Changelog
What's new.
1.3.02026-06-28
Added
- anatrace-core integration — behavioral attestation (milestone). Replaced Anatomia's hand-rolled transcript forensics with the published
anatrace-coreengine, then built a behavioral-attestation layer on top: each pipeline run now emits tamper-evident provenance and per-claim attestation records to disk. Provenance and pricing are sourced from the engine rather than re-derived. This is the headline differentiator finally producing real records. - Captured, seal-gated test evidence. The most-trusted number in a build — did the tests pass, how many — is no longer the agent's self-report.
ana testcaptures real test-run output and seals it into the build/verify report;build_report.mdsaves are gated on carrying genuine captured evidence (configurable viatestEvidenceGate). An agent that types "all tests pass" no longer seals like one that ran them. - Session capture & cross-machine provenance. Every pipeline agent conversation (Think/Plan/Build/Verify/Learn) on both Claude Code and Codex records its session pointer plus full provenance — model, tokens, churn, outcome (cost derived at display). A work item's committed proof now carries every role's record regardless of which machine each session ran on.
- Verifier intent coverage. A mechanical check that every scope acceptance criterion is covered by a contract assertion, with a gating outlet when a gap is found. Adds a read-only
ana plan coveragepreview command. - Verifier verdict honesty. The headline PASS/FAIL verdict is now derived from contract compliance rather than scraped from a prose
**Result:**line the verify model typed. One emoji edit no longer flips the gate. - Proof-context intelligence.
ana proof context {files}graduates from a "what's wrong here" lookup into an orientation surface: it now answers *why this file exists* (the verified work items that shaped it — "Shaped by") and *what moves with it* (co-change partners + import blast radius — "Also changes with"), so agents read the true blast radius before touching code. - Empirical proof benchmark. A deterministic A/B "ruler" that takes two Claude Code session transcripts (one with Anatomia, one vanilla) and emits a tamper-evident, reproducible comparison of tokens, tool calls, cost, and reliability metrics.
- `ana proof --last` / `--latest` plus a completion hint that surfaces the freshly minted proof after
ana work complete— no more remembering and retyping a slug. - Redesigned terminal surface. The proof card (
ana proof), scan card (ana scan), health dashboard (ana proof health), and proof list table now share one render vocabulary (utils/render.ts), with a new sparkline primitive. Replaces the dated cyan-box idiom, hard... and N moretruncation, and the Provenance cost that looked like bad math. - `turbo.jsonc` detection for Turborepo workspace labeling.
Changed
- Test-evidence gate driven by committed config. Enablement moved from a hidden, gitignored, per-working-copy
.ana/state/capture.jsonself-arming file to a visible, git-trackedana.jsonflag. The gate, seal, and capture engine are unchanged — only *when enforcement turns on* is now a committed fact. - `captureGate` renamed to `testEvidenceGate` in
ana.json. "Capture" was overloaded across the seal subsystem and the unrelated provenance subsystem; the new name says what the flag does (gates whether a build report carries real captured test evidence). - Process-capture hooks always install. The flag is now a single runtime switch rather than an install-time decision.
- Enforcement-gate state moved from `ana work status` to `ana doctor`. The gate is mechanically enforced at the action; printing its state on every
work statuswas chrome that changed no agent's behavior. - `ana test` simplified to its deterministic, load-bearing core (mechanical seal).
- The capture seal is compact. It no longer inlines raw test output — the
retire-capture-self-armingreport alone carried ~3,100 lines / 246 KB of inlined output.
Fixed
- Behavioral attestation emitted zero records.
anatrace-corewas pinned to an uninstalled, known-false-PASS 0.2.0. Bumped to 0.4.0 with a fail-closed emit path, a locked verdict-reason set, and real-engine CI. The anatrace-core load is now guarded — an unresolvable engine abstains loudly instead of crashing. - Process provenance could block completion.
processCaptureStrictblockedana work completewhen provenance was incomplete. Provenance is metadata — it now records and annotates, never blocks. Flag removed. - Machine-owned templates never reached existing customers. Re-init conservatively skipped every file that already existed, unable to tell stock from customized. Re-init now refreshes machine-owned templates (agent definitions, CLAUDE.md) while preserving user-authored content, warning (git-recoverable) on any changed file it overwrites.
- Re-init clobbered managed `.gitignore` files. User-added lines in
.claude/.gitignore/.ana/.gitignorevanished silently, and.codex/shipped none. Re-init now merges rather than clobbers, and the Claude Code runtime lock (.claude/scheduled_tasks.lock) is ignored by stock so it no longer re-dirties the tree. - Non-authoritative `plan.md` phase checkbox removed. Phase completion was tracked twice — mechanically (the only source code reads) and as a hand-edited markdown checkbox no code reads. The redundant copy produced split-brain state and a dirty tree that could block
ana work complete --merge. - SQL table counting under-reported tables. Schema-qualified quoted identifiers (
CREATE TABLE "public"."page") were counted as the schema name, collapsing tables. Supabase-style migrations now count correctly. - Price table corrected. Added current Opus model rows, corrected stale rates, and surfaced unpriced models (
ana proofno longer shows est. $0.00 for priced sessions). - Session capture guarded against empty `session_id` — no junk rows.
- Dev-binary staleness guard — guards against silently running a stale local build.
- Refuse an explicit sealing-stage run through the checkpoint form.
1.2.22026-06-02
Added
- Vue framework detection. Vue 3 apps using
vite.config.tsare now correctly identified. hoppscotch (70K stars) goes from "unknown" shape with 2 surfaces to "Vue" framework with 6 surfaces. Dep-based framework fallback detects Vue and React even when no framework-specific config file exists. - Vite surface detection with library guard. Packages with
vite.config.tsare detected as surfaces. Library packages (those withmain/module/exportsin package.json) are excluded — they use Vite for bundling, not as a deployable app. Zero false positives across 22 validated repos. - `hasMain` and `hasExports` fields on `SourceRoot`. Census reads library markers from package.json during construction. Used by the surface detection library guard.
- MCP and Upstash service detection.
@modelcontextprotocol/sdkdetected as "MCP Server."@upstash/ratelimit,@upstash/vector,@upstash/workflowadded. Existing@upstash/redisand@upstash/qstashdetection unchanged.
Fixed
- Non-product code counted as production code. Test fixtures, templates, examples, playground, and reference directories were included in scan findings, hot files, schema model counts, and deploy detection. Supabase showed 39 models (real: 10). trigger.dev/payload/novu had 100% false-positive API route findings. shadcn hot files showed template config files. Payload's deploy platform came from a template Dockerfile. Fixed by wiring
isNonProductPathfiltering into all affected systems with a sharedNON_PRODUCT_GLOB_IGNOREconstant derived fromEXCLUDED_SEGMENTS. - Non-product path filter over-excluded product code. The initial fix used any-depth segment matching (
**/e2e/**), which incorrectly filtered product endpoints namede2e,test,sandbox,templates, orplaygrounddeep inside app source trees. dub lost 9 production API routes. Fixed with depth-limitedisNonProductFilePaththat only checks the first 3 path segments (where workspace packages live). Root-anchored glob patterns replace any-depth patterns. Verified across 22 repos. - Env hygiene false positive.
.gitignorecoverage check usedgitignore.includes('.env')— a substring match that passed when only.env.localwas covered. Replaced withgit check-ignore --no-index .envfor authoritative gitignore evaluation. - Contributor display missing "active" qualifier. "27 contributors" now reads "27 active contributors." The count is a 30-day window, not all-time.
Changed
EXCLUDED_SEGMENTSexported fromsurfaces.ts— shared definition of non-product pathsNON_PRODUCT_GLOB_IGNOREuses root-anchored patterns instead of any-depth**/${s}/**isNonProductFilePathexported for file-path callers.isNonProductPathunchanged for package-path callers.detectSecretsexported for testing- Vue detector registered at position 5 in the node framework registry
FRAMEWORK_HINTSandSTRONG_FRAMEWORK_CONFIGSincludevite.config.ts/js/mjs
1.2.12026-06-01
Added
- Codex Learn agent. All five pipeline stages now work on both Claude Code and Codex.
ana run learn --platform codexlaunches Learn with platform-specific diagnostic guidance. CC Learn template paths corrected to canonical.ana/skills/. - `mergeStrategy` config field.
ana.jsongains an optionalmergeStrategyfield (merge,squash, orrebase). When absent,ana work complete --mergequeries GitHub for allowed strategies and auto-selects when exactly one is enabled. Write-time validation rejects invalid values.
Fixed
- `ana work complete --merge` fails non-interactively. The merge call had no strategy flag —
gh pr mergewithout--merge/--squash/--rebasefails when stdin is piped (Codex, CI, scripts). Now always passes an explicit strategy with runtime fallback to GitHub API detection. - Finding action `accept` renamed to `acknowledge`. The word "accept" caused Learn to batch-close findings instead of evaluating them. Renamed across source, templates, tests, and docs. One-time backfill migration renames existing proof chain entries. Old
acceptvalues tolerated from existing templates. - Multi-phase timestamp poisoning. Phase 1's
verify_started_atno longer blocks Phase 2 status for up to one hour. Phase-scoped timestamp keys prevent cross-phase interference. Centralized phase resolver ensureswork statusandwork startagree. - Conditional test no-ops. 6 tests that silently passed without executing assertions now run with mocked PID resolution. 2 parsing tests converted to visible
skipIf.
Changed
CODEX_AGENT_FILESexpanded to include Learn (5 → 6 agents)- Finding action
accept→acknowledgein JSON output, display, and proof chain mergeStrategyadded as a user-ownedana.jsonfield- PlatformSwitcher shows only supported platforms (Claude Code, Codex)
1.2.02026-06-01
Added
- `ana run` — universal agent invocation. One command for every pipeline stage:
ana run(Think),ana run plan,ana run build,ana run verify,ana run learn,ana run setup. Dispatches to the configured platform automatically. Advisory pipeline state check warns when work isn't at the expected stage. - Codex platform support.
ana init --platforms codexgenerates Codex agent templates with.agent.tomlmanifests under.codex/agents/.ana rundispatches to Codex interactive TUI withdanger-full-accesssandbox mode. Platform auto-detection from PATH on first init. - `platformFlags` in `ana.json`. Per-platform runtime flags applied automatically by
ana run. Set"claude": ["--dangerously-skip-permissions"]once — never type the flag again. - `--platform` flag on `ana run`. Explicit platform override per invocation. Resolution chain:
--platformflag →ANA_PLATFORMenv → sole configured platform → guidance when ambiguous. - Unified skill architecture. Skills live in
.ana/skills/— one canonical location shared across platforms..claude/skills/and.agents/skills/are symlinks. Setup enriches through the symlink — zero change to existing setup workflows. - Multi-phase report naming guard.
ana artifact save build-reporton a multi-phase scope auto-corrects to the numbered type (build-report-1) with a warning. Prevents off-plan artifact creation. - Phase-scoped pipeline timestamps. Multi-phase work writes
build_started_at_Nandverify_started_at_Nper phase. A centralized phase resolver ensuresana work statusandana work startagree on the current phase. - Gitignore disclosure at init time.
ana initwarns when infrastructure files are gitignored.ana init commitforce-adds them to prevent worktree failures from missing agent files.
Fixed
- Multi-phase timestamp poisoning. Phase 1's
verify_started_atno longer incorrectly blocks Phase 2 status for up to one hour. Each phase gets its own timestamp key. Defense-in-depth: verify timestamps predating the current phase's build report are rejected as stale. - Re-verify writes the correct timestamp. Both single-phase and multi-phase FAIL→re-verify now write
verify_started_atinstead ofbuild_started_at. Re-verify is a verify session, not a build session. - Timestamp duplication eliminated.
isTimestampRecentandcheckConcurrencyGuardconsolidated into a shared comparison path. - Advisory pipeline check false warnings. Replaced
.saves.jsonstage field read with file-existence checks. No more false warnings when starting agents. - Invalid `--platform` values rejected.
--platform codeex(typo) now errors instead of silently falling through. - Shell injection in Codex dispatch. Eliminated
shell: true— both platforms use safespawnSyncarray arguments. - `work.ts` decomposition. Extracted
work-state.tsandwork-proof.tsfrom the 1700-line monolith. - Gitignore force-add in init commit. Tracked-but-gitignored infrastructure files detected and force-added.
Changed
- All CLI display strings use
ana runsyntax instead ofclaude --agent getClaudePid()renamed togetAgentPid()— platform-agnosticgetSkillsDir()returns.ana/skills(canonical location)getAgentsDir()accepts optionalplatformparameterana.jsongainsplatformsandplatformFlagsfieldsKNOWN_ROOTSexpanded to['.ana/', '.claude/', '.codex/', '.agents/']package.jsondescription: "four-agent" → "five-agent" pipeline- Scan/index exclusion patterns include
.codex/and.agents/ determineStageuses phase-scoped timestamp keys for multi-phase concurrencystartWorkuses centralized phase resolver instead of glob-based detection
1.1.52026-05-26
Added
- Three-tier monorepo dependency resolution — identity fields (database, auth, payments, AI SDK) now use tiered detection: primary package → all workspace packages → root package.json. Includes ORM-beats-driver merge rule: when a shared package has Prisma and the primary has @planetscale/database, Prisma wins. Fixes n8n false Supabase detection and postiz-app empty stack from hoisted deps.
- Finding details in CLI output — scan findings now show methodology detail as indented gray text below each warning. The validation finding's disclaimer ("Wrapper-based or middleware validation may not be detected") is now visible to founders instead of hidden in JSON.
- Surfaces section in AGENTS.md — monorepo projects get a
## Surfacessection listing surface names, paths, and frameworks. Capped at 4 entries. Helps Cursor, Windsurf, and Copilot users navigate monorepo structure. - Env hygiene monorepo enrichment — scanner now checks the primary source root for
.env.examplewhen root directory doesn't have one. Fixes 9 of 30 handoff repos including dub and inbox-zero. - Drizzle barrel-file model aggregation — when a drizzle config points to a barrel index file (re-exports from subdirectories), table counts are aggregated across all files in the directory tree. Fixes openstatus (0 → 40 models).
Fixed
- False positive secret detection eliminated — removed weak signing secret regex (0 true positives across 48 repos). Removed PostHog public key pattern. Added bracket template filters and placeholder values for DB URLs. Added AWS example key blocklist. Medusa: 10 false criticals → 0. Infisical: 12 → 0.
- Deploy platform detection primary-aware — monorepo scans now prefer the primary package's deploy config. Fixes inbox-zero and Cap showing "Cloudflare Workers" instead of "Vercel." Prisma+Vercel serverless singleton gotcha now fires correctly.
- AGENTS.md constraint deduplication — multiple secret findings no longer produce duplicate constraint lines. Medusa's 10 identical "🔴 Use environment variables..." lines → 1.
- AI sub-provider collapse in AGENTS.md — Vercel AI provider variants (OpenAI, Anthropic, Google, etc.) filtered from services section when the stack already reports the primary AI SDK. Direct SDK usage preserved.
- Validation finding title qualified — changed from
185/464 API routes have no validation importsto~185 of 464 API route files may lack input validation. Tilde signals approximation. Singular/plural handled correctly. - shadcn/ui split-package detection — UI system detection uses merged workspace deps for monorepos. The shadcn/ui 3-dep signature (cva + tw-merge + radix) commonly split across packages is now correctly detected. Fixes dub ("Tailwind CSS" → "shadcn/ui (Tailwind)").
- Workspace glob fallback — scanner no longer crashes on wildcard workspace patterns or packages with missing name fields.
Changed
ProjectCensustype gainsrootDepsfield (root package.json production dependencies)ORM_PACKAGESexported fromdetectors/dependencies.tsfor the ORM-beats-driver merge ruledetectDeploymentgains optionalprimaryPathparameterSECRET_PATTERNSreduced from 11 to 9 entriesDB_URL_PLACEHOLDERSandTEMPLATE_PATTERNSexpanded- Validation finding detail rewritten to single concise line
formatHumanReadableexported for testing- Stale comments in scan-engine.ts updated to reflect three-tier model
1.1.42026-05-24
Added
- Backend service surface detection — workspace packages with a server framework dependency (Express, Fastify, Koa, Hono, NestJS, Elysia, and more) plus a
devscript are now detected as surfaces. Monorepos with separate API backends get per-surface test commands automatically. - Stack provenance —
scan.jsonrecords which workspace package contributed each stack detection. Setup flags detections from non-primary packages so you can correct during configuration. - Setup surface gap check — setup identifies workspace packages with dev scripts that weren't detected as surfaces and offers to add them.
Fixed
- Proof table alignment — dynamic column widths replace hardcoded padding. Long slugs no longer crash into adjacent columns. 2-character minimum gap between all columns. Empty surfaces show
--instead of blank space. - Terminal box trailing space — proof detail and health view boxes maintain a gap before the right border.
- `ana -help` shows help — typing
-help(single dash) now shows help instead of "unknown option" error. Works for all commands. - Health hot spots overflow — long file paths no longer overflow into the findings column.
- Scan header box alignment — ANSI escape codes no longer break right-border alignment. Summary line truncates gracefully when content exceeds box width.
Changed
learncommand description updated to "Manage learn sessions".- Setup agent template uses
--jsonfor proof audit matrix output.
1.1.32026-05-22
Added
- Scan terminal Surfaces section — surfaces promoted from inline sub-item to standalone section between Stack and Intelligence. Each surface shows framework (or language fallback) and primary testing framework.
- Branch pattern detection from merge history — reports the climate (e.g., "48/50 merges used
feature/") instead of the weather (live remote branches). Falls back to remote branches for shallow clones. - 10 new database packages — Kysely, MikroORM, slonik, @vercel/postgres, mongodb, postgres.js, sqlite3, mssql, and more
- 5 new framework config variants —
.mjsvariants for Svelte, Nuxt, Remix, React Router, Vue - @stripe/react-stripe-js added to payment detection
Fixed
- False surface detection — workspace packages in
examples/,templates/,e2e/,test/,playground/,sandbox/, and similar directories excluded from surface detection. Re-init silently drops previously-detected false surfaces. - Application shape priority — framework evidence now outranks CLI and MCP dependency signals. NestJS with yargs →
api-server(wascli). Express with MCP SDK →api-server(wasmcp-server). Next.js with LangChain →web-app(wasai-agent). - Primary package selection — name-match policy uses the repo directory name to prefer packages whose npm name matches the project identity. Four-tier matching with file-count minimum guard prevents thin wrappers from winning.
- TypeScript language detection — three-tier detection: root
tsconfig.json,typescriptin root devDependencies, andtsconfig.jsonin common subdirectories. Fixes monorepos and non-workspace multi-dir projects. - Python testing framework detection — PEP 735
[dependency-groups]parsed, TOML array regex handles extras brackets, single-quoted strings matched alongside double-quoted. - Python production/dev dependency separation — stack detection (framework, database, auth, AI SDK) uses production deps only. Testing detection uses all deps. Fixes false framework/database detections from test dependencies.
- Schema discovery filters non-product paths —
discoverSchemasskips e2e/test/example workspace roots and filters glob fallbacks throughisNonProductPath. - TOML inline comment handling — closing-bracket regex handles valid TOML
] # commentacross all pyproject.toml strategies. - False rejection archives — same-session re-saves no longer create false archive files or history entries. Stage-transition gate prevents timing data corruption from phantom rejection cycles.
1.1.22026-05-21
Added
- Surface awareness for monorepos — scan detects development surfaces (apps, packages) automatically using a three-signal heuristic. Each surface gets its own
path,language,framework, and scopedbuild/test/lintcommands inana.json. Pipeline agents target the correct surface. Validated across 25 real-world repos. - Per-surface proof chain tracking — each pipeline run records which surface was verified.
ana proof health --surface cliandana proof audit --surface clifilter by surface. Dashboard shows per-surface run counts and findings. - `ana doctor` — unified project health diagnostic. Checks CLI version, scan freshness, context quality, skill enrichment, proof chain health, and surface configuration.
--jsonflag for CI. - `ana config delete` — remove config fields. Blocks deletion of machine-managed surface fields (path, language, framework).
- Nx workspace detection — monorepos with
nx.jsonshow "Nx (pnpm)" or "Nx (yarn)" instead of generic labels. - Expanded platform detection — Cloudflare Workers, Helm, Kubernetes, AWS CDK, Pulumi, Serverless Framework for deployment. CircleCI, Jenkins, Bitbucket Pipelines for CI.
- Expanded AI SDK detection — 7 new Vercel AI provider packages +
@ai-sdk/*wildcard catch. - Depth-stratified file sampling — replaces depth-first sort with 3-bucket allocation (shallow, mid, deep). Budget increased from 500 to 750 files.
Fixed
- Per-surface test commands use developer's script — surface test commands now prefer
pnpm run test(script passthrough) overpnpm vitest run(direct invocation), preserving setup steps likeprisma:generate,dotenv,cross-env. Falls back to direct invocation only when no test script exists. Previously 41% of surfaces produced commands that would skip setup and fail. - Validation finding accuracy — rewired to own glob with honest denominators (e.g., "185/464 API routes have no validation imports"). Previously sampled a subset and extrapolated.
- Error boundary finding accuracy — rewired to own glob with exact page counts regardless of directory depth.
- Import alias classifier — returns all tsconfig aliases, not just the first. Fixes misclassification of 574 imports on projects with multiple path aliases.
- Tauri+TS monorepos detect as TypeScript — Cargo.toml with tauri workspace dep + pnpm-workspace.yaml correctly classified as Node, not Rust.
- Ruby projects with package.json or yarn workspaces detect as Ruby — Gemfile added to competing manifest checks. Mastodon-style projects correctly classified.
- Non-Node projects get native commands — Ruby, Python, Go, Rust projects no longer get JavaScript test commands.
- Root lint now project-wide — was scoped to primary package while build and test were already project-wide. Now consistent.
- Sampler budget overflow —
allocateBudgetcould exceed budget when fewer files than depth categories. Fixed with remaining-count guard. - AnaVerify independence — Verify reads checkpoint commands from the spec, not the build report. Fixes a contradiction in the agent template.
Changed
buildPackage/testPackageretired — replaced by per-surface commands insurfacessection. Old values preserved via.passthrough()for existing installations.monorepo.packagestype changed from{ name, path }[]to enriched objects with per-packagelanguage,framework,testing,hasBin,scripts, andsourceFiles.- Root
commands.lintnow project-wide for monorepos (was scoped to primary package only). pullBeforeReadandcommitAndPushProofChangesmoved fromproof.tstogit-operations.ts.
1.1.12026-05-18
Added
- Unified staleness awareness —
work statuswarns when scan is temporally stale (>7 days AND >50 commits).setup checkgains Freshness section. Ana template instructs verbatim relay of ℹ notification lines. - Re-init mechanical field refresh —
ana initnow refreshesname,language,framework,packageManagerfrom the fresh scan instead of preserving stale values - Polyglot language detection — tiered heuristic detects primary + secondary languages in multi-language projects
- Rust/Go polyglot detection — Rust and Go added to the polyglot tier heuristic
- Non-Node scan enrichment — AI SDK detection, framework-to-shape mapping for Python, Go, and Rust projects
- Non-Node command suggestions: init suggests language-appropriate test commands (pytest, go test) when no test script detected
- Audit matrix orientation — proof audit output reoriented for better readability
- Learn session memory —
ana learn endcommand,--newand--sinceaudit flags with matrix enrichment, learn directory added to init and re-init - `buildPackage`/`testPackage` fields — new ana.json fields for package-scoped commands in monorepos, validated by COMMAND_FIELDS
Changed
printVersionNotificationsrenamed toprintNotifications— now handles version, mismatch, and staleness notifications- Ana agent template: explicit instruction to relay ℹ notification lines verbatim (both product and dogfood templates)
- Setup template:
ana init commitmoved from inline prose to dedicated bash code block — reduces agent hallucination surface
Fixed
- Scan branch detection: local-only branches no longer appear in scan.json; bot branches (dependabot, renovate) filtered from branch pattern analysis
- Monorepo build/lint scoping:
ana initnow scopes build and lint commands to the primary package, matching the existing test command scoping - Sanitize blank command strings on re-init: if
commands.test/build/lintis"", replaced with fresh scan detection value instead of preserving the blank forever ana config setrejects empty strings for command fields — was a silent footgun that corrupted ana.json- AI SDK detection priority: meta-frameworks (Vercel AI) detected before raw providers (Anthropic/OpenAI), preventing mis-detection
- Polyglot regex: handle PEP 508 extras brackets in Python dependency parsing
- npm runner mapping: fix
buildDirectTestCommandfor npm-based projects - Secret validator: template placeholder patterns no longer trigger false positive secret findings
- Filter placeholder GitHub tokens with low entropy — reduces false positive secret findings
- First-user display polish: blind spots count,
.gitroot detection messaging, init config display - PR multi-remote failure: parse origin URL and pass
--repoto allghcalls (pr list, pr create, pr view) — fixes failure when multiple remotes exist (fork setups) - Flip monorepo command semantics:
build/testare now project-wide commands,buildPackage/testPackagetarget the primary package — fixes confusion where root commands ran package-scoped - scan-freshness tests: clear CI env var in beforeEach so tests pass in GitHub Actions
1.1.02026-05-15
Added
- Build isolation
- Worktree-based builds — Build and Verify run in dedicated git worktrees, isolating pipeline work from the main working tree
- Worktree lifecycle management: creation, build-step execution, freshness detection, pruning on completion
- Worktree artifact cleanup — stale copies removed from main tree after merge
- Pipeline concurrency guards — prevent concurrent plan/build/verify sessions on the same slug
- Infrastructure persistence
- `ana init commit` — commit infrastructure files (scan, context, skills, agents) to the artifact branch with a single command
ana initsurfaces scan quality gaps and pipeline readiness warnings- Re-init now preserves
plans/active/alongside completed plans, proof chain, and context files - Configuration
- `ana config show` / `ana config get` — read ana.json settings from the CLI
- Configurable branch prefixes —
branchPrefixsupports per-kind mappings (feature/, fix/, chore/) ana.jsonschema uses.passthrough()to preserve user-added fields across re-init- Pipeline improvements
- Version awareness —
work statusshows when a newer CLI version is available and when project context is outdated - `work complete --merge` — merge the PR via GitHub CLI before completing, with actionable messaging for branch protection failures
- Scope validation — structural checks on scope.md (kind, size, multi-phase, AC format)
- Commit hygiene checks — lint staged files during build-report save
- Think session timestamps captured and displayed in proof chain timing
- Phase-accurate pipeline timing written to worktree artifacts
- Ship log
kindfield — explicit feature/fix/chore/milestone classification - Proof intelligence
- `ana proof strengthen` — commit skill file edits and close findings atomically
- Upstream finding resolution — institutional findings persist across pipeline runs
- Rejection artifact preservation — failed build artifacts preserved in git history
- Agent improvements
- Agent dashboard —
ana agentslists installed agents with model configuration - Learn infrastructure foundation — severity-based triage, upstream category, strengthen workflow
- CLI UX polish — command grouping, help examples, ENRICHMENT.md markers for setup agent
- Website and AnaDocs
- anatomia.dev — marketing site with product overview, system architecture, and pricing
- AnaDocs at anatomia.dev/docs — concept pages, guides, CLI reference, and Proof Explorer
- Dynamic reference pages for agents, skills, context files, and CLI commands
- Full-text search across all documentation
- Proof Explorer — navigable proof chain entries with assertion ledgers and finding details
Changed
- Node.js 22+ required — dropped Node 20 support; CI matrix updated to Node 22 + 24
- GitHub organization — repository moved from
TettoLabs/anatomiatoanatomia-dev/anatomia; old URLs redirect - Pipeline timing uses phase-accurate timestamps from worktree artifacts
- Branch cleanup uses force-delete (
-D) for squash/rebase merged branches - Work start timestamps committed to artifact branch immediately
- Auto-clean untracked plan artifacts during
work completepull
Fixed
--mergeflag — replaced auto-escalation with actionable messaging, JSON.parse crash guard, stderr+stdout consolidation- Proof chain JSON merge pollution — merge artifacts no longer corrupt proof data
- Pre-build source mutation — build step no longer modifies source files
- Gantt bar rendering distortion in multi-phase pipeline visualizations
- Worktree branch parsing for
+markers ingit branchoutput - CI matrix failures on Node version mismatch
- Pipeline stage detection for resumed builds
- Phase timing precision across worktree boundaries
1.0.22026-05-05
Added
ana proof lessoncommand — record findings as institutional lessons (verified but not actionable)- Audit headline now shows actionable vs monitoring split (e.g., "24 actionable, 48 monitoring")
Fixed
- Fix parseACResults regex — scope to AC Walkthrough section only, preventing false PASS/FAIL matches from Findings bullets (3/44 proof chain entries had inflated counts)
- Normalize staleness detector confidence by file touch frequency — reduces false positives from 78% to ~40% on hot files
- Collapse dual FAIL guard in work.ts to single shared helper
- Unify recovery-path finding count with computeChainHealth
- Delete hardcoded zero-run defaults in favor of calling computeFirstPassRate
- Extract shared exitError factory across close/promote/strengthen subcommands
- Extract and apply summary truncation helper consistently
- Fix Learn template — remove "pre-classified for closure" language that caused batch-closing
1.0.12026-05-04
Fixed
- Eliminate command injection via unvalidated slugs in artifact, pr, proof, and work complete commands
- Validate artifactBranch and branchPrefix from ana.json against shell metacharacters
- Migrate all git command execution from execSync to spawnSync array arguments
- Add findProjectRoot containment check — require .git alongside .ana/ana.json
- Strip control characters from coAuthor config values
- Add version/tag and CHANGELOG verification gates to release workflow
- Fix CHANGELOG 1.0.0 release date
- Update project metadata to reflect npm publication
- Refresh dogfood scan from clean main branch
- Remove internal development history from public repository
1.0.02026-05-04
Added
- Scan engine
- 40+ framework, database, auth, testing, and service detectors
- Convention analysis: naming, imports, indentation across 5 categories
- Pattern inference: error handling, validation, database, auth, testing
- Application shape classification (cli, web-app, api-server, library, and 5 more)
- Two-tier scanning: surface (dependency-based) and deep (tree-sitter AST)
- Git intelligence: activity, churn, hooks, commit format, contributors
- Context generation
CLAUDE.mdandAGENTS.mdfor cross-tool AI consumption- 5 core + 3 conditional skill templates with scan-driven Detected sections
- Project-context and design-principles scaffolds
- 16 stack-specific gotchas with compound triggers
- Idempotent init: re-run refreshes scan data, preserves user content
- Pipeline
- Four-agent pipeline: Think, Plan, Build, Verify
- Sealed contracts with typed assertions (equals, contains, exists, greater, truthy, not_equals, not_contains)
- Hash-verified artifact saves with atomic commits
- Branch-aware pipeline state tracking
- PR creation from verified builds
- Proof chain
- One entry per pipeline run: assertions, findings, timing, hashes
- Quality trajectory via
ana proof health - Finding lifecycle: active, closed, promoted, lesson
- Finding-to-rule promotion via
ana proof promote - Staleness detection via
ana proof stale - Severity classification: risk, debt, observation
- Active findings audit via
ana proof audit - File-scoped context queries via
ana proof context - Learn agent
- Severity-based triage between pipeline cycles
- Pattern promotion to skill rules
- Think handoff for scope-worthy findings
- Setup
- Guess-and-confirm enrichment via Claude Code agent
- Phase-tracked state with resume support
- Context file validation via
ana setup check - Infrastructure
- CI: Ubuntu x 2 Node versions (22, 24)
- Pre-commit hooks: typecheck + lint
- Atomic init with crash-safe rollback