sinapse-ai 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (94) hide show
  1. package/.claude/rules/mandatory-delegation.md +1 -1
  2. package/.codex/delegation-matrix.json +4 -3
  3. package/.codex/delegation-parity.json +4 -3
  4. package/.codex/instructions.md +2 -2
  5. package/.sinapse-ai/constitution.md +2 -2
  6. package/.sinapse-ai/core/doctor/checks/git-hooks.js +76 -10
  7. package/.sinapse-ai/core/execution/subagent-dispatcher.js +1 -1
  8. package/.sinapse-ai/core/synapse/engine.js +15 -0
  9. package/.sinapse-ai/data/entity-registry.yaml +13 -13
  10. package/.sinapse-ai/development/agents/snps-orqx.md +4 -4
  11. package/.sinapse-ai/git-hooks/lib/secret-scanner-core.js +76 -4
  12. package/.sinapse-ai/git-hooks/pre-push +7 -1
  13. package/.sinapse-ai/install-manifest.yaml +9 -9
  14. package/AGENTS.md +4 -4
  15. package/CHANGELOG.md +1257 -0
  16. package/README.en.md +4 -3
  17. package/README.md +5 -6
  18. package/bin/commands/install.js +6 -3
  19. package/bin/commands/uninstall.js +2 -2
  20. package/bin/sinapse.js +20 -0
  21. package/bin/utils/secret-scanner-core.js +76 -4
  22. package/docs/agent-reference-guide.md +1 -1
  23. package/docs/framework/architecture-overview.md +4 -4
  24. package/docs/framework/guiding-principles.md +9 -9
  25. package/docs/getting-started.md +1 -1
  26. package/docs/guides/agent-reference.md +1 -1
  27. package/docs/guides/codex-config.md +4 -5
  28. package/docs/pt/architecture/sub-orqx-pattern.md +20 -18
  29. package/package.json +8 -2
  30. package/packages/installer/src/installer/git-hooks-installer.js +3 -1
  31. package/packages/installer/src/installer/sinapse-ai-installer.js +32 -7
  32. package/packages/installer/src/wizard/ide-config-generator.js +9 -1
  33. package/packages/installer/src/wizard/index.js +3 -4
  34. package/scripts/regenerate-orqx-stubs.ps1 +0 -1
  35. package/scripts/sync-counts.js +10 -2
  36. package/scripts/sync-squad-yaml-components.js +108 -6
  37. package/scripts/validate-article-vii.js +68 -7
  38. package/scripts/validate-squad-orqx.js +19 -9
  39. package/sinapse/agents/sinapse-orqx.md +4 -4
  40. package/sinapse/agents/snps-orqx.md +4 -4
  41. package/sinapse/knowledge-base/routing-catalog.md +1 -1
  42. package/sinapse/tasks/diagnose-and-route.md +1 -1
  43. package/sinapse/tasks/squad-status-report.md +1 -1
  44. package/squads/claude-code-mastery/agents/claude-mastery-chief.md +1 -1
  45. package/squads/claude-code-mastery/agents/hooks-architect.md +60 -68
  46. package/squads/claude-code-mastery/knowledge-base/swarm-orchestration-patterns.md +1 -1
  47. package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
  48. package/squads/claude-code-mastery/workflows/optimization-cycle.yaml +4 -4
  49. package/squads/claude-code-mastery/workflows/project-setup-cycle.yaml +4 -4
  50. package/squads/squad-animations/README.md +1 -1
  51. package/squads/squad-cloning/README.md +1 -1
  52. package/squads/squad-commercial/README.md +1 -1
  53. package/squads/squad-content/README.md +1 -1
  54. package/squads/squad-copy/README.md +1 -1
  55. package/squads/squad-council/README.md +1 -1
  56. package/squads/squad-courses/README.md +1 -1
  57. package/squads/squad-cybersecurity/README.md +1 -1
  58. package/squads/squad-design/README.md +1 -1
  59. package/squads/squad-finance/README.md +1 -1
  60. package/squads/squad-growth/README.md +1 -1
  61. package/squads/squad-paidmedia/README.md +1 -1
  62. package/squads/squad-product/README.md +1 -1
  63. package/squads/squad-research/README.md +1 -1
  64. package/squads/squad-storytelling/README.md +1 -1
  65. package/.sinapse-ai/core/memory/__tests__/active-modules.verify.js +0 -265
  66. package/.sinapse-ai/core/permissions/__tests__/permission-mode.test.js +0 -293
  67. package/.sinapse-ai/infrastructure/tests/project-status-loader.test.js +0 -569
  68. package/.sinapse-ai/infrastructure/tests/regression-suite-v2.md +0 -622
  69. package/.sinapse-ai/infrastructure/tests/validate-module.js +0 -98
  70. package/.sinapse-ai/infrastructure/tests/worktree-manager.test.js +0 -620
  71. package/.sinapse-ai/workflow-intelligence/__tests__/confidence-scorer.test.js +0 -335
  72. package/.sinapse-ai/workflow-intelligence/__tests__/integration.test.js +0 -340
  73. package/.sinapse-ai/workflow-intelligence/__tests__/suggestion-engine.test.js +0 -438
  74. package/.sinapse-ai/workflow-intelligence/__tests__/wave-analyzer.test.js +0 -448
  75. package/.sinapse-ai/workflow-intelligence/__tests__/workflow-registry.test.js +0 -303
  76. package/packages/installer/src/__tests__/performance-benchmark.js +0 -383
  77. package/packages/installer/tests/integration/environment-configuration.test.js +0 -332
  78. package/packages/installer/tests/integration/wizard-detection.test.js +0 -352
  79. package/packages/installer/tests/unit/artifact-copy-pipeline/artifact-copy-pipeline.test.js +0 -402
  80. package/packages/installer/tests/unit/claude-md-template-v5/claude-md-template-v5.test.js +0 -193
  81. package/packages/installer/tests/unit/config-validator.test.js +0 -315
  82. package/packages/installer/tests/unit/detection/detect-project-type.test.js +0 -539
  83. package/packages/installer/tests/unit/doctor/doctor-checks.test.js +0 -675
  84. package/packages/installer/tests/unit/doctor/doctor-orchestrator.test.js +0 -192
  85. package/packages/installer/tests/unit/entity-registry-bootstrap.test.js +0 -192
  86. package/packages/installer/tests/unit/env-template.test.js +0 -187
  87. package/packages/installer/tests/unit/generate-settings-json/generate-settings-json.test.js +0 -310
  88. package/packages/installer/tests/unit/git-hooks-installer.test.js +0 -262
  89. package/packages/installer/tests/unit/ide-sync-integration/ide-sync-integration.test.js +0 -231
  90. package/packages/installer/tests/unit/merger/env-merger.test.js +0 -191
  91. package/packages/installer/tests/unit/merger/markdown-merger.test.js +0 -262
  92. package/packages/installer/tests/unit/merger/strategies.test.js +0 -154
  93. package/packages/installer/tests/unit/merger/yaml-merger.test.js +0 -328
  94. package/packages/sinapse-install/tests/unit/chrome-brain.smoke.test.js +0 -66
package/CHANGELOG.md ADDED
@@ -0,0 +1,1257 @@
1
+ ## [1.10.0](https://github.com/caioimori/sinapse-ai/compare/1.9.1...1.10.0) (2026-06-18)
2
+
3
+ ### Features
4
+
5
+ * **article-vii:** guarda contagem de artigos da Constitution contra drift ([c010fda](https://github.com/caioimori/sinapse-ai/commit/c010fda484a8d2eb0292ee0c583a60ae1d13a745))
6
+ * **cli:** torna todos os comandos descobriveis no --help + guard de regressao ([1eba7d5](https://github.com/caioimori/sinapse-ai/commit/1eba7d5bb746dd241282e5d33aaa890f52d6d156))
7
+
8
+ ### Bug Fixes
9
+
10
+ * **install:** reinstall preserva arquivos L3 user-owned (core-config, MEMORY.md) ([b2ab1a5](https://github.com/caioimori/sinapse-ai/commit/b2ab1a56025f12fc9a2123355541eaa41cbbf74b))
11
+ * **security:** corrige 2 vulns moderadas que chegam a quem instala (js-yaml, tar) ([947694b](https://github.com/caioimori/sinapse-ai/commit/947694b8eee3f6ad6da6bb342a73c78fe8ab2658))
12
+ * **security:** elimina interpolacao de shell no setx PATH do install (Windows) ([a4e9cae](https://github.com/caioimori/sinapse-ai/commit/a4e9caeda475b5873169151f811aa1ed92ff8181))
13
+
14
+ ### Documentation
15
+
16
+ * corrige contagem da Constitution no README (10->11 artigos, 6->7 NON-NEGOTIABLE) ([40713a5](https://github.com/caioimori/sinapse-ai/commit/40713a51dceda3477fd4b33750e4cfe188cff086))
17
+
18
+ # Changelog
19
+
20
+ All notable changes to SINAPSE will be documented in this file.
21
+
22
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
23
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
24
+
25
+ ## [Unreleased]
26
+
27
+ ## [1.9.0] — 2026-06-17 — 🧭 Refino Macro (E1–E9) + Paridade Codex
28
+
29
+ > **Refino macro do framework em 9 etapas.** Invocação unificada `@sinapse`/`@snps`; remoção dos editores extras (foco Claude + Codex); medidor de tasks honesto; instalação/update reais; fusão `squad-artdir`→`squad-design` + aposentadoria de 7 chiefs (→ 17 squads · 172 agentes · 1200 tasks); feedback visual de orquestração na statusline; trava de git reativada; paridade Codex de fachada para real; pente-fino de segurança.
30
+
31
+ ### Added
32
+
33
+ - Invocação por `@sinapse` / `@snps` / `@sinapse-orqx` / `@snps-orqx` com stub rico do Imperator (diagnose → handoff → delegate).
34
+ - Feedback visual de orquestração: statusline acende `Imperator` + `N especialistas`; `sinapse status --watch`.
35
+ - `sinapse update` baixa e aplica a versão nova de verdade.
36
+ - Entrega do runtime Codex (`.codex/` + `AGENTS.md`) ao projeto do usuário; resolução paramétrica dos 172 agentes.
37
+ - Secret-scan no publish (`prepublishOnly`) + paridade travada das 2 cópias do scanner.
38
+
39
+ ### Fixed
40
+
41
+ - Resolução de mock robusta a `node_modules` aninhado em `.sinapse-ai/` (testes locais deixam de falhar por mock que não intercepta).
42
+ - `core.hooksPath` reapontado pela trava gerenciada no `npm install`.
43
+
44
+ ### Changed
45
+
46
+ - Catálogo consolidado: **17 squads · 172 agentes · 18 orqx · 1200 tasks**.
47
+
48
+ ## [1.8.0] — 2026-06-15 — ⚡ Orchestration, IDS & CLI Optimization
49
+
50
+ > **Release de racionalizacao do core.** Deep-dive de 28 modulos + frentes especiais (plano P0–P3, verificacao adversarial): fecha gaps de cabeamento CLI (pipelines poderosos existiam mas nao tinham porta de entrada), torna o gerador de entity-registry deterministico, consolida duplicatas reais e cabeia tasks orfas — tudo sem corte de capacidade. Lei travada: potencializar, nao cortar.
51
+
52
+ ### Added
53
+
54
+ - `sinapse orchestrate <story-id>` — porta de entrada CLI do pipeline autonomo (Epic 0 / MasterOrchestrator): `--status` / `--stop` / `--resume` / `--dry-run` / `--epic N`.
55
+ - `sinapse create <agent|task|workflow>` — gerador de componentes (ComponentGenerator) no CLI.
56
+ - `sinapse mode [explore|ask|auto] [--cycle]` — gerenciador de modo de permissao.
57
+ - `sinapse health --deep [--output-file <path>]` — expoe o engine completo de ~35 checks (dominios deployment/local/project/repository/services), antes sem entry-point. O `sinapse health` default (install-health) permanece inalterado.
58
+ - **IDS Gate G6** (CI/CD registry integrity, blocking) — implementado e cabeado no GateEvaluator (fase `ci_cd`); o codigo so trazia G1–G5.
59
+ - Dispatch de workflow por `project_type` nos handlers greenfield/brownfield (site/lp/app→ui, platform/saas→fullstack, api/service→service); variants mantidos como arquivos separados.
60
+ - Teste unitario do `fast-path-gate` (unico modulo de orquestracao sem cobertura dedicada).
61
+
62
+ ### Fixed
63
+
64
+ - `sinapse graph`, `sinapse ids:*`, `sinapse mcp`, `sinapse generate` caiam no `default` do binario (passados ao Claude Code como args) — agora cabeados no switch. Fecha contrato de CI do template `sinapse graph --deps`.
65
+ - **Gerador de entity-registry agora e DETERMINISTICO**: sort de arquivos (fast-glob retornava ordem de readdir), sort de `usedBy`, `lastVerified` preservado por checksum, `lastUpdated` idempotente, self-entry excluido. Elimina o churn de ~1600 linhas por commit.
66
+ - Gerador passa a escanear `bin/` — corrige `ideation-engine` falsamente marcado como `orphan` (agora `usedBy: [ideate]`, `lifecycle: production`).
67
+ - Regex de exclusao de docs ancorado em `^docs/` — 5 docs tracked de `core/docs` voltam ao install-manifest (drift de upgrade brownfield deixava de ser rastreado).
68
+ - WaveAnalyzer named export (`new` lancava "not a constructor"); diagnostics SYNAPSE no `doctor --deep`; hook `code-intel-pretool.cjs` ausente criado e registrado.
69
+
70
+ ### Changed
71
+
72
+ - `output-formatter` consolidado — `core/utils` re-exporta a fonte unica em `infrastructure/scripts` (−290 linhas de duplicata byte-identica).
73
+ - Os 3 grounding hooks (`sinapse-{brand,ds,vault}-grounding.cjs`) delegam `loadConfig` ao `config-loader.cjs` compartilhado (require guardado, fail-open preservado).
74
+ - Task @devops pre-push invoca `sinapse qa run --layer=1` em vez de reimplementar lint/test/typecheck.
75
+ - `AgentInvoker` memoiza `_loadAgent`/`_loadTask`; `MasterOrchestrator` colapsa o `_saveState()` redundante por epic no caminho de sucesso.
76
+ - 9 tasks orfas cabeadas aos agentes (devops/developer por dominio); 3 namespaces de session documentados em `core/README.md`.
77
+
78
+ ### Removed
79
+
80
+ - `test-validation-task.md` (fixture auto-declarado, zero consumidor) e as 2 copias orfas `development/scripts/elicitation-{engine,session-manager}.js` (consumidores reais usam `core/elicitation/`).
81
+
82
+ ### Security
83
+
84
+ - **Auto-execucao no install removida (supply-chain).** O hook npm `postinstall` (`node bin/postinstall.js`) foi retirado do `package.json`. Executar codigo automaticamente em `npm install` e uma superficie de supply-chain — um publish comprometido rodaria na maquina de todos os instaladores sem nenhuma acao explicita. O setup agora e EXPLICITO: via `npx sinapse-ai install` (caminho recomendado, ja documentado no README) ou via `npm run setup`. O modulo `bin/postinstall.js` foi mantido sem mudanca de comportamento — apenas deixou de ser auto-executado. CI install-matrix e comentarios ajustados ao novo modelo.
85
+
86
+ ## [1.7.0] — 2026-06-02 — 🔒 Security & Robustness Hardening
87
+
88
+ > **Release de seguranca e robustez.** Auditoria de ciberseguranca completa (6 frentes + verificacao adversarial) + fundacao de robustez (execucao segura cross-OS, learning loop, cadeia de erros tipada). Prepara o framework para distribuicao publica.
89
+
90
+ ### Security
91
+
92
+ - **Command injection / RCE eliminado** nos motores de execucao de subagentes: troca de `spawn('sh','-c', ...)` por execucao via argv+stdin sem shell (cross-spawn). Resolve injecao via story/task/gotcha.
93
+ - **github-adapter** — `execSync(string)` -> `execFileSync('gh', argv)`: fecha injecao de shell via titulo/corpo de story.
94
+ - **ideation-engine** — validacao de `rootPath` contra metacaracteres de shell.
95
+ - **semantic-merge-engine** — `execFileSync('git', argv)` nas chamadas git; cap de tamanho/iteracoes no scan de funcoes (ReDoS).
96
+ - **squad-downloader** — protecao anti zip-slip (containment de path) + allowlist de host no follow de redirect (SSRF).
97
+ - **merge-utils** — deny-list `__proto__`/`constructor`/`prototype` (prototype pollution).
98
+ - **renderer** — escaping configuravel com security contract documentado.
99
+ - **docker-compose (llm-routing)** — master key sem default conhecido (fail-fast).
100
+
101
+ ### Changed (robustez — base de execucao)
102
+
103
+ - **Execucao de agentes cross-OS**: resolucao segura do binario da CLI no Windows (sem shell injection, sem quebra de `claude.cmd`).
104
+ - **Learning loop religado**: gotcha-loader endurecido + janela rolante de erro.
105
+ - **Cadeia de erros tipada** (`core/errors/`): SinapseError com normalize/serialize, sem vazar stack em producao.
106
+ - **context-tracker model-aware** + bloco `models:` no core-config (estimativa de contexto precisa).
107
+ - **semantic-handshake-engine**: motor de constraints executaveis.
108
+
109
+ ### Privacy & Packaging
110
+
111
+ - Removidos nomes pessoais e referencias a projeto privado dos materiais publicados.
112
+ - `files`: glob `docs/*.md` substituido por allow-list explicita de docs publicos + `.npmignore` (impede vazamento de docs internos no pacote).
113
+
114
+ ## [1.6.1] — 2026-05-26 — 🩹 Patch: fix installer regression do BUG-001
115
+
116
+ > **Patch release imediato.** O v1.6.0 corrigiu o BUG-001 (orqx voltando ao auto-plano) nas personas canônicas e no template YAML, MAS deixou 3 arquivos JS do installer com `"HALT and await user input"` hardcoded. Resultado: `npx sinapse-ai install` ou `update` gerava stubs orqx errados de novo, regredindo o fix.
117
+
118
+ ### Fixed
119
+
120
+ - **`bin/commands/install.js`** — função `generateCommandMd()` agora detecta orquestradores (id termina em `-orqx` OU é Imperator) e gera STEP 4/6 com briefing-on-activation flow. Specialists continuam com HALT (correto).
121
+ - **`bin/commands/install.js`** — bloco do Imperator template substitui `Then HALT and await user input` por briefing-on-activation check + Initial State Audit + Bootstrap Classification + Orchestration Plan + Execute.
122
+ - **`packages/installer/src/wizard/index.js`** — `buildAgentTemplate()` (que só gera stubs orqx) corrigida pra emitir STEP 4 com briefing-on-activation.
123
+ - **`.sinapse-ai/development/scripts/apply-inline-greeting-all-agents.js`** — INLINE_GREETING_LOGIC STEP 5 agora é condicional (orqx → auto-plan; specialist → HALT).
124
+
125
+ ### Why this matters
126
+
127
+ Sem este patch, **toda instalação fresh do v1.6.0 regredia o BUG-001 imediatamente**. Detectado ao rodar `npx sinapse-ai@latest update`: o sinapse-orqx.md stub voltou pro formato curto com "HALT and await user input".
128
+
129
+ ## [1.6.0] — 2026-05-26 — 🔧 Framework cleanup release (15 bugs P0/P1/P2/P3)
130
+
131
+ > **Cleanup + 2 squads oficiais.** Resolve 15 bugs estruturais mapeados pela auditoria 2026-05-25, oficializa n8n + higgsfield-studio como squads SINAPSE, simplifica regras opt-in, e corrige comportamento crítico dos orquestradores (auto-plano de orquestração ao receber briefing).
132
+
133
+ ### Fixed (Onda 1 — P0 críticos, PR #208)
134
+
135
+ - **BUG-001 — orchestrators agora disparam plano automático** ao receber briefing. Persona Imperator tinha regra contraditória: `"HALT and await user input. Do NOT do anything else."` vencia sobre a regra `"NON-NEGOTIABLE: ORCHESTRATION PLAN ON EVERY BRIEFING"`. Resultado: usuário sempre precisava pedir `cria plano`. Fix: substituído por briefing-on-activation check em 6 personas Imperator + template `activation-instructions-inline-greeting.yaml` + swarm-orqx STEP 5.
136
+ - **BUG-002 — Imperator (sinapse-orqx) era "fantasma"**: stub apontava pra `~/.sinapse/sinapse/agents/sinapse-orqx.md` que nunca existiu. Fix: source canônico criado em `sinapse/agents/sinapse-orqx.md` (791 linhas, persona completa com ASCII art, 18 squads routing table, Initial State Audit, Bootstrap Classification, NSN mode).
137
+ - **BUG-003 — 19 dos 22 stubs orqx em formato truncado** (15 linhas, sem blocos Activation Instructions / How to Execute / Cross-Squad Handoff). Fix: novo script `scripts/regenerate-orqx-stubs.ps1` regenera todos os 22 stubs no formato completo (42-55 linhas) com o flow de briefing-auto-orchestration.
138
+ - **BUG-005 — slash command `/SINAPSE:agents:sinapse-orqx` ausente** (só existiam os 21 squad-orqx + snps-orqx). Fix: criado em `~/.claude/commands/SINAPSE/agents/sinapse-orqx.md`.
139
+
140
+ ### Fixed (Onda 2 — P1, PR #209)
141
+
142
+ - **BUG-004** — 12 commands SNPS (`/SNPS:agents:*`) propagados pra `~/.claude/commands/SNPS/agents/` (parity Codex no nível local).
143
+ - **BUG-006 + BUG-012** — **n8n vira squad oficial SINAPSE**. Consolidação em `~/.sinapse/squad-n8n/` (18 agents + squad.yaml v1.0). Rule `n8n-squad-routing.md` atualizada removendo "não faz parte do framework". Knowledge base externa em `Workspace/sinapse/n8n/` (18k linhas) mantida.
144
+ - **BUG-009** — MEMORY.md de 29.6KB → 12.6KB (limite 24.4KB, agora com margem). Entradas longas encurtadas pra <200 chars cada, mantendo discovery via pointers.
145
+
146
+ ### Changed (Onda 3 — P1+P2, PR #209)
147
+
148
+ - **BUG-007 — rules opt-in viram always-on**. `CLAUDE.md` global bumpado pra v6.4. `documentation-first`, `mandatory-delegation`, `workflow-execution` agora sempre carregadas; agente calibra cerimônia conforme escopo (story epic vs bug fix simples). Mais simples que implementar hook trigger custom por path/keyword.
149
+ - **BUG-014** — **higgsfield-studio vira squad oficial SINAPSE**. Consolidação em `~/.sinapse/squad-higgsfield-studio/` (14 agents + squad.yaml v1.0). Mesma arquitetura padrão dos outros squads.
150
+ - **BUG-010** — `vault-routing.json` corrigido: 7 entradas apontavam pra notas inexistentes. Substituídas por equivalentes funcionais.
151
+ - **BUG-008** — rules deprecated (`sinapse-source-of-truth.md`, `response-format.md`) movidas pra `~/.claude/rules/_deprecated/`.
152
+
153
+ ### Cleanup (Onda 4 — P2/P3, PR #209)
154
+
155
+ - **BUG-011** — `.backup-stubs-20260512-120825/` movido de `~/.claude/agents/` pra `~/.claude/backups/`.
156
+ - **BUG-013** — nova doc `docs/guides/hooks-two-layers.md` explicando arquitetura intencional dos hooks (camada global `~/.claude/hooks/` vs camada framework `<repo>/.claude/hooks/`).
157
+ - **BUG-015** — memory sincronizada: removidas menções de stories Ready (10.35/10.38/10.39/10.40/10.41/10.42) que já estavam Done.
158
+ - **BUG-016** — 9 skills com espaço no nome renomeadas pra kebab-case (`Creative Skills` → `creative-skills`, etc).
159
+
160
+ ### Added
161
+
162
+ - `docs/audits/2026-05-25-framework-gargalos-audit.md` — relatório completo da auditoria que mapeou os 15 bugs deste release.
163
+ - `sinapse/agents/sinapse-orqx.md` — persona canônica Imperator (faltava no source do repo).
164
+ - `scripts/regenerate-orqx-stubs.ps1` — script PowerShell que regenera os 22 stubs em qualquer máquina.
165
+ - `docs/guides/hooks-two-layers.md` — doc da arquitetura de hooks.
166
+
167
+ ### Notes
168
+
169
+ - **Sem breaking changes** se você só usa o framework como orchestrator. Comportamento novo dos orqx (auto-plano) é uma melhoria, não quebra fluxos existentes.
170
+ - **Inclui também outros 5 PRs entre v1.5.0 e v1.6.0**: #203 (limpa claude-code-mastery orphan agents), #204 (docs audit Onda 3 orqx coverage gap), #205 (canonical flat squad-schema + validator), #206 (169 broken links fixed), #207 (squad-finance ganha 3 agentes).
171
+ - **3 investigações pendentes** (fora do escopo desta release): hooks órfãos no settings.json, validação cruzada task_refs em workflows, health check completo dos 17 squads canonicos.
172
+
173
+ ## [1.5.0] — 2026-05-15 — 🚀 Feature release (sinapse-delegate + fast-path-gate)
174
+
175
+ > **Feature release.** Adiciona dois patterns úteis ao SINAPSE: outsource explícito pra executor externo via `sinapse-delegate` e heurística de fast-path no orchestrator. Sem breaking changes; ambos opt-in.
176
+
177
+ ### Added
178
+
179
+ - **`sinapse-delegate` CLI** — novo entry point pra outsource de tasks específicas (story implementations, refactors, mechanical edits) pra executor externo como Codex CLI. Grava prompt + output + log em `.sinapse/external-runs/<timestamp>-<slug>/` pra audit completo. Suporta sandboxes (read-only, workspace-write, full-auto, danger-full-access), git cleanliness gate (`--allow-dirty` pra bypass intencional), dry-run, foreground/background. **Caso de uso principal:** economizar tokens Opus em tasks repetitivas/mecânicas roteando-as pra modelos menores (Codex/Haiku).
180
+ - Entry: `bin/sinapse-delegate.js` (registrado em `package.json#bin`)
181
+ - Implementação: `.sinapse-ai/core/external-executors/delegate-cli.js`
182
+ - Provider suportado nesta release: `codex` (extensível pra outros via `PROVIDERS` map)
183
+ - Uso: `sinapse-delegate codex -t story-10.50 -f prompt.md --sandbox workspace-write`
184
+
185
+ - **Fast-Path Gate** em `.sinapse-ai/core/orchestration/fast-path-gate.js` — heurística determinística que avalia se uma task pode rodar em modo acelerado (`parallel_batch`, `deterministic_batch`, `external_executor`) versus workflow padrão sequencial. Analisa sinais de automação (bulk-edit, structured-transform, mechanical-edit, map-then-apply, repetition, parallelizable) versus sinais de risco (architecture, security, destructive, production, migration). Retorna `mode`, `confidence` (0-1), `parallelizable`, `riskLevel`, `reasons` e `actions` recomendadas. Configurável via `DEFAULT_FAST_PATH_CONFIG`.
186
+ - Exportado em `.sinapse-ai/core/orchestration/index.js` como `evaluateFastPath`, `DEFAULT_FAST_PATH_CONFIG`, `getAutomationPatterns`, `getRiskPatterns`, `getStructuredFileExtensions`, `normalizeFastPathConfig`, `normalizeFastPathTask`
187
+ - Sem state global, sem dependências externas, pure function — fácil de integrar em qualquer decisão de roteamento
188
+
189
+ ### Notes
190
+
191
+ - **Service Discovery (`sinapse workers search/list/info`) já existia** desde versão anterior em `.sinapse-ai/cli/commands/workers/` — confirmado via smoke test e bin/sinapse.js já roteia. Sem ação necessária nesta release.
192
+ - **Implementação:** pure functions, sem state global, sem dependências externas além do que já existe. Integração via export em `.sinapse-ai/core/orchestration/index.js`.
193
+ - **Sem breaking changes.** Features são opt-in: ninguém precisa rodar `sinapse-delegate` ou chamar `evaluateFastPath` se não quiser.
194
+
195
+ ### Migration
196
+
197
+ Nada necessário pra usuários da v1.4.x. Quem quiser usar:
198
+
199
+ ```bash
200
+ npm install sinapse-ai@latest
201
+
202
+ # Outsource uma task pesada pro Codex
203
+ sinapse-delegate codex -t my-task -p "Replace deprecated React imports in src/" --sandbox workspace-write
204
+
205
+ # Avaliar uma task antes de executar (programático)
206
+ node -e "console.log(require('sinapse-ai/.sinapse-ai/core/orchestration').evaluateFastPath({ task: { description: 'bulk rename yaml files', files: ['a.yaml','b.yaml','c.yaml'] }}))"
207
+ ```
208
+
209
+ ## [1.4.2] — 2026-05-14 — 🩹 Doctor bugfix patch (Story 10.42 regression + false-FAIL cleanup)
210
+
211
+ > **Bugfix patch.** Smoke test pós-v1.4.1 detectou 1 regressão real + 4 ruídos no doctor que arruinavam a primeira impressão pra users novos. Esta release consolida os 5 fixes.
212
+
213
+ ### Fixed
214
+
215
+ - **Story 10.42 regressão** — `npx sinapse-ai doctor` em projeto fresh exibia 11 FAILs ao invés da mensagem amigável `NOT_INSTALLED`. Root cause: `detectInstallState()` qualificava `~/.sinapse/` e `~/.claude/commands/SINAPSE/` como markers globais — esses sempre existem em máquinas que já rodaram SINAPSE em qualquer outro projeto, anulando completamente a detecção de fresh-project. Agora só `<projectRoot>/.sinapse-ai/` qualifica. EXIT=4 + mensagem amigável confirmados em smoke test.
216
+ - **`npm-packages` check** — não falha mais quando `node_modules/` está ausente no projeto raiz. Confia em `canResolveDep` (Story 10.48) para validar deps do `.sinapse-ai/` via Node module resolution (parent + global). Projetos sem deps Node próprios (writing repos, design repos, infra-only) não levam mais FAIL falso.
217
+ - **`skills-count` check** — `.claude/skills/` é OPCIONAL e não shipado pelo install (verificado contra `install-manifest.yaml`). Status mudado de FAIL para INFO. Mensagem revisada: "skills are optional — install via `npx claude-skills add <name>`". `onError` policy: `'warn'` ao invés de `'fail'`.
218
+ - **`manifest-version-parity` check** — comparava `<projectRoot>/package.json#version` (do user) com `.sinapse-ai/install-manifest.yaml#version` (do framework) em qualquer cwd. Em projeto user isso sempre dava FAIL com "Run `npm run generate:manifest`" — script que só existe no repo do framework. Agora detecta context via `package.json#name === "sinapse-ai"`: se não for o repo do framework, INFO + skipped.
219
+ - **`scripts/sinapse-patch.js` Windows detection** — `findCliPath` só procurava `cli.js` em paths POSIX. Claude Code 2.x no Windows ships `cli-wrapper.cjs` em `~/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/`. Adicionados Windows-specific candidates + variantes de filename (`cli.js`, `cli-wrapper.cjs`, `bin/cli.js`). Plus mensagem `[ERRO]` → `[INFO]` e `process.exit(1)` → `process.exit(0)` quando CLI não é encontrado: branding patch é cosmético opcional, não deve nunca bloquear o install pipeline.
220
+
221
+ ### Removed
222
+
223
+ - **`validator` dep órfã** removida de `.sinapse-ai/package.json`. Estava declarada como dependency mas sem nenhum import no código. Causava FAIL legítimo em `npm-packages` check porque era unresolvable. Zero impacto runtime.
224
+
225
+ ### Smoke test confirmation (2026-05-14)
226
+
227
+ | Capability | Antes (v1.4.1) | Agora (v1.4.2) |
228
+ |---|---|---|
229
+ | `doctor` em projeto fresh | 11 FAIL, EXIT=2 | mensagem amigável, EXIT=4 |
230
+ | `doctor` em projeto instalado | 3 FALSE FAIL | 0 FAIL |
231
+ | `npm install` + branding patch | `[ERRO]` visível | `[INFO]` informativo + exit 0 |
232
+ | `npm-packages` em repo do framework | FAIL "validator unresolvable" | PASS "13 deps resolved" |
233
+
234
+ ## [1.4.1] — 2026-05-14 — 🔒 Security + docs honesty patch
235
+
236
+ > **Patch release.** Consolida no npm o que entrou em main depois da v1.4.0: README com copy honesta sobre o estado real dos hooks de grounding (PR #198) + bump transitivo de `ip-address` para versão patched, resolvendo Dependabot #21 (PR #199). Mais cleanup completo de versões legacy no npm registry.
237
+
238
+ ### Security
239
+
240
+ - **Dependabot #21** — `ip-address` (dev-scope, transitive): vulnerable versions `<= 10.1.0` carregam XSS em métodos `Address6` HTML-emitting (severity: medium). Bundled `ip-address` dentro de `npm` (consumido por `@semantic-release/npm`) bumped para 10.1.1 via regeneração limpa de `package-lock.json`. `package.json` overrides também carregam `"ip-address": "^10.1.1"` como safeguard.
241
+
242
+ ### Documentation
243
+
244
+ - **README** — Seção "Grounding semantico" reescrita para alinhar messaging com implementação real:
245
+ - Status renomeado "foundation pre-GA" (substituindo claims de injection concreta)
246
+ - Tabela cobre "Funcao na release atual" e "Injecao semantica" (roadmap)
247
+ - Adicionado bloco explicando o moat (opt-in declarativo vs runtime-coupled grounding em frameworks competidores)
248
+
249
+ ### Changed (npm registry cleanup)
250
+
251
+ - **72 versões legacy deprecated no npm** com mensagens orientando pra `@latest`:
252
+ - 3 da linha 1.x pré-reset (1.0.0, 1.0.1, 1.1.0)
253
+ - 5.x série completa (6 versões: 5.0.3-5.0.8)
254
+ - 6.x série completa (5 versões: 6.0.0-6.0.4)
255
+ - 7.x série completa (39 versões: 7.0.0-7.7.11)
256
+ - 8.x série completa (3 versões: 8.0.0-8.0.2)
257
+ - 9.x série completa (6 versões: 9.0.0-9.5.0)
258
+ - 10.x série completa (13 versões: 10.0.0 + 12 RCs)
259
+ - **dist-tag `rc` removida** (era órfã apontando pra `10.0.0-rc.12` deprecated). Apenas `latest` permanece, apontando para 1.4.1.
260
+
261
+ ### Migration
262
+
263
+ Sem ação necessária para quem já está na linha 1.x. Patch transparente.
264
+
265
+ ```bash
266
+ npm install sinapse-ai@latest
267
+ ```
268
+
269
+ ## [1.4.0] — 2026-05-12 — 📦 Install UX Hardening epic complete
270
+
271
+ > **Consolidation release.** Fecha formalmente o epic `install-ux-hardening` (8 stories validadas e marcadas Done) e estabelece v1.4.0 como o baseline pós-pré-GA estável. Sem mudanças de código vs 1.3.0 — todo o trabalho já estava em main desde os PRs de abril/maio. Esta release marca o fim do ciclo e sinaliza pros users no canal 10.x (deprecated em 2026-05-12) que o caminho oficial é `npm install sinapse-ai@latest`.
272
+
273
+ ### Changed (epic closure — documentation only)
274
+
275
+ - **All 8 stories of `epic install-ux-hardening` validated and closed as Done:**
276
+ - **10.35** — `--reconfigure` flag (re-prompt language/LLM without `--force` wipe)
277
+ - **10.38** — Install merge-only for existing config files (PR #195 today — status closure)
278
+ - **10.39** — Postinstall exit code fix (warn never kills `npm install`)
279
+ - **10.40** — Uninstall completeness + update staleness + npx cache docs
280
+ - **10.41** — Chrome Brain SessionStart hook (prevent MCP disconnect at boot)
281
+ - **10.42** — Doctor fresh-project detection (friendly NOT_INSTALLED message)
282
+ - **10.46** — Setup wizard always prompts language + LLM (PR #117, validated PR #196 today)
283
+ - **10.47** — Generalize grounding semantico as opt-in BYO (PR #118 + #142, validated PR #196 today)
284
+
285
+ ### Deprecated (npm distribution)
286
+
287
+ - **All `10.x` versions deprecated on npm** (13 total: `10.0.0` plus `10.0.0-rc.1` through `10.0.0-rc.12`). Message: "Published in error during framework reset. Run `npm install sinapse-ai@latest` for the current GA release (1.3.0+)."
288
+ - The `10.x` line was published during the pre-rename phase; `1.x` is the canonical, supported line.
289
+
290
+ ## [1.3.0] — 2026-05-08 — 🎉 Pre-GA hardening (Install UX + Greenfield/Brownfield handoff)
291
+
292
+ > **Versão oficial estável.** Fecha os dois bloqueadores de release reportados pelo maintainer: install UX que pulava configurações (idioma/IDE/modo) e handoff greenfield→brownfield onde projetos nunca graduavam. Soma 14 PRs nesta sessão (#180-#193): doc-first hardening (Categoria 0), lint hardening (Categoria 2), MCP+Skills audits (5.2/5.3) e os 4 PRs estruturais de pré-GA.
293
+
294
+ ### Added (Pre-GA structural — PRs #190-#193)
295
+
296
+ - **Real interactive wizard** (PR #190 — `selectInstallationMode()`): usuário confirma greenfield vs brownfield via inquirer list; non-interactive (CI / piped stdin / `SINAPSE_NON_INTERACTIVE=1`) cai pro detected mode imprimindo a escolha. Novo helper `confirmInstallSummary()` renderiza summary estruturado (mode/language/IDE/target/grounding) antes de qualquer ação destrutiva.
297
+ - **Skip-announce** em `bin/commands/install.js`: quando idioma/IDE são reusados de `~/.claude/settings.json` (upsert), o installer agora imprime exatamente o que foi reusado e como forçar re-prompt (`--reconfigure`). Antes pulava silenciosamente.
298
+ - **Pre-install summary block** antes da Phase 1: `Idioma / IDE / Modo / Destino` com chance de Ctrl+C.
299
+ - **8-dimension maturity audit** (PR #191 — `auditMaturityDimensions()`): substitui os 3 signals antigos por checagem de docs, brand, designSystem, components, code, tests, infra, git history. Single-digit ms; safe to call em todo detect.
300
+ - **`MATURE` e `PARTIAL` no enum `ProjectState`** (PR #191): código alinha com a doc do PR #184 (5 maturity levels). Decisão tree em `detectProjectState()` reescrita em camadas; legacy paths preservados verbatim.
301
+ - **Routing cases `_handleMature()` e `_handlePartial()`** no `_routeByState()` switch.
302
+ - **Graduation signal** (PR #192 — `greenfield-handler` Phase 3): emite evento `graduation` + grava marker `workflow.maturity = 'mature'` em SessionState. Best-effort — falhas não bloqueiam.
303
+ - **MATURE-aware brownfield welcome** (PR #192 — `brownfield-handler`): aceita `context.projectState === 'MATURE'` como entry point legítimo e troca a mensagem de boas-vindas pra "Detectei um projeto maduro..." em vez do first-touch genérico.
304
+ - **Continuation Behavior real** (PR #193 — `_handlePartial()`): inventário das dimensões presentes + gap analysis + recomendação de phase (heurística: docs+code sem tests → Phase 3, components sem docs → Phase 1, etc) + 3-way surface (`continue` / `brownfield` / `start-over`). Nunca sobrescreve.
305
+ - **`handleContinuationDecision(choice)`** roteia a escolha do user pro handler correto, propagando `continuation.inventory` como input ao próximo handler.
306
+
307
+ ### Added (Doc-first hardening — PRs #180-#184)
308
+
309
+ - **Project Type Gate** em `.claude/rules/documentation-first.md`: bloqueia execução em [site, lp, app, platform, saas, api, service] sem epic/PRD/architecture.
310
+ - **Bootstrap Classification** no Imperator (`sinapse-orqx.md`): Step -1 (Initial State Audit) → Step 0 (project_type sub-classification) → Step 1 (route).
311
+ - **Greenfield sub-classification** em `.claude/rules/project-intelligence.md`: project_type → workflow file (greenfield-{ui,service,fullstack}.yaml).
312
+ - **Continuation Behavior (PARTIAL maturity)** documentada como contrato.
313
+ - **Audit doc-first**: `docs/audits/2026-05-07-doc-first-bug.md` com root cause de 4 gaps.
314
+
315
+ ### Added (Lint hardening — PRs #185-#187)
316
+
317
+ - **`validate:cross-refs`** (PR #185): novo lint guard que checa refs `agent: <id>` em workflow YAMLs contra registry de agents. **Achou 71 refs quebrados em 13 workflows** — fix via aliases backward-compat (`pm` → `project-lead`, `po` → `product-lead`, `sm` → `sprint-lead`, `qa` → `quality-gate`, `dev` → `developer`).
318
+ - **`validate:all`** (PR #186): runner paralelo dos 6 lint guards (no-external-refs, no-personal-leaks, orqx-discipline, cross-refs, manifest:parity, squad-yaml). **~6x faster** (~5s sequencial → 0.85s paralelo).
319
+ - **CI lint mirror** (PR #187 — `.github/workflows/lint-guards.yml`): mesmos 6 guards rodam em PR + push to main, cobrindo contributors sem husky e pushes com `--no-verify`.
320
+
321
+ ### Added (Audits read-only — PRs #188-#189)
322
+
323
+ - `docs/audits/2026-05-08-mcp-integration-audit.md`: PASS, 1 LOW recommendation.
324
+ - `docs/audits/2026-05-08-skills-audit.md`: PASS com 1 MEDIUM (`.claude/skills/` não está em `package.json#files`).
325
+ - `docs/audits/2026-05-08-install-ux-audit.md`: FAIL pra GA (resolvido em PR #190).
326
+ - `docs/audits/2026-05-08-greenfield-brownfield-handoff-audit.md`: FAIL pra GA (resolvido em PRs #191-#193).
327
+
328
+ ### Changed
329
+
330
+ - 5 framework agents (`project-lead`, `product-lead`, `sprint-lead`, `quality-gate`, `developer`) ganharam aliases backward-compat (`pm`, `po`, `sm`, `qa`, `dev`) pra workflows que usam IDs legacy continuarem resolvíveis.
331
+ - `pre-push` hook: 6 lint guards seriais consolidados em uma única chamada paralela `validate:all` (tempo de push reduzido).
332
+
333
+ ### Fixed
334
+
335
+ - ESLint pré-existente em `scripts/sync-squad-yaml-components.js:58` (no-regex-spaces — literal duplo espaço → `{2}` quantifier).
336
+
337
+ ## [1.2.1] — 2026-05-04 — Polish patch (--version flag)
338
+
339
+ ### Added
340
+
341
+ - **Canonical `--version` flag** (`-v` / `version` aliases): every CLI user
342
+ expects `npx sinapse-ai --version` to return the semver. Previously routed
343
+ to fuzzy match (`Comando desconhecido: --version`). Now reads from
344
+ package.json and prints raw semver only — no banner, no ANSI — so scripts
345
+ capture cleanly.
346
+ - 5 contract tests in `tests/unit/cli-version-flag.test.js`.
347
+
348
+ ## [1.2.0] — 2026-05-04 — 🎉 GA Definitiva (versioning reset, branding SNPS AI)
349
+
350
+ > **Branding reset.** Após bloqueio de v1.0.0/1.0.1/1.1.0 no npm (publishes legacy de março/2026), v1.2.0 estabelece a linha 1.x oficial do framework. Linha 10.x mantida no histórico.
351
+ > **Visible branding:** o logo e ASCII art agora mostram **SNPS AI** (abreviação de SINAPSE) em wizard, postinstall, banners, help, status. Nome formal `SINAPSE AI` permanece em README h1, LICENSE, npm package name (`sinapse-ai`).
352
+ > **Inclui (PRs #138-#143):** refactor cli.js modular (1752→175 LOC), audit 3 CLI UX polish, SNPS rename + slash namespace migration, article gates VII/VIII/XI automatizados, grounding hooks shipados (vault/DS/brand), trusted publishing OIDC, 3 revisões clínicas com zero P0/P1.
353
+
354
+ ### Added (Story GA-1.6 — Grounding hooks shipados: vault / DS / brand)
355
+
356
+ - **3 executable Claude Code hooks** at `.sinapse-ai/hooks/sinapse-{vault,ds,brand}-grounding.cjs`,
357
+ closing the gap left by Story 10.47 (which shipped the wizard + library
358
+ hooks but no executable hooks). Hooks read `~/.claude/sinapse-ai-config.yaml`
359
+ and inject `<vault-grounding>`, `<ds-grounding>`, or `<brand-grounding>`
360
+ blocks into the user prompt via the standard `UserPromptSubmit` contract.
361
+ - **Auto-registration in `~/.claude/settings.json`** during `sinapse-ai install`
362
+ and `update` — idempotent, non-destructive (preserves any existing personal
363
+ hooks like `vault-grounding.cjs`, `terminal-bus.cjs`).
364
+ - **Coexistence with personal hooks:** `sinapse-` filename prefix + dedicated
365
+ config file (`sinapse-ai-config.yaml` instead of `vault-routing.json` /
366
+ `ds-routing.json`) means both layers can run side-by-side.
367
+ - **Fail-open guarantees:** every error path exits 0 silently. 3500 ms timeout
368
+ per hook. Anti-double-injection check. Size caps (6000 / 3000 / 2000 chars).
369
+ - **31 new tests** in `tests/hooks/` covering executable contract (spawned
370
+ child processes with isolated `HOME`), helpers (pure functions), and the
371
+ settings.json registrar (idempotence, missing-file safety, malformed JSON
372
+ handling, personal-hook preservation).
373
+ - **Docs:** new "How the hooks work" section in `docs/guides/grounding-setup.md`
374
+ covering activation triggers, size caps, and coexistence policy.
375
+
376
+ ### Added (Story GA-1.5 — Article gates VII/VIII/XI automated)
377
+
378
+ - **Article VII gate (Metrics Accuracy):** new `scripts/validate-article-vii.js`
379
+ detects drift in squad/agent/orqx/task counts across `README.md`, `README.en.md`,
380
+ `AGENTS.md`, `package.json` description, and `packages/installer/src/wizard/feedback.js`.
381
+ Runs in CI on every PR/push and as a pre-publish step in `npm-publish.yml`.
382
+ - **Article VIII gate (Mandatory Delegation):** new `scripts/validate-article-viii.js`
383
+ verifies `enforce-delegation.cjs` is registered in `.claude/settings.json`,
384
+ has valid syntax, and that no `*-orqx.md` agent contains direct execution
385
+ instructions (e.g., "use Edit tool", "run npm").
386
+ - **Article XI gate (Conservative Default):** new `scripts/validate-article-xi.js`
387
+ blocks PRs that delete files in protected paths (`squads/*/agents/`,
388
+ `squads/*/tasks/`, `squads/*/knowledge-base/`, `bin/`, `.claude/hooks/`,
389
+ `.sinapse-ai/development/agents/`) without an explicit
390
+ `Article XI override: <reason>` justification in commit messages or PR body.
391
+ Renames (`git mv`) are not blocked.
392
+ - **CI workflow:** new `.github/workflows/article-gates.yml` with three parallel
393
+ jobs (article-vii, article-viii, article-xi) wired to PR and push triggers.
394
+ - **NPM scripts:** `validate:article-vii`, `validate:article-viii`, `validate:article-xi`.
395
+ - **Docs:** `docs/pt/architecture/article-gates.md` explaining each gate and
396
+ the override protocol for Article XI.
397
+
398
+ ### Fixed (Story GA-1.5 — collateral metrics drift)
399
+
400
+ - README.md, README.en.md, AGENTS.md, and `packages/installer/src/wizard/feedback.js`
401
+ updated from stale counts (18/186, 18/175, 1,425/1,430/1,370 tasks) to canonical
402
+ counts (19 squads, 200 agents, 1,237 tasks) — surfaced and required by the new
403
+ Article VII gate.
404
+
405
+ ### Changed (Story GA-1.4 — SNPS Rename)
406
+
407
+ - **Master orchestrator renamed:** `sinapse-orqx` → `snps-orqx`.
408
+ Backward-compat alias `@sinapse-orqx` preserved for one release (until v1.3.0).
409
+ - **Slash command namespace migrated:** `/SINAPSE:agents:*` → `/SNPS:agents:*`.
410
+ The legacy `/SINAPSE:` namespace remains available as a deprecation alias for one release.
411
+ - **Visual branding updated:** CLI banner ASCII art and user-facing strings
412
+ ("Bem-vindo ao SNPS AI", postinstall summary, update messages) now show **SNPS AI**.
413
+ - **Formal name preserved:** the npm package (`sinapse-ai`), README h1, LICENSE,
414
+ internal env vars (`SINAPSE_HOME`, `SINAPSE_SKIP_POSTINSTALL`, etc.), and source
415
+ file names are intentionally unchanged.
416
+
417
+ ### Files renamed
418
+
419
+ - `.sinapse-ai/development/agents/sinapse-orqx.md` → `snps-orqx.md`
420
+ - `.claude/agents/sinapse-orqx.md` → `snps-orqx.md`
421
+ - `.codex/agents/sinapse-orqx.md` → `snps-orqx.md`
422
+ - `.github/agents/sinapse-orqx.agent.md` → `snps-orqx.agent.md`
423
+ - `sinapse/agents/sinapse-orqx.md` → `snps-orqx.md`
424
+ - `docs/guides/agents/traces/sinapse-orqx-execution-trace.md` → `snps-orqx-execution-trace.md`
425
+ - `docs/sinapse-agent-flows/sinapse-orqx-system.md` → `snps-orqx-system.md`
426
+ - `.claude/commands/SINAPSE/` content copied to `.claude/commands/SNPS/` (SINAPSE/ retained as alias)
427
+
428
+ ## [10.0.0] — 2026-05-02 — 🎉 General Availability
429
+
430
+ > **Note on versioning:** initial plan was a 10.x → 1.0.0 reset, but
431
+ > versions 1.0.0/1.0.1/1.1.0 were already published in March 2026 to
432
+ > npm under the same package name (legacy). Skipping the symbolic
433
+ > reset and promoting `10.0.0` (clean, no -rc) as GA on the
434
+ > `latest` dist-tag. Functionally equivalent: same code, same
435
+ > contracts, same audit results. The 10.x line becomes the official
436
+ > stable line.
437
+
438
+ ## [1.0.0] — 2026-05-02 — 🎉 General Availability
439
+
440
+ **SINAPSE-AI v1.0 is here.** First public stable release. The framework
441
+ that started as IMORI experiments and grew into a 19-squad / 200-agent
442
+ orchestration system with Constitutional governance is now production-ready.
443
+
444
+ ### Migration from rc.x
445
+
446
+ If you were tracking `dist-tag rc`:
447
+ ```bash
448
+ npm install -g sinapse-ai@latest
449
+ ```
450
+
451
+ Or pin v1 explicitly:
452
+ ```bash
453
+ npm install -g sinapse-ai@1.0.0
454
+ ```
455
+
456
+ There are no breaking changes between `10.0.0-rc.12` and `1.0.0` — the
457
+ version reset to v1.0.0 is the formal GA promotion of the rc.x line
458
+ (decision: 10.x was the beta version of the product; v1.0.0 is the
459
+ official launch).
460
+
461
+ ### What v1.0.0 ships
462
+
463
+ - **19 squads** organized around domain expertise (brand, copy,
464
+ growth, paid media, finance, content, design, animations, cybersec,
465
+ product, research, council, courses, commercial, storytelling,
466
+ cloning, art direction, claude-code-mastery, plus the master)
467
+ - **200 agents** (12 framework + 188 squad specialists)
468
+ - **22 orqx** orchestrators (21 squad + 1 master `sinapse-orqx`)
469
+ - **1.237 tasks** executable across the squads
470
+ - **Constitution** with 12 articles, 6 marked NON-NEGOTIABLE, enforced
471
+ by 19 runtime hooks
472
+ - **Multi-IDE parity:** Claude Code + Codex CLI
473
+ - **Grounding semantic foundation** (vault / design-system / brand
474
+ opt-in BYO via `~/.claude/sinapse-ai-config.yaml`)
475
+ - **Doctor** with 16 health checks, fail-fast on broken state
476
+ - **Safe Collaboration** for non-developer users (Caio + Matheus)
477
+ - **Persona simulation notice** in 22 mind clones (LICENSE §VII)
478
+ - **`--provenance`** signed publish via OIDC trusted publishing
479
+
480
+ ### Pre-GA cycles closed
481
+
482
+ This GA is built on top of three sequential pre-GA audit cycles:
483
+
484
+ - Audit 1 (Functional) — runtime/install verified across 8 sub-domains.
485
+ Closed P0 uninstall completeness.
486
+ - Audit 2 (Quality) — code/security/perf reviewed across 8 sub-domains.
487
+ Closed 3 P0 (chrome-brain coverage, sinapse-pro coverage, undeclared deps).
488
+ - Audit 3 (UX/DX) — public messaging/onboarding reviewed across 10
489
+ sub-domains. Closed 6 P0 (counts/badge/persona table/agent reference/
490
+ org consolidation/security versions).
491
+
492
+ 11 of 15 P0 surfaced by the audits are closed. Remaining P1/P2 items
493
+ become v1.0.x or v1.1 backlog — none block GA.
494
+
495
+ ### Backlog for v1.0.x and beyond
496
+
497
+ - Audit 2 Wave B/C — refactor `bin/cli.js` (1752 LOC), consolidate
498
+ `dev/` vs `infra/` duplications, fail-mode matrix doc, automated
499
+ Article VII/VIII/XI gates
500
+ - Audit 3 Bloco C/D/E — CLI error PT consolidation, `sinapse` vs
501
+ `sinapse-ai` binary deprecation path, fuzzy-match unknowns,
502
+ postinstall next-step hint, examples library expansion
503
+ - SNPS prefix rename (`sinapse-X` → `snps-X` agent files) — v1.1
504
+ - Dim 14/15/17 audit reactivation — driven by post-GA telemetry
505
+
506
+ ### Acknowledgments
507
+
508
+ Built with Claude Opus 4.7 (1M context) co-author across the entire
509
+ audit + GA preparation cycle. Full transcript-to-PR traceability in
510
+ the commit log.
511
+
512
+ ## [10.0.0-rc.12] — 2026-05-02
513
+
514
+ 3-audit consolidation. Closes 11 of the 15 P0 surfaced by the three
515
+ sequential pre-GA audits (Functional / Quality / UX-DX). Remaining
516
+ P1/P2 are tracked in `docs/audits/` for follow-up; none block GA.
517
+
518
+ ### Fixed — Audit 1 (Functional)
519
+
520
+ - Uninstall now removes every SINAPSE-authored agent file via
521
+ `~/.sinapse/installed-agents.json` manifest (was leaving ~178
522
+ orphaned files in `~/.claude/agents/` + `~/.codex/agents/`).
523
+ Backward-compat heuristic for pre-manifest installs. (PR #129)
524
+ - Doctor `ide-sync` check no longer reports `12/12 ✓` while ~21
525
+ squad orqx files are missing — now expects framework + squad orqx
526
+ baseline. (PR #130)
527
+ - New doctor `manifest-version-parity` check fails on package.json ↔
528
+ install-manifest.yaml drift. (PR #130)
529
+
530
+ ### Fixed — Audit 2 (Quality)
531
+
532
+ - `chrome-brain.js` (1145 LOC) now has 6 smoke tests locking the
533
+ public contract — was 0% coverage. (PR #132)
534
+ - `sinapse-pro.js` bin (232 LOC) now has 5 smoke tests — was 0%. (PR #132)
535
+ - `yaml@^2.8.3` declared in `dependencies` (was used but undeclared,
536
+ silent-break risk on hoist-strip publish). (PR #132)
537
+ - `@eslint/js@^9.39.4` declared in `devDependencies` (used in
538
+ `eslint.config.js`, was undeclared). (PR #132)
539
+
540
+ ### Fixed — Audit 3 (UX/DX)
541
+
542
+ - README counts reconciled to disk reality: 200 agentes (was 186), 19
543
+ squads (was 18), 1.237 tasks (was 1.425). Test badge bumped to 11014. (PR #134)
544
+ - `getting-started.md` persona table replaced legacy-upstream codenames
545
+ with canonical SINAPSE codenames (Litmus/Stratum/Beacon/Axis/Scope/
546
+ Tensor/Mosaic/Pipeline). (PR #134)
547
+ - `agent-reference.md` was misnamed AGENTS.md for Codex — renamed to
548
+ `codex-config.md`; created a real `agent-reference.md` documenting
549
+ the 10 framework agents + 21 squad orqx + ~170 specialists. (PR #134)
550
+ - GitHub org consolidated to `caioimori/` across ~120 files (was a
551
+ split-brain with vestigial `SinapseAI/` references). (PR #134)
552
+ - `SECURITY.md` supported-versions table replaced legacy v7.x with the
553
+ real channel matrix (rc.x on `rc`, 9.x last-GA on `latest`). (PR #134)
554
+ - Replaced illustrative `ghp_xxxx` / `sk-xxxx` placeholders in
555
+ security-hardening.md with `<your-X-here>` form. (PR #134)
556
+ - Deleted `.github/ISSUE_DRAFT_P0_missing_module.md` (Jan 2025
557
+ obsolete draft referencing legacy persona names). (PR #134)
558
+
559
+ ### Added — Pre-GA hardening artifacts
560
+
561
+ - `docs/audits/audit-1-functional/` — 8 sub-reports + SUMMARY (PR #128)
562
+ - `docs/audits/audit-2-quality/` — 8 sub-reports + SUMMARY (PR #131)
563
+ - `docs/audits/audit-3-ux-dx/` — 10 sub-reports + SUMMARY (PR #133)
564
+
565
+ ### Notes for v1.0.0 promotion
566
+
567
+ This RC closes the three pre-GA audit cycles. Remaining open items
568
+ (Audit 2 Wave B/C, Audit 3 Bloco C/D/E) are P1/P2 that do not block
569
+ GA — they become v1.0.x or v1.1 backlog.
570
+
571
+ For the v1.0.0 GA promotion (next event):
572
+ - Tag `v1.0.0` (clean semver, no -rc suffix) → workflow auto-routes
573
+ to `latest` (per PR #127 fix)
574
+ - `--provenance` automatic via OIDC
575
+ - GitHub release notes + migration guide
576
+
577
+ ## [10.0.0-rc.11] — 2026-05-02
578
+
579
+ Pre-GA hardening sprint. Closes the remaining clinical-audit blockers and the
580
+ last UX/legal items that were holding back v1.0.0 promotion. Zero new features
581
+ — this RC exists to make v1.0.0 boring.
582
+
583
+ ### Added — Clinical Audit completion (14/17 dimensions)
584
+
585
+ - **Dim 3 — Agents (CONCERNS).** 0 P0 / 3 P1 / 3 P2 / 2 P3. Constitutional
586
+ drift in the canonical counts block, Imperator banner referencing stale
587
+ numbers, and undecided subagent surface across 178 files in `.claude/agents/`.
588
+ None block runtime; all block honest v1 messaging. `docs/audits/audit-dim-03-agents.md`. (PR #121)
589
+ - **Dim 4 — Subagents (CONCERNS).** 0 P0 / 1 P1 / 4 P2 / 2 P3. Spawn vs
590
+ activator surface is undocumented; `sinapse-` prefix policy still pending.
591
+ Mirrors Dim 3 F3-4. `docs/audits/audit-dim-04-subagents.md`. (PR #121)
592
+ - **Dim 5 — Workers (CONCERNS).** 0 P0 / 1 P1 / 3 P2 / 2 P3. Service registry
593
+ was 5 months stale with 8 phantom entries (regenerated in Block 3a).
594
+ `docs/audits/audit-dim-05-workers.md`. (PR #121)
595
+ - **Dim 6 — Squads (CONCERNS).** 0 P0 / 2 P1 / 4 P2 / 2 P3. 10/19 squad
596
+ manifests had count drift; 3 lacked the metrics block entirely. Reconciled
597
+ in Block 3a via new idempotent script. `docs/audits/audit-dim-06-squads.md`. (PR #121)
598
+ - **Dim 7 — Clones (CONCERNS).** 0 P0 / 2 P1 / 3 P2 / 1 P3. 22 simulated
599
+ personas of real public figures shipped with no licensing or disclaimer
600
+ in the OSS package. Resolved in Block 3b — disclaimer in every persona
601
+ file + LICENSE notice + governance hook hardened to fail-closed.
602
+ `docs/audits/audit-dim-07-clones.md`. (PR #121)
603
+ - **Dim 14, 15, 17 — DEFERRED.** Cognition-layer dimensions deferred from
604
+ v1.0.0 with explicit justification. `docs/audits/dim-14-15-17-deferral.md`. (PR #121)
605
+
606
+ ### Added — Pre-GA hardening (Block 1, 3, 7)
607
+
608
+ - Auto-generated counts block in `.sinapse-ai/constitution.md`
609
+ with `npm run sync:counts`. Real numbers: 19 squads, 200 agents,
610
+ 22 orqx commands, 1237 tasks. (PR #119, #122)
611
+ - 16 squad manifests reconciled with disk reality via
612
+ `npm run reconcile:squads` (idempotent). (PR #122)
613
+ - Service registry rebuilt: 369 workers, fresh timestamp. (PR #122)
614
+ - Persona simulation notice in 22 mind clones across squad-council,
615
+ squad-storytelling, squad-design + machine-readable markers
616
+ + `npm run apply:persona-disclaimer` (idempotent) +
617
+ fail-closed `mind-clone-governance.py`. (PR #123)
618
+ - `LICENSE` "PERSONA SIMULATION NOTICE" section with takedown procedure. (PR #123)
619
+ - `.claude/agents/README.md` documents the activator pattern (decision 2a). (PR #122)
620
+ - `README.md` grounding section aligned with foundation-only state of
621
+ Story 10.47 hooks (Concern 1 from Story 10.47 QA). (PR #119)
622
+ - `APSE → SNPS` string rename across docs/CHANGELOG (Caio decision 2026-05-02).
623
+ Word-boundary safe — `SINAPSE` brand and `sinapse-` prefix preserved. (PR #124)
624
+
625
+ ### Fixed
626
+
627
+ - Doctor `npm-packages` check honors Node module resolution instead of
628
+ expecting sibling `.sinapse-ai/node_modules/`. Resolves Bug 3 GA blocker.
629
+ Also adds `tar` as direct runtime dep (was only in `overrides`). (PR #120)
630
+ - Pre-existing `no-fallthrough` ESLint error at `bin/cli.js` cleared
631
+ (Story 10.45 piggyback inside Story 10.46). (PR #117)
632
+ - Setup wizard now prompts for language + LLM in Git Bash + Windows where
633
+ `process.stdin.isTTY === undefined` previously bypassed the prompts.
634
+ Multi-signal `detectInteractiveMode()` honors stdout TTY + flag overrides
635
+ + CI env vars. P0 GA blocker. (PR #117 / Story 10.46)
636
+ - Setup wizard now collects optional grounding paths (vault, design system,
637
+ brand) via opt-in BYO and ships shipping-ready hooks under
638
+ `.sinapse-ai/core/grounding/` with no-op default + JSON example templates
639
+ + full guide `docs/guides/grounding-setup.md`. (PR #118 / Story 10.47)
640
+ - `tar` removed from `package.json` overrides after becoming a direct dep
641
+ (resolves EOVERRIDE on `npm install`). (PR #125)
642
+
643
+ ### Resolved (no work needed)
644
+
645
+ - Dependabot 20 historical alerts: all 17 fixed + 3 dismissed. 0 open. (Block 4)
646
+ - CodeQL 3s phantom check: self-resolved across PRs #117–#119. (Block 6)
647
+
648
+ ### Notes for v1.0.0 promotion
649
+
650
+ This RC closes Phase 1 of the pre-GA gate. The next promotion event publishes
651
+ v1.0.0 to `latest` with `--provenance` (OIDC trusted publishing). Migration
652
+ notes for users on rc.x: backward compat alias for the (so-far-unused) APSE
653
+ prefix is unnecessary because no rc shipped APSE-prefixed agents publicly.
654
+
655
+ ## [10.0.0-rc.10] — 2026-04-19
656
+
657
+ Release candidate capturing the first nine dimensions of the pre-GA Clinical Audit (Phases 1 through 3) and one rule-drift correction surfaced by the audit. Zero runtime changes — all deliverables here are documentation / governance artifacts that land ahead of the Fase C agent-rename work scheduled for 2026-04-23.
658
+
659
+ ### Added — Clinical Audit coverage (9/17 dimensions)
660
+
661
+ - **Dim 13 Gitflows — PASS.** Branch protection, husky hooks (pre-commit + pre-push), and CI status checks verified against `safe-collaboration.md`. Admin-bypass flow exercised 7 times this session (PRs #98–#107) without issue. One MEDIUM logged (session-start auto-fetch is a convention, not a hook — post-GA stub). Evidence in `docs/audits/audit-dim-13-gitflows.md`. (PR #108)
662
+ - **Dim 11 Plugins — CONCERNS.** Installer footprint on plugin system confirmed zero (as intended). Two MEDIUMs: no plugin trust/review rule, no version-pinning guidance. Both are post-GA docs stories, not GA blockers. `docs/audits/audit-dim-11-plugins.md`. (PR #109)
663
+ - **Dim 12 MCP — PASS.** Chrome Brain MCP stack validated stable post-rc.8 (SessionStart hook in place). Installer idempotency observed. Two MEDIUMs: upstream figma-console instability (out of SINAPSE locus of control) and rule-drift in `mcp-usage.md` (fixed in PR #112). `docs/audits/audit-dim-12-mcp.md`. (PR #109)
664
+ - **Dim 1 Features — PASS.** Inventory of user-facing features validated against CLI help text + installer code. One MEDIUM (partial canonical-CLI parity, tracked as item #9 dual-CLI). `docs/audits/audit-dim-01-features.md`. (PR #110)
665
+ - **Dim 8 Commands — CONCERNS.** Dual CLI drift confirmed (`npx sinapse-ai` narrower than `sinapse`). Agent-subcommand audit deferred to Phase 4 per epic ordering (post-SNPS-rename). `docs/audits/audit-dim-08-commands.md`. (PR #110)
666
+ - **Dim 9 Skills — PASS.** All 17 authored skills + plugin + third-party skills load cleanly. One LOW (no top-level skill index doc). `docs/audits/audit-dim-09-skills.md`. (PR #110)
667
+ - **Dim 2 Workflows — PASS.** Four primary workflows (SDC, QA Loop, Spec Pipeline, Brownfield Discovery) have corresponding YAML definitions; 210 task files present. One MEDIUM (per-task contract quality not covered by shell audit — folded into Phase 5 follow-up). `docs/audits/audit-dim-02-workflows.md`. (PR #111)
668
+ - **Dim 10 Tools — PASS.** Hook coverage matches `hook-governance.md`; 74 hook-security tests pass; native-first discipline observed throughout session. One LOW (hook timeout guidance unwritten). `docs/audits/audit-dim-10-tools.md`. (PR #111)
669
+ - **Dim 16 Token Economy — PASS.** All 9 sections of the NON-NEGOTIABLE rule aligned with observed session behavior. One LOW (compaction threshold is convention, not hook — intentional). `docs/audits/audit-dim-16-token-economy.md`. (PR #111)
670
+
671
+ ### Fixed
672
+
673
+ - **`.claude/rules/mcp-usage.md` drift** — Rule no longer claims Docker MCP Toolkit is the "primary MCP infrastructure"; relabeled as an optional acceleration layer. The "Direct in Claude Code" table now lists the three MCPs the SINAPSE installer actually registers (`chrome-devtools`, `dev-browser`, `terminal-bus`) instead of the previous `playwright` + `desktop-commander` entries that no installer path produces. Doc-only, no runtime change. (PR #112)
674
+
675
+ ### Audit summary
676
+
677
+ Across the 9 dimensions audited pre-rename: **zero CRITICAL, zero HIGH, zero GA blockers.** Findings breakdown: 7 MEDIUM (all docs-only or tracked elsewhere) + 3 LOW (all optional polish). The remaining 8 dimensions (3 Agents, 4 Subagents, 5 Workers, 6 Squads, 7 Clones, 14 Research, 15 Knowledge Base, 17 Hallucinations) are deferred to Phase 4 + Phase 5 per the epic's ordering rule: "Rename (Fase C) executed between audit Phase 3 and Phase 4" to avoid auditing names that will churn.
678
+
679
+ ## [10.0.0-rc.9] — 2026-04-19
680
+
681
+ Release candidate closing Fase B (Hardening): CLI surface parity, NSN guard enforcement at the hook layer, and the plan-first clinical audit epic. No new user-facing features — this is trust-infrastructure work ahead of GA.
682
+
683
+ ### Added
684
+
685
+ - **Story 10.43** — `init <name>` on the canonical `npx sinapse-ai` entry. The greenfield scaffolder was reachable through the legacy `sinapse` binary but missing from `npx sinapse-ai`. Fixed with a thin `case 'init'` that forwards via `spawnSync` to the existing wizard — single source of truth, identical flags (`--force`, `--skip-install`, `--template default|minimal|enterprise`). Help text updated. (PR #103)
686
+ - **Story 10.44** — NSN Mode guard hook (`.claude/hooks/enforce-nsn-guard.cjs`). Scans `.md/.mdx/.txt` content on Write/Edit PreToolUse for NSN anti-patterns ("abra o dashboard manualmente", "siga esses passos manualmente", "não consigo acessar a interface", "você precisa abrir/clicar", "I can't do this"). WARN mode (stderr + exit 0) — gives agents visibility without false-positive blocking. Registered in `.claude/settings.json` and documented in `hook-governance.md`. (PR #104)
687
+ - **Epic: Clinical Audit (Pre-GA)** — `docs/epics/epic-clinical-audit-pre-ga.md`. Plan-first deliverable per explicit directive ("IA não pode alucinar — plano ANTES da execução"). Defines 17-dimension audit scope, per-dimension execution protocol (Inventory → Contract → Reality → Delta → Severity → Recommendation → Gate), phased dependency chain, and citation discipline (file:line required for every Reality claim). Audit execution does NOT begin with this merge — individual dimension stories must be written + validated Ready first. (PR #105)
688
+
689
+ ### Changed
690
+
691
+ - **CLI help surface** — `npx sinapse-ai --help` now lists `init <name>` as the first command, reflecting the greenfield path now has parity.
692
+
693
+ ### Unblocked
694
+
695
+ With rc.9, the pre-GA backlog is reduced to: (1) execute the clinical audit (blocked on explicit go-ahead per epic), (2) dual-CLI consolidation (separate story, not a GA blocker), (3) Fase C SNPS rename (separate epic).
696
+
697
+ ## [10.0.0-rc.8] — 2026-04-19
698
+
699
+ Release candidate clearing the rc.8 gate: the three pre-GA blockers (Dependabot, Doctor FAIL on fresh project, Yarn v1 Windows platform exception) are resolved or durably triaged.
700
+
701
+ ### Fixed
702
+
703
+ - **Story 10.41** — Chrome Brain SessionStart hook. The `chrome-devtools` MCP is configured with `--browser-url=http://127.0.0.1:9222`, so it tries to connect to an already-running Chrome at boot. Before this release the installer only registered `PreToolUse` / `PostToolUse` hooks — both fire **after** MCP init — so the MCP would fail, mark itself disconnected, and never auto-reconnect (user had to restart Claude Code). Installer now registers a `SessionStart` hook (`timeout=15s`) that runs `chrome-ensure` before MCP startup, and deduplicates hooks by `(matcher + command)` so the `matcher=""` slot does not collide with other modules (e.g. vault-grounding). Uninstall drops SessionStart entries by matching `chrome-ensure` in the command. Applied to both installer entrypoints (`bin/modules/chrome-brain-installer.js` + `packages/sinapse-install/src/capabilities/chrome-brain.js`). (PR #98)
704
+ - **Story 10.42 / Bug 3** — Doctor fresh-project detection. Running `sinapse doctor` in a directory where SINAPSE was never installed previously produced 11 FAIL entries — every check fired because no artifact existed. New users read that as "the framework is broken" on first contact. Fix: pre-flight `detectInstallState` in `.sinapse-ai/core/doctor/index.js`. If ALL THREE markers are absent (`<projectRoot>/.sinapse-ai/`, `~/.sinapse/`, `~/.claude/commands/SINAPSE/`), doctor short-circuits with a three-line NOT_INSTALLED block ("SINAPSE is not installed in this project. Run: npx sinapse-ai install") and exits code **4** (distinct from 0/1/2/3). JSON output carries `notInstalled: true` + `installCommand`. `--homeDir` option and `SINAPSE_DOCTOR_HOME` env override added for test isolation. Any single marker present → full 15-check suite runs unchanged. 5 new unit tests. (PR #100)
705
+
706
+ ### Changed
707
+
708
+ - **Story 10.34 — re-executed + hardened.** GitHub Dependabot open-alert count already 0 (all 12 rc.1-era alerts closed). `npm audit --omit=dev` is clean. The 2 remaining advisories on the full tree (`picomatch@4.0.3` HIGH, `brace-expansion@5.0.4` MODERATE) are bundled inside `npm@11.12.1` within `@semantic-release/npm` — outside the reach of root `overrides`. Accepted with audit trail at `docs/security/dependabot-triage.md`. CI gate upgraded per Constitution Art. X Tier 1 #7: new job `npm audit --omit=dev --audit-level=high` (HIGH/CRITICAL in prod deps blocks); existing `--audit-level=critical` full-tree job retained. (PR #99)
709
+ - **Install matrix Yarn v1 Windows exception re-affirmed for GA.** `docs/audits/install-matrix-2026-04-16.md` sign-off updated: Dependabot + Doctor FAIL blockers cleared, gate decision marked durable through GA 1.0.0 with explicit revalidation triggers. 24/27 combo matrix stands. (PR #101)
710
+
711
+ ### Infrastructure
712
+
713
+ - **Doctor exit code table expanded.** `0=PASS, 1=WARN, 2=FAIL, 3=internal-error, 4=NOT_INSTALLED`. Release notes for downstream scripts that branch on exit code.
714
+ - **CI security gate** now enforces zero HIGH/CRITICAL in production deps on every PR that touches `package-lock.json`.
715
+
716
+ ## [10.0.0-rc.4] — 2026-04-16
717
+
718
+ Release candidate closing the pre-v1.0.0 GA gate. Three blockers resolved today:
719
+
720
+ ### Fixed
721
+
722
+ - **Story 10.39** — Postinstall exit code fix. Fresh `npm install sinapse-ai` no longer fails with `npm error command failed` when the framework is operational but doctor reports non-critical WARN findings. Exit 1 removed from the contract; only critical failures (sync:ide error, doctor exit ≥ 2) now produce non-zero exit. `--json` output still carries `status: warn` for pipelines that want strict behavior. (PR #82)
723
+ - **Story 10.34** — Dependabot vulnerabilities cleanup. Root lockfile now overrides `serialize-javascript ^7.0.5`, `picomatch ^4.0.4`, `brace-expansion ^5.0.5`. Health-dashboard subpackage lockfile regenerated against current `package.json` (vite@7.3.1, react@18.2). `npm audit --omit=dev` on root = 0 vulnerabilities; `npm audit` on health-dashboard = 0 vulnerabilities. Remaining dev-only vulns inside bundled npm CLI (via `@semantic-release/npm`) dismissed as tolerable risk. (PR #83)
724
+
725
+ ### Changed
726
+
727
+ - **Story A.5 closed** — Windows Wrapper & Cross-Platform Test Matrix accepted with 24/27 PASS. The 3 FAIL combos are all Windows × Yarn v1 (classic), documented as an unsupported platform: Yarn v1 has been in maintenance mode since 2020 with Yarn Berry (v2+) as successor. Windows users should migrate to Yarn v2+ or use npm/pnpm. macOS/Linux on Yarn v1 remain supported. (PR #80)
728
+ - `README.md` — "Supported Platforms" matrix published under installation FAQ, documenting the Yarn v1 Windows exception.
729
+ - `docs/audits/install-matrix-2026-04-16.md` — full decision record for the A.5 gate.
730
+
731
+ ## [Previous Unreleased]
732
+
733
+ Epic `install-ux-hardening` — hardens the install pipeline, CLI output,
734
+ agent activation and handoff runtime so a non-technical user can
735
+ `npm install -g sinapse-ai` on Windows / macOS / Linux, see a minimal
736
+ friendly output, invoke `@developer` immediately, and get a clean
737
+ `sinapse doctor` on a fresh machine. 6 stories Done, 1 (A.5) InReview
738
+ gated on rc.4 CI matrix execution. Resolves gargalos G1-G7 from the
739
+ 2026-04-14 internal install audit. Blocks v1.0.0 GA.
740
+
741
+ ### Added
742
+
743
+ - **Story A.1** — Postinstall orchestrator (`bin/postinstall.js`). Fresh
744
+ `npm install -g sinapse-ai` now automatically runs `sync:ide --ide
745
+ claude-code`, creates `.sinapse/handoffs/` and `.sinapse/scratchpad/`
746
+ runtime dirs, and runs `sinapse doctor --quiet`. No manual sync step
747
+ needed after install. Respects `SINAPSE_SKIP_POSTINSTALL=1`
748
+ (explicit opt-out) and auto-skips on common CI env vars
749
+ (`CI=true`, `GITHUB_ACTIONS`, etc.) unless
750
+ `SINAPSE_FORCE_POSTINSTALL=1` is set. Fails loudly (exit 2) on
751
+ critical failures (sync:ide error, doctor FAIL). Resolves G1, G2, G7.
752
+ - **Story A.2** — Structured logger (`.sinapse-ai/core/logger/`) with
753
+ levels `error | warn | info | debug`. Default level is `warn` so
754
+ fresh installs emit ≤ 10 lines of output. `--verbose` promotes to
755
+ `info`, `--debug` to `debug`, `--quiet` suppresses all but `error`,
756
+ `--json` emits structured output for CI/automation. All 336
757
+ existing `console.*` calls in `bin/cli.js` and `bin/sinapse.js`
758
+ migrated to the logger. ASCII art header only shown on `--verbose`
759
+ or first-run. Resolves structural half of G3.
760
+ - **Story A.3** — Doctor exception classification. Each check module
761
+ now declares its own failure severity via `onError: 'fail' | 'warn'
762
+ | 'skip'`. The generic `catch` in `.sinapse-ai/core/doctor/index.js`
763
+ no longer marks every exception as FAIL. `entity-registry`,
764
+ `agent-memory`, `git-hooks` are `warn` in fresh-install context;
765
+ `node-version`, `npm-packages`, `settings-json` remain `fail`.
766
+ Doctor exit codes: `0` PASS, `1` WARN only, `2` FAIL, `3` internal.
767
+ Fresh install on clean machine now returns exit code `0`. Resolves
768
+ G4.
769
+ - **Story A.4** — Manifest parity validation. New script
770
+ `.sinapse-ai/infrastructure/scripts/validate-manifest-parity.js`
771
+ compares `install-manifest.yaml` against real files in
772
+ `.sinapse-ai/development/{agents,tasks,templates,checklists}/`.
773
+ Wired into `pre-push` hook and `npm run validate:manifest`. CI
774
+ workflow `.github/workflows/manifest-parity.yml` runs parity check
775
+ on every PR. `install-manifest.yaml` regenerated with accurate
776
+ counts (12 agents, not 23) and hashes. Resolves G5.
777
+ - **Story A.5** — Cross-platform install test matrix infra
778
+ (`.github/workflows/install-matrix.yml` + local harness
779
+ `scripts/test-install-matrix-local.sh`). 27 combos (Win/Mac/Linux ×
780
+ npm/pnpm/yarn × global/npx/local). Gated behind release label —
781
+ execution deferred to rc.4 CI run (A.5 remains `InReview` until
782
+ matrix is green). Resolves G6 (infra only).
783
+ - **Story B.1** — Minimalist install output. Default `sinapse install`
784
+ output is ≤ 8 lines: version, agent/squad count, `sinapse doctor`
785
+ hint, `@sinapse` hint, docs URL. `--verbose` preserves full
786
+ relatório for power users, `--json` for CI, first-run detection
787
+ adds a "Bem-vindo ao SINAPSE!" line once per machine. Copy reviewed
788
+ for non-technical PT-BR voice. Resolves content half of G3.
789
+ - **Story C.1** — Exit codes, auto-doctor and opt-in telemetry stub.
790
+ Install script exits `0` success, `1` partial (warnings), `2`
791
+ failed. `sinapse doctor --quiet` runs at end of postinstall with a
792
+ one-liner on failure. New `.sinapse-ai/core/telemetry/` module —
793
+ **disabled by default**, opt-in via `sinapse telemetry enable` or
794
+ `SINAPSE_TELEMETRY=1`. Anonymized payload (no paths, no usernames):
795
+ failure category + platform + version only. Privacy policy in
796
+ `docs/TELEMETRY.md`. Real endpoint is follow-up work.
797
+
798
+ ### Notes
799
+
800
+ - **Story A.5 (`InReview`)** — workflow infrastructure is merged; the
801
+ 27-combo matrix itself will execute as part of the rc.4 release
802
+ cycle. A.5 is promoted to `Done` only after the matrix passes
803
+ green, per the epic-level gate for `rc → latest` promotion.
804
+
805
+ ## [10.0.0-rc.3] - 2026-04-13
806
+
807
+ Critical UX fix: installer can no longer destroy user config.
808
+
809
+ ### Fixed
810
+
811
+ - **Story 10.38** — Installer merge-only policy. Existing `CLAUDE.md`,
812
+ `.env` and other known config files are ALWAYS merged during
813
+ install — never overwritten, never prompted. User customizations
814
+ (custom rules, env values) are preserved by default and
815
+ unconditionally. Files without a registered merge strategy are
816
+ backed up (`<file>.backup.<ts>`) before any change. Legacy fallback
817
+ installer (`bin/sinapse-init.js`) now also runs `MarkdownMerger` on
818
+ existing `CLAUDE.md` instead of plain `fse.copy`. The old
819
+ `--merge` / `--no-merge` flags are accepted as no-ops for
820
+ backward compatibility.
821
+
822
+ ## [10.0.0-rc.2] - 2026-04-13
823
+
824
+ Bug fix: `--reconfigure` flag for `npx sinapse-ai install`.
825
+
826
+ ### Fixed
827
+
828
+ - **Story 10.35** — `npx sinapse-ai install --reconfigure` re-prompts
829
+ language and LLM choice without wiping existing install. Upsert fast
830
+ path (plain `install`) is unchanged. Non-TTY guard preserved. PR #69.
831
+
832
+ ## [10.0.0-rc.1] - 2026-04-13
833
+
834
+ Phase 0 + Phase 1 closeout for the v10.0.0 release. 15 stories shipped
835
+ across 5 cycles, +130 tests, zero regressions, deterministic working
836
+ tree, idempotent installer + updater, doctor reachable from canonical
837
+ CLI, hardened cross-IDE parity, and full release-readiness aggregator.
838
+
839
+ ### Added
840
+
841
+ - **Story 10.17** — External-refs CI guard (`scripts/validate-no-external-refs.js`)
842
+ scanning 100% of git-tracked files, plus Phase 0 authorial hygiene
843
+ pass and Epic 11.0 placeholder. PR #51.
844
+ - **Story 10.18** — Cross-IDE parity hardening: self-sufficient
845
+ `validate-parity.js` error reporting, new `validate:parity:fast`
846
+ pre-push guard with smart short-circuit, compatibility contract
847
+ versioning policy (`sinapse-current.yaml`). PR #52.
848
+ - **Story 10.19** — Coverage floor ratchet (jest.config.js policy
849
+ comment + 23/21/23/25 floors) and story-meta linter
850
+ (`scripts/validate-story-meta.js`). PR #53.
851
+ - **Story 10.20** — Install upsert idempotente in `bin/cli.js`:
852
+ `syncDirSync`, `detectExistingInstall`, `--force` escape hatch.
853
+ Re-running install preserves `installedAt` and reuses prior
854
+ language/LLM choices. PR #54.
855
+ - **Story 10.21** — `npx sinapse-ai doctor` wired into the canonical
856
+ CLI with `--fix`, `--dry-run`, `--json`, `--quiet`, `--deep`,
857
+ `--help` flags. Mirrors legacy `bin/sinapse.js` wiring but uses
858
+ `process.exitCode` for clean stdout flush. PR #55.
859
+ - **Story 10.22** — Update upsert idempotente: `cmdUpdateGlobal`
860
+ reuses settings, calls `syncDirSync`, preserves `installedAt`,
861
+ prints "Update complete" summary mirroring 10.20 install upsert. PR #56.
862
+ - **Story 10.23** — Squad allow-list cleanup. 5 of 6 pre-existing
863
+ fork attribution files rewritten in authorial voice; the 6th
864
+ (`skill-craftsman.md`) kept as permanent allow-list entry with
865
+ documented rationale. PR #57.
866
+ - **Story 10.25** — Coverage Report Summary script
867
+ (`scripts/coverage-report-summary.js`) replaces the no-op CI step;
868
+ emits a Markdown table to `$GITHUB_STEP_SUMMARY` so PR reviewers
869
+ see coverage at a glance. PR #59.
870
+ - **Story 10.28** — Squad orqx activation verification
871
+ (`scripts/validate-squad-orqx.js`) covering 21 squad orchestrators
872
+ across 4 distinct file formats. Companion to the existing
873
+ `validate-agents.js` for core framework agents. PR #61.
874
+ - **Story 10.29** — Release readiness aggregator
875
+ (`scripts/release-readiness.js`) wraps every validator built
876
+ throughout Epic 10.0 into one pre-release report. PR #62.
877
+ - **Story 10.31** — Surgical README polish: CLI Reference now matches
878
+ the canonical command surface, badges include test count and
879
+ Constitution. PR #64.
880
+ - **Story 10.32** — This release prep: bump to 10.0.0-rc.1 +
881
+ CHANGELOG entry summarizing all of Phase 0 + Phase 1.
882
+
883
+ ### Fixed
884
+
885
+ - **Story 10.24** — Registry write idempotency. Changed
886
+ `_writeRegistry` from `sortKeys: false` to `sortKeys: true`. Two
887
+ writes of the same data now produce byte-identical files,
888
+ eliminating the recurring `M entity-registry.yaml` churn that
889
+ polluted git status throughout cycles 1-2. PR #58.
890
+ - **Story 10.27** — Pre-commit manifest auto-regen. The IDS
891
+ post-commit hook now also regenerates `install-manifest.yaml`
892
+ after any `.sinapse-ai/` change, and `generate-install-manifest.js`
893
+ no longer writes a non-deterministic `generated_at` timestamp
894
+ into the file body. The recurring "manifest outdated" warning
895
+ is gone. PR #60.
896
+
897
+ ### Changed
898
+
899
+ - **Story 10.30** — `sinapse-minimal` and `sinapse-graph` removed
900
+ from `package.json` `bin`. The .js files stay for one release
901
+ cycle as direct-node fallbacks, then are deleted entirely in
902
+ v11. The canonical surface is now exactly two binaries:
903
+ `sinapse` (legacy router) and `sinapse-ai` (canonical CLI). PR #63.
904
+
905
+ ### Quality Metrics
906
+
907
+ - Tests: 10599 → 10729 (+130 across cycles 1-5, 0 regressions)
908
+ - Coverage actual: statements 34.9%, branches 32.47%, lines 35.03%,
909
+ functions 37.73% (all above the 23/21/23/25 ratchet floors)
910
+ - Working tree determinism: every commit converges to clean state
911
+ - CI: 32-33 checks pass per PR (the only "fail" is the standalone
912
+ CodeQL standalone scan unrelated to PR content)
913
+ - Allow-list shrunk from 6 → 1 permanent entry
914
+ - 6 new validators / scripts in production
915
+
916
+ ### Breaking Changes
917
+
918
+ None. v10.0.0-rc.1 is fully backward-compatible with 9.x. The only
919
+ removal (`sinapse-minimal` / `sinapse-graph` bin entries) is for
920
+ binaries that have been deprecated since v3.11.1 with runtime
921
+ warnings.
922
+
923
+ ---
924
+
925
+ ## [6.0.0] - 2026-03-25
926
+
927
+ ### Breaking Changes
928
+ - Standardized agent IDs to full names: `developer`, `quality-gate`, `project-lead`, `product-lead`, `sprint-lead`
929
+ - Unified orchestrator naming to `sinapse-orqx`
930
+ - Wizard simplified: PT-BR only, single LLM question, auto-detect everything
931
+ - Removed Spanish (ES) and Chinese (ZH) language support
932
+ - Only 19 orqx agents visible as commands (specialist agents are backend-only)
933
+
934
+ ### Added
935
+ - Immersive SINAPSE AI welcome screen with ASCII art banner
936
+ - Auto-detection of project type (greenfield/brownfield/upgrade)
937
+ - Auto-detection of tech preset from project files
938
+ - LLM selection: Claude Code / Codex CLI / Both
939
+ - 19 global agent definitions installed to ~/.claude/agents/
940
+ - 18 orqx command files in .claude/commands/SINAPSE/agents/
941
+
942
+ ### Changed
943
+ - Default language hardcoded to Portuguese (PT-BR)
944
+ - Installation wizard reduced to 1 interactive question
945
+ - CODEOWNERS updated to @caioimori & @eusoier
946
+ - Welcome banner updated to SINAPSE AI branding
947
+
948
+ ### Removed
949
+ - All legacy external references cleaned from codebase
950
+ - Spanish (docs/es/) and Chinese (docs/zh/) documentation
951
+ - 11 core agent commands (dev, qa, pm, po, sm, etc.) — now backend-only
952
+ - Language selection from wizard (hardcoded PT-BR)
953
+ - User profile selection from wizard (hardcoded Quick Mode)
954
+ - Project type selection from wizard (auto-detected)
955
+ - Tech preset selection from wizard (auto-detected)
956
+
957
+ ### Security
958
+ - LICENSE updated with complete MIT copyright chain
959
+ - Zero external references in codebase (verified via automated scan)
960
+
961
+ ## [4.2.11] - 2026-02-16
962
+
963
+ ### Added
964
+
965
+ - Squad agent commands are now automatically installed to active IDEs during pro scaffolding (`installSquadCommands`).
966
+ - Supports Claude Code (`.claude/commands/{squad}/`), Codex CLI (`.codex/agents/`), Gemini CLI (`.gemini/rules/{squad}/`), and Cursor (`.cursor/rules/`).
967
+ - Installed files are tracked in `pro-installed-manifest.yaml` and `pro-version.json`.
968
+
969
+ ## [4.2.10] - 2026-02-16
970
+
971
+ ### Fixed
972
+
973
+ - Handle `ALREADY_ACTIVATED` license status gracefully instead of throwing error.
974
+ - Fix error envelope parsing in pro license client — correctly extracts error messages from API responses.
975
+
976
+ ## [4.2.9] - 2026-02-16
977
+
978
+ ### Fixed
979
+
980
+ - Pass `targetDir` correctly to `runProWizard` — fixes pro install failing in non-CWD projects.
981
+ - Surface pro install errors to user instead of silently swallowing them.
982
+
983
+ ## [4.2.8] - 2026-02-16
984
+
985
+ ### Fixed
986
+
987
+ - Exclude `mmos-squad` (private) from pro scaffolding via `SCAFFOLD_EXCLUDES`.
988
+ - Merge `pro-config.yaml` sections into `core-config.yaml` during pro install (`mergeProConfig`).
989
+
990
+ ## [4.2.7] - 2026-02-16
991
+
992
+ ### Fixed
993
+
994
+ - Pro wizard (`npx sinapse-ai install`) now auto-installs `@sinapse-fullstack/pro` package during Step 2, fixing "Pro package not found" error in greenfield and brownfield projects.
995
+ - Greenfield projects without `package.json` now get `npm init -y` automatically before pro install.
996
+ - Removed unused `headings` import in `pro-setup.js`.
997
+
998
+ ## [Unreleased]
999
+
1000
+ ### Added
1001
+
1002
+ - `docs/glossary.md` with official SINAPSE taxonomy terms:
1003
+ - `squad`
1004
+ - `flow-state`
1005
+ - `confidence gate`
1006
+ - `execution profile`
1007
+ - `scripts/semantic-lint.js` for semantic terminology regression checks.
1008
+ - `tests/unit/semantic-lint.test.js` for semantic lint rule validation.
1009
+
1010
+ ### Changed
1011
+
1012
+ - CI now includes a `Semantic Lint` job (`npm run validate:semantic-lint`).
1013
+ - Pre-commit markdown pipeline now runs semantic lint through `lint-staged`.
1014
+
1015
+ ### Migration Notes
1016
+
1017
+ - Deprecated terminology replacements:
1018
+ - `expansion pack` -> `squad`
1019
+ - `permission mode` -> `execution profile`
1020
+ - `workflow state` -> `flow-state` (warning-level migration)
1021
+
1022
+ ---
1023
+
1024
+ ## [3.9.0] - 2025-12-26
1025
+
1026
+ ### Highlights
1027
+
1028
+ This release introduces **Squad Continuous Improvement** capabilities with analyze and extend commands, plus a massive codebase cleanup removing 116K+ lines of deprecated content.
1029
+
1030
+ ### Added
1031
+
1032
+ #### Story SQS-11: Squad Analyze & Extend
1033
+ - **`*analyze-squad` command** - Analyze squad structure, coverage, and get improvement suggestions
1034
+ - **`*extend-squad` command** - Add new components (agents, tasks, workflows, etc.) incrementally
1035
+ - **New Scripts:**
1036
+ - `squad-analyzer.js` - Inventory and coverage analysis
1037
+ - `squad-extender.js` - Component creation with templates
1038
+ - **8 Component Templates:**
1039
+ - `agent-template.md`, `task-template.md`, `workflow-template.yaml`
1040
+ - `checklist-template.md`, `template-template.md`
1041
+ - `tool-template.js`, `script-template.js`, `data-template.yaml`
1042
+ - **New Tasks:**
1043
+ - `squad-creator-analyze.md`
1044
+ - `squad-creator-extend.md`
1045
+
1046
+ ### Changed
1047
+
1048
+ #### Story TD-1: Tech Debt Cleanup
1049
+ - Fixed ESLint warnings in 5 core files
1050
+ - Removed 284 deprecated files (~116,978 lines deleted)
1051
+ - Cleaned `.github/deprecated-docs/` directory
1052
+ - Removed obsolete backup files
1053
+
1054
+ ### Fixed
1055
+ - ESLint `_error` variable warnings in test utilities
1056
+ - Context loader error handling improvements
1057
+
1058
+ ---
1059
+
1060
+ ## [3.8.0] - 2025-12-26
1061
+
1062
+ *Previous release with WIS and SQS features.*
1063
+
1064
+ ---
1065
+
1066
+ ## [2.2.3] - 2025-12-22
1067
+
1068
+ ### Highlights
1069
+
1070
+ This release marks the **Open-Source Community Readiness** milestone, preparing SINAPSE for public contribution while introducing the **Squad System** for extensibility.
1071
+
1072
+ ### Added
1073
+
1074
+ #### Epic OSR: Open-Source Community Readiness (10 Stories)
1075
+
1076
+ - **Legal Foundation** (OSR-3)
1077
+ - `PRIVACY.md` / `PRIVACY-PT.md` - Privacy policies (EN/PT)
1078
+ - `TERMS.md` / `TERMS-PT.md` - Terms of use (EN/PT)
1079
+ - `CODE_OF_CONDUCT.md` - Community guidelines with contact info
1080
+
1081
+ - **Community Process** (OSR-6)
1082
+ - Feature request templates and triage process
1083
+ - Issue labeling standards
1084
+
1085
+ - **Public Roadmap** (OSR-7)
1086
+ - Public roadmap documentation
1087
+ - Community visibility into planned features
1088
+
1089
+ - **Squads Guide** (OSR-8)
1090
+ - Comprehensive guide for creating community squads
1091
+ - Examples and best practices
1092
+
1093
+ - **Rebranding to SINAPSE** (OSR-9)
1094
+ - Brand investigation complete
1095
+ - Namespace updated to SinapseAI
1096
+
1097
+ - **Release Checklist** (OSR-10)
1098
+ - GitHub configuration validated
1099
+ - CodeQL security scanning active (30+ alerts addressed)
1100
+ - Branch protection rules configured
1101
+ - Smoke test passed on clean clone
1102
+
1103
+ #### Epic SQS: Squad System Enhancement (Sprint 7)
1104
+
1105
+ - **Squad Designer Agent** (SQS-9)
1106
+ - New `@squad-creator` agent for guided squad creation
1107
+ - Interactive wizard with `*create-squad` command
1108
+ - AI-powered naming and structure suggestions
1109
+
1110
+ - **Squad Loader Utility** (SQS-2)
1111
+ - Local squad resolution from `./squads/` directory
1112
+ - Simplified loading without complex caching
1113
+
1114
+ - **Squad Validator + Schema** (SQS-3)
1115
+ - JSON Schema for squad manifest validation
1116
+ - `*validate-squad` command for compliance checking
1117
+
1118
+ - **Squad Creator Tasks** (SQS-4)
1119
+ - `*create-squad` - Interactive squad creation
1120
+ - `*validate-squad` - Manifest validation
1121
+ - `*list-squads` - Local squad discovery
1122
+
1123
+ #### Infrastructure & Documentation
1124
+
1125
+ - **Documentation Integrity System** (6.9)
1126
+ - Automated cross-reference validation
1127
+ - Link checking in CI pipeline
1128
+
1129
+ - **MCP Governance Consolidation** (6.14)
1130
+ - Unified MCP configuration rules
1131
+ - `.claude/rules/mcp-usage.md` guidance
1132
+
1133
+ - **Agent Config Path Fix** (6.15)
1134
+ - Resolved path resolution issues across platforms
1135
+
1136
+ - **Scripts Path Consolidation** (6.16)
1137
+ - Standardized script locations under `.sinapse-ai/scripts/`
1138
+
1139
+ - **Semantic Release Automation** (6.17)
1140
+ - Automated versioning on merge to main
1141
+ - Conventional commit parsing
1142
+ - Automatic CHANGELOG generation
1143
+
1144
+ - **Agent Command Rationalization** (Story 6.1.2.3)
1145
+ - Command consolidation: `sinapse-orqx` 44→30 commands (32% reduction)
1146
+ - Command consolidation: `data-engineer` 31→28 commands (9.7% reduction)
1147
+ - New consolidated tasks: `security-audit`, `analyze-performance`, `test-as-user`, `setup-database`
1148
+ - Migration guide: `docs/guides/command-migration-guide.md`
1149
+ - Agent selection guide: `docs/guides/agent-selection-guide.md`
1150
+
1151
+ - **Dynamic Project Status Context** (Story 6.1.2.4)
1152
+ - Git branch, modified files, and recent commits shown in agent greetings
1153
+ - Current story and epic detection from `docs/stories/`
1154
+ - 60-second cache mechanism (<100ms first load, <10ms cached)
1155
+ - Cross-platform support (Windows/Linux/macOS)
1156
+
1157
+ ### Changed
1158
+
1159
+ - **Agent Delegation Guidance** - All agents now include "NOT for" sections in `whenToUse`
1160
+ - **PR Title Format** - DevOps `*create-pr` now generates Conventional Commits format titles
1161
+ - **Scripts Location** - Consolidated under `.sinapse-ai/scripts/` for consistency
1162
+ - **MCP Configuration** - Unified rules in `.claude/rules/mcp-usage.md`
1163
+
1164
+ ### Fixed
1165
+
1166
+ - **Agent Config Paths** (6.15) - Resolved path resolution issues on Windows
1167
+ - **Script References** (6.16) - Fixed broken script imports across agents
1168
+
1169
+ ### Security
1170
+
1171
+ - **CodeQL Scanning** - Active with 30+ alerts reviewed
1172
+ - **Branch Protection** - Enabled on main (1 approver, dismiss stale reviews)
1173
+
1174
+ ### Documentation
1175
+
1176
+ - **Squads Guide** - Complete guide for community squad creation
1177
+ - **Feature Process** - Templates and triage workflow documented
1178
+ - **Public Roadmap** - Community visibility into planned features
1179
+ - **Legal Documents** - Privacy policy, Terms of Use (EN/PT)
1180
+
1181
+ ---
1182
+
1183
+ ## [4.32.0] - 2025-11-12
1184
+
1185
+ ### Removed
1186
+ - **Private squads** - Moved to separate private repository (`sinapse-squads`)
1187
+ - Removed `squads/creator/` (CreatorOS)
1188
+ - Removed `squads/innerlens/`
1189
+ - Removed `squads/mmos-mapper/`
1190
+ - Removed `squads/sinapse-infrastructure-devops/`
1191
+ - Removed `squads/meeting-notes/`
1192
+ - Repository: https://github.com/caioimori/sinapse-squads (PRIVATE)
1193
+ - **Internal development tools** - Moved to separate private repository (`sinapse-dev-tools`)
1194
+ - Removed analysis scripts: `analyze-batches.js`, `analyze-decision-patterns.js`, `analyze-epic3.js`, etc.
1195
+ - Removed consolidation scripts: `consolidate-entities.js`, `consolidate-results.js`, etc.
1196
+ - Removed extraction scripts: `extract-all-claude-backups.js`, `extract-claude-history.js`
1197
+ - Removed generation scripts: `generate-entity-summary.js`, `generate-entity-table.js`
1198
+ - Repository: https://github.com/caioimori/sinapse-dev-tools (PRIVATE)
1199
+ - **hybrid-ops squad** - Moved to separate repository for independent maintenance
1200
+ - Removed `squads/hybrid-ops/` directory
1201
+ - Removed `.hybrid-ops/` directory
1202
+ - Updated `core-config.yaml` to reference external repository
1203
+ - Updated `install-manifest.yaml` (removed 47 file entries)
1204
+ - Repository: https://github.com/caioimori/sinapse-hybrid-ops
1205
+
1206
+ ### Changed
1207
+ - README.md - hybrid-ops now listed under "Squads Externos"
1208
+ - Squad can now be installed independently via GitHub
1209
+ - **Squad naming convention** - Applied consistent `{agent-id}-` prefix to agent-specific tasks across all 6 squads
1210
+ - ETL pack: 4 tasks renamed (youtube-specialist, social-specialist, web-specialist)
1211
+ - Creator pack: 4 tasks already renamed (pre-existing migration)
1212
+ - Innerlens pack: 4 tasks renamed (fragment-extractor, psychologist, quality-assurance)
1213
+ - Mmos-mapper pack: 7 tasks renamed (cognitive-analyst, research-specialist, system-prompt-architect, emulator, mind-pm)
1214
+ - Sinapse-infrastructure-devops pack: 2 tasks already renamed (pre-existing)
1215
+ - Meeting-notes pack: 1 task already renamed (pre-existing)
1216
+ - All agent dependencies updated to reference new task names
1217
+ - Shared tasks correctly have NO prefix (conservative approach)
1218
+
1219
+ ### Technical
1220
+ - Story: 4.6 - Move Hybrid-Ops to Separate Repository
1221
+ - Breaking Change: hybrid-ops no longer bundled with sinapse-ai
1222
+ - Migration: Users can install from external repo to `squads/hybrid-ops/`
1223
+ - Story: 4.7 - Removed `squads/hybrid-ops.legacy/` directory (legacy backup no longer needed)
1224
+ - Story: 4.5.3 - Squads Naming Convention Migration
1225
+ - Applied naming convention from Story 4.5.2 to all 6 squads
1226
+ - Total: 15 tasks renamed (11 new + 4 pre-existing)
1227
+ - 18 agent files updated with new dependencies
1228
+ - Validation: 100% compliance, 0 broken references
1229
+
1230
+ ## [4.31.1] - 2025-10-22
1231
+
1232
+ ### Added
1233
+ - NPX temporary directory detection with defense-in-depth architecture
1234
+ - PRIMARY detection layer in `tools/sinapse-npx-wrapper.js` using `__dirname`
1235
+ - SECONDARY fallback detection in `tools/installer/bin/sinapse.js` using `process.cwd()`
1236
+ - User-friendly help message with chalk styling when NPX temp directory detected
1237
+ - Regex patterns to identify macOS NPX temporary paths (`/private/var/folders/.*/npx-/`, `/.npm/_npx/`)
1238
+ - JSDoc documentation for NPX detection functions
1239
+
1240
+ ### Fixed
1241
+ - NPX installation from temporary directory no longer attempts IDE detection
1242
+ - Clear error message guides users to correct installation directory
1243
+ - Prevents confusion when running `npx sinapse-ai install` from home directory
1244
+
1245
+ ### Changed
1246
+ - Early exit with `process.exit(1)` when NPX temporary context detected
1247
+ - Help message provides actionable solution: `cd /path/to/your/project && npx sinapse-ai install`
1248
+
1249
+ ### Technical
1250
+ - Story: 2.3 - NPX Installation Context Detection & Help Text (macOS)
1251
+ - Defense in depth: Two independent detection layers provide redundancy
1252
+ - macOS-specific implementation (other platforms unaffected)
1253
+ - Non-breaking change (patch version)
1254
+
1255
+ ## [4.31.0] - Previous Release
1256
+
1257
+ *(Previous changelog entries to be added)*