v0.19.7

Added

• Added agent-guardrails pro activate <license-key> as an OSS CLI bridge to the installed @agent-guardrails/pro package. OSS delegates activation when Pro is available and shows setup guidance when it is not.
• Added agent-guardrails pro workbench with --open and --json, so installed Pro users can create/open the local operator workbench from the OSS CLI.

Fixed

• Runtime summaries no longer say the guardrail check passed when a partial review result actually failed.
• Runtime risk summaries now tolerate partial review objects without crashing on missing scope issue arrays.

Notes

• OSS remains fully usable without Pro installed.
• Pro-specific behavior is not bundled in this package; OSS only exposes stable bridge commands and graceful upgrade guidance.

v0.19.6

Summary

This patch release closes the OSS 0.19.x line with Pro report visibility and robustness fixes for real Windows and local-server usage. It is most relevant for users running Pro alongside OSS, users with paths containing spaces or renames, and anyone exposing the local serve API during testing.

Highlights

• Added agent-guardrails pro report and agent-guardrails pro-report as display-only bridges to the optional Pro go-live report.
• Added top-level goLiveReport in check --json when an installed Pro package enriches the review.
• Hardened changed-file detection with NUL-delimited git parsing for deleted files, paths with spaces, and renames.
• Added bounded JSON request parsing in agent-guardrails serve.
• Added a trusted-network warning for non-loopback serve hosts.
• Consolidated serve error handling into shared ASCII-safe helpers.

Fixes

• Prevents quoted-path corruption in changed-file detection.
• Prevents oversized serve request bodies from buffering without a limit.
• Avoids duplicated local-server endpoint error paths and mojibake-prone error output.

Upgrade Notes

Update normally:

npm update -g agent-guardrails

OSS remains fully functional without Pro. Pro report logic still lives in @agent-guardrails/pro; OSS only renders the optional report when Pro is installed and licensed.

v0.19.5

Summary

v0.19.5 packages the post-v0.19.4 Pro visibility and Windows dogfood hardening work into a patch release for OSS users and paid Pro installs.

Highlights

• Adds Pro proof-memory cleanup preview/apply routing while keeping cleanup logic inside the installed Pro package.
• Surfaces more Pro-provided proof recipe, proof memory context, cleanup history, policy advice, paid-value, and first-value-path fields in OSS status and review output.
• Hardens Windows and agent workflows with BOM-tolerant JSON parsing, ASCII-safe review output, npx/.cmd command guidance, and Windows command evidence normalization.
• Fixes untracked-directory change detection so new guardrails evidence files can satisfy exact intended-file contracts.
• Clarifies semantic architecture docs as current OSS heuristics, planned Pro Local structured analysis, and future Pro Cloud LSP-backed analysis.

Upgrade notes

No migration is required. Install or update with npm: npm install -g agent-guardrails@0.19.5

v0.19.4

Summary

v0.19.4 ships the OSS Pro visibility bundle. OSS remains fully usable by itself, and when @agent-guardrails/pro is installed it now renders the deeper Pro proof plan and proof-memory guidance at the first layer users actually see.

Highlights

• check --json now exposes the installed Pro package's proofPlan at the top level when available.
• check --review now renders Pro learned proof evidence, learned proof scoring, proof workbench next actions, and prioritized proof-surface guidance when Pro provides them.
• agent-guardrails pro status now renders Pro proof memory summaries, reusable proof recipes, stale recipe warnings, proof recipe next actions, resolved proof closure summaries, reusable proof commands, reusable evidence paths, and proof memory health.
• OSS still does not compute or store paid Pro logic. It only renders stable optional fields from the installed Pro package.

Upgrade Notes

• Upgrade with npm install -g agent-guardrails@0.19.4 or use npx agent-guardrails@0.19.4.
• No breaking changes for OSS users.
• Pro visibility appears only when @agent-guardrails/pro is installed and returns those optional fields.

Verification

• npm test
• node ./tests/install-smoke.js
• npm pack --dry-run

v0.19.3

Summary

v0.19.3 makes the optional Pro status path more actionable from the OSS CLI. When @agent-guardrails/pro is installed, agent-guardrails pro status can now show the single next command a user should run to finish activation or start using Pro-enriched checks.

Highlights

• agent-guardrails pro status now renders Pro-provided activationFlow.nextAction when available.
• The status output can show the Pro primary command for machine-readable check enrichment, such as agent-guardrails check --json.
• README upgrade guidance now tells users that pro status verifies install state, license state, and the next Pro action.
• Project state and changelog now track 0.19.3 as the current OSS patch release.

Fixes

• No breaking fixes in this release.

Docs or workflow updates

• CHANGELOG.md, README.md, README.zh-CN.md, and docs/PROJECT_STATE.md were updated for the new Pro status guidance.
• npm package contents were rechecked. Internal docs are still excluded from the package.

Upgrade notes

Update with:

npm install -g agent-guardrails@0.19.3

Existing OSS usage is unchanged. Pro remains optional and degrades cleanly when @agent-guardrails/pro is not installed.

v0.19.2

v0.19.2

Summary

This patch release keeps OSS behavior unchanged for users who do not install @agent-guardrails/pro, but surfaces the Pro go-live verdict more prominently when Pro is present.

What changed

• agent-guardrails check now prints the Pro goLiveDecision verdict at the top of the CLI output when Pro is installed.
• JSON output now includes a top-level goLiveDecision field.
• Existing supporting signals remain available in review, runtime.nextActions, and deployHandoff.

User impact

• OSS-only users see no behavior change.
• Pro-enabled users get a faster first-pass answer on whether the current AI-generated change is ready to go live.

Validation

• npm test
• npm pack --dry-run

v0.19.1

v0.19.1

Release date: 2026-04-10
Status: Ready

Summary

This patch release hardens the OSS release path and fixes a CLI lifecycle bug that could cause short-lived commands to hang.

It is most relevant for users who:

• install agent-guardrails from npm
• rely on install-smoke or release validation
• use CLI commands like help, init, and setup in automation or smoke tests

Highlights

• Fixed a process-lifecycle bug where short-lived CLI commands could hang because an imported chat session cleanup timer kept the process alive.
• Restored reliable completion for node ./tests/install-smoke.js.
• Restored reliable completion for the full npm test suite.
• Added a canonical OSS release process covering GitHub release flow, npm publish flow, release notes, and required doc updates.
• Locked release ownership rules to the logi-cmd GitHub and npm identities.

Fixes

CLI process lifecycle

• lib/chat/session.js now unref()s the periodic session cleanup timer.
• This prevents help and other short-lived CLI commands from hanging after output is complete.

Release validation reliability

• install-smoke now completes reliably again.
• The full OSS test suite now completes reliably again under the current local release-validation flow.

Release operations and packaging

• Added docs/RELEASE_PROCESS.md as the canonical OSS release operations doc.
• Confirmed that non-essential docs are not included in the npm tarball through npm pack --dry-run.
• Updated package metadata to reflect logi-cmd ownership and public npm publishing intent.

Documentation updates

• Added canonical build-doc structure through:
  • docs/DOCUMENTATION_INDEX.md
  • docs/PRODUCT_BLUEPRINT.md
  • docs/TECHNICAL_SPEC.md
  • docs/PRO_LOCAL_SPEC.md
  • docs/IMPLEMENTATION_PLAN.md
  • docs/ACCEPTANCE_CRITERIA.md
  • docs/RELEASE_PROCESS.md
• Updated README.md to link the release process.

Upgrade notes

• No config migration is required for OSS users.
• No package-name change is required.
• No new npm package is introduced in this patch release.

Validation checklist

Expected before release:

• npm test
• node ./tests/install-smoke.js
• npm pack --dry-run

Optional if release-sensitive behavior changed:

• npm run benchmark

v0.19.0: Quality Audit Fixes

What's Fixed

P0 (Security + Correctness)

• .gitignore auto-fix had typo - daemon.log was not being ignored
• Replaced unsafe new Function() with node --check for JS syntax validation
• Replaced exec() with execFileSync() to eliminate shell injection surface
• Deleted dead code getSuggestableIssues()

P1 (Code Quality)

• Extracted toBoolean() and getParentScope() to utils.js (eliminated 5 duplicates)
• secrets-safety detector now scans ALL files instead of stopping at first match
• Migrated ~20 hardcoded strings in printTextResult() to i18n system

P2 (Coverage + Docs)

• Registered auto-fix.test.js in test runner
• Added generate-agents to README CLI Reference tables

All 17 test suites pass including auto-fix and release.

Full Changelog: v0.18.1...v0.19.0

v0.18.1: Complete OSS Navigation Features

What's New

Warning Recovery Guidance

Warnings now get actionable fix suggestions with 9 new recovery templates covering file budget, breadth, config changes, unsafe patterns, sensitive files, large changes, scope, and continuity.

Suppress/Acknowledge Hints

Findings that can be suppressed now show how. New skipKey field on findings. CLI shows suppress command hint for suppressable error findings. New skip keys: breadth and big-bang.

Big Bang Warning

New consolidated detector for massive changes. Fires when change exceeds 15 files + 3 top-level directories + 300 added lines. Suggests splitting into focused tasks.

Scope Expansion Guidance

When scope violations are detected, nextActions now includes how to expand scope or acknowledge.

Unified Verdict System

result.verdict now uses scoreVerdict enum values instead of the generic Safe to review default. Pass with concerns and Needs attention replace the uninformative default.

i18n

15 new translation keys in both English and Chinese.

Full Changelog: v0.18.0...v0.18.1

v0.18.0: Check UX Overhaul + Graduated Scope Enforcement

What's New

Check Output UX Overhaul

The post-check output is completely restructured for clarity and actionability:

• Score bar at the top: Trust score with visual bar and verdict embedded
• Verdict-aware summary: Immediate error/warning/pass feedback with actionable guidance
• Next Actions prioritized: Numbered actions right after the verdict
• Collapsed details: File counts, task contract info in compact format
• Cost awareness: Change size estimate and fix token cost estimate
• Verdict-aware closing: Replaces generic pass/fail messages

Graduated Scope Enforcement

Scope violations are now configurable instead of always being hard errors:

• Configurable severity: checks.scope.violationSeverity (default: error, can be warning)
• Violation budget: checks.scope.violationBudget (default: 5 files) for minor overflow tolerance
• Acknowledged-skips: Scope category now supports acknowledged-skip pattern
• Soft warning for minor slips: Small scope violations get graduated threshold treatment
• i18n: New finding and action strings in both English and Chinese

Bug Fixes (v0.17.1 included)

• Fixed scoring.js weights bug (functional: weights parameter was accepted but ignored)
• Fixed i18n English locale (4 strings were Chinese in English locale)
• CLI help i18n for generate-agents command

Preset Updates

All 6 presets now include scope configuration:

• node-service, nextjs, monorepo, generic, static-frontend, python-fastapi

Full Changelog: v0.17.0...v0.18.0