.md, review-cross-file-tracing.md, review-cross-file-contract.md) with patterns surfaced by Copilot review on recent merged PRs. New coverage spans: cross-platform binary fallback (pwsh/powershell, python3/python); module-import-time loaders for user-editable config (wrap both read AND parse, normalize root shape with Array.isArray/isPlainObject); cross-platform fs.rename "destination exists" replace + temp-file leak on swallowed errors; case-sensitive regex against filesystem paths; truthy-only guards on concurrency tokens that bypass on empty strings; PATCH endpoints accepting empty bodies (write churn); multi-input pipeline parameter parity (ffmpeg concat / SQL UNION); bound-derived state clamping when bounds shrink; controlled <input type="number"> format-on-render breaking intermediate keystrokes; form inputs that mutate the source-of-truth prop breaking onBlur dirty checks; tests asserting the wrong validation path due to invalid unrelated fields; persisted JSON loaders that don't normalize the root shape; identifier fields used as delimiter-separated keys; user-initiated cancel signals reported as generic errors instead of cancelled; EventSource onerror handlers that don't reset render-state flags; multi-provider operation fan-out (cancel/getActive enumerating ALL providers); job ownership checks before clearing singleton state in finalize handlers; disable-active-option fallback chain to next configured option; UI saved-state mirroring save-time normalization; cross-platform script-flag parity between dispatcher and platform-specific scripts; compound visual state propagation through child components; last-precedence wins for layered config blocks (env_production > env); shared-namespace unsubscribe affecting other consumers; URL parsing for structured services (PR URLs); forge/host detection from data source vs reference source; aria-label vs title for icon-only buttons; form Enter bypassing disabled-button guards; index-as-key on sliced/changing lists; stale closures in DOM event handlers; sort-to-find-max anti-pattern; tests skipped on CI platform via process.platform returns; test artifact cleanup; HTTP header case normalization; browser storage API throws (Safari private mode, quota); LLM tool-call params arriving as strings; JSDoc absolute claims violated by implementation; empty values in error message templates; temp filename collisions via Date.now(); cache miss for falsy successful values; cache validity by existsSync ignoring partial files; existsSync vs isFile for must-be-regular-file; setup scripts uninstalling predecessor when switching packages with same import path; platform inverse-logic guards (!IS_WIN when meant IS_MAC); path assertions in tests using forward-slash literals fail on Windows; default selector validates against actual available set; input mode switching with stale "other-mode" value; cancel + queue worker race against subprocess cleanup; cancellation completeness (Promise + .then + flags).
• Review checklist: cross-platform fs.rename rollback rule. Added explicit guidance that fs.rename is not atomic across volumes and may fail with EXDEV on Windows / Linux when source and destination span filesystems. Reviewers now flag rename-based "atomic" swaps that lack a copy+unlink fallback or rollback path on partial failure.
• Review checklist: tilde-expansion path.join pitfall + id-as-filename traversal check. Added two related checks to the surface-scan agent: (1) path.join('~', ...) does NOT expand ~ to $HOME on any platform — paths look correct in logs but write to a literal ./~/ directory; reviewers flag any tilde-prefixed path that isn't passed through os.homedir() first. (2) Identifier fields (job IDs, conversation IDs, slugs) used as filenames need traversal sanitization (.., leading /, NUL bytes, Windows drive letters) and length capping before they touch path.join / fs.writeFile.

Fixed

• do:scan: macOS portability and WebFetch limitations. Replaced reliance on the GNU timeout shell command (not present on default macOS) with the Bash tool's built-in timeout parameter (in milliseconds). The orchestrator and every subagent now use tool-level timeouts; the timeout shell command is explicitly omitted from the allowlist and from the I7 subagent contract. Documented WebFetch's GET-only / redirect-opacity constraints honestly in the report so OSV vulnerability lookups (POST-only) are skipped with a recommendation to run npm audit / pip-audit / cargo audit post-install. No change to the security model — these are documentation-of-reality fixes that prevent false confidence in the report's outbound-traffic claims.

Removed

Full Changelog

Full Diff: v2.12.0...v2.13.0

v2.12.0

Release v2.12.0

Released: 2026-04-28

• do:scan: hardening pass 3 — closed four further agent-hijack holes: (a) I7 Bash allowlist now requires every path argument to resolve via realpath to a location inside SCAN_DIR (closes a filesystem-read escape where a hostile prompt could have made a subagent head -c ~/.ssh/id_rsa), (b) I7 Bash readers (head -c, cat, etc.) are explicitly forbidden on file extensions in the I3 multimodal forbidden-list (closes a Read bypass via Bash byte-dump), (c) I1 extended to declare subagent reports themselves untrusted data — orchestrator extracts only structured fields, discards meta-instructions in subagent prose, (d) report URLs rendered in backticks to defeat markdown auto-linking + a "do not paste this report into another LLM" warning at the top of the report. Phase 0b refuse-list expanded (/dev, /proc, /sys, ~/.gnupg, ~/.config, ~/.claude, ~/.npm, ~/.cargo, ~/.cache, ~/.docker, ~/.kube, macOS Keychains/Application Support) and explicitly runs against the realpath-resolved SCAN_DIR. Override-resistance clause: user can override operational flags but cannot override the security guarantees. WebFetch redirect-opacity documented as a known limitation (host allowlist is best-effort outbound filtering, not a hard guarantee, since the WebFetch client may follow 3xx internally).
• do:scan: new read-only command that audits a directory for malware patterns, suspicious network calls, and vulnerable dependencies without executing any code from the scanned tree. Five parallel static-pattern agents cover code execution / obfuscation, network exfiltration, filesystem and credential reach, persistence and privilege escalation, and hardcoded secrets. Hardened against agent-hijack scenarios via nine numbered Operational Invariants (I1–I9) at the top of the spec: I1 untrusted-content rule, I2 no state-changing tools driven by scanned content (no Edit/Write/MEMORY/Skill/CronCreate/git mutations/gh actions), I3 file types Read will never open (images, PDFs, .ipynb, Office docs, audio/video, archives, native binaries — multimodal injection prevention), I4 symlink-escape invariant applied to ALL reads, I5 200KB read cap, I6 filename / path safety (no shell metachar interpolation; never cd into SCAN_DIR), I7 subagent dispatch contract (every Phase-2 Explore agent receives a verbatim security preamble forbidding WebFetch / WebSearch / state-changing tools and constraining Bash to a tight allowlist), I8 WebFetch contract for Phase 4 (hardened prompt instructing the WebFetch sub-LLM to ignore page instructions; structured-field-only output validated against strict regexes), I9 --report-path validation (must end in .md, must not exist, must live inside ~/.claude/scans/ unless --report-path-allow-anywhere is also passed and the path is not a dotfile / system path). Phase 0d also recurses across nested .git/config files (submodules, vendored repos) and flags Mercurial .hg/hgrc [hooks] / [extensions] exec injection. Phase 4 allowlist tightened to (host, path-prefix) tuples — api.github.com is restricted to /advisories/ only; redirects are instructed not to be followed, but this remains a best-effort constraint due to WebFetch redirect opacity (see I8). Phase 2 Agent E mandates redaction so secret values never enter the report. Phase 5 report-quoting discipline strips ANSI escapes, redacts injection markers, and wraps every quoted snippet in <scanned-content> delimiters so a future Claude session reading the report cannot be hijacked by it. Phase 1g flags editor / IDE / devcontainer / direnv auto-run files; Phase 1h flags config-as-code (vite.config.ts, next.config.js, Rakefile, BUILD.bazel, etc.). Agent A obfuscation patterns extended to indirect-eval, char-code reconstruction, base64-prefixed URL detection, and PowerShell -EncodedCommand. Report includes a Known Limitations section. Report is written to ~/.claude/scans/{basename}-{date}.md outside the scanned tree by default
• do:depfree: persist audit decisions to ./docs/DEPS.md so repeat runs skip re-evaluation of unchanged dependencies. Phase 0e loads prior decisions, Phase 1b/1c carry forward KEPT_TIER1 / KEPT_AUDITED / SKIPPED_INFEASIBLE entries when package + major version + mode match, and Phase 4c rewrites the file with the merged decision set inside the worktree so it ships with the PR. Cache invalidates on major version bumps, heavy-mode runs after default-mode decisions, or manual deletion of an entry

Changed

• Review system: added 14+ new checklist items and broadened 4 existing ones based on patterns the previous review missed in production PR feedback. Biggest gaps filled: child-process spawn() lifecycle (error handler + proc.exitCode == null for liveness vs proc.killed flag, BUSY-guard release timing); sync-shaped route handlers wrapping async-by-design services; cross-module feature-flag detection drift (HTTPS enabled, OAuth scopes); cross-module error classification when wrappers rethrow with different name/code; compatibility-shim end-to-end response field plumbing (A1111 seed, OpenAI usage.tokens); stateful parser correctness (terminal-state validation, per-part state reset, streaming→buffered regression, errors-without-err.status becoming 500); allowlist namespace mismatches (pip names vs import names); persisted-state path traversal extending into exec arg strings (ffmpeg manifest single-quote / Windows backslash escaping); empty 200 responses masking server failure; late-connect SSE replay-on-connect; cache-of-negative-results without TTL; spawn env undefined → "undefined" coercion; HTML <button> default type="submit"; PowerShell $LASTEXITCODE propagation in fail-soft steps; outbound HTTP without per-request AbortController in setup/install/update scripts. Updates applied to lib/code-review-checklist.md (master), lib/review-surface-scan.md, lib/review-cross-file-tracing.md, lib/review-security-audit.md. Architecture remains balanced — no new agents needed

Fixed

Removed

Full Changelog

Full Diff: v2.11.0...v2.12.0

v2.11.0

Release v2.11.0

Released: 2026-04-26

Added

• do:pr-better: new command that runs the full do:better audit/remediation on the current branch, forces the "Commit directly" path so all fixes land on the current branch (no per-category branches/PRs), then hands off to do:pr to push and open a single PR with self-review and the Copilot review loop. Refuses incompatible flags (--scan-only, --no-merge) and refuses to run on the default branch. Wired into install.sh, commands/do/help.md, and the README commands table

Changed

• Copilot review loop: shortened wait windows now that Copilot responds faster. Parallel PR reviews (do:better) now use 3m / 2m / 90s / 60s / 45s per iteration (was 5m / 4m / 3m / 2m / 1m). Single-PR reviews (do:pr, do:release, do:rpr) now use min 2 min / max 10 min around the dynamic 2x-previous estimate (was min 5 min / max 20 min). Poll interval cut from 30s to 15s in lib/copilot-review-loop.md; do:rpr progressive poll intervals tightened from 15/15/30/30/60s to 10/10/15/15/30s
• do:review: expanded checklist and agent files with patterns learned from PR review feedback — async fire-and-forget rejections, persisted-data validation parity + authoritative flags, cross-module constant drift, duplicate ID handling, validation consistency across endpoints, ARIA roles requiring keyboard behavior, doc drift on paths/counts/response shapes, and several React-specific patterns (state invariant outside functional updater, useEffect self-dependency loops)
• do:review: added streaming-protocol lifecycle coverage (server disconnect handling, post-handshake error translation, paired-listener cleanup, write backpressure, mutually exclusive terminal events, client AbortController-by-stream-identity, partial-output preservation on error, wire-parser robustness for \r\n\r\n and EOF flush) plus generator/validator structural-invariant checks, optimistic-ID-echo guards, per-record settings persistence, deep-link sender/receiver contracts, persistence-layer validation independent of routes, cross-field schema range refinements, server-side locale/timezone non-determinism, CLI argv length limits, string-accumulation O(n²) in tight loops, required-at-use-time config null guards, network-failure translation at API client boundaries, conditional vs unconditional prompt composition, and no-op cleanup callback detection
• do:review: added install/setup-script discipline coverage — readiness probes that inspect output (not just exit code) with -X/--no-rcfile to ignore user config, setup scripts on hot paths gated by readiness checks to avoid recurring credential/privilege mutation, subprocess env propagation when the parent reads .env but the child only sees process.env, NaN guards for env-var numeric parsing (whitespace/inline-comment values), TTY/EOF safety for read prompts under set -e with full y/n validation, and structured-file section-header uniqueness
• CI: bumped softprops/action-gh-release from v2 to v3 (Dependabot #28)

Fixed

Removed

Full Changelog

Full Diff: v2.10.0...v2.11.0

v2.10.0

Release v2.10.0

Released: 2026-04-18

Added

• do:better-swift Agent 6 now audits SwiftUI Dynamic Type responsive-layout bugs: three-point test matrix (.large / .xxxLarge / .accessibility5), targeted .fixedSize(horizontal: false, vertical: true) for multi-line Text that truncates in constrained layouts, ScrollView wrapping for full-screen content, @ScaledMetric for spacing, ViewThatFits for HStacks, .dynamicTypeSize(...DynamicTypeSize.xxxLarge) caps for hero typography, and expanded preview coverage. Catches a common App Store rejection vector.

Changed

Fixed

Removed

Full Changelog

Full Diff: v2.9.0...v2.10.0

v2.9.0

Release v2.9.0

Released: 2026-04-07

Added

• lib/swift-gotchas.md — new Swift / iOS / macOS gotcha catalogue shipped with slashdo. 12 numbered entries documenting real-world failure modes (CKContainer eager-init crash, SwiftData missing inverse relationship, SwiftData CloudKit cross-Apple-ID sharing gap, iCloud ubiquity container silent failure, iCloud symlink content corruption, SwiftUI xcstrings localization, XcodeGen project generation, TestFlight upload validation, App Group provisioning auth failure, iOS first-IAP submission rejection, .foregroundStyle(.accentColor) compile failure, Keychain test failures). Each entry has TRIGGER / ROOT CAUSE / FIX / VERIFY sections so audit and remediation agents can apply verified fixes rather than improvise.

Changed

• commands/do/better-swift.md — wired the new gotcha catalogue into the audit and remediation pipeline:
  • Phase 0b now detects CloudKit, iCloud entitlements, Localization, StoreKit, CI release path, and CODE_SIGNING_ALLOWED=NO test config
  • Phase 0e records GOTCHA_ENTRIES_IN_SCOPE mapping detected characteristics to catalogue entry numbers
  • Phase 1 audit instructions now cat ~/.claude/lib/swift-gotchas.md to load the catalogue inline before launching agents
  • Agent 5 (Bugs) gained findings for catalogue entries #1-#4 with specific trigger patterns
  • Agent 6 (Platform) gained new "Localization & String Catalogs" subsection (#6), new "In-App Purchases & StoreKit" subsection (#10), expanded XcodeGen build-system gotchas (#7), TestFlight upload validation (#8), App Group provisioning (#9), iCloud symlink corruption (#5)
  • Agent 7 (Test Quality) now requires testModelContainerSchemaIsValid(), CloudKit lazy-init smoke tests, localization round-trip tests, and IAP product-loading tests when relevant project characteristics are present
  • Phase 3c remediation guardrails replaced with a "GOTCHA CATALOGUE — REQUIRED READING" block that lists all 12 entries and instructs remediation agents to apply fixes as written
  • Compaction guidance preserves GOTCHA_ENTRIES_IN_SCOPE across context resets
• install.sh and uninstall.sh — added swift-gotchas to the LIBS array so the new reference file is deployed to all four supported environments (Claude Code, OpenCode, Gemini CLI, Codex). Existing path-rewrite logic handles ~/.claude/lib/ → ~/.config/opencode/lib/ / ~/.gemini/lib/ translation automatically.

Fixed

Removed

Full Changelog

Full Diff: v2.8.1...v2.9.0

v2.8.1

Release v2.8.1

Released: 2026-04-04

Fixed

• do:release now fetches and pulls the latest target branch from origin before diffing, preventing stale release notes

Full Changelog

Full Diff: v2.8.0...v2.8.1

v2.8.0

Release v2.8.0

Released: 2026-04-02

Added

• Principle-first "Approach" section added to all three review agent mandates — agents are instructed to flag issues that violate engineering principles even when no checklist item names the pattern
• New checklist items: falsy/zero-value config defaults (|| clobbering 0/false/""), inconsistent function return types, per-field schema size limits for large payloads, UI elements disabled during async ops, optimistic UI vs actual payload divergence, SSE mid-stream error surface, SSE default/unnamed event handling, redundant upstream status probes, client/server validation limit alignment, sample/doc config key mismatches, config format validation at load time, URL joining base-path preservation, large data duplication in state, blob/object URL lifecycle cleanup, RAF cleanup on unmount, streaming reader try/finally discipline, structured error detail propagation, high-frequency effect throttling, wire protocol spec compliance
• New "Streaming & real-time protocols" section in Tier 3 of master checklist

Changed

• do:rpr sub-agents now default to sonnet model for cost efficiency
• do:review agents now dispatch with model: "opus" for better principle-based reasoning
• Accessible names checklist item broadened to cover labels lost in conditional/compact rendering modes
• Structured error detail propagation item added to existing "swallowed errors" bullet
• Resource management cleanup item expanded to cover RAF, blob URLs, and streaming readers

Fixed

Removed

Full Changelog

Full Diff: v2.7.0...v2.8.0

v2.7.0

Release v2.7.0

Released: 2026-03-30

Added

• Transitive dependency detection (Phase 1d) in /do:depfree — skips removal of packages that remain in the lock file as transitive deps of kept packages when the motivation is purely supply chain reduction. Consolidation removals (e.g., zustand→redux to unify state management) still proceed even if the package remains transitive
• Consolidation opportunity detection in Phase 1c — usage analysis now flags when a dependency overlaps in purpose with another kept dependency

Changed

Fixed

Removed

Full Changelog

Full Diff: v2.6.0...v2.7.0

v2.6.0

Release v2.6.0

Released: 2026-03-30

Added

• --heavy flag for /do:depfree — aggressive mode that narrows Tier 1 to foundational frameworks only, expands Tier 3 replacement targets, raises complexity ceiling to 300 lines, flips EVALUATE→REMOVE bias, and gives devDependencies equal audit priority

Changed

Fixed

Removed

Full Changelog

Full Diff: v2.5.0...v2.6.0

v2.5.0

Release v2.5.0

Released: 2026-03-30

Added

Changed

• rpr: check for existing Copilot review before requesting a new one (skip if unresolved threads exist, poll if pending)
• rpr: check CI status in parallel during review polling and fix failures before review completes

Fixed

Removed

Full Changelog

Full Diff: v2.4.0...v2.5.0