v0.8.0

Added

• Top-level structural review CLI: graft review --base <ref> [--head <ref>] now renders a human-readable structural review summary
  from the existing graft_review model, while --json keeps the
  schema-validated graft.cli.struct_review payload for agents.
• Structural test coverage map: graft_test_coverage and
  graft struct test-coverage [--src <path>] [--tests <path>] now
  report exported source symbols with or without bounded test-directory
  references, explicitly labeled as structural/reference coverage rather
  than execution coverage.
• Git enhance provenance hints: git graft enhance --since <ref>
  now adds a bounded provenance-hints section for changed symbols using
  WARP-backed blame facts when available, including ambiguity,
  creation/signature-change commits, reference count, and unavailable
  blame reasons.
• Symbol history timeline: graft symbol history <symbol> [--path <path>] now renders a timeline-first human view over the
  existing provenance-backed graft_blame facts while preserving the
  graft.cli.symbol_blame JSON schema.
• Dead symbol detection: graft_dead_symbols and graft struct dead-symbols [--limit <n>] now list symbols removed from indexed WARP
  history and not subsequently re-added.
• Review cooldown status helper: graft review cooldown [--pr <number>] now reads PR comments via gh pr view --json comments,
  detects CodeRabbit rate-limit markers, and reports local ready,
  cooldown, or unknown status; --comments-file supports fixture-backed
  checks.
• Rust structural parsing: parser-backed outlines, governed reads,
  structural diffs, and WARP indexing now recognize .rs files using
  the bundled Rust tree-sitter grammar.
• GraphQL structural parsing: parser-backed outlines, governed
  reads, structural diffs, and WARP indexing now recognize .graphql,
  .gql, and .graphqls files using a compatible GraphQL
  tree-sitter WASM grammar with GraphQL-specific outline kinds for
  objects, fields, inputs, scalars, unions, directives, operations,
  fragments, schema declarations, and enum values, with fixture coverage
  for Continuum/Wesley-style contract schemas.
• Python structural parsing: parser-backed outlines, governed reads,
  structural diffs, and WARP indexing now recognize .py and .pyi
  files using the bundled Python tree-sitter grammar. Outlines cover
  functions, async functions, classes, public methods, class fields, and
  uppercase module constants.
• Go structural parsing: parser-backed outlines, governed reads,
  structural diffs, and WARP indexing now recognize .go files using
  the bundled Go tree-sitter grammar. Outlines cover packages,
  functions, receiver methods, structs, interfaces, constants, and
  variables.
• JSON structured config projection: parser-backed outlines,
  governed reads, structural diffs, and WARP indexing now recognize
  .json files using the bundled JSON tree-sitter grammar. Outlines
  summarize top-level config keys with bounded nested object children.
• TOML structured config projection: parser-backed outlines,
  governed reads, structural diffs, and WARP indexing now recognize
  .toml files using the bundled TOML tree-sitter grammar. Outlines
  summarize tables, array tables, and bounded package/tool fields.
• YAML structured config projection: parser-backed outlines,
  governed reads, structural diffs, and WARP indexing now recognize
  .yaml and .yml files using the bundled YAML tree-sitter grammar.
  Outlines summarize top-level keys and bounded nested mapping anchors.
• Docker auto-start helper: the isolated test runner now attempts to
  launch Docker Desktop on macOS before failing the Docker daemon
  preflight, while keeping the existing explicit fallback guidance for
  unsupported or failed startup paths.
• Bounded WARP semantic enrichment seam: indexHead accepts an
  optional semantic enrichment provider for explicit-path indexing,
  emits same-file calls edges and typeof symbol properties from
  accepted provider facts, caps per-file semantic facts, and reports
  unavailable providers without breaking tree-sitter indexing.
• Git version startup guard: CLI, stdio MCP, and daemon startup now
  fail early when the installed Git is below the plumbing baseline
  needed for flags such as --path-format. Hosts can also call
  ensureGitVersionSupportsGraft(...) from the root package export.
• Method glossary: docs/method/GLOSSARY.md defines core project
  terms including WARP, causal provenance, strand, worldline, checkout
  epoch, and workspace overlay.

Changed

• Lazy parser runtime: Tree-sitter and grammar WASM loading now
  happens through an explicit ensureParserReady() path instead of
  top-level await, reducing cold-start pressure for runtimes that do
  not parse immediately.
• MCP orchestration staging: MCP invocation and server construction
  are split into named stages and factories, preserving tool behavior
  while reducing orchestration debt.
• Unified governed read logic: MCP safe_read delegates cache and
  structural-diff decisions to RepoWorkspace.safeRead, keeping the
  MCP and direct library surfaces aligned.
• WARP symbol identity hardening: symbol-id encoding and decoding
  now route through SymIdCodec, and indexHead uses a lighter patch
  payload estimator instead of serializing full patch JSON for budget
  checks.

Fixed

• Structural test coverage review fix: graft struct test-coverage now skips tracked test files deleted from the working
  tree before running reference searches, so unstaged or staged test
  deletions degrade to uncovered symbols instead of failing on missing
  paths.
• Review truth follow-up: CodeRabbit cooldown detection now ignores
  unauthored rate-limit text by default, structural test coverage batches
  symbol reference searches per run, CLI render schemas use strict object
  definitions directly, and review-facing model/render tests cover empty
  history plus provenance-hint output.
• Review truth collision follow-up: CodeRabbit cooldown detection now
  returns unknown when any authored rate-limit marker lacks timestamp or
  duration evidence, and structural test coverage avoids substring
  matches while attributing duplicate exported symbol names to the
  referenced source file.
• Structural review PR feedback: graft review and
  graft struct review now require --base at parse time, nested
  object-literal defaults no longer compact into malformed signatures,
  and Rust impl/trait extraction uses the grammar's body field
  without a dead fallback.
• PR review hardening follow-up: Docker auto-start polling no longer
  uses Atomics.wait on the main thread, Docker probe subprocesses are
  bounded, parser warmup fire-and-forget paths consume rejected promises,
  SymIdCodec rejects malformed IDs and escapes delimiter characters,
  WARP structural path filters are directory-boundary safe, the MCP server
  passes injected Git clients through ToolContext, and playback tests avoid
  Node 21-only import.meta.dirname.
• Release gate stability: the Docker-isolated test runner now bounds
  default Vitest worker concurrency unless an explicit --maxWorkers
  argument is supplied, keeping full-suite release validation stable under
  constrained Docker resources.
• Parser readiness follow-up: root library hosts can now call
  ensureParserReady() before synchronous structured-buffer use, while
  pre-warm sync projection bundles return explicit partial parser
  unavailable results instead of throwing. Outline cache writes are
  best-effort after successful governed reads, lazy outline snapshots
  share in-flight work, and WARP indexing reuses the parsed tree for
  outline extraction.
• Projection bundle README example: direct StructuredBuffer usage
  now shows explicit disposal, while createProjectionBundle(...) is
  documented as the lifecycle-owning wrapper.

v0.7.1

Fixed

• npm package runtime shape: The published package now ships built
  dist/ output without src/, keeps tsx as development-only
  tooling, runs the package bin and generated Claude hook commands from
  compiled JavaScript, migrates generated v0.7.0 Claude hook commands
  through graft init --write-claude-hooks, declares
  targeted sideEffects metadata for parser initialization, pins the
  patched postcss transitive used by Vite, and guards manual publishes
  with prepublishOnly.

v0.7.0

This release marks a fundamental shift in Graft’s architecture, moving away from legacy text-based scanning toward a highly precise, graph-native approach powered by the WARP graph. The updates significantly enhance the reliability, performance, and analytical depth of the toolset, particularly for AI agents and automated structural reviews.

Key Highlights

• Graph-Native Tooling: Core commands (graft_review, graft_churn, graft_blame) now rely entirely on WARP graph traversal and tick receipts rather than broad sweeps or ripgrep. This guarantees absolute precision for import resolution, reference counting, and structural change tracking.
• Proactive Drift & Hygiene Detection: A new suite of "sentinel" tools and the doctor sludge detector automatically flag stale documentation, dead symbols, architectural imbalances, and broken doc-to-code claims, keeping technical debt strictly managed.
• Optimized Daemon & Background Indexing: The introduction of a daemon-backed MCP runtime and zero-cost idle monitoring ensures continuous, low-overhead operation. Indexing now intelligently batches operations and skips execution if the Git HEAD remains unchanged.
• Enhanced Agent (MCP) Capabilities: Agents receive context-aware superpowers, including session knowledge maps ("what do I already know?"), refactor difficulty scoring, and governed exact-replacement edits with built-in structural drift advisories.

Architecture Flow: WARP Indexing & Daemon Runtime

Here is the architectural flow demonstrating how the new background monitoring, Git workspace, and MCP client layer interact with the WARP graph:

---

Added

Feature / Component	Details / Impact
Sludge Detector	Opt-in structural smell scan via doctor (sludge: true or graft doctor --sludge). Flags typedef/class imbalance, JSDoc cast density, homeless constructors, and high-symbol-count files.
Refactor Difficulty Score	graft_difficulty and graft symbol difficulty generate a scalar per-symbol refactor score based on WARP churn curvature and reference-edge friction.
WARP Snapshot Indexing	indexHead is now the canonical snapshot indexing path, emitting commit, file, directory, symbol, and AST facts with tick metadata.
Cross-file Import Resolution	WARP natively records import, re-export, and namespace reference edges for graph-native queries.
Outline-diff Commit Trailer	formatStructuralDiffTrailer and parseStructuralDiffTrailer embed machine-readable structural diffs within git commit messages.
Background Indexing Triggers	monitor_nudge MCP tool triggers immediate re-indexing for running monitors, allowing post-commit hooks to notify Graft of HEAD changes.
Structural Drift Sentinels	checkNumericClaim and checkPatternProhibition verify documentation claims (numeric counts and prohibited patterns) against the actual codebase.
Markdown Drift Sentinel	runDriftSentinel scans tracked markdown files for stale symbol references against the WARP graph. Returns a pass/fail verdict for pre-commit hooks.
WARP Reference Counting	graft_review now counts references via WARP graph traversal instead of ripgrep, offering precise actual-import data and faster execution.
Stale Docs & Version Checkers	checkStaleDocs cross-references markdown symbol mentions with the WARP graph; checkVersionDrift compares CHANGELOG against package.json versions.
Session Knowledge Map	knowledge_map MCP tool tracks session context, detailing observed files, symbols, staleness flags, and per-directory coverage.
Symbol History Timeline	symbolTimeline retrieves the complete lifecycle of a symbol across commits (signature, line range, presence, change kind), ordered by tick.
Dead Symbol Detection	findDeadSymbols uses WARP snapshot diffs (no grep) to find removed, never-re-added symbols, supporting maxCommits depth limits.
Zero-cost Idle Monitoring	runMonitorTickJob skips openWarp and indexHead if HEAD hasn't changed since the last indexed commit.
Daemon-backed MCP Runtime	graft serve --runtime daemon exposes the daemon bridge as a release-facing MCP runtime. Client configs can be generated via graft init.
Read-only Daemon Status	graft daemon status renders daemon health, session counts, workspace posture, and worker load without exposing mutation actions.
Git-facing Enhance CLI	git graft enhance --since <ref> synthesizes structural facts into a review summary, with schema-validated JSON available via --json.
Governed Exact Replacement	graft_edit is a narrow MCP edit tool for single, exact replacements that adhere to Graft's path, policy, and schema boundaries.
Agent Drift Advisory	graft_edit can return driftWarnings if a same-session edit removes, then later reintroduces, a narrow jsdoc_typedef structural pattern.

---

Changed

Component	Change Summary
WARP Context Boundary	Removed WarpHandle in favor of direct git-warp types via WarpContext, introducing fail-closed strand routing hooks for future isolation.
Structural Query Paths	Structural queries now strictly use traverse, QueryBuilder, and tick receipts instead of broad getEdges() scans.
WARP-backed Operations	graft_log, graft_churn, graft_blame, and graft_review now execute using WARP graph data rather than legacy paths.
Aggregate-backed Churn	graft_churn computes live-symbol change counts using WARP's QueryBuilder.aggregate(), while retaining removed-symbol churn via tick receipts.
graft_blame Output Shape	Returns tick-aware symbol timelines and a simplified createdInCommit value. Note: Breaking pre-1.0 MCP schema change for scraping consumers.
Daemon Runtime Selection	Repo-local graft serve remains default; daemon-backed operations now require an explicit --runtime daemon flag.
Release Scope Truth	Full LSP semantic enrichment and the medium-risk slice-first read sweep are shifted to post-v0.7.0 follow-up cards instead of blocking release.

---

Removed

Component	Removal Details
Legacy Indexer	Removed the indexCommits pipeline and related model/graph helpers. indexHead is now the exclusive indexing path.

---

Fixed

Issue / Component	Resolution
Agent Worktree Hygiene	Added pnpm guard:agent-worktrees to release preflight and pre-commit hooks to catch forced embedded-repo gitlinks in .claude/worktrees/.
Export Surface Semver	exportSurfaceDiff treats breaking signature changes (required param changes, return type changes) as major, and additive optional params as minor.
Reference Edge Scanning	referencesForSymbol exclusively traverses incoming references edges from the target node, rather than scanning all graph edges.
CHANGELOG Version Drift	checkVersionDrift now properly parses bracketed markdown headings (e.g., ## [0.7.0] - YYYY-MM-DD).
Test Isolation	Default pnpm test runs in a copy-in Docker container to prevent live operator Git hooks or environments from contaminating validation.
Full-suite Nondeterminism	Test MCP servers and daemon integration tests now use temporary Git/runtime seams to eliminate hidden background work under full-suite load.
Symlink-parent Escapes	Repo path resolution validates the nearest existing ancestor, preventing create/write tools from escaping via symlinked parent directories.
Monitor Indexing Ceiling	Background monitor ticks now batch explicit paths beneath the indexHead cap, fixing failures in repos with 64+ parseable files.
WARP Structural Log Metadata	indexHead properly persists commit messages, authors, dates, and timestamps on commit nodes for human-readable context in graft struct log.
Cold WARP Review Fallback	graft_review preserves breaking-change impact counts on fresh worktrees via a bounded import/re-export scan before graph edges generate.
Backlog Dependency DAG	The checked-in DAG accurately renders blocked_by, blocking, and blocked_by_external relationships directly from backlog card frontmatter.

v0.6.1

Fixed

• CI test fixes: release gate test excludes build artifact dist/
  from existence check. Package docs test updated for moved doc paths.

v0.6.0

Added

• Runtime port guards: assertFileSystem(), assertJsonCodec(),
  and assertToolContext() validate adapter contracts at construction
  time. Plumbing conformance test catches drift against
  @git-stunts/plumbing.
• Secret scrubbing: shared scrubSecrets() and
  sanitizeArgValues() redact sensitive keys, truncate oversized
  values, and scrub secret patterns across both run_capture output
  and observability arg logging.
• Path escape invariants: dedicated test suite for traversal
  attacks, symlink escapes, and root-confinement.
• Worktree identity canonicalization: fs.realpathSync resolves
  path aliases (/tmp vs /private/tmp) before deriving workspace
  IDs.
• Tool-call provenance footprints: ToolCallFootprint records
  paths, symbols, and line regions per tool invocation. Read-family
  and search tools instrumented.
• Canonical symbol identity projection: graft_diff and
  graft_since enrich diff entries with identityId from WARP
  sid:* anchors when indexed. Graceful degradation when unavailable.
• Dynamic project root: GRAFT_PROJECT_ROOT env var overrides
  the default process.cwd() binding. Git root auto-detection
  fallback.
• Implicit daemon binding: daemon-mode sessions auto-bind when
  a repo-scoped tool is called with path evidence, removing the
  mandatory workspace_bind step.
• Attribution fallback hardening: transport session, environment
  inference (CI/CD, editor detection), and session continuity
  strategies reduce actor:unknown to the exception path.
• Anti-sludge policy: semgrep rules and shell checks for
  boundary discipline, banned patterns, and core-layer hygiene.
• toJsonObject() DTO bridge: universal serialization boundary
  between typed operation results and ctx.respond().

Changed

• Explicit execution context: ToolHandler now receives ctx
  as an explicit parameter (args, ctx) instead of closing over it
  via createHandler(ctx). AsyncLocalStorage removed from
  execution context threading.
• Session concept disambiguation: SessionTracker renamed to
  GovernorTracker, RegisteredSession to RegisteredTransport,
  WorkspaceSessionMode to WorkspaceMode. Wire format preserved.
• MCP composition decomposition: server.ts split into barrel +
  server-context.ts + server-invocation.ts. repo-state.ts into
  4 sub-modules. daemon-control-plane.ts into control-plane/.
  daemon-repos.ts into repo-overview/. daemon-worker-pool.ts
  into 3 sub-modules. persistent-monitor-runtime.ts into 3
  sub-modules. workspace-router.ts gains capability and history
  sub-modules.
• Parser decomposition: markdown extraction split into
  src/parser/markdown.ts. Parser reclassified as application module
  (Layer 3) with enforced hex layer guardrails.
• Result type hardening: MetricsSnapshot, MetricsDelta,
  DecisionEntry, StateSaveResult, StateLoadResult promoted to
  runtime classes. [key: string]: unknown index signatures removed
  from all operation results. Receipt builder uses mutable draft
  instead of as casts.
• code_find approximate discovery: plain-text queries now use
  case-insensitive exact/prefix/substring matching with deterministic
  ranking.
• Claude hook governed reads: PreToolUse now redirects large
  JS/TS native Read calls to graft's bounded-read path.
• Codex bootstrap posture: graft init --write-codex-mcp now
  seeds AGENTS.md alongside .codex/config.toml.
• MCP runtime observability: sessions emit metadata-only events
  to .graft/logs/mcp-runtime.ndjson, receipts carry traceId and
  latencyMs.
• Map tool collector extraction: map.ts reduced from 328 to
  52 lines; collection logic in map-collector.ts.
• Typed diagnostic responses: DoctorResponse, StatsResponse,
  ExplainResponse, SetBudgetResponse, RunCaptureResponse.

Fixed

• Worktree identity drift on macOS: /tmp and /private/tmp
  aliases no longer produce different workspace IDs.
• GRAFT_PROJECT_ROOT env var: MCP servers no longer hardcoded
  to their own repo path.
• Path resolver security: absolute paths now confined to project
  root. Symlink escapes detected via fs.realpathSync double-check.
• WARP symbol disambiguation: symNodeId uses qualified names
  (Header.render vs Footer.render) — same-named methods across
  classes no longer collide.
• WARP indexer error propagation: IndexResult is a discriminated
  union. Git failures propagate instead of producing silently empty
  graphs.
• Daemon session cleanup: session directories removed on close
  instead of leaking forever.
• Rotating log preservation: oversized entries preserved instead
  of erasing the entire log during rotation.
• graft_map output caps: MAX_MAP_FILES=100, MAX_MAP_BYTES=50000
  with automatic summary-only fallback. Budget-exhausted sessions get
  compact BUDGET_EXHAUSTED response.
• hono vulnerability: override to >=4.12.14 patches HTML
  injection in hono/jsx SSR (Dependabot alert #10).

v0.5.0

Added

• Between-commit activity view: new bounded activity_view MCP
  tool and graft diag activity CLI peer surface for inspecting
  recent local artifact_history around the active causal workspace.
• Persisted local history substrate: continuity, attribution,
  staged-target, transition, and recent read/stage activity now
  survive across local sessions as bounded artifact history.
• Same-repo concurrency posture: bounded repoConcurrency
  summaries and lawful same-worktree cross-session handoff semantics.

Changed

• Reactive workspace footing: checkout-boundary footing, hook
  posture, and forked-vs-stable lineage are now explicit product truth
  instead of implied inference.
• Semantic transitions: bounded surfaces now summarize
  index_update, conflict_resolution, merge_phase,
  rebase_phase, bulk_transition, and lawful unknown with
  transition-aware guidance.
• Signpost docs: README, GUIDE, BEARING, VISION, release notes,
  and the new CLI/MCP/advanced signposts now reflect the 0.5.0
  release cut.

v0.4.0

Added

• WARP Level 1 — structural memory substrate: git-warp-backed
  graph stores structural facts per commit. Directory tree, file,
  symbol, and commit nodes with containment edges and provenance
  links (touches, adds, changes, removes).
• graft_since: structural changes since a git ref — symbols
  added, removed, and changed per file with summary lines. Instant.
• graft_map: structural map of a directory — all files and
  their symbols in one call via tree-sitter.
• graft index CLI: manual WARP indexing trigger.
• WARP indexer: walks git history, parses files with tree-sitter,
  emits WARP patches. Handles nested symbols, file deletion,
  signature changes, unsupported language degradation.
• Observer factory: 8 canonical lens patterns for focused graph
  projections (file symbols, all symbols, directory files, etc.).
• 11 WARP invariants: observer-only-access, materialization-
  deterministic, delta-only-storage, address-not-identity, and more.
• @git-stunts/git-warp v16 + @git-stunts/plumbing deps.

v0.3.5

Fixed

• CI: use npx npm@latest for OIDC trusted publishing — avoids
  self-upgrade breakage on Node 22's bundled npm.

v0.3.4

Fixed

• CI: upgrade npm CLI to >=11.5.1 for OIDC trusted publishing.
  Remove registry-url and token env vars — modern npm handles
  OIDC natively.

v0.3.3

Fixed

• CI: use npm publish instead of pnpm publish for OIDC
  provenance — pnpm doesn't support npm's OIDC token exchange.