dw-kit 1.8.0-rc.2 → 1.9.0

package/.dw/core/schemas/events/stopped.schema.json

@@ -0,0 +1,33 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://github.com/dv-workflow/dv-workflow/schemas/events/stopped.schema.json",
+  "title": "DW Event: stopped",
+  "description": "Category: session-lifecycle. See docs/specs/dw-event-schema-v1.0.md §5 for narrative.",
+  "type": "object",
+  "properties": {
+    "ts": {
+      "type": "string",
+      "format": "date-time",
+      "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d+)?Z$",
+      "description": "ISO 8601 UTC timestamp (envelope, set by writer)"
+    },
+    "event": {
+      "type": "string",
+      "const": "stopped",
+      "description": "Event name (envelope)"
+    },
+    "signal": {
+      "type": "string"
+    },
+    "by": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "ts",
+    "event",
+    "signal",
+    "by"
+  ],
+  "additionalProperties": true
+}

package/.dw/core/schemas/goal-frontmatter.schema.json

@@ -73,12 +73,12 @@
     "icon": {
       "type": ["string", "null"],
       "maxLength": 8,
-      "description": "Optional emoji/icon for visual differentiation in portfolio cards (bigokr borrow)."
+      "description": "Optional emoji/icon for visual differentiation in portfolio cards."
     },
     "cycle": {
       "type": ["string", "null"],
       "maxLength": 32,
-      "description": "Optional temporal grouping label e.g. 'Q1 2026', 'v1.7-cycle', '2026 H1' (bigokr borrow). Portfolio groups goals by cycle."
+      "description": "Optional temporal grouping label e.g. 'Q1 2026', 'v1.7-cycle', '2026 H1'. Portfolio groups goals by cycle."
     }
   }
 }

package/.dw/core/schemas/task-frontmatter.schema.json

@@ -67,8 +67,8 @@
     },
     "schema_version": {
       "type": "string",
-      "enum": ["v3.0", "v3.1"],
-      "description": "Frontmatter schema version. v3.1 adds optional parent_goal_id, contributing_goal_ids, summary per ADR-0010."
+      "enum": ["task@v3.0", "task@v3.1", "v3.0", "v3.1"],
+      "description": "Frontmatter schema version. Canonical form is namespaced (task@v3.0/task@v3.1) to match the repo-wide @v convention (goal@v1, tasks-index@v1); bare v3.0/v3.1 stay valid for back-compat. v3.1 adds optional parent_goal_id, contributing_goal_ids, summary per ADR-0010 (#22)."
     },
     "blockers": {
       "type": "string",

package/.dw/core/templates/v3/task.md

@@ -8,7 +8,7 @@ owner: {name}
 depth: quick | standard | thorough
 related_adr: {ADR-NNNN | none}
 target_ship: {milestone or TBD}
-schema_version: v3.0
+schema_version: task@v3.0
 blockers: none
 ---
 
@@ -79,12 +79,32 @@ genuinely changes.
 
 - {Explicit exclusions — prevents scope creep}
 
-### Success Criteria
+### Functional Acceptance (handoff scenarios)
 
-Measurable outcomes (not vibes):
+<!--
+Feature behaviour in business / user language — readable by PM/BA/QC WITHOUT code
+(no API/file/variable names). This is the cross-role handoff contract, NOT a full
+test plan (`/dw:test-plan` expands it into QC cases). Per-component acceptance
+lives with each subtask; this is the feature-level scenario layer.
+-->
+
+- [ ] {User-visible scenario, e.g., "User resets password and gets a confirmation email"}
+- [ ] {Error / edge scenario, e.g., "Expired reset link shows a clear retry prompt"}
+- [ ] {Measurable gate where relevant, e.g., "p95 latency <100ms"}
 
-- [ ] {Numeric threshold, e.g., "p95 latency <100ms"}
-- [ ] {Binary gate, e.g., "passes smoke test"}
+### Definition of Done (role lens)
+
+<!--
+Plain-language sign-off anchored to the outcome. Roles absent from `team.roles`
+sign by proxy / degrade gracefully. These are `- [ ]` checkboxes (NOT status
+markers — those live only in Section 3).
+-->
+
+- [ ] 🎯 **Goal** — result advances the linked goal's KR (update the goal)
+- [ ] 📋 **BA** — matches the business expectation
+- [ ] ✅ **QC** — handoff scenarios pass, incl. error cases + no regression
+- [ ] 🛠 **TL** — approach/code sound, no new tech debt, automated checks pass
+- [ ] 🤝 **Handoff** — docs sufficient + changes merged
 
 ### Dependencies
 
@@ -102,12 +122,21 @@ Measurable outcomes (not vibes):
 <!--
 SINGLE SOURCE OF TRUTH for subtask status. This is the only section where
 status markers (⬜🟡✅🔴⏸) are allowed.
+
+Section 2 ("Subtasks (in scope)") and this tracker are deliberately separate:
+§2 owns the stable INTENT (name + actions + acceptance), this table owns the
+churning STATUS. They are NOT merged — that separation is what keeps status in
+exactly one place (drift-prevention). The Subtask name is restated here as a
+short label only.
+
+`Est` is an optional effort estimate (hours / story-points / t-shirt per
+`estimation_unit`); leave `—` if unused. See `/dw:estimate`.
 -->
 
-| # | Subtask | Status | Date | Notes |
-|---|---------|--------|------|-------|
-| ST-1 | ... | ⬜ Pending | — | |
-| ST-2 | ... | ⬜ Pending | — | |
+| # | Subtask | Status | Date | Notes | Est |
+|---|---------|--------|------|-------|-----|
+| ST-1 | ... | ⬜ Pending | — | | — |
+| ST-2 | ... | ⬜ Pending | — | | — |
 
 Status legend: ⬜ Pending · 🟡 In Progress · ✅ Done · 🔴 Blocked · ⏸ Paused
 

package/.dw/security/advisory-snapshot.json

@@ -0,0 +1,157 @@
+{
+  "schema_version": "1.0",
+  "fetched_at": "2026-05-12T09:57:47.323Z",
+  "source": "osv.dev",
+  "ecosystem": "npm",
+  "package_count": 13,
+  "advisory_count": 2,
+  "advisories": [
+    {
+      "id": "GHSA-q3j6-qgpj-74h6",
+      "summary": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
+      "details": "### Impact\n\n`fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes encoded path data behave like real `/` and `..`, so distinct URIs collapse onto the same normalized path.\n\nFor example, `http://example.com/public/%2e%2e/admin` normalizes to `http://example.com/admin`, and `equal()` considers them the same URI.\n\nApplications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed. A path that looks confined under an allowed prefix can normalize to a different location.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.1.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6321"
+      ],
+      "modified": "2026-05-09T16:44:22.524341929Z",
+      "published": "2026-05-08T17:15:09Z",
+      "related": [
+        "CGA-9j5f-2hwm-8hfc"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-22"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T17:15:09Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-04T20:16:20Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.1"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-q3j6-qgpj-74h6/GHSA-q3j6-qgpj-74h6.json",
+            "last_known_affected_version_range": "<= 3.1.0"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    },
+    {
+      "id": "GHSA-v39h-62p7-jpjc",
+      "summary": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
+      "details": "### Impact\n\n`fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host.\n\nFor example, `http://trusted.com%40evil.com/` normalizes to `http://trusted.com@evil.com/`, which reparses as host `evil.com` with userinfo `trusted.com`.\n\nApplications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the original URL appeared to contain.\n\n### Patches\n\nUpgrade to `fast-uri` >= 3.1.2.\n\n### Workarounds\n\nNone. Upgrade to the patched version.",
+      "aliases": [
+        "CVE-2026-6322"
+      ],
+      "modified": "2026-05-10T04:44:28.903255090Z",
+      "published": "2026-05-08T19:13:01Z",
+      "related": [
+        "CGA-5vr9-c8qr-fqvg"
+      ],
+      "database_specific": {
+        "cwe_ids": [
+          "CWE-436"
+        ],
+        "github_reviewed": true,
+        "github_reviewed_at": "2026-05-08T19:13:01Z",
+        "severity": "HIGH",
+        "nvd_published_at": "2026-05-05T11:16:33Z"
+      },
+      "references": [
+        {
+          "type": "WEB",
+          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
+        },
+        {
+          "type": "ADVISORY",
+          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
+        },
+        {
+          "type": "WEB",
+          "url": "https://cna.openjsf.org/security-advisories.html"
+        },
+        {
+          "type": "PACKAGE",
+          "url": "https://github.com/fastify/fast-uri"
+        }
+      ],
+      "affected": [
+        {
+          "package": {
+            "name": "fast-uri",
+            "ecosystem": "npm",
+            "purl": "pkg:npm/fast-uri"
+          },
+          "ranges": [
+            {
+              "type": "SEMVER",
+              "events": [
+                {
+                  "introduced": "0"
+                },
+                {
+                  "fixed": "3.1.2"
+                }
+              ]
+            }
+          ],
+          "database_specific": {
+            "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-v39h-62p7-jpjc/GHSA-v39h-62p7-jpjc.json",
+            "last_known_affected_version_range": "<= 3.1.1"
+          }
+        }
+      ],
+      "schema_version": "1.7.5",
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+        }
+      ]
+    }
+  ],
+  "snapshot_sha": "sha256:0b6ca61019fb234c"
+}

package/LICENSE

@@ -1,21 +1,201 @@
-MIT License
-
-Copyright (c) 2026 huygdv
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for describing the origin of the Work and
+      reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may accept and charge a
+      fee for acceptance of support, warranty, indemnity, or other liability
+      obligations and/or rights consistent with this License. However, in
+      accepting such obligations, You may act only on Your own behalf
+      and on Your sole responsibility, not on behalf of any other
+      Contributor, and only if You agree to indemnify, defend, and hold
+      each Contributor harmless for any liability incurred by, or claims
+      asserted against, such Contributor by reason of your accepting any
+      such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Đặng Huy (huygdv) <huygdv19@gmail.com>
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied. See the License for the specific language governing permissions
+   and limitations under the License.

package/NOTICE

@@ -0,0 +1,26 @@
+dw-kit
+Copyright 2026 Đặng Huy (huygdv) <huygdv19@gmail.com>
+
+This product includes software developed by Đặng Huy and contributors
+to the dw-kit project (https://github.com/dv-workflow/dv-workflow).
+
+Licensed under the Apache License, Version 2.0 (the "License").
+You may not use this file except in compliance with the License. You may
+obtain a copy of the License at:
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Project history:
+  Versions 0.x through 1.7.x were distributed under the MIT License.
+  Starting from the relicense commit (2026-05-26), all subsequent
+  contributions and releases are licensed under Apache License 2.0.
+  Prior MIT-licensed releases remain available under MIT terms; new
+  releases supersede them under Apache 2.0. Contributors before the
+  relicense are the same individual as the copyright holder; no third-
+  party contributions required relicensing consent.
+
+Names and trademarks:
+  "dw", "dw-kit", and "dw Platform" are trademarks of the copyright
+  holder. See TRADEMARK.md for permitted and non-permitted uses. The
+  Apache License does not grant rights to use these trademarks beyond
+  fair descriptive reference (Apache 2.0 §6).

package/README.md

@@ -2,7 +2,7 @@
 
 > An AI development workflow toolkit for teams using agentic IDEs (Claude Code, Cursor) — from idea to review-ready commits.
 
-**v1.3.6** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
+**v1.9.0** · `npm install -g dw-kit` · [Docs](docs/README.md) · [Get started](docs/get-started.md) · [Cheatsheet](docs/cheatsheet.md) · [Migration v1.3](MIGRATION-v1.3.md) · [Changelog](CHANGELOG.md)
 
 ---
 
@@ -36,7 +36,10 @@ It’s designed for collaboration (Dev / Tech Lead / QA / PM) and keeps work aud
 
 ## Release notes
 
-- **v1.6.0-rc.1 (current)** — **Agent OS Multi-Agent Orchestration** ([ADR-0009](.dw/decisions/0009-agent-os-multi-agent-orchestration.md)): file-based cooperative protocol for Claude Code / Codex / Gemini / human agents to work from same `task.md` without conflict. 6-command CLI `dw agent *` (claim / release / expire / claims / reports / conflicts). Dual ownership model: `subtasks` (semantic) + `write_scope` (filesystem). Lifecycle states + lease (wall+relative) per Round 2. Audit trail via committed `reports/` + `events.jsonl`; claims gitignored ephemeral. Trust = cooperative, post-hoc conflict detection.
+- **v1.9.0 (current, stable)** — substrate-complete for the realtime voice-orchestration Root Goal: persistent CLI-agent sessions, Telegram bridge, multi-workspace registry, browser voice MVP + orchestrator action-execution, multi-agent live debate, and the **DW Event/Document schema + adapter protocol** ([ADR-0011](.dw/decisions/0011-session-runtime-voice-orchestrator.md)/[0014](.dw/decisions/0014-orchestrator-action-execution.md)/[0015](.dw/decisions/0015-multi-agent-live-debate.md)/[0016](.dw/decisions/0016-dw-goal-outcome-pursuit-loop.md)/[0017](.dw/decisions/0017-dw-document-schema-index.md)). Plus team-dogfood fixes: `dw goal status` (#20), deterministic index writers (#21), `task@v3.x` schema_version converge (#22), v3 template Functional Acceptance + role-lens DoD + Est (#24).
+- **v1.8.0** — remote-agent-first substrate: `dw session *`, `dw connector telegram`, `dw workspace *`, `dw voice` (bilingual en+vi, hybrid orchestrator, action-execution with voice confirm).
+- **v1.7.0** — **Goals Layer (OKR-inspired)** ([ADR-0010](.dw/decisions/0010-goals-management-layer.md)): strategic layer above tasks — `dw goal *`, `goals-index@v1`, bidirectional task↔goal linking, portfolio + HTML view.
+- **v1.6.0** — **Agent OS Multi-Agent Orchestration** ([ADR-0009](.dw/decisions/0009-agent-os-multi-agent-orchestration.md)): file-based cooperative protocol for Claude Code / Codex / Gemini / human agents to work from same `task.md` without conflict. 6-command CLI `dw agent *` (claim / release / expire / claims / reports / conflicts). Dual ownership model: `subtasks` (semantic) + `write_scope` (filesystem). Audit trail via committed `reports/` + `events.jsonl`; claims gitignored ephemeral.
 - **v1.5.0 — Task Docs v3** ([ADR-0008](.dw/decisions/0008-task-docs-format-one-file-timeline.md)): single-file `task.md` replaces v2 `spec.md` + `tracking.md` (drift fixed structurally). 8-command CLI `dw task *` (show / new / view / watch / render / lint / migrate / rotate). Lean HTML dashboard for human dev orchestrator (~10KB, scan-in-5-seconds) + bounded SVG sidecar via `dw-kit-render` v0.2. Live preview server with auto-refresh. Migration script with `--dry-run`, `--diff`, `--rollback`. Lint strict-default blocks drift markers. See [`MIGRATION-v1.5.md`](MIGRATION-v1.5.md).
 - **v1.4 (in progress)** — Optional **Review Render Pipeline** ([ADR-0007](.dw/decisions/0007-decoupled-review-render-pipeline.md)): `/dw:review --visual` plus a separate `dw-kit-render` package turn findings into SVG + PNG cards for PR comments / Slack / stakeholders. Pure JS + WASM, universal `npm install`, no system deps. See [`docs/review-renderer.md`](docs/review-renderer.md).
 - **v1.3.6** (2026-05-14) — Supply-Chain Guard upgraded to 3-pillar architecture: OSV snapshot + curated IoC fixture (version-aware, wired into default scan) + **AI-Native NEW-package heuristic** that catches zero-day-ish risk at the AI-edit boundary. See [`CHANGELOG.md#v136--2026-05-14`](CHANGELOG.md#v136--2026-05-14) and [ADR-0006](.dw/decisions/0006-supply-chain-guard-heuristic.md).

package/SECURITY.md

@@ -0,0 +1,87 @@
+# Security Policy
+
+## Supported versions
+
+dw-kit is in active pre-1.0 development. Only the most recent minor version line receives security fixes.
+
+| Version line | Supported |
+|---|---|
+| 1.8.x | ✅ Active — fixes shipped as patches and `@rc` releases |
+| 1.7.x | ⚠️ Critical fixes only, on request |
+| ≤ 1.6.x | ❌ Not supported — upgrade to 1.8.x |
+
+`@rc` and `@latest` npm dist-tags reflect current state; pin a specific version for production.
+
+## Reporting a vulnerability
+
+**Do NOT file a public GitHub issue for security reports.** Public disclosure before a fix is shipped puts every user at risk.
+
+Send a report to: **huygdv19@gmail.com**
+
+Subject line: `[dw-kit security] <short description>`
+
+Include:
+
+- Affected version(s) — output of `dw --version`
+- Reproduction steps or proof-of-concept (minimal, no live exploitation against third parties)
+- Impact assessment — what an attacker can achieve
+- Suggested fix if you have one
+- Whether you want public credit in the advisory (optional)
+
+If you do not get a reply within **72 hours**, please re-send. Mail filtering occasionally drops legitimate reports.
+
+## What counts as a security issue
+
+In scope (high priority):
+
+- Credential or token leakage — secrets ending up in logs, git history, telemetry, or events-global.jsonl
+- Path traversal in any `dw` command that takes a user-controlled path or session id
+- Command injection via voice transcript, chat connector message, or agent reply
+- Auth bypass on the voice HTTP server (`X-Voice-Token` / `?t=` query param)
+- SSE / event stream leakage across tokens or workspaces
+- TLS cert generation defects that produce weak keys or expose private keys
+- Remote code execution via crafted `agents.yml` / `dw.config.yml` content
+- Privilege escalation through spawn helpers (Win32 PATHEXT, .cmd shell quoting)
+- Dependency CVEs in any direct dependency listed in `package.json#dependencies`
+
+Out of scope:
+
+- Issues that require local file system access (the user already trusts the local machine)
+- Denial of service against a `dw voice` server bound to localhost
+- Social engineering or phishing against project maintainers
+- Findings against forks or third-party redistributions (report those to their maintainers)
+- Vulnerabilities in agent CLIs (`claude`, `codex`, `gemini`) — report those upstream to Anthropic / OpenAI / Google
+
+## Response process
+
+1. **Acknowledgement** within 72 hours (often within 24)
+2. **Triage** within 7 days — severity assessed using CVSS 3.1
+3. **Fix development** — depending on severity, 1 day (Critical) to 30 days (Low)
+4. **Coordinated disclosure** — a private fix branch, then a coordinated release with a security advisory on GitHub
+5. **Public advisory** — GitHub Security Advisory + CHANGELOG.md entry + npm advisory if applicable
+
+Embargo periods are negotiated case-by-case. Default: 30 days from confirmed vulnerability to public disclosure, or fix release, whichever comes first.
+
+## Hardening defaults dw-kit ships
+
+For context — these are already implemented and should be preserved by contributors:
+
+- `.gitignore` excludes `.env`, `.dw/cache/`, `.dw/events-global.jsonl`, `connectors.local.yml`, telemetry files
+- Voice + Telegram connectors require an explicit token (no anonymous access)
+- `connectors.local.yml` is written with mode `0600` and never echoed back via CLI
+- `redactConfig()` masks tokens in any diagnostic output
+- Session IDs validated against `SESSION_ID_PATTERN` to block path traversal
+- Workspace paths validated by `validateWorkspacePath()` before spawn
+- Spawn helpers route `.cmd` files via cmd.exe shell with conservative quoting (zero user content in args by default — user content goes via stdin per `goal_mode: stdin`)
+- Pre-commit hooks (`privacy-block`, `pre-commit-gate`) block obvious secret patterns from being committed
+
+## Credit
+
+Researchers who report valid issues will be credited in the GitHub Security Advisory and `CHANGELOG.md` unless they request anonymity. No bug bounty program exists at this stage — that may change once dw-kit has a commercial layer.
+
+## Contact
+
+- Security: huygdv19@gmail.com
+- Maintainer: huygdv <huygdv19@gmail.com>
+
+Last updated: 2026-05-26