Skip to content

v0.2.0

Latest

Choose a tag to compare

@Patel230 Patel230 released this 13 Jul 10:52

[0.2.0] — 2026-07-13

Changed

  • Hawk/Eyrie production boundary completed: Hawk owns the product face,
    sessions, tools, permissions, and public schemas while Eyrie v0.2.1 owns
    credentials, catalog resolution, provider transport, resilience, and usage
    telemetry behind the stable eyrie/engine facade.
  • Provider routing and usage attribution hardened: resolved route changes,
    continuation segments, and terminal usage are propagated without duplicate
    accounting, and production Eyrie calls use exactly one resilience layer.
  • Daemon conversations are durable: JSON and SSE chat requests create or
    resume persisted sessions, expose stable session IDs, preserve metadata, and
    distinguish invalid, missing, and corrupt state.
  • Release and supply-chain gates strengthened: exact ecosystem Gitlinks,
    module/tag parity, Trivy enforcement, public-module builds, SBOM generation,
    and cross-platform artifacts are part of the release path.
  • Fixed /mode auto misclassifying plain English as shell commands: shellmode.ClassifyInput trusted exec.LookPath(firstWord) alone, so any sentence starting with a word that's also a real Unix binary (make sure this works, find the bug in this file, kill the old branch, sort out the imports...) was silently executed as a shell command instead of being sent to the model — confirmed 18 of 20 sampled sentences misclassified before the fix. Now a curated allowlist of unambiguous dev-tool names (git, npm, docker, ls, cat, ...) is trusted immediately, while every other PATH match requires real shell-syntax evidence (a flag, a path, a file extension, or an operator like |/>/&&) before being trusted as a shell command — matching the same ambiguity Warp's own terminal autodetect documents and resolves with a user-configurable denylist.
  • Permission system unified into two independent axes: the old PermissionMode (default/acceptEdits/bypassPermissions/dontAsk/plan) is removed. /autonomy now controls the 5-tier trust ladder (Always Ask/Scout/Builder/Operator/Autonomous, bare /autonomy opens a picker), and /spec controls an independent, orthogonal spec-driven workflow gate (Specify → Plan → Tasks → ApproveImplementation, bare /spec opens a picker) that blocks Write/Edit/Bash regardless of trust tier — including at Autonomous. Fixes a real bug where the old Plan Mode's write-block could be silently bypassed at high autonomy tiers, since tier and mode were checked independently with no ordering guarantee.
  • Fixed PermissionService.SetAutonomy/Autonomy(): previously wrote to/read from a shadow field the permission engine's CheckTool never consulted, meaning autonomy tier changes may not have reliably taken effect. Now both read/write the same PermissionEngine.Autonomy field the check logic uses.
  • --permission-mode CLI flag removed; --dangerously-skip-permissions unchanged (now maps to the Autonomous tier). New --dry-run flag added as an unconditional kill switch (deny every tool call, regardless of tier or spec stage) — replaces dontAsk's hard-lockout role.
  • Version re-baselined to 0.1.0 across cmd/hawk/main.go, cmd/daemon.go,
    flake.nix, .github/workflows/release.yml, and the update/daemon test suites, aligning hawk
    with the rest of the GrayCodeAI ecosystem (eyrie, tok, yaad, sight, inspect).
  • Architecture boundary hardening: Hawk now owns runtime request/response DTOs, transport config/provider seams, and review/verification product-boundary contracts, with eyrie/client usage restricted to internal adapters and guarded in CI.
  • shared/types removed: Hawk no longer ships the old shared type path, and local boundary checks now block any attempt to reintroduce it.

Added

  • Spec-driven workflow (/spec): independent, orthogonal permission gate that walks the model through Specify → Plan → Tasks, writing real spec.md/plan.md/tasks.md files to .hawk/specs/<slug>/, and requires explicit ApproveImplementation approval (always prompts, at any trust tier) before Write/Edit/Bash unlock. The approval prompt shows the actual written content, not a blind yes/no.
  • /autonomy and /spec picker overlays: bare /autonomy or /spec opens an arrow-key-navigable, filterable picker (Esc/Enter) instead of requiring subcommand syntax; typed subcommands (/autonomy tier scout, /spec status, etc.) still work.
  • Watch mode (--watch): file-watcher loop that acts on AI! (do-now) and AI? (answer) code comments. Off by default.
  • GitHub Action (.github/actions/hawk): interactive mode on @hawk mentions, automation mode on labeled issues/PRs, and skill dispatch for /-prefixed prompts.
  • Messaging gateways: opt-in Telegram, Discord, and Slack gateways on the daemon for chatting with hawk from messaging apps.
  • AST repo-map (internal/context/repomap): structural repository map for richer model context.
  • Auto codebase analysis on first run (internal/autoinit): opt-in seeding of project context.
  • Auto-lint / auto-fix cycle: runs the matching linter after edits and iterates on fixes with bounded retries (opt-in).
  • Image / multimodal context (internal/engine/vision.go): feed screenshots/images to vision-capable models.
  • Plan & Explore sub-agent modes: read-only plan (task decomposition) and explore (codebase investigation) modes; explore supports quick/medium/very-thorough thoroughness budgets.
  • Persona color and hooks: per-agent display color and lifecycle hook (pre_run/post_run) fields.
  • YAML agents & eval tasks: define personas and eval tasks in YAML alongside markdown personas.
  • IT-managed policy tier (internal/context/rules.go): non-excludable org-policy rule tier with highest precedence; strips HTML comments from rule files.
  • SQL exploration tool (internal/tool/sql.go): read-only database exploration tool.
  • Conventional-commit generation: SmartCommit and the diff summarizer produce Conventional Commit messages from staged changes.
  • Durable workflows + named checkpoints (internal/multiagent): LangGraph-style resumable workflows with named, persisted step boundaries.
  • Human-in-the-loop approval gates (internal/engine/approval_gate.go): durable approve/reject gates within workflows.
  • Structured output (internal/engine/structured_output.go): JSON-Schema-constrained responses, validated and retried once on mismatch.
  • MCP WebSocket transport (internal/mcp/ws.go): opt-in WebSocket transport in addition to stdio/HTTP.
  • GET /v1/ready: dependency-aware readiness endpoint on the daemon.
  • REPL magic commands (%reset, %undo, %tokens, %history, %copy, %save, %compact, %model, %clear)
  • Prompt cache keep-alive pings
  • Unified finding/severity contracts now live in hawk-core-contracts/types

Added — Round 2 ecosystem improvements (2026-06-01)

  • Cavecrew personas (internal/multiagent/agents): three new
    built-in personas built into GrayCode Hawk
    (cavecrew-investigator, cavecrew-builder, cavecrew-reviewer).
    Each enforces a strict output format so downstream agents can parse
    outputs mechanically:
    • cavecrew-investigator: path:line — symbol — note, max 6 words per note
    • cavecrew-builder: hard-refuses tasks touching 3+ files
    • cavecrew-reviewer: severity emoji (🔴/🟡/🔵/❓) at the start of every line
      Exposed via CavecrewPersonas() helper and EnsureCavecrew()
      registry method; BuiltinPersonas() returns 21 (was 18).
  • internal/safewrite package: hardened atomic file-write utility
    native GrayCode hardened atomic writes. Refuses symlinks at destination
    and parent, refuses paths that escape via .., opens with
    O_NOFOLLOW via golang.org/x/sys/unix, writes to a temp file
    with mode 0600, syncs to disk, then atomically renames. ErrSymlinkTarget
    and ErrPathEscape sentinel errors.
  • internal/jsonc package: JSON-with-Comments parser and
    ValidateClaudeSettings validator, native GrayCode settings
    parser and validateHookFields. Accepts // and /* */ comments
    plus trailing commas in objects and arrays. Validates Claude Code
    settings.json fields (model, permissions, hooks, mcpServers,
    env) with type checks and value validation.
  • internal/permissions/verdict.go: unified PermissionVerdict
    type with Risk levels (RiskLow, RiskMedium, RiskHigh,
    RiskBlocked). Helpers: Allow, Deny, RequireApproval. Additive
    change — existing GuardianDecision is unchanged.
  • internal/providers package: PROVIDERS matrix (34 entries)
    native GrayCode PROVIDERS matrix. Each
    entry describes an AI coding agent (Claude Code, Cursor, Codex,
    Aider, etc.) with install mechanism and detection probes. Probe
    kinds: command (PATH), dir (filesystem), vscode-ext,
    cursor-ext, macapp, jetbrains-plugin. API: Get(id),
    All(), Hard(), Detect(). Soft: true means detection is
    best-effort; soft providers are excluded from auto-detect.
  • internal/session.GainTracker: per-session gain event recording
    in a new gains SQLite table inside the session store. Each event
    captures original/compressed byte + token counts, mode/tier/model,
    and a command label. API: Record, AggregateForSession,
    ListForSession, PruneForSession. Scoped to a single session so
    callers can selectively compact their own history. Companion to
    tok's internal/tracking.Tracker (tok tracks globally, hawk tracks
    per-session).

Added — Production Hardening (top-50 OSS parity)

  • Stricter linting: .golangci.yml v2 config enabling errcheck, staticcheck,
    gocritic (diagnostic + performance), unused, ineffassign, misspell, noctx,
    bodyclose, unconvert, whitespace, with govet enable-all (minus fieldalignment).
  • CI parity: race-detector tests with coverage upload, golangci-lint v2 action,
    govulncheck and gosec security scans, multi-platform build matrix
    (linux/darwin/windows × amd64/arm64), benchmark job on PRs.
  • Makefile with standard targets: build, test, test-coverage, test-10x,
    lint, fmt, vet, security, bench, clean, install, release, help.
  • Container: Dockerfile uses tini init, embeds tzdata, verifies deps, runs as
    non-root.
  • Repository hygiene: .editorconfig for cross-editor consistency and
    CONTRIBUTING.md with the full contributor workflow.

Fixed — Correctness

  • 240+ unchecked error returns hardened across session, engine, tool, config,
    auth, cmd, daemon, diffsandbox, analytics, cmdhistory, container,
    eval, fingerprint, update packages.
  • Dead-code removal: 13 unused declarations removed (caught by the unused linter).
  • Real bugs fixed where append results were silently discarded
    (mcp/server.go, repomap/depgraph.go, flagged by staticcheck SA4010).
  • session package is now fully errcheck-clean, protecting persistence integrity.

Tests

  • auth package coverage raised from ~18% to ~71% with table-driven tests covering
    every code path.
  • update package coverage raised from ~22% to ~92% with full HTTP mocking, including
    error paths (server failure, invalid JSON, unreachable host) and Summary() rendering.