What's Changed

Scale & Ops Maturity Epic (gwi-7ki)

Agent-first infrastructure for autonomous AI agents (#86):

• Dependabot + SBOM
• VPC + Budget Alerts
• Circuit Breaker for LLM
• Run Steps Subcollection
• Distributed Rate Limiting

Harness Engineering Hooks (#85)

5 new hooks for agent quality

Code Factory Gap Closure (#84)

• Incident-to-harness feedback loop
• Browser evidence capture

Other Changes

• License: MIT → BSL 1.1
• 12 README currency fixes
• Enterprise roadmap (Phases 6-8)

Full Changelog: v0.9.0...v0.10.0

🚀 Release v0.9.0

Highlights

• Pre-GA Security Hardening (gwi-ma8): Comprehensive security improvements

  • Pin all GitHub Actions to SHA digests across 17 workflow files
  • Add disaster recovery runbook and Firestore backup infrastructure
  • Wire checkpoint persistence into autopilot executor
  • Unify approval systems with Phase 25 signed approvals

• onBeforeStep Hook: Pre-operation risk enforcement for autopilot (#81)

• Sandbox Autopilot Integration: File-write operations now run through secure sandbox (#82)

Fixed

• P3 code review debt from security audit (#80)
• Engine, Core, and Agent improvements for validation and configuration

Documentation

• Competitive strategy docs and model selection rubric

Full Changelog: v0.8.0...v0.9.0

🤖 Generated with Claude Code

What's New

Added

• OpenTelemetry Export Bridge (#79): Bridge GWI custom telemetry to OTLP collectors
  • GwiSpanBridge: Convert GWI Span → OTel ReadableSpan
  • MetricsBridge: Sync MetricsRegistry → OTel instruments
  • Prometheus /metrics endpoint (works with zero OTel config)
  • Set OTEL_EXPORTER_OTLP_ENDPOINT to enable OTLP export
• Hook Runner Integration (#76): Wire hook runner into autopilot executor
• Sandbox Execution Layer (#71): Secure sandbox execution for IDP

Fixed

• Security: Firebase Auth and GCP OIDC token verification (#77)
• Security: Stop-ship security hardening Phase 1 (#75)
• Agents: Consolidate slop detector hardening (#74)
• CI: Multiple test suites fixed for Vitest 4 mock patterns (#78)
• Mermaid: Fix diagrams and Claude Code hook format (#70)

Full Changelog: v0.7.1...v0.8.0

What's Changed

Fixed

• 🔒 Fix npm audit vulnerabilities - upgrade vite, vitest, firebase-admin, firebase (#68)
• 🔧 Fix ARV warnings and update default model names to current versions
• 📉 Reduce ARV warnings from 571 to 80 (86% reduction)

Changed

• 📝 Replace unstructured console.log with structured logging across 22 files (#69)
• 🔧 Update forbidden-patterns to exclude test files from console.log warnings
• 🔧 Update drift-gate to accept npm workspace * protocol

Added

• 📚 12 new specification documents covering:
  • Developer onboarding automation
  • AST-based code migration framework
  • Documentation generation framework
  • Cost optimization and budget alerts
  • Service catalog specification
  • Feature flags integration
  • SAST/DAST security scanning
  • AI governance framework
  • SOC2/SOX compliance tracking
  • Developer analytics and DORA metrics
  • RAG knowledge base specification

Full Changelog: v0.7.0...v0.7.1

🤖 Generated with Claude Code

What's New in v0.7.0

This release completes 5 major documentation epics and introduces the connector framework architecture.

📚 Documentation Epics

🔌 Connector Framework

• Airbyte CDK architecture analysis
• Production connector patterns
• IConnector interface design
• Authentication strategy documentation
• Webhook receiver design
• Connector registry specification

🧹 Code Quality

• Removed 2,735 lines of dead code (openapi module)
• Consolidated logger implementations
• Refactored webhook-receiver to use @gwi/connectors
• Added BaseFirestoreRepository for DRY patterns

🔒 Security

• Added beads task tracking for AI agent workflows
• Stop hook enforcement for bead closure
• Removed duplicate generateAuditEventId

Full Changelog: v0.6.0...v0.7.0

What's New in v0.6.0

Epic A: Firebase Hosting

• Multi-target Firebase Hosting deployment (staging/production)
• Security headers with Content-Security-Policy
• Workload Identity Federation for CI/CD

Epic B: Cloud Run Reliability

• B2: Firestore run persistence with heartbeat durability
• B3: Recovery/resume on Cloud Run restart
• B4: Standardized Pub/Sub queue and DLQ semantics
• B5: Health check endpoints (/health, /health/ready, /health/deep)

Documentation

• Epic C: Observability operations runbook
• Epic D: Security/IAM operations runbook
• Epic E: Release process checklist
• 6767 document filing system standard v4.2

Stats

• 21 commits
• 43 files changed
• +7,081 lines / -305 lines

Full Changelog: v0.5.1...v0.6.0

Community Health & Governance Release

This release adds comprehensive community health files, GitHub templates, and governance documentation to establish the project as a "serious project" with proper contribution guidelines.

Added

• CONTRIBUTING.md - Full development guidelines including:

  • Quick start and development environment setup
  • Branch naming and PR rules
  • Code style guidelines (TypeScript)
  • Testing guidelines
  • Commit message conventions (Conventional Commits)
  • ARV (Agent Readiness Verification) documentation

• SECURITY.md - Security policy including:

  • Supported versions
  • Vulnerability reporting process
  • Scope of security reports
  • Safe harbor language

• SUPPORT.md - Getting help guide with links to:

  • GitHub Discussions for Q&A
  • Issue templates for bugs/features
  • Documentation resources

• GOVERNANCE.md - Project governance:

  • Maintainer-led model
  • Decision making process
  • Release authority

• CODE_OF_CONDUCT.md - Contributor Covenant adaptation

• GitHub Templates:

  • Bug report (YAML form)
  • Feature request (YAML form)
  • Question (redirects to Discussions)
  • Security report (redirects to SECURITY.md)
  • Pull request template with checklist

• CODEOWNERS - Code ownership for:

  • Core packages
  • Infrastructure
  • Security-sensitive apps

• Documentation Organization:

  • Discussions enablement guide
  • Repository gaps audit checklist
  • Moved loose docs to 000-docs/ with proper naming

Changed

• Expanded CONTRIBUTING.md with comprehensive guidelines
• Updated CHANGELOG with historical entries (v0.2.0, v0.1.0)

Full Changelog: v0.5.0...v0.5.1

Release v0.5.0 - Epic J: Local Dev Review

Pre-PR code review tooling for local development workflows.

New Features

gwi gate - Pre-commit Review Gate

Interactive approval workflow for code changes before commit:

• Interactive readline prompt for approve/reject/skip decisions
• --no-interactive flag for CI/git hooks automation
• Exit codes: 0 (approved), 1 (rejected), 2 (blocked)
• 49 unit tests for comprehensive coverage

gwi review --local --ai - AI-Powered Local Diff Review

AI-enhanced review using ReviewerAgent:

• reviewLocalDiff() method for staged/unstaged changes
• Security pattern detection on added lines
• 4 new integration tests

Architecture Decision Record

Comprehensive ADR (021-DR-ADRC) documenting Epic J architecture:

• 9 architecture decisions
• Three-tier architecture: Git ops → Deterministic → AI-enhanced

Fixes

• Policy engine time_window test made deterministic (avoid hour 23 edge case)

Documentation

• Streamlined CLAUDE.md with project-specific guidance (~160 lines)

Full Changelog: v0.4.0...v0.5.0

Git With Intent v0.4.0

This release brings Local Development Review (Epic J) and comprehensive Policy & Audit capabilities (Epic D).

Highlights

Epic J: Local Development Review

Review AI-generated code locally before creating PRs:

gwi review --local           # Review staged/unstaged changes
gwi triage --diff HEAD~1     # Score recent commit complexity
gwi explain . --local        # AI summary of what changed and why
gwi gate                     # Pre-commit review gate

# Git hooks integration
gwi hooks install            # Install pre-commit hook
gwi init --hooks             # Initialize with hooks

Epic D: Policy & Audit

Enterprise-grade compliance and audit capabilities:

• D3: Immutable Audit Logs - Cryptographic chaining, integrity verification (gwi audit verify)
• D4: Compliance Reports - SOC2, HIPAA, GDPR templates with Ed25519 signing
• D5: Violation Detection - Alerts, remediation suggestions, dashboard
• D6: Gateway API - REST endpoints for audit logs and policies

Statistics

• 123 commits
• 357 files changed
• +129,580 / -7,353 lines
• 27 new E2E tests

Full Changelog

See CHANGELOG.md for detailed changes.

Generated with Claude Code release automation

Epic E (RBAC & Governance) complete. Enterprise CI/CD pipeline operational.

Added

Epic E: RBAC & Governance (~8,600 lines)

• Tenant Lifecycle - State machine (active/suspended/paused/deactivated), plan management, soft/hard delete
• Quota Enforcement - Express middleware, 3 enforcement modes (hard/soft/warn), burst allowances
• Secrets Management - AES-256-GCM encryption, unique IVs per secret, constant-time comparison
• Governance & Audit - 5 compliance report types, anomaly detection, CSV/JSON export

CI/CD Pipeline (4 workflows)

• test.yml - 4-shard parallel test execution, coverage collection, PR comments
• ci-enhanced.yml - Security scanning, quality gates, ARV integration
• deploy.yml - Auto-deploy to staging/production via OpenTofu
• release.yml - Semantic versioning, changelog generation, GitHub releases

Testing Infrastructure

• Vitest configuration - Multi-threaded execution (all CPU cores), V8 coverage
• Test sharding - 4x speedup (180s → 45s)
• Marketplace E2E tests - 33 tests for connector installation flows
• SDK integration tests - 45 tests for SCIM, Registry, Workflows APIs

Fixed

• Module exports for governance and tenants packages
• RBACRequest type now extends Express Request (includes params/query/body)
• TypeScript strict mode violations in Epic E code
• CI false positives (.env detection, credential file checks)

Full Changelog: v0.2.0...v0.3.0