All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added autonomous Codex contribution scaffold workflows: issue-triggered PR generation and CI failure self-healing issue creation.
- Added
scripts/agents/codex_generate_patch.pyandscripts/agents/build_codex_prompt.pyfor auditable run payload generation and skill-constrained prompt composition. - Added
scripts/agents/append_metrics.pyandscripts/agents/evaluate_run.pyto persist benchmark deltas, score runs, and maintain.codex/metaleaderboard +.codex/memorylearning artifacts. - Added
scripts/agents/run_end_to_end.pyto execute the full autonomous scaffold loop in one command for deterministic local/CI validation. - Added kernel optimization skill packs under
skills/(cuda.md,tiling.md,memory_coalescing.md) for structured agent prompt injection. - Added failure-aware skill packs (
optimization_strategies.md,compatibility_rules.md) used for prompt routing by failure type. - Added a production-grade HPC CI/CD architecture reference document covering deterministic build strategy, GPU matrix validation, release gating, and scaling guidance.
- Added
scripts/org_repo_review.pyto automate organisation-wide repository cloning, lint/type/test/security execution, and consolidated report generation. - Added new GitHub Actions workflows for expanded HPC matrix validation, dedicated GPU hardware testing, benchmark regression gating, and docs build verification.
- Added a benchmark regression check utility script with baseline support to enforce latency performance thresholds in CI.
- Added MkDocs configuration to enable strict documentation build checks in CI.
- Added a scheduled dependency health workflow that validates installation integrity, runs
pip check, audits vulnerabilities withpip-audit, and verifies package imports across Python 3.9-3.12. - Added a weekly dependency canary workflow that upgrades core quality tooling to latest versions and runs lint, type checks, tests, and package build validation.
- Expanded CI workflow to run a Python 3.9-3.12 matrix with linting, format checks, type checking, security scanning, coverage-enforced tests, smoke verification, and package build validation.
- Added dedicated smoke workflow for pull requests and manual dispatch execution.
- Added thread-safe nonce registry reference implementation with TTL cleanup support and observability metrics via
stats(). - Added SQLite audit storage reference implementation with append/list operations and service diagnostics through
health(). - Added coverage tests for the reference implementations.
- Added developer automation improvements to the Makefile for formatting checks, smoke tests, dependency scanning, and build verification.
- Extended the security workflow with dependency review, CodeQL scheduling, vulnerability scans (
safetyandpip-audit), and secret scanning using gitleaks. - Extended smoke script coverage to execute reference implementation runtime checks.
- Updated release workflow to verify distribution metadata with
twine checkbefore PyPI publishing.
- Added a production-grade HPC CI/CD architecture reference document covering deterministic build strategy, GPU matrix validation, release gating, and scaling guidance.
- Added new GitHub Actions workflows for expanded HPC matrix validation, dedicated GPU hardware testing, benchmark regression gating, and docs build verification.
- Added a benchmark regression check utility script with baseline support to enforce latency performance thresholds in CI.
- Added MkDocs configuration to enable strict documentation build checks in CI.
- Initial kernel implementation with deterministic state machine
- Core types: KernelState, KernelRequest, KernelReceipt, Decision, ReceiptStatus
- Append-only audit ledger with hash-chained entries
- Jurisdiction policy engine with composable rules
- Tool registry with built-in
echoandaddtools - Four kernel variants: strict, permissive, evidence-first, dual-channel
- Replay verification for audit ledger
- CLI entrypoint with help and version commands
- Formal specification pack under
/spec - Five working examples demonstrating core functionality
- Complete test suite
- N/A (initial release)
- N/A (initial release)
- N/A (initial release)
- Fail-closed semantics enforced by default
- Hash chain integrity verification on replay
- Jurisdiction checks mandatory before execution