Skip to content

Releases: iansherr/determinagents

v0.5.3

Choose a tag to compare

@iansherr iansherr released this 11 May 17:46

This release introduces major infrastructure for automated reporting and repository discovery, alongside a significant polish to the
repository's "front door" and installer ergonomics.

Automated Reporting & Signal Schema

  • Project-facing reporting harness: Added specs/AUTOMATED_REPORTING.md and specs/SIGNAL_SCHEMA.md. This allows agents to synthesize existing
    audit reports and runtime snapshots into a SYSTEM_DIGEST.
  • Modes supported: Baseline, trend, incident, change-review, and portfolio.
  • Wired as auto-report: Now available in INVOCATIONS.md for standard use across projects.

Repository Discovery & New Audits

  • Capability Discovery: New specs COMMAND_DISCOVERY_SCAN.md and COMMAND_DISCOVERY_QUICK_REF.md for systematic mapping of a repository's
    capabilities.
  • Resource Capacity Audit: Added audits/RESOURCE_CAPACITY.md, focusing on system limits, scaling constraints, and infrastructure bottlenecks.

"Front Door" & Documentation Polish

  • README Refresh: Stronger positioning, behavior chooser table (stub, security, data-flow, etc.), example finding excerpts, and a new Mermaid
    workflow diagram.
  • INSTALL.md Refresh: Improved agent-readable instructions with better context for Claude Code Skills, Gemini/Cursor drift, and model tier
    considerations.
  • bin/determinagents Shim: Updated subcommands and help text for better clarity and alignment with the latest specs.

Internal Tracking & Infrastructure

  • New tracking files: Added PROGRESS.md and TODO.md for repo-level task management.
  • Improved Ignore Rules: Updated .gitignore to protect .sisyphus/ internal session state from accidental commits.
  • Version consistency: Includes the v0.5.2 installer refresh (Claude Code & model tier notes).

v0.5.1

Choose a tag to compare

@iansherr iansherr released this 10 May 18:01

Added

  • specs/MAINTENANCE.md — maintainer's tool for keeping the library current. Three modes: --mode=refresh (audit host-tool conventions for drift, surface new tools, check model-tier language); --mode=integrate --source=<...> (fold an external source into the library with explicit additive/redundant/misaligned verdicts); --mode=brainstorm [--seed=<topic>] (structured exploration of coverage/harness/workflow gaps). Reports go to docs/maintenance/ (gitignored). Wired into INVOCATIONS.md §Maintenance.
  • docs/determinagents/AUDIT_CONTEXT.md for the library repo itself. The shared conventions tell every invocation to read this file if present; rather than special-casing maintenance runs with an override note, the library now has a real context (POSIX-sh-only, no API/DB/frontend, which audits apply and which don't, the docs/ path distinction between library and target projects).

Changed

  • determinagents materialize prompt now explicitly handles the re-materialize case: if DeterminAgents commands already exist in the host tool, the agent regenerates unchanged files silently, prompts before overwriting hand-edited ones, and reports what changed. Previously the agent had to discover this from INSTALL.md on its own.

Fixed

  • Maintenance invocation no longer needs a special override note telling the agent to skip AUDIT_CONTEXT.md — the file now exists, making the library consistent with the pattern it teaches.

v0.5.0 — DeterminAgents

Choose a tag to compare

@iansherr iansherr released this 10 May 13:34

This release consolidates four months of in-tree work (the v0.3 harness expansion and v0.4 simplification pass referenced below were never tagged) plus a fresh batch covering installer ergonomics, the hub command flow, the rebrand to DeterminAgents, and shim-side quality-of-life features (doctor, completions, paste-ready uninstall cleanup).

Action required after determinagents update: re-run determinagents materialize for this release. The hub command template gained the conditional First Run logic, which is baked in at materialization time and won't update automatically. Audit content changes (e.g., the new OWASP citation in SECURITY_PENTEST.md) flow through without re-materialization, per the thin-pointer convention in INSTALL.md.

Added (shim — quality of life)

  • determinagents doctor — read-only health check across install, shim, remote, and shell completion. Reports ok / warn / fail per check; exits non-zero on any fail. Catches stale checkouts, dirty working trees, missing PATH entries, unreachable origin, and unsupported shells before they bite during a real run.
  • determinagents completions <shell> — prints a tab-completion script for bash, zsh, or fish to stdout. Single source of truth for the subcommand list lives in the shim, so adding a subcommand later only touches one place. Installer detects $SHELL and prints the one-liner to enable it; never edits dotfiles.
  • determinagents uninstall now prints a paste-ready prompt for the user's LLM app to clean up generated slash commands (the shim removes the library directory; the host-tool commands live elsewhere and need an agent to remove safely).
  • Shim help text rewritten so materialize reflects reality — one prompt, host-agnostic. The agent inside the LLM detects Claude Code / Gemini / Cursor / etc. from its own context. (Previously the help advertised a [host] arg that the shim silently dropped.)

Added (installer)

  • Local repository detection. If install.sh is run from a clone, prompts for in-place install (no network), local copy to default path, or fresh download from GitHub.
  • Local-copy install option (writes a clone of the local checkout to $DETERMINAGENTS_HOME so the install path stays the standard one even when iterating from a clone).
  • Path-baked shim for non-standard installs: when installing to a path other than ~/.determinagents, the shim has the absolute install path baked in via sed, so it works without requiring $DETERMINAGENTS_HOME to be exported.
  • Installer prints shell-specific completion-enable hint after success (no dotfile edits).

Added (hub command — First Run flow)

  • INSTALL.md hub template now instructs the rendering agent to stat DESIGN.md, docs/determinagents/FEATURE_REGISTRY.md, and docs/determinagents/AUDIT_CONTEXT.md on every invocation, and adapt the "🚀 First Run" section accordingly: omit when all three exist, demote to a single "Re-init" line when some exist, render as-is when none. The hub menu self-heals if artifacts are deleted later.
  • Display-first directive: hub commands must show the menu before doing any shell commands or file searches.
  • Recommendation that materialization leaves a removable marker comment (generated-by: …/INSTALL.md) on each generated file so uninstall is deterministic.
  • Rewritten "Uninstall" section in INSTALL.md with the full paste-ready cleanup prompt.

Changed (rebrand: DeterminAgents)

  • Stylized as DeterminAgents in titles and prose (README headline, INSTALL.md hub template strings). All CLI tokens, paths, env vars, and the repo slug stay lowercase (determinagents, $DETERMINAGENTS_HOME, etc.). No code or path churn.

Changed (README — design principle, attribution)

  • New "Design principle" section near the top codifies simple prompt + good harness > clever prompt + no harness, links the v0.4 simplification commit, and includes a "when this isn't worth it" note (don't reach for a phased audit on a 200-line script). Promotes the principle from buried-in-the-Acknowledgements to a first-class framing.
  • Acknowledgements rewritten: drops the Anthropic-specific name in favor of "frontier model engineers"; adds "out loud, against the cultural reflex of secrecy and the collective instinct to grind for the perfect prompt"; new paragraph crediting Karpathy's "loop until success criteria met" observation and Forrest Chang's andrej-karpathy-skills as a parallel distillation of the same insight.

Added (vocabulary — OWASP only)

  • audits/SECURITY_PENTEST.md now asks the agent to cite the relevant OWASP Top 10 category in each finding (e.g., **OWASP**: A01 Broken Access Control). Explicit non-claim about SOC 2 / ISO 27001 / HIPAA / PCI: those are organizational control frameworks, not code-level vulnerability taxonomies, and DeterminAgents does not assess them. OWASP earns the citation because it's a code-level taxonomy that lines up with what the audit actually produces.

Fixed

  • INSTALL.md Claude Code file-tree example had its file list duplicated in the same code block; deduped.
  • Gemini CLI hub-command convention corrected to TOML (description = "..." + prompt = """...""") — the prior example used Markdown frontmatter, which Gemini does not parse.
  • Materialized commands now recommend including the absolute install path as a fallback alongside $DETERMINAGENTS_HOME, so commands work immediately in environments where the env var isn't exported yet.
  • bin/determinagents shellcheck warnings: dropped the unused SUBCOMMANDS placeholder (the eval'd completion bodies need their own literal lists, so the var was dead code dressed up as a single-source-of-truth) and converted the uninstall cleanup-prompt block from per-line echo to a heredoc, eliminating the SC2088 tilde-in-quotes warning. CI green.

Added (model tier hints)

  • specs/FORMAT.md — new "Model tier hints" section documenting three role-based, vendor-neutral tiers: reasoning (multi-step hypothesis generation), default (workhorse tasks), fast (narrow scope / classification). Names describe what the task needs, not what the model is, so they stay useful as model lineups change. Includes a current-mappings table (with the explicit caveat that vendor names rot).
  • Each audit doc declares a **Model tier** line near the top. SECURITY_HUNT and TESTING_CREATOR are reasoning; DOCS_DRIFT and UX_DESIGN_AUDIT are fast; everything else default.
  • INSTALL.md — documents how host-tool materialization should honor the tier hint: model: frontmatter where supported (Claude Code), agent-surfaced recommendation otherwise (Cursor, Gemini CLI). The materializing agent maps tier to the host's current model names.

Changed (v0.4 simplification — applying "simple prompt + good harness" to the library itself)

  • INVOCATIONS.md cut from 590 → ~250 lines (~57%). Collapsed enumerated invocation variants (4 RESOLVE variants, 4 SECURITY_HUNT variants, etc.) into one invocation per behavior with documented --scope, --target, --phases, --max-time, and +harness flags. Substituted trust the user/agent to combine flags for enumerate every plausible invocation.
  • Dropped quick/standard/deep named scope variants from every audit doc. Replaced with --phases=N,M (run specific phases) and --max-time=Xm (soft budget). The agent picks based on actual constraint, not pre-baked slicing. Each audit's "Time estimate" section now states the default duration plus a one-line note about flags.
  • Split AUDIT_CONTEXT_TEMPLATE.md (305 lines → 63 lines) into a minimal template (Global only) and a separate sections catalog (specs/AUDIT_CONTEXT_SECTIONS.md). New projects start with the minimal template; sections from the catalog get copied in only when there's something to put in them. Empty ## STUB_AND_COMPLETENESS sections are noise; sections that grew during a real audit run are signal.
  • Trimmed inline invocation examples from specs/FEATURE_REGISTRY.md and specs/BOOTSTRAP.md. Both now reference INVOCATIONS.md as canonical and describe the rules/shape, not the prompts.
  • RESOLVE_FROM_REPORT Phase 2 converted from 7 numbered sub-phases to a prose loop description + three sub-sections (presentation format, verification rules, commit format, report annotation). Same content, less ceremony.
  • README: layout tree updated for new spec files; mutating-docs table includes DATA_FLOW_VERIFY; new "Inspiration" section credits Mozilla Security's Firefox-hardening writeup as the source of the agentic-harness pattern and the v0.4 simplification principle.

This is net deletion: ~700 lines removed, library shape more confidently opinionated, defaults that do the right thing rather than enumerated alternatives.

Added (harness expansion — "simple prompt + good harness > clever prompt + no harness")

  • specs/FORMAT.md — new "Harness conventions" section codifying the pattern shared by all execution-capable audits: mutating declaration, disposable workspace requirement (Phase 0.1), AUDIT_CONTEXT integration, verification loop pattern, artifact capture, "Attempted but blocked" report section, per-target scope.
  • audits/DATA_FLOW_VERIFY.md — mutating sibling to DATA_FLOW_TRACE.md. Drives the actual flow (UI or API), captures real wire traffic, snapshots the DB before/after, builds the round-trip table from observed bytes. Catches silent layer drift that static analysis can't see.
  • audits/ERROR_HANDLING.md Phase 6 — opt-in mutating fault-injection phase. Mock failures (404/500/network error) at the API boundary, drive the UI, observe what the user sees. Distinguishes silent corruption (UI lies about success) from generic-error (UI shows toast) from defended (graceful handling).
  • audits/STUB_AND_COMPLETENESS.md Phase 6 — opt-in mutating endpoint verification. Issues real HTTP probes against suspected phantom endpoints; recl...
Read more