Releases: iansherr/determinagents
Release list
v0.5.3
This release introduces major infrastructure for automated reporting and repository discovery, alongside a significant polish to the
repository's "front door" and installer ergonomics.
Automated Reporting & Signal Schema
- Project-facing reporting harness: Added specs/AUTOMATED_REPORTING.md and specs/SIGNAL_SCHEMA.md. This allows agents to synthesize existing
audit reports and runtime snapshots into a SYSTEM_DIGEST. - Modes supported: Baseline, trend, incident, change-review, and portfolio.
- Wired as auto-report: Now available in INVOCATIONS.md for standard use across projects.
Repository Discovery & New Audits
- Capability Discovery: New specs COMMAND_DISCOVERY_SCAN.md and COMMAND_DISCOVERY_QUICK_REF.md for systematic mapping of a repository's
capabilities. - Resource Capacity Audit: Added audits/RESOURCE_CAPACITY.md, focusing on system limits, scaling constraints, and infrastructure bottlenecks.
"Front Door" & Documentation Polish
- README Refresh: Stronger positioning, behavior chooser table (stub, security, data-flow, etc.), example finding excerpts, and a new Mermaid
workflow diagram. - INSTALL.md Refresh: Improved agent-readable instructions with better context for Claude Code Skills, Gemini/Cursor drift, and model tier
considerations. - bin/determinagents Shim: Updated subcommands and help text for better clarity and alignment with the latest specs.
Internal Tracking & Infrastructure
- New tracking files: Added PROGRESS.md and TODO.md for repo-level task management.
- Improved Ignore Rules: Updated .gitignore to protect .sisyphus/ internal session state from accidental commits.
- Version consistency: Includes the v0.5.2 installer refresh (Claude Code & model tier notes).
v0.5.1
Added
specs/MAINTENANCE.md— maintainer's tool for keeping the library current. Three modes:--mode=refresh(audit host-tool conventions for drift, surface new tools, check model-tier language);--mode=integrate --source=<...>(fold an external source into the library with explicit additive/redundant/misaligned verdicts);--mode=brainstorm [--seed=<topic>](structured exploration of coverage/harness/workflow gaps). Reports go todocs/maintenance/(gitignored). Wired intoINVOCATIONS.md§Maintenance.docs/determinagents/AUDIT_CONTEXT.mdfor the library repo itself. The shared conventions tell every invocation to read this file if present; rather than special-casing maintenance runs with an override note, the library now has a real context (POSIX-sh-only, no API/DB/frontend, which audits apply and which don't, thedocs/path distinction between library and target projects).
Changed
determinagents materializeprompt now explicitly handles the re-materialize case: if DeterminAgents commands already exist in the host tool, the agent regenerates unchanged files silently, prompts before overwriting hand-edited ones, and reports what changed. Previously the agent had to discover this fromINSTALL.mdon its own.
Fixed
- Maintenance invocation no longer needs a special override note telling the agent to skip
AUDIT_CONTEXT.md— the file now exists, making the library consistent with the pattern it teaches.
v0.5.0 — DeterminAgents
This release consolidates four months of in-tree work (the v0.3 harness expansion and v0.4 simplification pass referenced below were never tagged) plus a fresh batch covering installer ergonomics, the hub command flow, the rebrand to DeterminAgents, and shim-side quality-of-life features (doctor, completions, paste-ready uninstall cleanup).
Action required after
determinagents update: re-rundeterminagents materializefor this release. The hub command template gained the conditional First Run logic, which is baked in at materialization time and won't update automatically. Audit content changes (e.g., the new OWASP citation inSECURITY_PENTEST.md) flow through without re-materialization, per the thin-pointer convention inINSTALL.md.
Added (shim — quality of life)
determinagents doctor— read-only health check across install, shim, remote, and shell completion. Reportsok/warn/failper check; exits non-zero on any fail. Catches stale checkouts, dirty working trees, missing PATH entries, unreachable origin, and unsupported shells before they bite during a real run.determinagents completions <shell>— prints a tab-completion script forbash,zsh, orfishto stdout. Single source of truth for the subcommand list lives in the shim, so adding a subcommand later only touches one place. Installer detects$SHELLand prints the one-liner to enable it; never edits dotfiles.determinagents uninstallnow prints a paste-ready prompt for the user's LLM app to clean up generated slash commands (the shim removes the library directory; the host-tool commands live elsewhere and need an agent to remove safely).- Shim help text rewritten so
materializereflects reality — one prompt, host-agnostic. The agent inside the LLM detects Claude Code / Gemini / Cursor / etc. from its own context. (Previously the help advertised a[host]arg that the shim silently dropped.)
Added (installer)
- Local repository detection. If
install.shis run from a clone, prompts for in-place install (no network), local copy to default path, or fresh download from GitHub. - Local-copy install option (writes a clone of the local checkout to
$DETERMINAGENTS_HOMEso the install path stays the standard one even when iterating from a clone). - Path-baked shim for non-standard installs: when installing to a path other than
~/.determinagents, the shim has the absolute install path baked in viased, so it works without requiring$DETERMINAGENTS_HOMEto be exported. - Installer prints shell-specific completion-enable hint after success (no dotfile edits).
Added (hub command — First Run flow)
INSTALL.mdhub template now instructs the rendering agent to statDESIGN.md,docs/determinagents/FEATURE_REGISTRY.md, anddocs/determinagents/AUDIT_CONTEXT.mdon every invocation, and adapt the "🚀 First Run" section accordingly: omit when all three exist, demote to a single "Re-init" line when some exist, render as-is when none. The hub menu self-heals if artifacts are deleted later.- Display-first directive: hub commands must show the menu before doing any shell commands or file searches.
- Recommendation that materialization leaves a removable marker comment (
generated-by: …/INSTALL.md) on each generated file so uninstall is deterministic. - Rewritten "Uninstall" section in
INSTALL.mdwith the full paste-ready cleanup prompt.
Changed (rebrand: DeterminAgents)
- Stylized as DeterminAgents in titles and prose (README headline, INSTALL.md hub template strings). All CLI tokens, paths, env vars, and the repo slug stay lowercase (
determinagents,$DETERMINAGENTS_HOME, etc.). No code or path churn.
Changed (README — design principle, attribution)
- New "Design principle" section near the top codifies simple prompt + good harness > clever prompt + no harness, links the v0.4 simplification commit, and includes a "when this isn't worth it" note (don't reach for a phased audit on a 200-line script). Promotes the principle from buried-in-the-Acknowledgements to a first-class framing.
- Acknowledgements rewritten: drops the Anthropic-specific name in favor of "frontier model engineers"; adds "out loud, against the cultural reflex of secrecy and the collective instinct to grind for the perfect prompt"; new paragraph crediting Karpathy's "loop until success criteria met" observation and Forrest Chang's andrej-karpathy-skills as a parallel distillation of the same insight.
Added (vocabulary — OWASP only)
audits/SECURITY_PENTEST.mdnow asks the agent to cite the relevant OWASP Top 10 category in each finding (e.g.,**OWASP**: A01 Broken Access Control). Explicit non-claim about SOC 2 / ISO 27001 / HIPAA / PCI: those are organizational control frameworks, not code-level vulnerability taxonomies, and DeterminAgents does not assess them. OWASP earns the citation because it's a code-level taxonomy that lines up with what the audit actually produces.
Fixed
INSTALL.mdClaude Code file-tree example had its file list duplicated in the same code block; deduped.- Gemini CLI hub-command convention corrected to TOML (
description = "..."+prompt = """...""") — the prior example used Markdown frontmatter, which Gemini does not parse. - Materialized commands now recommend including the absolute install path as a fallback alongside
$DETERMINAGENTS_HOME, so commands work immediately in environments where the env var isn't exported yet. bin/determinagentsshellcheck warnings: dropped the unusedSUBCOMMANDSplaceholder (the eval'd completion bodies need their own literal lists, so the var was dead code dressed up as a single-source-of-truth) and converted theuninstallcleanup-prompt block from per-lineechoto a heredoc, eliminating the SC2088 tilde-in-quotes warning. CI green.
Added (model tier hints)
specs/FORMAT.md— new "Model tier hints" section documenting three role-based, vendor-neutral tiers:reasoning(multi-step hypothesis generation),default(workhorse tasks),fast(narrow scope / classification). Names describe what the task needs, not what the model is, so they stay useful as model lineups change. Includes a current-mappings table (with the explicit caveat that vendor names rot).- Each audit doc declares a
**Model tier**line near the top. SECURITY_HUNT and TESTING_CREATOR arereasoning; DOCS_DRIFT and UX_DESIGN_AUDIT arefast; everything elsedefault. INSTALL.md— documents how host-tool materialization should honor the tier hint:model:frontmatter where supported (Claude Code), agent-surfaced recommendation otherwise (Cursor, Gemini CLI). The materializing agent maps tier to the host's current model names.
Changed (v0.4 simplification — applying "simple prompt + good harness" to the library itself)
- INVOCATIONS.md cut from 590 → ~250 lines (~57%). Collapsed enumerated invocation variants (4 RESOLVE variants, 4 SECURITY_HUNT variants, etc.) into one invocation per behavior with documented
--scope,--target,--phases,--max-time, and+harnessflags. Substituted trust the user/agent to combine flags for enumerate every plausible invocation. - Dropped
quick/standard/deepnamed scope variants from every audit doc. Replaced with--phases=N,M(run specific phases) and--max-time=Xm(soft budget). The agent picks based on actual constraint, not pre-baked slicing. Each audit's "Time estimate" section now states the default duration plus a one-line note about flags. - Split
AUDIT_CONTEXT_TEMPLATE.md(305 lines → 63 lines) into a minimal template (Globalonly) and a separate sections catalog (specs/AUDIT_CONTEXT_SECTIONS.md). New projects start with the minimal template; sections from the catalog get copied in only when there's something to put in them. Empty## STUB_AND_COMPLETENESSsections are noise; sections that grew during a real audit run are signal. - Trimmed inline invocation examples from
specs/FEATURE_REGISTRY.mdandspecs/BOOTSTRAP.md. Both now referenceINVOCATIONS.mdas canonical and describe the rules/shape, not the prompts. - RESOLVE_FROM_REPORT Phase 2 converted from 7 numbered sub-phases to a prose loop description + three sub-sections (presentation format, verification rules, commit format, report annotation). Same content, less ceremony.
- README: layout tree updated for new spec files; mutating-docs table includes DATA_FLOW_VERIFY; new "Inspiration" section credits Mozilla Security's Firefox-hardening writeup as the source of the agentic-harness pattern and the v0.4 simplification principle.
This is net deletion: ~700 lines removed, library shape more confidently opinionated, defaults that do the right thing rather than enumerated alternatives.
Added (harness expansion — "simple prompt + good harness > clever prompt + no harness")
specs/FORMAT.md— new "Harness conventions" section codifying the pattern shared by all execution-capable audits: mutating declaration, disposable workspace requirement (Phase 0.1), AUDIT_CONTEXT integration, verification loop pattern, artifact capture, "Attempted but blocked" report section, per-target scope.audits/DATA_FLOW_VERIFY.md— mutating sibling toDATA_FLOW_TRACE.md. Drives the actual flow (UI or API), captures real wire traffic, snapshots the DB before/after, builds the round-trip table from observed bytes. Catches silent layer drift that static analysis can't see.audits/ERROR_HANDLING.mdPhase 6 — opt-in mutating fault-injection phase. Mock failures (404/500/network error) at the API boundary, drive the UI, observe what the user sees. Distinguishes silent corruption (UI lies about success) from generic-error (UI shows toast) from defended (graceful handling).audits/STUB_AND_COMPLETENESS.mdPhase 6 — opt-in mutating endpoint verification. Issues real HTTP probes against suspected phantom endpoints; recl...