frontagent - npm Package Compare versions

Comparing version

1.0.9

2.1.1

+48

docs/releases/v2.1.0.md

		# FrontAgent v2.1.0

		FrontAgent v2.1.0 is a minor release after v2.0.0. It adds Open Memory Gateway integration, publishes the OSS Harness workflow assets, expands test coverage across core runtime paths, and tightens CI, dependency, and maintainer workflow checks.

		## Highlights

		- Added opt-in Open Memory Gateway integration for managed long-term memory.
		- Added OSS Harness assets for contributions, PR review, GitNexus contracts, local hooks, and repository workflow checks.
		- Expanded focused unit coverage for FrontAgent, Executor, PhaseRunner, ContextManager, LLM service, planner, memory, security, SDD workflow, mcp-filesense, and workflow rules.
		- Upgraded the development and runtime dependency set, including Biome 2.x, TypeScript 6.x, Vitest 4.x, Playwright 1.60.x, Turbo 2.9.x, AI SDK, MCP SDK, and LangChain-related packages.
		- Updated CI to run the full quality gate on Node 20 and Node 22 with one aggregate status check.
		- Packaged the VS Code extension as `frontagent-2.1.0.vsix`.

		## Added

		- Open Memory Gateway: FrontAgent can now use an opt-in Gateway adapter to write Gateway-compatible Markdown memories, keep draft and active memories separate, and recall active memories while retaining the existing `.frontagent/memory` fallback path.
		- OSS Harness: Added contributor guidance, workflow documentation, GitNexus knowledge contracts, CODEOWNERS, issue templates, PR template, git hooks, and workflow rule tests.
		- Local workflow scripts: Added `agent:bootstrap`, `quality:predev`, `quality:precommit`, `quality:ci`, `quality:local`, `contract:*`, and `test:workflows`.
		- Dependency maintenance: Added `.env.example` and Dependabot configuration.

		## Changed

		- Extracted `PhaseRunner` from `Executor` and step callback handling from `FrontAgent`.
		- Split Skill Lab behavior benchmarking, trigger benchmarking, improvement, reporting, and scaffolding into focused modules.
		- Introduced structured logging and migrated core debug output to shared logger utilities.
		- Tightened source type safety with stricter `noExplicitAny` coverage.
		- Raised the VS Code extension engine requirement to `^1.120.0`.

		## Fixed

		- Patched high-severity dependency vulnerabilities through dependency upgrades and pnpm overrides.
		- Fixed Biome formatting and stricter typing failures introduced by merged test and Skill Lab changes.
		- Unified Node 20 and Node 22 CI matrix results under a single aggregate CI status.

		## Test And CI

		- Added broad focused unit coverage for core, memory, planner, security, executor, LLM, ContextManager, mcp-filesense, SDD, shared logger, and workflow rules.
		- Added Contract Guard for PRs targeting `develop`.
		- Added Repo Guard workflow support for PR, issue, and issue-comment review paths with fork and actor safeguards.
		- Upgraded GitHub Actions dependencies to `actions/checkout@v6`, `actions/setup-node@v6`, and `pnpm/action-setup@v6`.

		## Compatibility

		- CLI package version: `frontagent@2.1.0`.
		- VS Code extension version: `frontagent@2.1.0`.
		- Node.js requirement: `>=20.0.0`.
		- VS Code requirement: `^1.120.0`.

+59

docs/releases/v2.1.1.md

		# FrontAgent v2.1.1

		FrontAgent v2.1.1 is a patch release after v2.1.0. It focuses on maintainability, security hardening, workflow reliability, and test coverage across the agent execution path, Filesense, hybrid RAG, memory persistence, runtime MCP handling, and the VS Code webview.

		## Highlights

		- Decomposed the core agent and executor orchestration paths into smaller, focused helpers.
		- Split Filesense engine responsibilities for helpers, indexing, notes, query, and schema orchestration.
		- Extracted memory persistence writers and preload/recall helpers.
		- Extracted semantic search orchestration from the hybrid RAG knowledge-base path.
		- Hardened VS Code webview nonce generation and split webview renderers.
		- Restored and hardened local GitNexus contract gates and worktree bootstrap checks.
		- Expanded focused unit coverage across CLI, runtime MCP, executor, agent, context, Filesense, memory, RAG, and VS Code webview behavior.

		## Changed

		- Executor orchestration: Tool-call handling, validation skip handling, progress enforcement, step feedback, and step trace recording now live in focused modules. This keeps execution behavior stable while reducing the size of the central executor implementation.
		- Agent orchestration: Context gathering, facts update flushing, project prescan preparation, task execution setup, and execution callback wiring were extracted from the main FrontAgent flow.
		- Context management: Fact serialization, facts merging, filesystem fact updates, and module dependency graph updates were split out of `ContextManager`.
		- Planner phases: Planner phase helper logic was split into dedicated modules with additional tests.
		- Filesense engine: Engine helper logic, index persistence, notes generation, query result handling, and schema orchestration were separated into focused modules.
		- Memory store: Memory preload/recall behavior and persistence writer behavior were extracted from `MemoryStore`.
		- Hybrid RAG: Semantic search orchestration was extracted from the knowledge-base implementation.
		- Runtime MCP: MCP task invocation setup was split from the runtime MCP server handler path.
		- VS Code extension: Webview body, script, style, and template rendering were decomposed into smaller helpers.
		- Code quality subagent: Prompt policy logic was split into a dedicated helper.
		- Tooling: The temporary GitNexus release-candidate patch was removed and the Biome schema version was aligned.

		## Fixed

		- VS Code security: Hardened webview nonce generation.
		- Filesense query: Preserved relative path semantics in query results.
		- Filesense notes: Preserved notes schema path ownership.
		- Workflow contracts: Restored the local GitNexus contract gate.
		- Bootstrap checks: Resolved relative core worktree paths and guarded bootstrap against mismatched worktrees.

		## Tests

		- Added focused CLI command router coverage.
		- Added runtime MCP contract tests and schema assertion coverage.
		- Added hybrid RAG knowledge-base coverage.
		- Added executor tests for validation skipping, progress enforcement, step feedback, tool-call handling, and trace recording.
		- Added agent tests for context gathering, facts flushing, project prescan preparation, execution callbacks, and task execution setup.
		- Added ContextManager tests for fact serialization, facts merging, filesystem fact updates, and module dependency graph behavior.
		- Added Filesense tests for engine helpers, indexing persistence writes, notes generation, query behavior, and schema orchestration.
		- Added memory tests for preload/recall helpers and persistence writers.
		- Added VS Code webview tests for body, script, style, and template renderer extraction.
		- Cleaned Biome warnings in executor, shared utility, and LLM service tests.

		## Dependencies

		- Updated production dependency lockfile entries from the Dependabot production dependency group.

		## Compatibility

		- CLI package version: `frontagent@2.1.1`.
		- VS Code extension version: `frontagent@2.1.1`.
		- Node.js requirement: `>=20.0.0`.
		- VS Code requirement: `^1.120.0`.

+152

-0

CHANGELOG.md

		@@ -7,2 +7,154 @@ # Changelog

		## [2.1.1] - 2026-06-09

		### Changed

		- core/executor: Decomposed executor tool-call handling, validation skip handling, progress enforcement, step feedback, and trace recording into focused helpers. This keeps task execution behavior intact while making MCP task invocation, progress checks, and step trace output easier to test and maintain.
		- core/agent: Extracted agent context gathering, facts update flushing, project prescan preparation, task execution setup, and execution callback wiring out of the main FrontAgent orchestration path. This reduces the size and coupling of the core agent loop without changing the public execution contract.
		- core/context: Split context fact serialization, facts merge helpers, filesystem fact updates, and module dependency graph updates from `ContextManager`, improving maintainability around context persistence and workspace fact refreshes.
		- core/planner: Split planner phase helper logic into dedicated modules and expanded planner tests around phase handling.
		- mcp-filesense: Extracted engine helper, indexing, notes, query, and schema orchestration responsibilities from the Filesense engine. Query, notes, schema, and index persistence behavior now have focused module boundaries and tests.
		- mcp-memory: Extracted memory preload/recall helpers and persistence writer responsibilities from `MemoryStore`, keeping memory I/O behavior isolated from recall orchestration.
		- mcp-memory/rag: Extracted semantic search orchestration from the knowledge-base implementation while preserving hybrid RAG behavior.
		- runtime-node: Extracted runtime MCP task invocation setup from the MCP server path, clarifying schema assertions and task handler wiring.
		- vscode: Split the webview body, script, style, and template rendering helpers into smaller units with dedicated tests while preserving the sidebar UI behavior.
		- sub-agents: Split code-quality subagent prompt policy into a focused helper with tests.
		- tooling: Removed the temporary GitNexus release-candidate patch and aligned the Biome schema version.

		### Fixed

		- vscode/security: Hardened VS Code webview nonce generation.
		- filesense: Preserved relative path semantics in Filesense query results.
		- filesense: Preserved notes schema path ownership when generating Filesense notes.
		- workflow: Restored and hardened the local GitNexus contract gate.
		- workflow: Resolved relative core worktree paths and guarded bootstrap against mismatched worktrees.

		### Tests

		- Added focused CLI command router coverage.
		- Added runtime MCP contract and schema assertion coverage.
		- Added hybrid RAG knowledge-base coverage.
		- Added executor coverage for validation skipping, progress enforcement, step feedback, tool-call handling, and trace recording.
		- Added agent coverage for context gathering, facts flushing, project prescan preparation, execution callbacks, and task execution setup.
		- Added ContextManager coverage for fact serialization, facts merging, filesystem fact updates, and module dependency graph behavior.
		- Added Filesense coverage for engine helpers, indexing persistence writes, notes generation, query result behavior, and schema orchestration.
		- Added memory coverage for preload/recall helpers and persistence writers.
		- Added VS Code webview renderer coverage for body, script, style, and template extraction.
		- Cleaned Biome warnings in executor, shared utility, and LLM service tests.

		### Dependencies

		- Updated production dependency lockfile entries from the Dependabot production dependency group.

		### Compatibility Notes

		- The published CLI package and VS Code extension are now versioned as `2.1.1`.
		- Node.js remains `>=20.0.0`.
		- The VS Code extension still requires VS Code `^1.120.0`.

		## [2.1.0] - 2026-06-08

		### Added

		- core: Added opt-in Open Memory Gateway integration for managed long-term memory. FrontAgent can now write Gateway-compatible Markdown memories, separate draft and active memory states, and recall active memories while preserving the existing `.frontagent/memory` fallback when Gateway mode is disabled or unavailable.
		- workflow: Added OSS Harness assets for open-source maintenance, including contribution guidance, workflow documentation, GitNexus knowledge contracts, CODEOWNERS, issue templates, PR template, local git hooks, and workflow rule tests.
		- workflow: Added local quality and contract scripts: `agent:bootstrap`, `quality:predev`, `quality:precommit`, `quality:ci`, `quality:local`, `contract:*`, and `test:workflows`.
		- dx: Added `.env.example` and Dependabot configuration for npm and GitHub Actions dependency maintenance.

		### Changed

		- core: Extracted `PhaseRunner` from `Executor` and step callback handling from `FrontAgent`, making execution flow and callback behavior easier to test and maintain.
		- core: Split Skill Lab behavior benchmarking, trigger benchmarking, improvement, reporting, and scaffolding into focused modules.
		- shared/core: Introduced a structured logger and migrated core debug logging to shared logging utilities.
		- type-safety: Tightened source type safety by enabling stricter `noExplicitAny` checks and replacing remaining loose source types with explicit interfaces.
		- dependencies: Upgraded the development toolchain and runtime dependencies, including Biome 2.x, TypeScript 6.x, Vitest 4.x, Playwright 1.60.x, Turbo 2.9.x, AI SDK, MCP SDK, and LangChain-related packages.
		- vscode: Raised the minimum VS Code engine requirement to `^1.120.0`.

		### Fixed

		- security: Patched high-severity dependency vulnerabilities through dependency upgrades and pnpm overrides for packages including `hono`, `path-to-regexp`, `fast-uri`, `ws`, `yaml`, and `ajv`.
		- lint: Fixed Biome formatting and `noExplicitAny` lint failures introduced by merged test and Skill Lab changes.
		- ci: Unified Node 20 and Node 22 matrix results under a single aggregate CI status check.

		### Tests

		- Added focused unit coverage for FrontAgent, answer generation, Executor, PhaseRunner, ContextManager, LLM service, planner behavior, memory store behavior, Open Memory Gateway integration, security rules, mcp-filesense engine behavior, shared logger behavior, SDD workflow rules, and OSS Harness workflow contracts.
		- Added workflow rule tests for OSS Harness automation and CI aggregate workflow behavior.

		### CI/CD

		- Updated GitHub Actions CI to run the full `quality:ci` gate across Node 20 and Node 22, including lint, typecheck, tests, workflow tests, and build.
		- Added Contract Guard for PRs targeting `develop`, enforcing GitNexus contract checks and impact-summary discipline for critical skeleton changes.
		- Added Repo Guard workflow support for PR, issue, and issue-comment review paths with fork and actor safeguards.
		- Upgraded GitHub Actions dependencies to `actions/checkout@v6`, `actions/setup-node@v6`, and `pnpm/action-setup@v6`.

		### Documentation

		- Added OSS Harness engineering workflow documentation, contributor guidance, GitNexus knowledge contract documentation, and superpowers implementation plans/specs for Repo Guard, OSS Harness, and Open Memory Gateway.
		- Added Claude/GitNexus skill assets and workflow automation assets for repository-native agent workflows.

		### Compatibility Notes

		- The published CLI package and VS Code extension are now versioned as `2.1.0`.
		- Node.js remains `>=20.0.0`.
		- The VS Code extension now requires VS Code `^1.120.0`.

		## [2.0.0] - 2026-05-20

		### Architecture Refactoring

		This release represents a major architectural overhaul. All large monolithic source files have been decomposed into focused, single-responsibility modules while preserving the public API surface.

		- core: Split `agent.ts` (1200+ lines) into `agent/agent.ts`, `agent/helpers.ts`, `agent/phase-checks.ts`, `agent/dev-server-detection.ts`, `agent/answer-generation.ts`, `agent/memory-lifecycle.ts`, `agent/rag-retrieval.ts`.
		- core: Split `llm.ts` into `llm/llm-service.ts`, `llm/factory.ts`, `llm/object-repair.ts`, `llm/prompts.ts`, `llm/code-generation.ts`, `llm/plan-generation.ts`, `llm/schemas.ts`.
		- core: Split `executor.ts` into `executor/executor.ts`, `executor/phase-ordering.ts`, `executor/trace.ts`, `executor/types.ts`.
		- core: Split `context.ts` into `context/context-manager.ts`, `context/helpers.ts`.
		- core: Split `skill-lab/index.ts` into `skill-lab/skill-lab.ts`, `skill-lab/utils.ts`, `skill-lab/schemas.ts`, `skill-lab/types.ts`.
		- mcp-memory: Split `rag.ts` into `rag/bm25.ts`, `rag/chunking.ts`, `rag/embedding.ts`, `rag/knowledge-base.ts`, `rag/providers.ts`, `rag/repository.ts`, `rag/reranker.ts`, `rag/semantic.ts`, `rag/utils.ts`.
		- shared: Split `index.ts` into `types/`, `security/`, and `utils.ts` modules.
		- vscode: Split `extension.ts` into focused activation, command, and webview modules.

		### Testing

		Test coverage increased from near-zero to 565 tests across the monorepo, covering all critical pure-logic paths.

		- core (220 tests): context/helpers, agent/helpers, agent/phase-checks, agent/dev-server-detection, llm/object-repair, llm/code-generation, llm/plan-generation, skill-lab/utils, executor/phase-ordering, executor/trace, filesense/trigger-policy, context-filesense, planner, security, llm.
		- sdd (144 tests): SDDValidator, FileArtifactStore, plan-quality, consistency-analyzer, ChecklistValidator, VerificationCollector, parser.
		- mcp-memory (96 tests): BM25, chunking, normalize-config, repository, utils, rag-openviking.
		- hallucination-guard (45 tests): file-existence, import-validity, syntax-validity.
		- mcp-file (46 tests): path-safety (44 tests), snapshot cleanup.
		- runtime-node (38 tests): config, run-logger redaction, sampling-llm.
		- mcp-web (11 tests): BrowserManager.
		- shared (comprehensive): utils, shell-analysis.

		### Performance

		- mcp-file: Lazy-load `ts-morph` in `get_ast` tool — reduces cold-start time by ~400ms for non-AST operations.
		- mcp-memory: Converted synchronous file I/O to async in RAG modules — eliminates event-loop blocking during knowledge-base indexing.
		- build: Externalized `ts-morph` from CLI bundle — reduces bundle size by ~2MB.

		### Code Quality

		- Biome: Added Biome as the project-wide linter and formatter, replacing ad-hoc ESLint configs. Enforces consistent style, import ordering, and catches common bugs.
		- Type safety: Eliminated all `as any` type assertions across CLI, shared, and core packages. Replaced with proper typed interfaces (`AnthropicProviderSettings`, strict `TechStackConfig`, etc.).
		- Error handling: Improved bare `catch` blocks across the codebase with proper error typing and logging.
		- shared: Extracted `escapeRegex` utility and deduplicated regex escaping logic across packages.

		### Bug Fixes

		- mcp-file: Fixed `SnapshotManager.cleanup()` — previously removed snapshots from memory but left orphaned `.json` files on disk. Now properly deletes persisted snapshot files.
		- sdd: Fixed validator tests to use correct `ActionType` values (`write_file`, `create_file`) instead of non-existent `modify_file`.
		- ci: Fixed internal registry URLs in lockfile for public CI environments.
		- ci: Removed duplicate pnpm version specification in GitHub Actions setup.

		### CI/CD

		- Added GitHub Actions workflow for automated lint, typecheck, and test on every push/PR.
		- Decoupled test task from self-build in turbo pipeline for faster CI feedback.

		### Breaking Changes

		- Internal module paths have changed due to the architecture refactoring. If you import from internal (non-index) paths, update your imports. The public API exported from each package's `index.ts` remains unchanged.
		- Minimum Node.js version is now 18+ (required by Biome and modern ESM features).

		## [1.0.9] - 2026-05-20
		@@ -9,0 +161,0 @@

+40

-8

package.json

		{
		"name": "frontagent",
		"version": "1.0.9",
		"version": "2.1.1",
		"description": "FrontAgent CLI and VS Code extension for frontend AI engineering with SDD constraints, MCP-controlled execution, and RAG planning",
		@@ -21,8 +21,21 @@ "type": "module",
		"scripts": {
		"prepare": "pnpm hooks:install",
		"hooks:install": "node scripts/workflows/install-hooks.mjs",
		"agent:bootstrap": "node scripts/workflows/contract-check.mjs bootstrap",
		"contract:local": "node scripts/workflows/contract-check.mjs local",
		"contract:check": "node scripts/workflows/contract-check.mjs check",
		"contract:gitnexus": "node scripts/workflows/contract-check.mjs gitnexus",
		"quality:predev": "pnpm hooks:install && pnpm contract:local",
		"quality:precommit": "pnpm lint && pnpm typecheck && pnpm test && pnpm test:workflows",
		"quality:ci": "pnpm lint && pnpm typecheck && pnpm test && pnpm test:workflows && pnpm build",
		"quality:local": "pnpm contract:local && pnpm quality:ci",
		"build": "turbo build && node build.mjs && node scripts/sync-vscode-version.mjs && pnpm --dir apps/vscode package",
		"bundle": "node build.mjs",
		"dev": "turbo dev",
		"lint": "turbo lint",
		"lint": "biome check .",
		"lint:fix": "biome check --write .",
		"format": "biome format --write .",
		"typecheck": "turbo typecheck",
		"test": "turbo test",
		"test:workflows": "node --test scripts/tests/*.test.mjs",
		"clean": "turbo clean && rm -rf node_modules dist",
		@@ -61,11 +74,30 @@ "prepublishOnly": "pnpm build",
		"dependencies": {
		"playwright": "^1.40.0"
		"playwright": "^1.60.0",
		"ts-morph": "^21.0.1"
		},
		"devDependencies": {
		"@types/node": "^20.10.0",
		"esbuild": "^0.27.2",
		"turbo": "^2.0.0",
		"typescript": "^5.3.0",
		"vitest": "^3.1.4"
		"@biomejs/biome": "2.4.16",
		"@types/node": "^25.9.1",
		"esbuild": "^0.28.0",
		"gitnexus": "1.6.6",
		"turbo": "^2.9.14",
		"typescript": "^6.0.3",
		"vitest": "^4.1.7"
		},
		"pnpm": {
		"overrides": {
		"hono": ">=4.12.18",
		"@hono/node-server": ">=1.19.13",
		"path-to-regexp": ">=8.4.0",
		"fast-uri": ">=3.1.2",
		"langsmith": ">=0.6.0",
		"minimatch": ">=9.0.6",
		"ws": ">=8.20.1",
		"uuid": ">=13.0.1",
		"brace-expansion": ">=2.0.3",
		"jsondiffpatch": ">=0.6.0",
		"ajv": ">=8.17.2",
		"yaml": ">=2.8.3"
		}
		},
		"packageManager": "pnpm@9.0.0",
		@@ -72,0 +104,0 @@ "engines": {

dist/code-quality-subagent-worker.cjs

Sorry, the diff of this file is too big to display

dist/code-quality-subagent-worker.cjs.map

Sorry, the diff of this file is too big to display

dist/index.mjs

Sorry, the diff of this file is too big to display

dist/index.mjs.map

Sorry, the diff of this file is too big to display

		@@ -7,2 +7,154 @@ # Changelog

		## [2.1.1] - 2026-06-09

		### Changed

		- core/executor: Decomposed executor tool-call handling, validation skip handling, progress enforcement, step feedback, and trace recording into focused helpers. This keeps task execution behavior intact while making MCP task invocation, progress checks, and step trace output easier to test and maintain.
		- core/agent: Extracted agent context gathering, facts update flushing, project prescan preparation, task execution setup, and execution callback wiring out of the main FrontAgent orchestration path. This reduces the size and coupling of the core agent loop without changing the public execution contract.
		- core/context: Split context fact serialization, facts merge helpers, filesystem fact updates, and module dependency graph updates from `ContextManager`, improving maintainability around context persistence and workspace fact refreshes.
		- core/planner: Split planner phase helper logic into dedicated modules and expanded planner tests around phase handling.
		- mcp-filesense: Extracted engine helper, indexing, notes, query, and schema orchestration responsibilities from the Filesense engine. Query, notes, schema, and index persistence behavior now have focused module boundaries and tests.
		- mcp-memory: Extracted memory preload/recall helpers and persistence writer responsibilities from `MemoryStore`, keeping memory I/O behavior isolated from recall orchestration.
		- mcp-memory/rag: Extracted semantic search orchestration from the knowledge-base implementation while preserving hybrid RAG behavior.
		- runtime-node: Extracted runtime MCP task invocation setup from the MCP server path, clarifying schema assertions and task handler wiring.
		- vscode: Split the webview body, script, style, and template rendering helpers into smaller units with dedicated tests while preserving the sidebar UI behavior.
		- sub-agents: Split code-quality subagent prompt policy into a focused helper with tests.
		- tooling: Removed the temporary GitNexus release-candidate patch and aligned the Biome schema version.

		### Fixed

		- vscode/security: Hardened VS Code webview nonce generation.
		- filesense: Preserved relative path semantics in Filesense query results.
		- filesense: Preserved notes schema path ownership when generating Filesense notes.
		- workflow: Restored and hardened the local GitNexus contract gate.
		- workflow: Resolved relative core worktree paths and guarded bootstrap against mismatched worktrees.

		### Tests

		- Added focused CLI command router coverage.
		- Added runtime MCP contract and schema assertion coverage.
		- Added hybrid RAG knowledge-base coverage.
		- Added executor coverage for validation skipping, progress enforcement, step feedback, tool-call handling, and trace recording.
		- Added agent coverage for context gathering, facts flushing, project prescan preparation, execution callbacks, and task execution setup.
		- Added ContextManager coverage for fact serialization, facts merging, filesystem fact updates, and module dependency graph behavior.
		- Added Filesense coverage for engine helpers, indexing persistence writes, notes generation, query result behavior, and schema orchestration.
		- Added memory coverage for preload/recall helpers and persistence writers.
		- Added VS Code webview renderer coverage for body, script, style, and template extraction.
		- Cleaned Biome warnings in executor, shared utility, and LLM service tests.

		### Dependencies

		- Updated production dependency lockfile entries from the Dependabot production dependency group.

		### Compatibility Notes

		- The published CLI package and VS Code extension are now versioned as `2.1.1`.
		- Node.js remains `>=20.0.0`.
		- The VS Code extension still requires VS Code `^1.120.0`.

		## [2.1.0] - 2026-06-08

		### Added

		- core: Added opt-in Open Memory Gateway integration for managed long-term memory. FrontAgent can now write Gateway-compatible Markdown memories, separate draft and active memory states, and recall active memories while preserving the existing `.frontagent/memory` fallback when Gateway mode is disabled or unavailable.
		- workflow: Added OSS Harness assets for open-source maintenance, including contribution guidance, workflow documentation, GitNexus knowledge contracts, CODEOWNERS, issue templates, PR template, local git hooks, and workflow rule tests.
		- workflow: Added local quality and contract scripts: `agent:bootstrap`, `quality:predev`, `quality:precommit`, `quality:ci`, `quality:local`, `contract:*`, and `test:workflows`.
		- dx: Added `.env.example` and Dependabot configuration for npm and GitHub Actions dependency maintenance.

		### Changed

		- core: Extracted `PhaseRunner` from `Executor` and step callback handling from `FrontAgent`, making execution flow and callback behavior easier to test and maintain.
		- core: Split Skill Lab behavior benchmarking, trigger benchmarking, improvement, reporting, and scaffolding into focused modules.
		- shared/core: Introduced a structured logger and migrated core debug logging to shared logging utilities.
		- type-safety: Tightened source type safety by enabling stricter `noExplicitAny` checks and replacing remaining loose source types with explicit interfaces.
		- dependencies: Upgraded the development toolchain and runtime dependencies, including Biome 2.x, TypeScript 6.x, Vitest 4.x, Playwright 1.60.x, Turbo 2.9.x, AI SDK, MCP SDK, and LangChain-related packages.
		- vscode: Raised the minimum VS Code engine requirement to `^1.120.0`.

		### Fixed

		- security: Patched high-severity dependency vulnerabilities through dependency upgrades and pnpm overrides for packages including `hono`, `path-to-regexp`, `fast-uri`, `ws`, `yaml`, and `ajv`.
		- lint: Fixed Biome formatting and `noExplicitAny` lint failures introduced by merged test and Skill Lab changes.
		- ci: Unified Node 20 and Node 22 matrix results under a single aggregate CI status check.

		### Tests

		- Added focused unit coverage for FrontAgent, answer generation, Executor, PhaseRunner, ContextManager, LLM service, planner behavior, memory store behavior, Open Memory Gateway integration, security rules, mcp-filesense engine behavior, shared logger behavior, SDD workflow rules, and OSS Harness workflow contracts.
		- Added workflow rule tests for OSS Harness automation and CI aggregate workflow behavior.

		### CI/CD

		- Updated GitHub Actions CI to run the full `quality:ci` gate across Node 20 and Node 22, including lint, typecheck, tests, workflow tests, and build.
		- Added Contract Guard for PRs targeting `develop`, enforcing GitNexus contract checks and impact-summary discipline for critical skeleton changes.
		- Added Repo Guard workflow support for PR, issue, and issue-comment review paths with fork and actor safeguards.
		- Upgraded GitHub Actions dependencies to `actions/checkout@v6`, `actions/setup-node@v6`, and `pnpm/action-setup@v6`.

		### Documentation

		- Added OSS Harness engineering workflow documentation, contributor guidance, GitNexus knowledge contract documentation, and superpowers implementation plans/specs for Repo Guard, OSS Harness, and Open Memory Gateway.
		- Added Claude/GitNexus skill assets and workflow automation assets for repository-native agent workflows.

		### Compatibility Notes

		- The published CLI package and VS Code extension are now versioned as `2.1.0`.
		- Node.js remains `>=20.0.0`.
		- The VS Code extension now requires VS Code `^1.120.0`.

		## [2.0.0] - 2026-05-20

		### Architecture Refactoring

		This release represents a major architectural overhaul. All large monolithic source files have been decomposed into focused, single-responsibility modules while preserving the public API surface.

		- core: Split `agent.ts` (1200+ lines) into `agent/agent.ts`, `agent/helpers.ts`, `agent/phase-checks.ts`, `agent/dev-server-detection.ts`, `agent/answer-generation.ts`, `agent/memory-lifecycle.ts`, `agent/rag-retrieval.ts`.
		- core: Split `llm.ts` into `llm/llm-service.ts`, `llm/factory.ts`, `llm/object-repair.ts`, `llm/prompts.ts`, `llm/code-generation.ts`, `llm/plan-generation.ts`, `llm/schemas.ts`.
		- core: Split `executor.ts` into `executor/executor.ts`, `executor/phase-ordering.ts`, `executor/trace.ts`, `executor/types.ts`.
		- core: Split `context.ts` into `context/context-manager.ts`, `context/helpers.ts`.
		- core: Split `skill-lab/index.ts` into `skill-lab/skill-lab.ts`, `skill-lab/utils.ts`, `skill-lab/schemas.ts`, `skill-lab/types.ts`.
		- mcp-memory: Split `rag.ts` into `rag/bm25.ts`, `rag/chunking.ts`, `rag/embedding.ts`, `rag/knowledge-base.ts`, `rag/providers.ts`, `rag/repository.ts`, `rag/reranker.ts`, `rag/semantic.ts`, `rag/utils.ts`.
		- shared: Split `index.ts` into `types/`, `security/`, and `utils.ts` modules.
		- vscode: Split `extension.ts` into focused activation, command, and webview modules.

		### Testing

		Test coverage increased from near-zero to 565 tests across the monorepo, covering all critical pure-logic paths.

		- core (220 tests): context/helpers, agent/helpers, agent/phase-checks, agent/dev-server-detection, llm/object-repair, llm/code-generation, llm/plan-generation, skill-lab/utils, executor/phase-ordering, executor/trace, filesense/trigger-policy, context-filesense, planner, security, llm.
		- sdd (144 tests): SDDValidator, FileArtifactStore, plan-quality, consistency-analyzer, ChecklistValidator, VerificationCollector, parser.
		- mcp-memory (96 tests): BM25, chunking, normalize-config, repository, utils, rag-openviking.
		- hallucination-guard (45 tests): file-existence, import-validity, syntax-validity.
		- mcp-file (46 tests): path-safety (44 tests), snapshot cleanup.
		- runtime-node (38 tests): config, run-logger redaction, sampling-llm.
		- mcp-web (11 tests): BrowserManager.
		- shared (comprehensive): utils, shell-analysis.

		### Performance

		- mcp-file: Lazy-load `ts-morph` in `get_ast` tool — reduces cold-start time by ~400ms for non-AST operations.
		- mcp-memory: Converted synchronous file I/O to async in RAG modules — eliminates event-loop blocking during knowledge-base indexing.
		- build: Externalized `ts-morph` from CLI bundle — reduces bundle size by ~2MB.

		### Code Quality

		- Biome: Added Biome as the project-wide linter and formatter, replacing ad-hoc ESLint configs. Enforces consistent style, import ordering, and catches common bugs.
		- Type safety: Eliminated all `as any` type assertions across CLI, shared, and core packages. Replaced with proper typed interfaces (`AnthropicProviderSettings`, strict `TechStackConfig`, etc.).
		- Error handling: Improved bare `catch` blocks across the codebase with proper error typing and logging.
		- shared: Extracted `escapeRegex` utility and deduplicated regex escaping logic across packages.

		### Bug Fixes

		- mcp-file: Fixed `SnapshotManager.cleanup()` — previously removed snapshots from memory but left orphaned `.json` files on disk. Now properly deletes persisted snapshot files.
		- sdd: Fixed validator tests to use correct `ActionType` values (`write_file`, `create_file`) instead of non-existent `modify_file`.
		- ci: Fixed internal registry URLs in lockfile for public CI environments.
		- ci: Removed duplicate pnpm version specification in GitHub Actions setup.

		### CI/CD

		- Added GitHub Actions workflow for automated lint, typecheck, and test on every push/PR.
		- Decoupled test task from self-build in turbo pipeline for faster CI feedback.

		### Breaking Changes

		- Internal module paths have changed due to the architecture refactoring. If you import from internal (non-index) paths, update your imports. The public API exported from each package's `index.ts` remains unchanged.
		- Minimum Node.js version is now 18+ (required by Biome and modern ESM features).

		## [1.0.9] - 2026-05-20
		@@ -9,0 +161,0 @@

frontagent - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes