nativesoul 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/README.md +3 -1
- package/dist/package.json +1 -1
- package/dist/packages/cli/src/index.js +208 -158
- package/dist/packages/mcp-server/src/index.js +98 -60
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -15,6 +15,42 @@ product after ADR-045; there is no Free/Pro split.
|
|
|
15
15
|
### Product
|
|
16
16
|
- _Nothing yet._
|
|
17
17
|
|
|
18
|
+
## [1.1.0] — 2026-07-07
|
|
19
|
+
|
|
20
|
+
Additive feature release (EPIC-026 — Onboarding v2 + dev-environment context).
|
|
21
|
+
Backward-compatible: no breaking CLI/MCP/schema changes, so this is a free
|
|
22
|
+
update within your 12-month window (ADR-043 §3). `dependencies: {}` preserved;
|
|
23
|
+
still local-first, no telemetry, nothing uploaded.
|
|
24
|
+
|
|
25
|
+
### Product
|
|
26
|
+
- **`nativesoul scan`** — an optional, read-only, local scan of your current
|
|
27
|
+
project (or `nativesoul scan <path>`). Dry-run by default; it proposes
|
|
28
|
+
engineering preferences for `USER.md`, tool conventions for `TOOLS.md`, and
|
|
29
|
+
candidate memories from your metadata, README, and structure. It never reads
|
|
30
|
+
secrets or source content (denylist-before-read), makes no network calls, and
|
|
31
|
+
writes only under `~/.nativesoul/` after you confirm — each write policy-gated
|
|
32
|
+
and audited. SOUL.md/POLICY.md are never touched.
|
|
33
|
+
- **Guided onboarding v2** — the host AI now proactively opens a warm identity
|
|
34
|
+
interview on first run, with per-theme guidance and a dry-run → confirm →
|
|
35
|
+
apply flow (SOUL.md still requires explicit confirmation). After identity, it
|
|
36
|
+
offers the optional heartbeat and dev-environment scan with clear consent;
|
|
37
|
+
hosts without a native scheduler (Grok/Gemini) are handled honestly.
|
|
38
|
+
- **Every workspace file now has a wired function** — `TOOLS.md` is consulted
|
|
39
|
+
before tool work, `MEMORY.md` is a live managed-block mirror of your curated
|
|
40
|
+
memory (SQLite source), and `HEARTBEAT.md` is a checklist surfaced on a
|
|
41
|
+
heartbeat run. No inert files.
|
|
42
|
+
- **Region-neutral defaults** — new workspaces default to a host-detected/UTC
|
|
43
|
+
timezone and English recall keywords (was BR-specific).
|
|
44
|
+
- **Detailed workspace docs** — `reference/workspace.mdx` now explains each file
|
|
45
|
+
in depth (purpose, who writes it, how it's used, protections, example).
|
|
46
|
+
|
|
47
|
+
### Fixed
|
|
48
|
+
- **Claude hot-scan robustness** — the capability hot scan (`claude mcp list` /
|
|
49
|
+
`plugin list`) now allows 5s (was 1.2s) before giving up. A missing CLI still
|
|
50
|
+
fails fast; the longer ceiling only applies when the CLI exists but is slow
|
|
51
|
+
(cold start on a busy machine), preventing a spurious "degraded" capability
|
|
52
|
+
scan under load.
|
|
53
|
+
|
|
18
54
|
## [1.0.0] — 2026-07-06
|
|
19
55
|
|
|
20
56
|
First stable major. NativeSoul now commits to SemVer stability on its CLI, MCP,
|
package/README.md
CHANGED
|
@@ -351,7 +351,9 @@ npm run release:security:audit # lint + typecheck + policy + tests + build + s
|
|
|
351
351
|
npm run release:provenance:dry-run
|
|
352
352
|
```
|
|
353
353
|
|
|
354
|
-
|
|
354
|
+
**Continuous integration:** CI runs on **CircleCI** (`.circleci/config.yml`) — the full quality gate (lint, typecheck, policy, build, non-e2e suite) on **Linux, Windows, and macOS**, plus the e2e suite and the site build. A dynamic-config setup job inspects the changed paths on each push and only runs what's relevant — **docs-only pushes skip the build entirely** (no Linux/Windows/macOS spin-up); `site/` changes run the site build; code/tooling changes run the full 3-OS gate. The GitHub Actions workflows under `.github/workflows/` are kept for reference but set to manual-only (`workflow_dispatch`) while Actions billing is unavailable.
|
|
355
|
+
|
|
356
|
+
`nativesoul@1.0.0` (first stable major) has been published to npm on the `beta` and `latest` channels. Future publish/dist-tag operations remain @devops-only (see [`docs/guides/npm-beta-release-rollback.md`](docs/guides/npm-beta-release-rollback.md)). The security audit does not read npm tokens, sign with real keys, or claim public SLSA/registry attestation.
|
|
355
357
|
|
|
356
358
|
---
|
|
357
359
|
|