release: spec vendoring + SHA-pin cleanup arc + 96-tool rescore#73
Merged
Merged
Conversation
) ## Summary PR #61 moved shipped artifacts (`foundation.css`, `og.html`, `og.css`) out of `docs/design/` and research/concept work into `docs/research/design/`, but left stale references to the old paths in: - `docs/DESIGN.md` — 17+ refs (would 404 on github.com when browsed on `main`). - `scripts/og/og.css` — internal header comment block. - `tests/e2e/flows.e2e.ts` — single comment ref. This PR fixes all three. Surfaced by the audit pass on PR #60 (release). ## Changelog ### Documentation - Rewrite `docs/DESIGN.md` companion-artifacts intro to reflect the shipped (`src/styles/`, `scripts/og/`) vs research (`docs/research/design/`) split. Update all in-body path references. Research-only artifacts are referenced by name only — `docs/research/` is gated off `main`, so a link would 404 on production. ## Type of Change - [ ] `feat`: New feature (non-breaking change which adds functionality) - [ ] `fix`: Bug fix (non-breaking change which fixes an issue) - [ ] `refactor`: Code refactoring (no functional changes) - [ ] `perf`: Performance improvement - [x] `docs`: Documentation update - [ ] `test`: Adding or updating tests - [ ] `chore`: Maintenance tasks (dependencies, config, etc.) - [ ] `ci`: CI/CD configuration changes - [ ] `style`: Code style/formatting changes - [ ] `build`: Build system changes - [ ] `BREAKING CHANGE`: Breaking API change (requires major version bump) ## Related Issues/Stories - Story: PR #60 audit found stale refs surviving the #61 layout split. - Issue: n/a - Architecture: n/a (pure docs/comments). - Related PRs: #61 (the split), #60 (release — re-syncs from `dev` once this lands so the fixes ride along). ## Testing - [x] Unit tests added/updated - [x] Integration tests added/updated - [x] Manual testing completed - [x] All tests passing **Test Summary:** - Lint: biome (37 files) + markdownlint (11 files) — 0 errors. - Build: 111 pages, 97 scorecards, 96 badges, 0 orphans (unchanged). - Tests: 205 / 0 fail (unchanged). - Final grep for `docs/design` across the shipped tree: 0 hits. ## Files Modified **Modified:** - `docs/DESIGN.md` — intro rewritten + 17+ inline refs updated. - `scripts/og/og.css` — header comment block. - `tests/e2e/flows.e2e.ts` — one comment line. **Created:** - None. **Renamed:** - None. **Deleted:** - None. ## Key Features - No code or build behavior change. Pure reference cleanup. ## Deployment Notes - No runtime impact. Deploy is a no-op for `dev` (docs-only via paths-ignore). ## Reviewer Checklist - `git grep "docs/design" docs/DESIGN.md` returns nothing. - `bun run build` and `bun test` both pass (no behavioral surface touched).
…#64) ## Summary Wires `agentnative-spec` into the site as a vendored snapshot, and lands a **three-source spec-version model** that fixes the v0.1.0 footer drift visible on anc.dev since the v0.1 launch. The site now has three distinct spec-version concepts because vendoring (we got a snapshot), scoring (anc was compiled against this spec), and site reconciliation (the prose has been updated to match) are three independent events that move at different cadences. Each visible-on-prod surface pulls from the source that's correct for its event: - **Footer** ← `content/principles/VERSION` (the spec version the site's prose has been reconciled to). Bumped manually by the contributor who reconciles `content/principles/p*-*.md`. Honest claim of currency — lags vendoring on purpose during the manual reconciliation window. - **Per-tool badges** ← each scorecard's own `spec_version` field (the spec the CLI was compiled against to produce that scorecard). - **OG card** ← anc's self-scorecard's `spec_version` (matches the per-tool badge convention). - **Vendored `SPEC_VERSION`** ← `src/data/spec/VERSION` (whatever `sync-spec.sh` last fetched). NOT used for any user-visible surface — kept as a reference / diff target. Implements `docs/plans/2026-04-23-001-feat-sync-spec-plan.md` U1–U4. Plan was refreshed mid-execution (commit `7afd0c4` on dev) to reflect the three-source design refinement, the v0.3.0 pin, and the dispatch-already-fires discovery from the cross-repo SYNCS-doc audit earlier in the session. ## Changelog ### Fixed - Site footer and OG card now display the actual spec version (`v0.3.0`) instead of the stale `v0.1.0` literal that shipped with the v0.1 launch. - Per-tool badge SVGs label with each scorecard's `spec_version` (the spec the CLI was compiled against for that scorecard), instead of a global default. ### Added - `./scripts/sync-spec.sh` — vendors the latest `agentnative-spec` v* tag into `src/data/spec/`. Remote-first with local checkout fallback. ## Type of Change - [x] `feat`: New feature (non-breaking change which adds functionality) - [x] `fix`: Bug fix (non-breaking change which fixes an issue) - [ ] `refactor`: Code refactoring (no functional changes) - [ ] `perf`: Performance improvement - [x] `docs`: Documentation update - [ ] `test`: Adding or updating tests - [ ] `chore`: Maintenance tasks (dependencies, config, etc.) - [ ] `ci`: CI/CD configuration changes - [ ] `style`: Code style/formatting changes - [ ] `build`: Build system changes - [ ] `BREAKING CHANGE`: Breaking API change (requires major version bump) ## Related Issues/Stories - Story: `docs/plans/2026-04-23-001-feat-sync-spec-plan.md` (refreshed on dev as commit `7afd0c4` mid-execution). - Issue: n/a - Architecture: cross-repo version model at `docs/solutions/best-practices/agentnative-version-model-2026-05-01.md` (refreshed in solutions-docs commits `bf83c71`, `47c84b2` mermaid, `7201181` three-source model). Governing pattern: `docs/solutions/best-practices/cross-repo-artifact-consumption-static-sites-2026-04-21.md`. Sibling reference impl: `~/dev/agentnative-cli/scripts/sync-spec.sh` (plan `2026-04-23-001-feat-spec-vendor-plan.md`, status: completed). - Related PRs: - `agentnative-skill` PR #11 (commit `3c3ebb6`) — deprecated SHA-pinning across the skill repo's shipping content; the site's lagging SHA-pin removal is captured as P0 todo `019-pending-p0-remove-skill-sha-pinning.md` (gitignored). - solutions-docs commit `7201181` — paired refresh of the version-model doc. ## Testing - [x] Unit tests added/updated - [x] Integration tests added/updated - [x] Manual testing completed - [x] All tests passing **Test Summary:** - Unit/regression tests: 206 passing / 0 fail / 568 expect calls (was 205 before this PR; new `tests/build.test.ts` assertion verifies footer renders `v${SITE_SPEC_VERSION}` and guards against the `v0.1.0` stub returning). - Lint: Biome (37 files clean) + markdownlint (19 files clean — adds `src/data/spec/CHANGELOG.md` to the exclusion list, since it's vendored from spec where the line-length config is more permissive). - Build: 111 HTML pages, 111 MD pages, 7 extras, 97 scorecards, 96 badge SVGs, 0 orphans. - Wrangler dry-run: 367 assets, 237 KiB upload (28 KiB gzip). - Manual: ran `./scripts/sync-spec.sh` end-to-end (remote-first path verified — vendored v0.3.0 / `5cea8bf`); ran `bun run og` — OG card regenerated showing `v0.3.0` from anc's self-scorecard; spot-checked `dist/index.html` footer renders `<span>v0.3.0</span>`. - Regression-test fix: `tests/regression.test.ts` test #6 (install-page dedup) now excludes `src/data/spec/` from its grep — vendored CHANGELOG legitimately mentions install commands; the test's intent was the install-page dedup, not preventing spec mentions. ## Files Modified **Modified:** - Build: `src/build/util.mjs` (adds `SITE_SPEC_VERSION` export + `readVersionFile` helper; `SPEC_VERSION` reads vendored file at module load), `src/build/shell.mjs` (footer renders `v${SITE_SPEC_VERSION}`), `src/build/build.mjs` (badge call passes `scorecard.spec_version` explicitly). - Scripts: `scripts/og/generate.ts` (reads anc's self-scorecard `spec_version`; drops the regex-from-shell.mjs hack and the `SHELL_MJS` constant entirely). - Tests: `tests/build.test.ts` (new footer-renders-vendored-version assertion), `tests/regression.test.ts` (`src/data/spec/` exclusion on regression #6). - Config: `package.json` (markdownlint exclusion for vendored `src/data/spec/CHANGELOG.md`). - Docs: `AGENTS.md` (paragraph explaining the three sources), `public/og-image.png` (regenerated; card now reads `v0.3.0`). **Created:** - `scripts/sync-spec.sh` — remote-first, latest-tag auto-pick, `git show <tag>:<path>` extraction (no working-tree perturbation), AGENTS.md filter on principles enumeration. shellcheck-clean. - `scripts/SYNCS.md` — cross-repo sync map for this repo (was untracked from the 2026-05-01 audit; ships with this PR). Includes mermaid diagrams for the bidirectional data map and the three-source spec-version flow. - `src/data/spec/VERSION` — vendored spec version (`0.3.0`). - `src/data/spec/CHANGELOG.md` — vendored spec changelog. - `src/data/spec/principles/p1..p7.md` — vendored structured principle files (machine-readable frontmatter; diff target only, NOT consumed by site rendering). - `src/data/spec/README.md` — explains the three-version model, the manual reconciliation workflow, and the bump-`content/principles/VERSION`-LAST gate. - `content/principles/VERSION` — single-line site reconciliation marker (initial value `0.3.0`, matches current state since the site copy is reconciled to v0.3.0). **Renamed:** - None. **Deleted:** - None. ## Key Features - **Single-step spec resync**: `./scripts/sync-spec.sh` (no env vars needed in the happy path) pulls the latest `agentnative-spec` tag and rewrites `src/data/spec/`. Operator never needs a local spec checkout. - **Three-source spec-version model**: visible-on-prod surfaces stop conflating "what we vendored" with "what the site's prose has been reconciled to" with "what anc was compiled against". Each surface tells the truth about its own event. - **`content/principles/VERSION` as the reconciliation gate**: the contributor who reconciles `content/principles/p*-*.md` after a spec bump is the one who flips the footer. Bumping before reconciliation lies to visitors; the workflow now makes this explicit. - **`src/data/spec/README.md`**: explains all of the above in one place, co-located with the data it describes. ## Benefits - **Honest currency claims** on prod. Footer no longer drifts behind the spec; OG card no longer drifts behind anc. - **Reduced cognitive load** for spec releases — `./scripts/sync-spec.sh` is one command, no env vars needed in the happy path, automatic latest-tag resolution. - **Foundation for future spec-driven features**: vendored `principles/p*-*.md` is now available as a build input for future consumers (`/llms-full.txt` regen, coverage cross-refs, etc.). Not consumed yet, but the data is in-tree. ## Breaking Changes - [x] No breaking changes - [ ] Breaking changes described below: ## Deployment Notes - [x] No special deployment steps required - [ ] Deployment steps documented below: Standard pipeline: squash-merge to `dev` → `deploy.yml` publishes to the staging Worker (`agentnative-site-staging.*.workers.dev`). Promotion to `anc.dev` follows the standard `release/*` flow per RELEASES.md. After production deploy, sanity-check `curl -s https://anc.dev/ | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'` returns `v0.3.0` (current `content/principles/VERSION`). ## Screenshots/Recordings `public/og-image.png` regenerated; the version label now reads `v0.3.0` (was `v0.1.0`). Visible inline in the diff. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible (or breaking changes documented) ## Additional Context **Mid-execution design refinement.** The plan as filed scoped only U1–U3 (vendor data + docs) with footer wiring deferred. During execution, two things shifted scope: 1. The visible-on-prod `v0.1.0` footer drift made the data-vendoring useless without a consumer; U4 was promoted into scope. 2. The user proposed the three-source design (vendored ≠ reconciled ≠ scored) mid-execution, which materially improved on the original "footer reads SPEC_VERSION" approach. The plan was refreshed (dev commit `7afd0c4`) before the corresponding code landed; the SPEC_VERSION/SITE_SPEC_VERSION distinction baked itself into U4's commit (`7e5765d`). **Cross-repo coordination.** During this session's earlier SYNCS-doc audit, four sibling repos got cross-repo sync maps (3 still untracked locally per the do-not-commit directive; site's was committed via U3 here). The version-model solution doc was also added (and refreshed for the three-source model) in solutions-docs. **Skill SHA-pinning P0 todo.** Created `019-pending-p0-remove-skill-sha-pinning.md` (gitignored) capturing the follow-up work: agentnative-skill PR #11 (commit `3c3ebb6`, 2026-04-29) deprecated SHA-pinning across the skill repo's shipping content; the site is the lagging repo and still carries `source.commit` validation in `src/build/skill.mjs`. Out of scope for this PR; tracked.
## Summary The "Reproduce locally" code block in each per-tool scorecard's markdown twin (`/score/<tool>.md`) was emitted with a bare ` ``` ` fence, so markdown renderers treated the command as plain text. Tag the fence ` ```bash ` so Shiki (build-time) + GitHub + hosted previews fetched over the `.md` content-negotiation channel all syntax-highlight the shell command. The HTML twin (rendered via the CommonMark pipeline) was already styled through the badge-callout block above; this aligns the `.md` twin with the same visual signal on the channels that consume the markdown directly. ## Changelog ### Fixed - Per-tool scorecard markdown (`/score/<tool>.md`) now tags the "Reproduce locally" code block as `bash` so renderers syntax-highlight the `anc check --command <tool>` invocation instead of rendering it as plain text. ## Type of Change - [ ] `feat`: New feature (non-breaking change which adds functionality) - [x] `fix`: Bug fix (non-breaking change which fixes an issue) - [ ] `refactor`: Code refactoring (no functional changes) - [ ] `perf`: Performance improvement - [ ] `docs`: Documentation update - [ ] `test`: Adding or updating tests - [ ] `chore`: Maintenance tasks (dependencies, config, etc.) - [ ] `ci`: CI/CD configuration changes - [ ] `style`: Code style/formatting changes - [ ] `build`: Build system changes - [ ] `BREAKING CHANGE`: Breaking API change (requires major version bump) ## Related Issues/Stories - Story: cosmetic markdown-rendering bug spotted on the live `/score/<tool>.md` channel. - Issue: n/a - Architecture: n/a (one-line emitter change). - Related PRs: #64 (the spec-vendoring + version-model PR that just landed; unrelated except both touch scorecard-rendering pipeline). ## Testing - [x] Unit tests added/updated - [ ] Integration tests added/updated - [x] Manual testing completed - [x] All tests passing **Test Summary:** - Unit/regression tests: 206 passing / 0 fail / 569 expect calls (was 568; new assertion in `tests/build.test.ts` confirms the ` ```bash ` fence wraps the synthesized invocation). - Lint: Biome (37 files clean) + markdownlint (19 files clean). - Build: 111 HTML pages, 111 MD pages, 7 extras, 97 scorecards, 96 badge SVGs, 0 orphans (unchanged). - Manual: spot-checked `dist/score/anc.md` — fence now reads ` ```bash `. ## Files Modified **Modified:** - `src/build/scorecards-render.mjs` — one-character change: ` ``` ` → ` ```bash ` on the "Reproduce locally" fence. - `tests/build.test.ts` — new regression assertion preventing silent removal of the `bash` tag. **Created:** - None. **Renamed:** - None. **Deleted:** - None. ## Key Features - Cosmetic markdown channel parity with the HTML render. No code-path or runtime change. ## Breaking Changes - [x] No breaking changes - [ ] Breaking changes described below: ## Deployment Notes - [x] No special deployment steps required - [ ] Deployment steps documented below: Standard pipeline: squash-merge to `dev` → `deploy.yml` publishes to staging Worker (`agentnative-site-staging.*.workers.dev`). Promotion to `anc.dev` follows the standard `release/*` flow per RELEASES.md. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible
…66) ## Summary Per-tool scorecard pages have been linking `anc.commit` to a commit URL on `agentnative-cli` that points at whatever branch the operator's local CLI checkout was on at compose-build time — not at a release commit. This PR closes the gap on both ends: 1. The scoring docker image installs `anc` via `brew install brettdavies/tap/agentnative` (parity with every other tool already brewed). No more `cargo build` from the operator's local checkout, no more operator-state coupling, no more wrong-SHA risk by construction. 2. The per-tool scorecard pages render `anc.version` only — the abbreviated commit link is gone. Today's wrong-SHA links disappear immediately; any future build-time drift never surfaces to a viewer. The 96 existing scorecards are not regenerated as part of this PR — their stale `anc.commit` values stay in the JSON, ignored at render time. The `anc.commit` field itself stays in the schema; its removal is deferred to a future scorecard schema revision. ## Changelog ### Fixed - Per-tool scorecard pages no longer link to an incorrect commit SHA on the agentnative-cli repo. ### Changed - `anc` is now brew-installed inside the scoring docker image (replaces a local `cargo build` path). ## Type of Change - [x] `fix`: Bug fix (non-breaking change which fixes an issue) ## Related Issues/Stories - Story: n/a - Issue: n/a - Architecture: \`docs/plans/2026-05-01-001-fix-brew-anc-strip-sha-render-plan.md\` (committed to dev directly per the planning-doc exception) - Related PRs: \`chore/remove-skill-sha-pinning\` — sibling cleanup, same theme of removing dead SHA-pin ceremony ## Testing - [x] Unit tests added/updated - [x] All tests passing **Test Summary:** - 204/204 unit + regression tests pass (consolidated three commit-related render tests into one) - \`bun run build\` clean - Visual verification: \`dist/score/anc.html\` renders \`<dt>Anc build</dt><dd>0.2.0</dd>\` (was \`0.2.0 <a class=\"anc-build__commit\" href=\"…/commit/06a307c\"><code>06a307c</code></a>\`) - Audit: \`grep -c 'agentnative-cli/commit' dist/score/*.{html,md}\` returns zero across all 97 scorecard pages ## Files Modified **Modified:** - \`docker/score/Dockerfile\` — replace \`COPY\` of staged \`anc\` binary with \`brew install brettdavies/tap/agentnative\` - \`docker/score/build.sh\` — drop \`cargo build\` preamble + \`ANC_CLI_ROOT\` plumbing; collapses to image build + optional \`--run\` - \`docker/score/README.md\` — update layout, prereqs, layer order, update workflow to reflect the brew-install path - \`src/build/scorecards-render.mjs\` — \`renderAncBuildHtml\` and \`renderAncBuildMarkdown\` collapse to version-only; \`ANC_COMMIT_SHA_RE\`, \`ANC_REPO_URL\`, and the allowlist comment block removed - \`tests/build.test.ts\` — three commit-related render tests consolidate into one (\`Anc build renders version-only regardless of commit field shape\`); markdown-twin assertion drops the linked-commit form - \`content/scorecard-schema.md\` — \`anc.commit\` field row notes the field is captured but no longer surfaced **Created:** None. **Renamed:** None. **Deleted:** None. ## Key Features n/a — bug fix + docker simplification, no new features. ## Benefits - **Correctness**: scorecards no longer link to incorrect commits. - **Operator state decoupling**: docker image always uses a published release, regardless of the operator's local CLI checkout state. - **Schema-render coherence**: schema doc accurately describes what's rendered today. - **Dead-ceremony reduction**: the SHA-allowlist regex, the GitHub URL constant, and the XSS-defense test for the URL-construction path all go away alongside the path itself. ## Breaking Changes - [x] No breaking changes The \`anc.commit\` JSON-schema field stays for back-compat. Existing scorecards are not regenerated. ## Deployment Notes - [x] No special deployment steps required The next time \`bash docker/score/build.sh --run\` is invoked, scorecards will emit \`anc.commit: null\` (brewed binary has no \`.git/\` checkout, so \`build.rs\` hits the \`released-from-tarball case\`). This is expected and matches the schema-doc note added in this PR. ## Screenshots/Recordings n/a — text-only render change. The visible diff: Before: \`**Anc build:** 0.2.0 ([06a307c](https://github.com/brettdavies/agentnative-cli/commit/06a307c))\` After: \`**Anc build:** 0.2.0\` ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible ## Additional Context The plan for this work lives at \`docs/plans/2026-05-01-001-fix-brew-anc-strip-sha-render-plan.md\` (committed directly to \`dev\` per the planning-doc exception in \`RELEASES.md\`).
## Summary Removes the dead SHA-pin enforcement surface for the `agent-native-cli` skill. The pin was deprecated upstream in [`agentnative-skill` PR #11](brettdavies/agentnative-skill#11) (2026-04-29) when update detection moved to the skill bundle's `bin/check-update` (compares the local bundle's `VERSION` against `main` on GitHub). The site repo carried the full enforcement surface — manifest fields, build validation, schema docs, release runbook, tests, e2e probe, prose — as dead ceremony that surfaced on every skill release as a SHA bump that no longer carried a contract. Audit assertion: across shipping content (excluding `docs/plans/`, `docs/brainstorms/`, `docs/reviews/`, `docs/solutions/`, `CHANGELOG.md`), zero matches remain for `source.commit`, `verify.expected`, `COMMIT_RE`, `47a76cce…`, `re-pin`, `pinned commit`, `pinned at commit`, or `commit pin`. The four surviving SHA references in shipping content are unrelated domains (scorecard `anc.commit` rendering, font supply chain, CLI registry version parsing) and intentionally untouched. ## Changelog ### Removed - Skill SHA-pin fields (`source.commit`, `verify` block) and their build-time enforcement. ### Changed - Skill-release procedure no longer requires a manifest re-pin; updates are detected by the skill bundle's `bin/check-update` against `main` on GitHub. ## Type of Change - [x] `chore`: Maintenance tasks (dependencies, config, etc.) ## Related Issues/Stories - Story: n/a - Issue: n/a - Architecture: agentnative-skill PR #11 (the upstream deprecation that this site-side PR completes) - Related PRs: #66 (\`fix/scorecard-anc-render\` — sibling cleanup, same theme of removing dead SHA-pin ceremony) ## Testing - [x] Unit tests added/updated - [x] All tests passing **Test Summary:** - 203/203 unit + regression tests pass (4 SHA-pin-specific assertions deleted; no new failures) - \`bun run build\` clean - E2E \`skill\` Playwright project structurally untouched — the two pin-freshness checks (HEAD == \`source.commit\`, remote-HEAD == \`source.commit\`) are dropped; the install-clone-lands-\`SKILL.md\` check stays ## Files Modified **Modified:** - \`src/data/skill.json\` — \`source.commit\` and \`verify\` object removed - \`src/build/skill.mjs\` — \`COMMIT_RE\`, verify validation, \`REQUIRED_VERIFY\` list, "pinned at commit" prose, \`## Verify\` markdown section all removed - \`docs/DESIGN.md\` §3.9 — schema-table rows for \`source.commit\` and \`verify.*\` removed; build-validation prose, source-repo-coupling paragraph, release runbook bullet updated - \`RELEASES.md\` §"Skill releases" — re-pin step rewritten as conditional manifest bump - \`scripts/SYNCS.md\` — re-pin language scrubbed from the skill-release flow + reference list - \`tests/build.test.ts\` — non-hex / uppercase-hex commit rejection tests + \`source.commit\` / \`verify\` fixture fields removed - \`tests/regression.test.ts\` — \`source.commit\` / \`verify.expected\` invariants removed; required-keys list updated - \`tests/e2e/skill.e2e.ts\` — pin-freshness checks dropped (HEAD == \`source.commit\` and remote-HEAD == \`source.commit\`) **Created:** None. **Renamed:** None. **Deleted:** None. ## Key Features n/a — pure removal of dead enforcement surface. ## Benefits - **Dead-ceremony reduction**: skill releases no longer think about a SHA bump that doesn't carry a contract. - **Schema-render coherence**: \`/skill.json\`'s shape now matches the documented update model (\`bin/check-update\` against \`main\`). - **Release-runbook simplification**: \`RELEASES.md\` skill-release procedure becomes a conditional manifest bump rather than a mandatory re-pin step. ## Breaking Changes - [x] No breaking changes (consumer-side) \`agentnative-cli\`'s \`src/skill_install/skill.json\` fixture pulls \`src/data/skill.json\` from this repo. The shape change here will surface in CLI's \`skill-fixture-drift\` workflow on its next PR — coordinated CLI-side update should land in lockstep. ## Deployment Notes - [x] No special deployment steps required After deploy, \`https://anc.dev/skill.json\` will lose \`source.commit\` and the \`verify\` object. The \`schema_version: 1\` field stays — agents reading the JSON should already tolerate field removal within v1 since the schema doc described \`verify.expected\` as advisory only. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible (consumer-side; cross-repo coordination noted above) ## Additional Context This PR ships in parallel with #66 (\`fix/scorecard-anc-render\`) — sibling cleanup of skill-shaped SHA-pin ceremony that lived in the scorecard render. The two branches were cut independently to keep concerns tight; either can land first.
…ff to release runbook (#69) ## Summary Two threads landing together — schema-side cleanup paired with the agentnative-cli companion change, plus the triple-diff verification we used today getting promoted from "ad-hoc command we ran once" to "documented runbook step every release uses." ## Changelog ### Removed - \`anc.commit\` from the scorecard schema documentation and invariant tests. The field is no longer emitted by agentnative-cli (companion change) or surfaced in any rendered scorecard. Existing scorecards retain their values until next regen but the field is no longer part of the documented schema contract. ### Documentation - Release runbook now uses a triple-diff verification (main → release / release → dev / dev → main) plus a patch-id cherry sweep, replacing the original single-axis leaked-paths check. Catches both directions of drift: guarded paths leaking IN and real feature commits being missed OUT. ## Type of Change - [x] \`chore\`: Maintenance tasks (dependencies, config, etc.) - [x] \`docs\`: Documentation update ## Related Issues/Stories - Story: Pairs with agentnative-cli companion change (in-flight) that drops \`ANC_COMMIT\` from \`build.rs\` and stops emitting \`"anc.commit"\` in the JSON envelope. - Issue: n/a - Architecture: n/a - Related PRs: #66 (render-side anc.commit strip — shipped to dev), #68 (release/2026-05-01-spec-vendoring-and-cleanup — open to main; this PR cherry-picks into it). ## Testing - [x] Unit tests added/updated - [x] All tests passing **Test Summary:** - 200 / 0 fail unit + regression tests pass (was 201 — dropped the now-irrelevant \`admits null anc.commit\` test). - \`bun run build\` clean. ## Files Modified **Modified:** - \`content/scorecard-schema.md\` — \`commit\` row removed from \`anc\` table; trailing prose simplified; top-level JSON example updated. - \`tests/build.test.ts\` — \`expect(entry.metadata.anc.commit)\` assertion dropped from the \`loadScoredTools\` happy-path test; \`'admits null anc.commit (build outside a git checkout)'\` test block dropped entirely. - \`RELEASES.md\` — release-runbook \`Releasing dev to main\` section: triple-diff procedure + guarded-paths regex sweep + \`git cherry\` patch-id check, with squash-merge false-positive triage notes. **Created:** None. **Renamed:** None. **Deleted:** None. ## Breaking Changes - [x] No breaking changes for end users. The schema field removal lands in lockstep with the CLI's emission removal. Until both ship to main, existing agents/consumers that read \`anc.commit\` will continue seeing it — after both ship, the field will simply be missing from new scorecards (no rename, no aliasing, just absence). ## Deployment Notes - [x] No special deployment steps required. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible ## Additional Context These commits will also be cherry-picked into \`release/2026-05-01-spec-vendoring-and-cleanup\` (PR #68) so the schema cleanup ships in the same release as the render-side cleanup it pairs with.
## Summary First scoring run since both halves of the SHA-pin cleanup landed — this PR captures fresh scorecards for the entire ANC 100 registry, scored by the just-released \`agentnative-cli v0.3.0\` (no more \`ANC_COMMIT\` capture, no more \`anc.commit\` field in the JSON envelope) installed via brew inside the docker scoring image (no operator-local working-tree state coupling). 96/96 scored, 0 install-missing, 0 score-failed, 0 skipped. ## Changelog ### Changed - All 96 per-tool scorecards on anc.dev refreshed against \`anc v0.3.0\`. The JSON envelope no longer carries \`anc.commit\`; the per-tool page's "Anc build" row reads \`0.3.0\` (was \`0.2.0\`). ### Updated tool versions Upstream releases since the last scoring run, picked up in this rescore: - \`act\` v0.2.87 → v0.2.88 - \`anc\` v0.2.0 → v0.3.0 *(self-scorecard rolls forward to match the now-installed binary)* - \`claude-code\` v2.1.123 → v2.1.126 - \`flyctl\` v0.4.44 → v0.4.45 - \`ollama\` v0.22.0 → v0.22.1 - \`opencode\` v1.14.30 → v1.14.31 - \`starship\` v1.25.0 → v1.25.1 ## Type of Change - [x] \`chore\`: Maintenance tasks (regenerated artifacts). ## Related Issues/Stories - Story: Closes the loop after agentnative-cli v0.3.0 (#44 over there) and site PRs #66, #67, #69 — first rescore against the new no-\`anc.commit\` JSON shape. - Issue: n/a - Architecture: n/a (regenerated artifacts; no schema or code changes here). - Related PRs: #66, #67, #69 (already on dev); #68 (release branch — open against main). ## Testing - [x] Unit tests added/updated - [x] All tests passing **Test Summary:** - 200 / 0 fail unit + regression tests pass. - \`bun run build\` clean: 111 pages, 97 scorecard pages, 96 badges, 0 orphans. - \`rg 'anc.commit\\|\"commit\":' dist/\` returns zero — confirms no rendered surface still leaks the dropped field. - Spot-check on a handful of fresh scorecards: \`jq '.anc' <file>\` returns \`{\"version\":\"0.3.0\"}\` (no \`commit\` key). ## Files Modified **Modified:** - \`scorecards/*.json\` — 89 same-version files refreshed (anc.commit dropped, anc.version bumped to 0.3.0, run.started_at refreshed). **Renamed:** - \`scorecards/act-v0.2.87.json\` → \`scorecards/act-v0.2.88.json\` - \`scorecards/anc-v0.2.0.json\` → \`scorecards/anc-v0.3.0.json\` - \`scorecards/claude-code-v2.1.123.json\` → \`scorecards/claude-code-v2.1.126.json\` - \`scorecards/flyctl-v0.4.44.json\` → \`scorecards/flyctl-v0.4.45.json\` - \`scorecards/ollama-v0.22.0.json\` → \`scorecards/ollama-v0.22.1.json\` - \`scorecards/opencode-v1.14.30.json\` → \`scorecards/opencode-v1.14.31.json\` - \`scorecards/starship-v1.25.0.json\` → \`scorecards/starship-v1.25.1.json\` (The 7 superseded old-version files were trashed rather than left for the auto-discovery silent-supersede path — keeps the disk in sync with what \`/score/<tool>\` will actually render.) **Created / Deleted:** None as net-new in the working tree (the 7 renames net to 0; the 96 modifications stay in-place). ## Breaking Changes - [x] No breaking changes. ## Deployment Notes - [x] No special deployment steps required. After merge, staging at \`agentnative-site-staging.brettdavies.workers.dev\` will serve the refreshed scorecards. The \`/score/<tool>\` pages will render \`<dt>Anc build</dt><dd>0.3.0</dd>\` for every tool. ## Known follow-up - \`scorecards/cf-v0.0.5.json\`'s \`tool.version\` JSON field captured a row of Unicode \`▄\` block characters from cf's ASCII-art logo banner. The rendered \`/score/cf\` page is fine (filename version \`0.0.5\` is canonical), but the JSON's courtesy field is decorative junk. Captured in \`.context/compound-engineering/todos/020-pending-p3-cf-tool-version-decorative-first-line.md\` (local-only) with three fix-path options. Not blocking this rescore. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible ## Additional Context The docs changes from PR #69 (\`content/scorecard-schema.md\` + \`tests/build.test.ts\` + \`RELEASES.md\`) are already on \`dev\`; this rescore PR rides on top of them and only adds the regenerated \`scorecards/*.json\` content. After this lands on \`dev\`, the same scorecard regeneration can be cherry-picked into the open \`release/2026-05-01-spec-vendoring-and-cleanup\` (PR #68) so that the production deploy to anc.dev ships fresh scorecards in the same release as the supporting code/schema changes.
## Summary Adds a "Status-check context pitfall" subsection under the "Branch protection" section of `RELEASES.md`. Captures the exact-match rule for `required_status_checks[].context` strings in `protect-main.json` and the `gh api .../check-runs` diagnostic command for confirming real check contexts after a first CI run. The pitfall: inline jobs publish their context as just `<job-name>`; reusable-workflow callers publish as `<caller-job-id> / <reusable-job-id-or-name>`. Mixing these produces a stuck-but-green PR — every check reports green but the ruleset waits forever on a context that never appears. ## Changelog ### Documentation - Document the `protect-main.json` status-check context format gotcha and the `gh api .../check-runs` diagnostic. ## Type of Change - [x] `docs`: Documentation update ## Related Issues/Stories - Story: n/a - Issue: n/a - Architecture: n/a - Related PRs: n/a ## Testing - [x] Manual testing completed - [x] All tests passing **Test Summary:** - Pre-push hook: 200/200 unit + regression tests pass - Markdown-only change; no code paths affected ## Files Modified **Modified:** - `RELEASES.md` — adds "Status-check context pitfall" subsection (15 lines) **Created:** None. **Renamed:** None. **Deleted:** None. ## Key Features n/a — pure documentation. ## Benefits - Future ruleset edits avoid the stuck-PR class of bug. - Diagnostic command is captured next to the rule that motivates it. ## Breaking Changes - [x] No breaking changes ## Deployment Notes - [x] No special deployment steps required Root-level `*.md` change — `ci-stub.yml` fires (heavy pipeline skipped via `paths-ignore`). `deploy.yml` skips this commit on push (root `*.md` ignored). ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible ## Additional Context Will be cherry-picked into the in-flight `release/2026-05-02-*` cut to main alongside the dev backlog.
## Summary Tracks the `agentnative-skill` repo's already-shipped v0.2.0 release (tag `v0.2.0` at `2b10c84`, no commits ahead of main since). Was `0.1.0` since site launch; the skill repo moved to v0.2.0 alongside PR #67's deprecation of the SHA-pin surface, but the site's manifest was never bumped. The skill bundle's `bin/check-update` reads its own local `VERSION`, not `/skill.json.version`, so this drift didn't break update detection. But `/skill.json` consumers reading the `version` field saw a stale value that didn't track the published skill state. ## Changelog ### Changed - Bump `src/data/skill.json.version` from `0.1.0` to `0.2.0` to match the published skill bundle. ## Type of Change - [x] `chore`: Maintenance tasks (dependencies, config, etc.) ## Related Issues/Stories - Story: Surface alignment between `/skill.json` and the published skill bundle. - Issue: n/a - Architecture: n/a - Related PRs: #67 (the PR that should have bumped this; missed it). ## Testing - [x] All tests passing **Test Summary:** - Pre-push hook: 200/200 unit + regression tests pass - `bun run lint` clean, `bun run build` clean ## Files Modified **Modified:** - `src/data/skill.json`: `version` 0.1.0 to 0.2.0 **Created:** None. **Renamed:** None. **Deleted:** None. ## Key Features n/a (1-line metadata bump). ## Benefits - `/skill.json.version` now tracks the published skill state, removing a silent drift. ## Breaking Changes - [x] No breaking changes. ## Deployment Notes - [x] No special deployment steps required. Will be cherry-picked into `release/2026-05-01-spec-vendoring-and-cleanup` (PR #68) so it ships in the same release as the SHA-pin cleanup arc that motivated the skill v0.2.0 release. ## Checklist - [x] Code follows project conventions and style guidelines - [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/) - [x] Self-review of code completed - [x] Tests added/updated and passing - [x] No new warnings or errors introduced - [x] Changes are backward compatible ## Additional Context The same root cause produced concern (1) on PR #68's review: shape-changing PRs (#67 dropped `source.commit` and `verify`) should bump `version` per RELEASES.md step 2. That step was missed, hence this catch-up commit.
10 tasks
3 tasks
brettdavies
added a commit
that referenced
this pull request
May 15, 2026
## Summary Second production release since the v0.1 launch (#60, 2026-04-30) and the first since #73 (2026-05-03). The headline is the routing-drift fix: `anc.dev` is currently bound to the staging Worker (`agentnative-site-staging`), not the named-production Worker (`agentnative-site`). This release brings `agentnative-site` current with every dev-side change since #73, manually detaches `anc.dev` from staging via the CF API immediately before merge, and lets `deploy.yml` reattach the domain to the named-prod Worker per the top-level `routes:` field in `wrangler.jsonc`. This is also the first deploy that applies the live-scoring Durable Object migration (`v1: new_sqlite_classes: ["Sandbox"]`) to the named-prod Worker. DO migrations are one-way walls: once this deployment lands, `wrangler rollback` cannot cross the v1 boundary on production. Treated as a milestone. The R2 bucket `anc-score-cache` (referenced by the top-level wrangler config) did not exist on the account. It was created out-of-band via `wrangler r2 bucket create anc-score-cache` before opening this PR so binding validation passes at deploy time. This release bundles 11 PRs from `dev` (post-#73): - Live-scoring scaffolding: 4 units, 1 pre-implementation gate, 1 production-readiness followup (`#77`, `#78`, `#79`, `#80`, `#81`, `#84`). The `/api/score` route is NOT user-facing yet (U5 onward still pending). This release ships the wrangler bindings, the DO stub returning `{error: 'sandbox_stub_until_u6'}`, the input parser plus 4-step GitHub URL discovery chain, the registry and discovery indexes, and the Alpine plus musl sandbox image pinned at `registry.cloudflare.com/<acct>/anc-sandbox:30f61f1`. - Spec v0.4.0 sync (`#83`): adds principle P8 (Discoverable Through Agent Skill Bundles), renames `docs/DESIGN.md` to `DESIGN.md`, renames `.impeccable.md` to `PRODUCT.md`, refreshes prose-tooling channel. - Site-side prose-check enforcement (`#82`): vendored Vale rule packs (brand plus site channels) and `prose-check.sh` orchestrator with a blocking-category whitelist (`TYPOS|GRAMMAR|CONFUSED_WORDS`). Pre-push only; not in CI. - Dev-loop hardening: pre-push wrangler dry-run (`#76`), biome warning silenced (`#75`), project-scoped wrangler telemetry opt-out (`#74`). ## Changelog ### Added - Principle P8: Discoverable Through Agent Skill Bundles. Eighth principle in the spec, with full content surfaced at `/principles/p8-discoverable-skill-bundle` and listed on `/`. Spec advances from v0.3.0 to v0.4.0 (`#83`). - Live-scoring infrastructure scaffolding (not yet user-facing): wrangler bindings for Containers, Durable Objects, R2 buckets, and Rate Limits on both env blocks; Sandbox Durable Object stub at `src/worker/score/do.ts`; build-time `registry-index` and `discovery-hints-index`; Alpine plus musl sandbox image at `docker/sandbox/Dockerfile` with `anc` baked in via the brew-installable musl binary; input parser and 4-step GitHub URL discovery chain at `src/worker/score/{parse-install,registry-lookup,discover-binary,validate}.ts`. The `/api/score` route itself ships in a later release (`#77`, `#78`, `#79`, `#80`, `#81`). - Site-side prose-check enforcement at pre-push: vendored Vale rule packs (`styles/brand/*`, `styles/site/*`, `styles/config/vocabularies/{brand,site}/{accept,reject}.txt`), `scripts/prose-check.sh` orchestrator, `scripts/check-banned-fonts.sh` deployment-layer scan, and `scripts/sync-prose-tooling.sh` rule-pack sync. LanguageTool blocking-category whitelist (`TYPOS|GRAMMAR|CONFUSED_WORDS`) keeps signal high (`#82`). - `PRODUCT.md` at the repo root (channel-context file expected by the `/impeccable` skill). Renamed from `.impeccable.md` (`#83`). - `wrangler deploy --dry-run` step in the pre-push hook, catching deploy-time binding validation failures before push (`#76`). - Project-scoped `send_metrics: false` in `wrangler.jsonc`. Belt-and-suspenders with the per-user shell env var and per-machine wrangler config; travels with the repo (`#74`). ### Changed - `docs/DESIGN.md` renamed to `DESIGN.md` at the repo root, matching the `/impeccable` channel-context layout (`#83`). - Site spec version (footer, OG card, badges) advances from v0.3.0 to v0.4.0, reflecting the vendored spec snapshot bump (`#83`). - Adopt staging-leads-prod as the default sandbox image workflow. The two `wrangler.jsonc` pins (`containers[0].image` top-level, `env.staging.containers[0].image`) are independent: staging advances during development, prod advances at release. `RELEASES.md § Sandbox image releases` documents the soak-then-promote default and the lockstep shortcut for low-risk bumps (`#84`). - Sandbox image now lives in the Cloudflare managed registry (`registry.cloudflare.com/<acct>/anc-sandbox:30f61f1`) instead of the deprecated Docker Hub URI. Build is decoupled from deploy via `wrangler containers build -p`; deploy never rebuilds (`#84`). ### Fixed - Resolve staging container `ImagePullError` caused by Docker Hub registry deprecation. The sandbox image now lives in the Cloudflare managed registry and is pinned by `<git-sha>` tag in both env blocks (`#84`). - Add CI guard that verifies every PR's pinned sandbox image tags exist in the CF managed registry. Main-targeting PRs additionally enforce pin equality (released state). This release exercises the main-targeting equality branch for the first time. Both pins are `:30f61f1` (lockstep), so the equality check passes by default (`#84`). - Silence biome `noTemplateCurlyInString` warning on a footer test name. The string was intentional and is now annotated with a `biome-ignore` comment (`#75`). ### Documentation - `RELEASES.md § Sandbox image releases (live-scoring)`: full spec for image bumps including local-build-once via `wrangler containers build -p`, soak-then-promote default flow, lockstep shortcut, image-retention discipline (never delete a tag that backed a shipped Worker version), and the DO-migration one-way wall note (`#84`). - `docker/sandbox/README.md`: developer-facing image build and push reference (`#84`). ## Type of Change - [x] `feat`: New feature (non-breaking change which adds functionality) The release is multi-typed (feat plus fix plus chore plus docs) but `feat` headlines because the live-scoring scaffolding (4 units) is the largest user-facing surface introduced, even though the `/api/score` route is not yet wired. ## Related Issues/Stories - Story: First post-#73 release. Closes the production side of U3-followup verification (`agentnative-site` deploys at the new image pin) and resolves the routing drift discovered during the post-U3 audit. `anc.dev` was bound to the staging Worker since 2026-04-30; this release reattaches it to the named-prod Worker. - Issue: None. - Architecture: `docs/plans/2026-04-28-002-feat-live-scoring-cf-sandbox-plan.md` (live-scoring v3 plan; this release closes Pending #1). - Related PRs: #74, #75, #76, #77, #78, #79, #80, #81, #82, #83, #84. ## Files Modified **Modified:** - `wrangler.jsonc`: bindings for Containers, Durable Objects, R2 buckets, and Rate Limits on both env blocks; image pinned at `registry.cloudflare.com/<acct>/anc-sandbox:30f61f1`; `send_metrics: false`; DO migrations v1 (`#74`, `#81`, `#84`). - `RELEASES.md`: sandbox image release workflow, status-check context pitfall, telemetry opt-out documentation (`#74`, `#84`). - `package.json`: spec v0.4.0 bump and prose-check scripts (`#82`, `#83`). - `src/worker/index.ts`, `src/worker/headers.ts`: routing prep for `/api/score` (stub still returns 503 until U5) (`#81`). - `src/build/build.mjs`: registry-index plus discovery-hints-index emission (`#78`). - `tests/regression.test.ts`: prose-check plus live-scoring scaffolding coverage (`#78`, `#82`). - 16 other files. Full list in `git diff origin/main..HEAD --name-only`. **Created:** - `content/principles/p8-discoverable-skill-bundle.md`, `src/data/spec/principles/p8-discoverable-skill-bundle.md`, `content/principles/README.md` (`#83`). - `docker/sandbox/Dockerfile`, `docker/sandbox/README.md`, `docker/sandbox/.dockerignore`, `docker/sandbox/.ignored-sentinel.txt`, `tests/dockerfile-sandbox.test.ts` (`#79`, `#84`). - `discovery-hints.yaml`, `src/build/registry-index.mjs`, `tests/registry-index.test.ts` (`#78`). - `src/worker/score/{parse-install,registry-lookup,discover-binary,validate,do}.ts` and 4 paired test files (`#80`, `#81`). - `styles/{brand,site,config/vocabularies/brand,config/vocabularies/site}/*` (Vale rule packs), `scripts/prose-check.sh`, `scripts/check-banned-fonts.sh`, `scripts/sync-prose-tooling.sh`, `scripts/__fixtures__/prose-check/**`, `.vale.ini`, `BRAND.md` (`#82`). - `scripts/measure-discovery-hit-rate.mjs` (`#77`). - `.github/workflows/ci.yml` additions: sandbox image registry-existence guard plus pin-equality guard (`#84`). **Renamed:** - `docs/DESIGN.md` to `DESIGN.md` at repo root (`#83`). - `.impeccable.md` to `PRODUCT.md` (`#83`). **Deleted:** - None. ## Testing - [x] Unit tests added/updated - [x] All tests passing **Test Summary:** - 315 unit and regression tests pass on the release branch (pre-push gate verified locally). - `bun run build` clean: 8 principles, 112 HTML pages, 112 MD pages, 97 scorecard pages, 96 badges. - `bun x wrangler deploy --dry-run` validates the named-prod environment bindings end-to-end: Sandbox DO, R2 bucket `anc-score-cache` (created out-of-band before this PR), SCORE_LIMITER (10 requests per 60 s), ASSETS. Container image `anc-sandbox:30f61f1` resolves to the CF managed registry. - CI guard: top-level pin equals env.staging pin (both `:30f61f1`, lockstep), so the new main-targeting equality check is expected to pass on its first exercised PR run. - Pre-push prose-check: 0 blocking, 1108 warning (below threshold). - DO migration v1: this is the first deploy applying the migration to the named-prod Worker. The container application on the named-prod side will start at v1 (independent from staging's v2 history). **Post-merge verification plan** (executed after the deploy.yml run on the merge SHA): - `deploy.yml` production-deploy log lists ONLY `anc.dev (custom domain)` under triggers (no `workers.dev` URL, since named-prod has `workers_dev: false`). - Next push to dev triggers the staging deploy. That deploy log lists ONLY the staging `workers.dev` URL, no `anc.dev`. - `curl -sI https://anc.dev/` returns 200 with NO `x-robots-tag` header. - `curl -sI https://agentnative-site-staging.brettdavies.workers.dev/` returns 200 WITH `x-robots-tag: noindex`. - CF API `/accounts/<acct>/workers/domains` shows one record for hostname `anc.dev` with service `agentnative-site`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
First production release since the v0.1 launch (#60, 2026-04-30). Promotes 8 PRs from
devtomain/anc.dev. TwoPRs from the post-launch batch (#61, #63) were verified as no-ops for
mainand skipped: both were pure docsreorganizations into
docs/research/anddocs/design/, neither of which lives onmain(or should).The headline is #64: this site is now a downstream consumer of
brettdavies/agentnative(the spec repo) via avendored snapshot at
src/data/spec/. Footer, OG card, and per-tool badges now read from three independent spec-versionsources by design (vendored, scoring, manual reconciliation), preventing the conflation that would otherwise lie about
at least one currency dimension.
Trailing the headline, this release also clears the SHA-pin cleanup arc end-to-end: render side (#66), schema side
(#69), and a fresh 96-tool rescore against brew-installed
anc v0.3.0(#70). This is the first scoring pass where everytool's
anc.commitisnullby construction (no.git/in the brew cellar).Changelog
Added
agentnativespec snapshot atsrc/data/spec/(VERSION,CHANGELOG.md, all 7 principles,README.md).Site is now a true downstream consumer of the canonical spec repo.
scripts/sync-spec.sh: manual remote-first vendoring with local-fallback.scripts/SYNCS.md: single-page cross-repo sync map (CLI / spec / skill in, scorecards / Cloudflare out).Changed
SITE_SPEC_VERSION,scorecard.spec_version,anc's self-scorecardspec_version). Each tracks its own currency dimension.ancis now brew-installed inside the scoring docker image (replaces the local-cargo-build-from-checkout path thatproduced wrong-SHA scorecards).
anc v0.3.0(chore(scorecards): rescore all 96 tools with brewed anc v0.3.0 #70). Supersedes the v0.2.0 baseline shippedat v0.1 launch. First scoring pass where every
anc.commitisnullby construction.Removed
source.commit,verifyblock) from/skill.jsonand the build validator. Updatedetection now uses the skill bundle's
bin/check-updateagainstmainon GitHub.anc.commitfield from the scorecard schema documentation and invariant tests (chore(scorecards): drop anc.commit from schema + tests; add triple-diff to release runbook #69). The field is no longer emittedby
agentnative-clior surfaced in any rendered scorecard. Pairs with the upstream cleanup inagentnative-cli.Fixed
agentnative-clirepo./score/<tool>.mdnow tags asbash(was untagged).src/data/skill.json.version(0.1.0to0.2.0) to match the publishedagentnative-skillrelease(fix(skill): correct stale manifest version 0.1.0 to 0.2.0 #72). The manifest was never bumped alongside chore(skill): drop deprecated SHA-pin enforcement surface #67's deprecation of the SHA-pin surface, so
/skill.jsonconsumershad been reading a stale value.
Documentation
cherry sweep (chore(scorecards): drop anc.commit from schema + tests; add triple-diff to release runbook #69). Catches both directions of drift: guarded paths leaking IN and real feature commits being missed
OUT.
required_status_checks[].contextand thegh api .../check-runsdiagnostic for confirming real contexts after afirst CI run.
Type of Change
feat: New feature (non-breaking change which adds functionality)The release is multi-typed (feat + fix + chore + docs) but
featheadlines because spec vendoring is the largestuser-facing surface.
Related Issues/Stories
SHA-pin probe.
docs/solutions/best-practices/agentnative-version-model-2026-05-01.md(cross-repo version model,dev-only)
Testing
Test Summary:
bun run buildclean: 111 pages, 97 scorecards, 96 badgesagentnative-site-staging.brettdavies.workers.devalready verified post-each-PR-merge:/skill.jsonhasno
source.commit/verify; per-tool scorecard pages render theAnc buildrow as version-only (no commit link)go green on next deep-check after merge: the assertion that fails on
mainis removed by chore(skill): drop deprecated SHA-pin enforcement surface #67.Files Modified
Modified:
docs/DESIGN.md: companion-artifacts section reframed shipped vs research split (docs: fix stale docs/design refs after layout split (#61 follow-up) #62)scripts/og/og.css,tests/e2e/flows.e2e.ts: stale-ref cleanup (docs: fix stale docs/design refs after layout split (#61 follow-up) #62)src/build/util.mjs:SPEC_VERSION+SITE_SPEC_VERSIONexports (feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/build/shell.mjs: footer readsSITE_SPEC_VERSION(feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/build/build.mjs: badge generation reads scorecardspec_version(feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/build/scorecards-render.mjs:renderAncBuildHtml/renderAncBuildMarkdowncollapsed to version-only; SHAallowlist regex + repo URL constant removed (fix(scorecards): brew-install anc + drop commit-SHA link from render #66)
src/build/skill.mjs:COMMIT_RE,verifyvalidation, "pinned at commit" prose, and## Verifymarkdown sectionall removed (chore(skill): drop deprecated SHA-pin enforcement surface #67)
src/data/skill.json:source.commitandverifyobject dropped (chore(skill): drop deprecated SHA-pin enforcement surface #67)docker/score/Dockerfile:brew install brettdavies/tap/agentnativereplacesCOPY docker/score/anc(fix(scorecards): brew-install anc + drop commit-SHA link from render #66)docker/score/build.sh,docker/score/README.md: drop cargo-build preamble +ANC_CLI_ROOTplumbing (fix(scorecards): brew-install anc + drop commit-SHA link from render #66)content/scorecard-schema.md:anc.commitfield documented as captured-but-unsurfaced (fix(scorecards): brew-install anc + drop commit-SHA link from render #66); subsequently removedfrom schema doc + invariants (chore(scorecards): drop anc.commit from schema + tests; add triple-diff to release runbook #69)
scripts/og/generate.ts: readsanc-v*.json'sspec_version(feat(spec): vendor agentnative-spec + three-source spec-version model #64)tests/build.test.ts: three commit-render tests consolidated (fix(scorecards): brew-install anc + drop commit-SHA link from render #66); SHA-pin tests dropped (chore(skill): drop deprecated SHA-pin enforcement surface #67);anc.commitassertions removed (chore(scorecards): drop anc.commit from schema + tests; add triple-diff to release runbook #69); spec-version coverage added (feat(spec): vendor agentnative-spec + three-source spec-version model #64)
tests/e2e/skill.e2e.ts: pin-freshness checks dropped (chore(skill): drop deprecated SHA-pin enforcement surface #67)tests/regression.test.ts:source.commit/verify.expectedinvariants dropped (chore(skill): drop deprecated SHA-pin enforcement surface #67)public/og-image.png: OG asset regenerated (feat(spec): vendor agentnative-spec + three-source spec-version model #64)RELEASES.md: skill-release procedure no longer requires a manifest re-pin (chore(skill): drop deprecated SHA-pin enforcement surface #67); triple-diff verification added(chore(scorecards): drop anc.commit from schema + tests; add triple-diff to release runbook #69); status-check context pitfall added (docs(releases): document status-check context pitfall #71)
scripts/SYNCS.md: re-pin language scrubbed from the skill flow (chore(skill): drop deprecated SHA-pin enforcement surface #67)package.json: version metadata updates from feat(spec): vendor agentnative-spec + three-source spec-version model #64scorecards/*.json: 96 tool scorecards regenerated againstanc v0.3.0(chore(scorecards): rescore all 96 tools with brewed anc v0.3.0 #70); 7 of them renamed to track upstreamversion bumps (act, anc, claude-code, flyctl, ollama, opencode, starship)
Created:
src/data/spec/VERSION: pinned spec semver (feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/data/spec/CHANGELOG.md: vendored copy of the spec repo's changelog (feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/data/spec/README.md: vendoring workflow doc (feat(spec): vendor agentnative-spec + three-source spec-version model #64)src/data/spec/principles/p1-...throughp7-...: 7 principle files vendored from the spec repo (feat(spec): vendor agentnative-spec + three-source spec-version model #64)scripts/sync-spec.sh: vendoring script (feat(spec): vendor agentnative-spec + three-source spec-version model #64)scripts/SYNCS.md: cross-repo sync map (feat(spec): vendor agentnative-spec + three-source spec-version model #64)Renamed:
act-v0.2.87.json→act-v0.2.88.json;anc-v0.2.0.json→anc-v0.3.0.json;claude-code-v2.1.123.json→claude-code-v2.1.126.json;flyctl-v0.4.44.json→flyctl-v0.4.45.json;ollama-v0.22.0.json→ollama-v0.22.1.json;opencode-v1.14.30.json→
opencode-v1.14.31.json;starship-v1.25.0.json→starship-v1.25.1.json.Deleted:
Key Features
source by design. Conflating them would lie about at least one currency dimension. Documented in
docs/solutions/best-practices/agentnative-version-model-2026-05-01.md(dev-only).ancin the scoring image. Install parity with every other registry tool, no more operator-statecoupling, scorecards from this image will always emit
anc.commit: null(no.git/in the brew cellar) byconstruction.
the skill-distribution pin probe goes away by removing the assertion in chore(skill): drop deprecated SHA-pin enforcement surface #67.
Benefits
/skill.jsonshape now matches the documented update model (bin/check-updateagainstmain); per-tool scorecard pages no longer link incorrect SHAs.permanent runbook entries.
Breaking Changes
/skill.jsonlosessource.commitand theverifyobject. Agents that read these advisory fields will see themmissing rather than wrong; consumers that don't read them are unaffected.
agentnative-cli'ssrc/skill_install/skill.jsonfixture pulls from this repo's source-of-truth, so itsskill-fixture-driftworkflowwill surface the shape change on its next PR. Coordinated CLI-side update should land in lockstep.
Deployment Notes
After deploy:
https://anc.dev/skill.jsonwill losesource.commitand theverifyobject.anc.devwill no longer render commit links.anc.dev/score/ancwill displayanc v0.3.0(wasv0.2.0).Skipped from this release (verified no-op for main)
refactor(layout): split docs/design into shipped src/styles + research. The "shipped" half(
src/styles/foundation.css,scripts/og/og.{css,html}, etc.) was already onmainvia the v0.1 squash; theremaining changes were a rename into
docs/research/design/, which is excluded frommain.chore(docs): move docs/VOICE.md to docs/research/VOICE.md.docs/VOICE.mdnever existed onmain; the movetarget (
docs/research/VOICE.md) is excluded frommain(now blocked byguard-main-docs.yml's extension to coverdocs/research/anddocs/ideation/).Checklist
Additional Context
docs/research/anddocs/design/are intentionally excluded frommain. They hold research material that lives ondevonly. The central reusable workflow atbrettdavies/.github/.github/workflows/guard-main-docs.ymlalreadyenforces this for
docs/research/anddocs/ideation/alongsidedocs/plans|brainstorms|solutions|reviews/.