v2.0.0 — Pure v2 MCP-Centric Three-Subsystem Architecture

🚀 Major Release — Pure v2 MCP-Centric Three-Subsystem Architecture

Published as 0xray on npm — first release under the 0xRayAI org. 2,863 tests, 0 unit failures, 0 npm vulns.

🧠 Three-Subsystem Architecture (Wired & Complete)

• feat: extract and wire CodexPolicyService as Governance SSOT for codex reads (enforcer-tools.server.ts, governance.server.ts)
• feat: wire opencode-cli-invoker into inference-cycle as Autonomous Engine process spawner
• feat: wire ProposalApplier via callback pattern into inference-cycle (git/PR execution)
• feat: add handleGetActiveCodex MCP tool to governance server (delegates to CodexPolicyService)
• feat: add strray/codex.json to resolveCodexPath() fallback candidates
• feat: 3 dedicated governance MCP servers (code-review, security-audit, researcher) deliberate proposals

🏷️ Package Rename: strray-ai → 0xray

• feat: rename package strray-ai → 0xray across 60+ source files, CLI help text, grok plugin, hermes-agent bridge (Python + JS), docusaurus config, package.json
• feat: rename root config dir strray/ → xray/ — 19 files updated, MCP server names, build script, .opencode paths
• feat: backward compat maintained — all bridge files check both strray-ai (old) and 0xray (new)
• feat: .npmignore fixed (removed src/ entry that conflicted with files field)
• feat: .gitignore cleaned — stale .strray/ entries, strray-ai-*.tgz → 0xray-*.tgz
• feat: package.json files field expanded — added src/skills/ and src/mcps/ directories

🛡️ Governance Pipeline Hardening

• feat: add end-to-end timeout (default 90s) to govern() with AbortController
• feat: add configurable timeoutMs and maxAbstentionThreshold to GovernOptions
• feat: add 30s timeout wrapper for callInProcessSkill() (Vercel/serverless path)
• feat: Dynamo governance endpoint configurable via GOVERNANCE_ENDPOINT env var (no longer hardcoded)
• feat: governance MCP HTTP auth — x-api-key header against GOVERNANCE_API_KEY env var
• fix: governance-service overallDecision now returns 'reject' when appropriate; ProposalType mapping fixed
• fix: governance-service as any → MCPToolResult type

🔒 Security Hardening (3 Critical, 6 High)

• C1: proposal-applier.ts — execSync() → spawnSync() with args arrays, sanitizeGitArgument() strict regex
• C2: plugin-commands.ts — plugin name validation, execSync → spawnSync, validateManifest() shell metacharacter rejection
• C3: governance-client.ts + types.ts — hardcoded URL → GOVERNANCE_ENDPOINT env var
• H1: process-spawner.ts — env whitelist (PATH, HOME, NODE_PATH, TMPDIR, etc.) prevents secret leakage
• fix: npm audit: 11 vulns → 0

📄 Documentation Rewrite

• feat: AGENTS.md rewritten v2 MCP-centric, updated codex path, session summary appended
• feat: README.md v2.0.0 rewrite with MCP hero, GitHub 0xRayAI/xray, npm 0xray
• feat: Docusaurus updated — org URL 0xRayAI/xray, npm 0xray, edit URL fixed
• feat: CLAUDE.md created for both master and v2, references 68 codex terms
• chore: 12 stale docs git-rm'd: AGENTS-consumer.md, AGENTS-full.md, CHANGELOG-v1.15.x.md, 7 docs/ files

📏 Codex Expansion (61→68)

• feat: codex rules 61-68 added to both xray/codex.json (v2) and .strray/codex.json (v1)
  • 61: Do One Thing, 62: Triage-Fix-Loop, 63: Watch Errors, 64: Always Add .gitignore
  • 65: Write Tests, 66: Modular E2E Tests, 67: Use Best Subagents, 68: Lead Dev Mindset
• feat: CodexPolicyService — 13 new tests (getTermCount, getCurrentCodex, fallbacks)

🐛 Hermes Bridge Processor Logging Fix

• fix: root cause — executePreProcessors() returns { success, results: [...] } while executePostProcessors() returns [...]; Array.isArray check failed for pre-processors → processorCount always 0
• fix: normalized return format with Array.isArray(rawResults) ? rawResults : (rawResults.results || [])
• fix: added [pre-processors], [post-processors], [pre-processor], [post-processor] log entries
• fix: deployed updated bridge.mjs/init.py/schemas.py/tools.py to ~/.hermes/plugins/strray-hermes/

🧹 Code Quality

• fix: removed duplicate program.command('plugin') — CLI was broken, now works
• fix: removed dead Python path checks from boot-orchestrator.server.ts and framework-compliance-audit.server.ts
• fix: process.stderr.write → frameworkLogger in 3 files (governance.server.ts, skill-invocation.server.ts, shutdown-handler.ts)
• fix: 58 substr() → substring() across codebase
• fix: removed 4 dead dynamic imports in CLI index.ts
• fix: renumbered help text steps consecutively
• fix: JSON.stringify wrapped in try/catch in framework-logger.ts
• fix: any type in governance-types.ts → proper CodexSnapshot interface
• fix: MCP server deep review — researcher SKILL.md path, security-audit SKILL.md tool list, governance.server.ts logging, duplicate imports, 9 malformed log keys fixed

✅ Test Coverage

• 161 test files, 2,863 tests, 0 unit failures, build passes, 0 npm vulns
• 41 new tests: codex-validators dynamic read (68 terms), governance-service (22), codex-policy.service (13), mcp-server-smoke (5), mcp-servers-integration (16 behavioral)
• Full consumer E2E gate: Hermes 46/0/0, OpenCode 34/0/0, OpenClaw 96/0/0, Grok CLI 55/0/2 — 0 failures across 231 tests

📦 Breaking Changes

• Package renamed strray-ai → 0xray (npm: npm install 0xray, npx 0xray --help)
• GitHub org: 0xRayAI/xray (was htafolla/StringRay)
• Root config dir: xray/ (was strray/)
• Version 2.0.0 under 0xRay org (not a merge to master; master remains v1.22)
• Dynamo governance endpoint: removed hardcoded production URL, now requires GOVERNANCE_ENDPOINT env var
• aside-context.ts removed (was unused)
• GovernOptions extended with timeoutMs and maxAbstentionThreshold

v1.14.0 - Inference Pipeline

Inference Pipeline Complete

New Features

• InferenceTuner - Autonomous routing improvement service
• InferenceImprovementProcessor - Periodic refinement processor
• extractActionWords() - Tool command routing for plugin
• Pattern persistence to disk
• CLI commands: inference:tuner, inference:improve

Bug Fixes

• tsconfig exclude: src/reporting/** now builds
• bug-triage skill: code-review -> bug-triage
• Keyword conflicts: analyze, auth, perf fixed
• Mapping order: security before code-reviewer
• PerformanceAnalyzer: timestamps and confidence
• OutcomeTracker: sync reload, clear file

Metrics

• Routing Accuracy: 5/5 (100%)
• Avg Confidence: 92.4%
• Tests: 2521 passing

Pipeline Status

StringRay v1.13.0

🚀 StringRay v1.13.0 - The Plugin Hook Breakthrough

The Problem

For 2 months, the StringRay plugin was running as a skeleton. Tool hooks were disabled, the OpenClaw integration never initialized, and the framework bypassed real development work entirely.

What We Shipped

1. Plugin Hook System - Fully Operational

Fixed the root causes that prevented hooks from firing:

• Export format fix: Changed from flat keys to { hooks: { } } structure
• Import path resolution: Plugin now uses directory parameter instead of import.meta.url
• Direct activity logging: Plugin writes to logs/framework/plugin-tool-events.log
• Build integration: npm run build now automatically copies to .opencode/plugin/

2. Console.* → FrameworkLogger Migration

Migrated 60+ console.warn/info/error calls across the entire codebase for consistent logging.

3. Activity Logger Enhancement

• Created tool-event-emitter.ts for tracking tool execution events
• Connected plugin hooks to the activity logging system
• Post-processors now properly track tool executions

Stats

Metric	Value
Tests	2554 passed
Files changed	108

Breaking Changes

None. 100% backward compatible.

How to Update

```bash
npm update strray-ai
```

Or pull latest and rebuild:
```bash
git pull && npm run build
```

Note

After updating .opencode/plugin/, restart OpenCode for changes to take effect.

Release v1.0.28

StringRay Framework vv1.0.28

🚀 Enterprise Production Release

Enterprise AI agent coordination with systematic error prevention. Zero dead ends. Ship clean, tested, optimized code — every time.

📦 Installation

npm install strray-ai@latest
npx strray-ai install

🎯 Key Features

• 🤖 Intelligent Agent Orchestration (8 specialized agents)
• 📏 Codex Compliance (99.6% systematic error prevention)
• 🔄 Multi-Agent Coordination (Complexity-based routing)
• ⚡⚡ Performance Optimization (87% faster test execution)
• 🛡️ Enterprise Security (Comprehensive validation)
• 📊 Real-time Monitoring (Performance tracking)

📋 Release Notes

• ✅ 989 comprehensive tests (100% pass rate)
• ✅ Enterprise-grade error prevention
• ✅ Clean OpenCode CLI experience
• ✅ MCP server ecosystem (20 tools)
• ✅ Zero-configuration installation

🔧 Requirements

• Node.js 18+
• oh-my-opencode (for plugin integration)

---

Built on the Universal Development Codex v1.2.24

Release v1.0.27

StringRay Framework vv1.0.27

🚀 Enterprise Production Release

Enterprise AI agent coordination with systematic error prevention. Zero dead ends. Ship clean, tested, optimized code — every time.

📦 Installation

npm install strray-ai@latest
npx strray-ai install

🎯 Key Features

• 🤖 Intelligent Agent Orchestration (8 specialized agents)
• 📏 Codex Compliance (99.6% systematic error prevention)
• 🔄 Multi-Agent Coordination (Complexity-based routing)
• ⚡⚡ Performance Optimization (87% faster test execution)
• 🛡️ Enterprise Security (Comprehensive validation)
• 📊 Real-time Monitoring (Performance tracking)

📋 Release Notes

• ✅ 989 comprehensive tests (100% pass rate)
• ✅ Enterprise-grade error prevention
• ✅ Clean OpenCode CLI experience
• ✅ MCP server ecosystem (20 tools)
• ✅ Zero-configuration installation

🔧 Requirements

• Node.js 18+
• oh-my-opencode (for plugin integration)

---

Built on the Universal Development Codex v1.2.24

Release v1.0.7

StringRay Framework vv1.0.7

🚀 Enterprise Production Release

Enterprise AI agent coordination with systematic error prevention. Zero dead ends. Ship clean, tested, optimized code — every time.

📦 Installation

npm install strray-ai@latest
npx strray-ai install

🎯 Key Features

• 🤖 Intelligent Agent Orchestration (8 specialized agents)
• 📏 Codex Compliance (99.6% systematic error prevention)
• 🔄 Multi-Agent Coordination (Complexity-based routing)
• ⚡⚡ Performance Optimization (87% faster test execution)
• 🛡️ Enterprise Security (Comprehensive validation)
• 📊 Real-time Monitoring (Performance tracking)

📋 Release Notes

• ✅ 989 comprehensive tests (100% pass rate)
• ✅ Enterprise-grade error prevention
• ✅ Clean OpenCode CLI experience
• ✅ MCP server ecosystem (20 tools)
• ✅ Zero-configuration installation

🔧 Requirements

• Node.js 18+
• oh-my-opencode (for plugin integration)

---

Built on the Universal Development Codex v1.2.24

StringRay Framework v1.0.4 - Production Deployed

🚀 StringRay Framework v1.0.4 - Production Deployed

Major Deployment Fixes

• CI/CD Pipeline Resolution: Fixed 53 failed npm publishes through systematic fixes
• Path Resolution Issues: Resolved incomplete build process and logging environment problems
• Package Identity: Established strray-ai as the official npm package name
• Cross-Environment Compatibility: Ensured consistent behavior across local, CI, and npm environments

Framework Features

• 8 Specialized AI Agents: Complete orchestration for development workflows
• 16 MCP Servers: Full Model Context Protocol with specialized servers
• 99.6% Error Prevention: Systematic validation via Universal Development Codex
• Enterprise Monitoring: Comprehensive performance tracking and health checks

Installation

npm install strray-ai
npx strray-ai install  # One-command setup
npx strray-ai doctor   # Health checks
npx strray-ai status   # System status

Enterprise Ready ✅

• Zero-configuration setup
• Production-grade code generation
• Comprehensive error prevention
• Professional CLI and branding

Package: 656.2 kB (4.3 MB unpacked) | Files: 668 | Downloads: Ready for adoption