Skip to content

Releases: mrizzi/sdlc-plugins

v0.12.2

Choose a tag to compare

@mrizzi mrizzi released this 03 Jul 12:50

Fixed

  • Non-plannable requirement flagging added to impact map step in plan-feature
  • Direct dependency requirement clarified for create-branch bookend in plan-feature
  • Eval assertions rewritten for file-based evidence in plan-feature

v0.12.1

Choose a tag to compare

@mrizzi mrizzi released this 02 Jul 15:53

Added

  • Documentation task generation from Feature description signals in plan-feature
  • Testing task generation from readiness template in plan-feature

Fixed

  • Documentation tasks exempted from template and dependency assertions in plan-feature

v0.12.0

Choose a tag to compare

@mrizzi mrizzi released this 02 Jul 11:01

[0.12.0] - 2026-07-02

Added

  • Epic creation and grouping strategies with configurable hierarchy preferences in plan-feature (TC-4869)
  • Parent issue linking step in plan-feature (TC-4870)
  • Early assignment and Assigned transition at Step 0.7 in triage-security (TC-5008)
  • Cross-CVE traceability links and comments at Step 4.3 in triage-security (TC-5009)

Fixed

  • Traceability links created at identification time instead of after confirmation in triage-security (TC-5009)

v0.11.1

Choose a tag to compare

@mrizzi mrizzi released this 01 Jul 14:37

Added

  • Deployment context classification for remediation tasks in triage-security
  • Concurrent triage detection before remediation task creation in triage-security
  • Staleness detection for security-matrix.md in triage-security
  • Embargo warning gate for high-severity CVEs in triage-security
  • Optional SBOM-based base image verification via cosign in triage-security
  • Ready for QA discovery category with remediation task completion check in triage-security
  • ProdSec contact config and vulnerability creator @mention in triage-security
  • Description digest comment on remediation task creation in triage-security
  • External CVE data enrichment from MITRE and OSV.dev in triage-security
  • Proactive cross-stream remediation with security-preemptive label in triage-security
  • Cross-CVE overlap detection via Upstream Affected Component in triage-security
  • get_remote_links command in jira-client
  • Priority and fixVersion REST API fallback in jira-client
  • Priority and fixVersion inheritance in plan-feature task creation
  • Priority and fixVersion prompts in define-feature
  • Dynamic issue type discovery and hierarchy mapping in plan-feature
  • Jira Field Defaults configuration step in setup
  • Bug and Hierarchy configuration in setup
  • Hierarchy preferences step and configuration contract in setup
  • Priority and fixVersion field handling constraints

Changed

  • Cross-CVE overlap fields made configurable via /setup in triage-security
  • Unsupported ecosystem message generalized to use placeholder in triage-security

Fixed

  • Step numbering consistency (7.0/7 → 7/8) in triage-security
  • SBOM verification output line made mandatory for RPM packages in triage-security
  • Created column added to Ready for QA table template in triage-security
  • get_remote_links guarded against non-dict responses in jira-client
  • ADF taskList/taskItem node sanitization to prevent INVALID_INPUT errors in jira-client
  • Field handling and test review feedback addressed in jira-client
  • Feature-branch label included in workflow mode decision output in plan-feature
  • Convention enrichment completeness check and verification pass in plan-feature
  • Baseline comparison gate added to eval failure subtask creation in verify-pr
  • Idempotent sibling link check documented in triage-security Step 4.2

v0.11.0

Choose a tag to compare

@mrizzi mrizzi released this 19 Jun 13:22

[0.11.0] - 2026-06-19

Added

  • report-bug skill for structured bug reporting with Jira issue creation
  • triage-bug skill for bug lifecycle pipeline triage
  • Bug Configuration scaffolding step in setup skill
  • Bug description template scaffold
  • Bug lifecycle pipeline documentation and constraints
  • Eval infrastructure for report-bug and triage-bug skills

Changed

  • Improved triage-bug skill discoverability and navigation

Fixed

  • triage-bug digest comment exempted from Comment Footnote rule
  • triage-bug eval assertion for ai-generated-jira label
  • report-bug programmatic input format and composed output examples
  • Bug lifecycle docs heading levels aligned with feature phases
  • Corrected report-bug constraint source reference

v0.10.0

Choose a tag to compare

@mrizzi mrizzi released this 15 Jun 14:57

[0.10.0] - 2026-06-15

Added

  • triage-security skill for version-aware CVE triage with Jira sub-task creation and security matrix integration
  • Security Configuration step in setup skill for local security-matrix scaffolding
  • Security matrix template (security-matrix.md) for Konflux repositories
  • Triage-security architectural constraints and guardrails
  • Eval infrastructure for triage-security with discovery mode and RPM ecosystem test cases

Changed

  • triage-security Step 2.1 matrix loading now prefers local files with Konflux API fallback
  • Applied progressive disclosure to triage-security SKILL.md for improved readability

Fixed

  • verify-pr now classifies review body suggestions alongside inline comments
  • Corrected traceability index constraint references in triage-security
  • Aligned Vulnerability issue type ID field name with project config contract in triage-security

A special thank you to @ruromero for his great contribution of the triage-security skill — the headline feature of this release. His work brings version-aware CVE triage with full Jira traceability and security matrix integration to the SDLC workflow. Thank you, Ruben!

v0.9.2

Choose a tag to compare

@mrizzi mrizzi released this 03 Jun 13:28

[0.9.2] - 2026-06-03

Added

  • Description digest protocol for cross-phase integrity verification in plan-feature and implement-task
  • Convention applicability rules with file-type scoping for convention upgrades in plan-feature and verify-pr
  • Eval-aware Test Quality integration with autonomous eval failure sub-task creation in verify-pr
  • Description digest verification step in implement-task
  • Documentation scope preservation check in implement-task
  • Eval infrastructure change detection in verify-pr correctness check
  • Failure evidence rendering in run-evals summary output
  • Cross-phase integrity and convention applicability constraints

Fixed

  • Standardized digest computation on ADF JSON with format-tagged digests for access-method-agnostic verification
  • Multiple digest comment handling disambiguation in implement-task
  • Convention applicability format enforcement and self-verification guards in plan-feature
  • Issue link direction for Incorporates and Depend in plan-feature
  • Digest protocol inlined in SKILL.md to fix eval regression
  • CI reporting success when no evals need to run
  • HTML special character escaping in eval failure evidence output

v0.9.1

Choose a tag to compare

@mrizzi mrizzi released this 20 May 10:27

Fixed

  • Resolved CONVENTIONS.md lookup to use Repository Registry Path instead of hardcoded path
  • Hard stop on CI check failure before commit in implement-task

v0.9.0

Choose a tag to compare

@mrizzi mrizzi released this 14 May 10:13

[0.9.0] - 2026-05-14

Added

  • Feature-branch workflow mode with automatic bookend task generation in plan-feature
  • Target Branch support and bookend handling in implement-task
  • Target Branch and Bookend Type sections in the task description template
  • Feature-branch workflow constraints and documentation
  • Fork PR eval dispatch CI workflow for cross-fork eval runs
  • Commit status reporting for eval PR visibility

Changed

  • Migrated eval CI workflows to direct Workload Identity Federation
  • Hardened eval dispatch against artifact poisoning and injection

Fixed

  • Resolved stale pending commit status when eval discover fails
  • Fork PR resolution via pulls.list with pagination

Documentation

  • Excluded eval baselines from changelog scope

v0.8.2

Choose a tag to compare

@mrizzi mrizzi released this 29 Apr 12:49

Changed

  • Added skill name to eval result summary headings for clearer multi-skill output

Added

  • Eval baselines for latest skill changes