Skip to content

Releases: gaurav0107/superhuman

v0.6.4

Choose a tag to compare

@github-actions github-actions released this 13 Jul 19:26
chore(release): v0.6.4 [skip ci]

v0.6.3

Choose a tag to compare

@github-actions github-actions released this 12 Jul 20:26

Added

  • Automated patch releases on merge (.github/workflows/release.yml). Every push to main now cuts a release: an ordinary merge auto-bumps the patch version across all three manifests, promotes the ## [Unreleased] CHANGELOG section into a dated section, commits the bump back to main, then tags and publishes the GitHub Release. A merge that already carries a new version (a manual minor/major bump) is released as-is instead of being patched past. The version-writing + CHANGELOG promotion is extracted to scripts/release/prepare_release.sh (covered by tests/scripts/test_prepare_release.sh), with strict ^X.Y.Z$ validation so a malformed manifest version can't reach the workflow. Replaces release-tag.yml, which only tagged manual bumps.
  • Merge gating on main. Branch protection now requires the suite CI checks to pass and all review conversations (CodeRabbit) to be resolved before a PR can merge — a failing check or an unresolved review comment blocks the merge. The release bot pushes its bump commit with a RELEASE_TOKEN admin PAT to get past protection (enforce_admins=false); see CONTRIBUTING → Versioning & releases.
  • One-command installer (install.sh). Installs superhuman and its dependent pluginssuperpowers (required) and everything-claude-code / ECC (recommended) — in a single command via the Claude Code CLI (claude plugin marketplace add / plugin install). Idempotent and re-runnable; checks prerequisites (git/gh/jq/python3 + gh auth), and falls back to printing the manual slash-commands when the claude CLI isn't on PATH. Flags: --skip-ecc, --codex (clone + symlink the Codex skill), --dry-run. Usage: curl -fsSL https://raw.githubusercontent.com/gaurav0107/superhuman/main/install.sh | bash. Covered by tests/scripts/test_install.sh; README Installation section leads with it.

Fixed

  • Installer used the wrong marketplace/plugin IDs, so both dependency installs failed (Plugin "superpowers" not found in marketplace "superpowers", and likewise for ECC). The marketplace name comes from each repo's marketplace.json, not the repo slug. Corrected to the verified IDs: superpowers@superpowers-marketplace (via obra/superpowers-marketplace) and ecc@ecc (via affaan-m/everything-claude-code). Added a bare-plugin-name retry so a future marketplace rename self-heals instead of hard-failing. README manual commands updated to match.

v0.6.2

Choose a tag to compare

@github-actions github-actions released this 06 Jul 06:26
e116d29

Added

  • Usage & lifecycle telemetry. Two new opt-out PostHog events extend adoption measurement beyond terminal contribution outcomes, governed by the same single opt-out gate (SUPERHUMAN_TELEMETRY=off / telemetry.json / print):
    • superhuman_used — emitted (backgrounded, non-blocking) on every command invocation, carrying command and version. All five commands (contribute, contribute-loop, contribution-dashboard, contribution-fleet, repo-finder) are instrumented.
    • superhuman_lifecycle — emitted once after install or a version change (kind = install|update, plus version, prev_version), inferred from a cached ~/.superhuman/global/last_version.json since Claude Code plugins have no native installer hook.
    • scripts/lib/telemetry_common.sh — shared, sourced opt-out/identity/version/send helpers; usage_ping.sh refactored to source it (behavior parity), new usage_event.sh emits the two events.
  • Payload remains minimal (distinct_id = GitHub username only); TELEMETRY.md documents all three events.

Fixed

  • usage_event.sh no longer writes the lifecycle cache in SUPERHUMAN_TELEMETRY=print (dry-run) mode, so previewing telemetry no longer consumes the one-shot install/update signal.

v0.6.1

Choose a tag to compare

@github-actions github-actions released this 05 Jul 22:07
9b04ce1

Fixed

  • PR-body attribution is now rogue-proof — the canonical footer is the single source of truth. scripts/orchestrator/pr_body_with_attribution.sh now scrubs any model-authored attribution line from the PR body before appending the deterministic 🤖 Opened with [Superhuman](…) footer (or, with SUPERHUMAN_ATTRIBUTION=off, emitting the scrubbed body with no footer). This prevents a model-improvised, unlinked, fine-print disclosure line (or double attribution) from replacing the canonical linked footer. Scrubbing is scoped to the footer zone (after the last ---, else the trailing paragraph, else the final line) and gated on a structural signal, so legitimate mid-body prose is never touched. The same pass also strips Claude/AI attribution (🤖 Generated with…, Co-authored-by:, noreply@anthropic.com) from the PR body, closing a gap where those were guarded only in commit messages. agents/planner.md gains a matching defense-in-depth rule: never author attribution in the PR body — the harness owns the canonical footer.

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 09:25
dfa7cc4

First tagged release since v0.5.1. The interim 0.7.0 / 0.7.1 / 0.8.0 version bumps were manifest-only and never tagged, so their changes are consolidated into this release.

Added

  • Learning substrate — the system now learns from reviewer feedback instead of repeating it. A durable, typed knowledge base that outlives a single run and generalizes across repos, closing a Birth → Retrieve → Prevent → Enforce → Curate loop so the same review comments stop recurring across merged PRs.
    • lesson-distiller agent (producer/curator; sole owner of the knowledge base). Seed mode authors a short repo architecture dossier grounded in a deterministic structural scan, and emits deterministic scan rule cards. Curate mode mines a run's classified reviewer comments and merge outcome into typed rule cards, then runs graduated cross-repo promotion, age-based decay, contradiction-demotion, demoted→active re-confirmation, and maintainer-reraise regression logging.
    • Rule cards (schemas/rule_card.schema.json) — typed, provenance-tracked convention records. Deterministic cards reference one of a fixed check registry (file_present, file_in_dir, commit_matches, identifier_case); semantic cards carry prose the scorer's LLM pass judges. A card is DATA — no executable field — and a mined check.id outside the registry is force-converted to semantic.
    • PREVENTplanner and builder retrieve the dossier + matching cards (select_lessons.sh) and inject them as MUST-follow conventions (planner's Compliance checklist; builder's subagent-driven-development constraints).
    • ENFORCEmerge-probability-scorer runs check_lessons.sh on the diff; an unfixed ENFORCED violation caps the merge score at 75% (blocks merge-ready ≥80%) and lists the rule under Blocking Issues. Shipped violations are logged to a cross-repo regression corpus at terminal only.
    • Graduated cross-repo promotion — a repo-scoped rule recurring across ≥2 distinct repos becomes a global-candidate; ≥3 graduates it to enforced global scope.
    • Scripts (all unit-tested, bash-3.2-safe): scripts/lessons/{select_lessons,check_lessons,merge_cards,promote_lessons,decay_lessons,record_regression,set_lesson_status}.sh; scripts/profiler/{scan_structure,write_repo_scan,dossier_fresh}.sh; scripts/lib/lesson_checks.sh (fixed check registry + canonical dedupe key).
    • Observability/contribution-dashboard gains a Learning panel: per-repo rule-card counts (total / active / enforced / by kind, plus demoted) and dossier freshness, and a global section with promoted cards (candidate vs. enforced) and the regression alarm log.
  • New shared-state files (registered in agents/SHARED_STATE.md): repo_scan.json (owner repo-profiler); dossier.md, dossier_meta.json, lessons.jsonl, lessons_global.jsonl, lesson_regressions.jsonl (owner lesson-distiller); classified_comments.json (owner resolve-comments — the distiller handoff). Each with a draft 2020-12 schema where applicable.
  • PR-origin disclosure. scripts/orchestrator/pr_body_with_attribution.sh assembles the PR body and appends a Superhuman origin-disclosure footer, honoring SUPERHUMAN_ATTRIBUTION. Unit-tested by tests/scripts/test_pr_body_with_attribution.sh; agents/opensource-contributor.md Phase 6 pipes the plan-derived body through it before gh pr create.
  • Codex runtime support. .codex-plugin/plugin.json manifest and skills/superhuman/SKILL.md adapter expose the full contribution workflow to Codex, executing the same agents/, scripts/, schemas/ contracts inline instead of via subagent dispatch. Includes concrete superpowers: fallback procedures, a Codex command-equivalent table in the README, and clone + symlink install instructions.

Changed

  • repo-profiler now publishes repo_scan.json (deterministic structural scan of the worktree) to ground the dossier.
  • resolve-comments persists classified, non-suspicious comments to classified_comments.json for the distiller.
  • opensource-contributor sequences the distiller: MODE=seed after profiling (Phase 2.5) and MODE=curate post-terminal (Phase 8.5) — both non-fatal.
  • skills/superhuman/SKILL.md gained the learning-substrate safety rail for the Codex runtime.
  • PRs now disclose their Superhuman origin by default — a one-line footer on the PR body (🤖 Opened with [Superhuman](https://github.com/gaurav0107/superhuman), an open-source contribution agent.). Set SUPERHUMAN_ATTRIBUTION=off (also false/0/no) to suppress it.
  • Contributor identity is derived from gh, not hard-coded (agents/builder.md Step 3, agents/opensource-contributor.md Phase 0). Whoever installs the plugin contributes under their own name; falls back to the ID+login@users.noreply.github.com privacy address when GitHub hides the email. Both agents guard with gh auth status and surface GH_AUTH_MISSING.
  • The single-author commit rule is unchanged and now explicitly commit-scoped. Commits carry no Co-Authored-By: trailers and no AI attribution (pre-push verifier enforces it); the disclosure lives only in the PR body.
  • Plugin description and keywords updated across the three manifests to reflect dual-runtime (Claude Code + Codex) support.

Security

  • Reviewer comments feeding the distiller are treated as EXTERNAL_CONTENT; the distiller extracts ONLY into the constrained rule-card schema. A comment attempting a command, URL, or out-of-repo write is classified suspicious, logged to mistakes.md, and never minted into a card. Enforced rules feed the scorer's judgment only — they can never expand allowed_commands.json or drive builder shell. The active↔demoted transition routes exclusively through set_lesson_status.sh; merge_cards.sh refuses status-flips-via-merge, so a crafted comment cannot flip an enforced rule by re-merging it.

v0.5.0: bash extraction + schemas + loop primitives

Choose a tag to compare

@gaurav0107 gaurav0107 released this 24 May 15:24
d705965

Extracts bash logic from agent prompts into versioned scripts under scripts/, formalises shared-state JSON via schemas/*.schema.json, and adds three loop primitive slash commands. Safety prose (single-author rule, force-with-lease, suspicious-halt) stays inline in agent prompts where it belongs.

No new plugin dependencies.

Highlights

  • scripts/lib/ — atomic state writes, telemetry, mistakes, flake classification, EXTERNAL_CONTENT delim helpers
  • schemas/ — 12 JSON Schema (draft 2020-12) files, one per shared-state file; SHARED_STATE.md cites them instead of inlining JSONC
  • scripts/profiler/parse_workflows.sh, detect_smoke.sh, catalog_generated.sh (500-entry cap)
  • scripts/scorer/compute_score.sh, historical_blend.sh (fixes audit §18 paren bug), append_score.sh, record_outcome.sh, regen_cooldown.sh
  • scripts/orchestrator/iteration_cap.sh (3/6/10 by LOC), append_fleet_log.sh, write_run_summary.sh (terminal-state oracle, audit §4), reputation_gate.sh (4 exit codes), audit_impact.sh
  • scripts/builder/push_force_with_lease.sh, smoke_gate.sh, ci_gate.sh (token-level allow/deny + flake-aware), drift_linter.sh
  • New commands/contribute, /repo-finder, /contribute-loop. /contribution-dashboard adds latest-loop section.
  • Plugin manifest — bumped to 0.5.0; no new requires.plugins entries.

Invariants preserved

  • Single-author commits, no AI attribution
  • bash 3.2 portability across all scripts
  • Atomic JSON writes via temp + rename
  • Force-with-lease only — never plain --force, never to upstream
  • flock claim, cap rules, identity-pin verifier, suspicious-halt logic stay inline in agent prompts where they belong

Stats

  • 91 files changed, +7,495/−999
  • 23 versioned scripts, 35 bash unit tests under tests/scripts/
  • Safety canaries grew, not shrank: force-with-lease ×10, suspicious ×27, halt ×24

Install

/plugin marketplace add https://github.com/gaurav0107/superhuman
/plugin install superhuman@superhuman
/reload-plugins

PR: #9

v0.3.0: contributor-agent hardening

Choose a tag to compare

@gaurav0107 gaurav0107 released this 06 May 18:37
2421f2e

v0.3.0: contributor-agent hardening

  • schemas for generated_files, plan, maintainer_tone, run_telemetry
  • repo-profiler catalogs auto-generated files
  • planner persists plan.md atomically
  • builder: generated-file guard, review-drift linter, flake classifier
  • scorer: skips CI-health cap on known-flake failures
  • resolve-comments: reads/updates maintainer_tone.json
  • orchestrator: plan.md read, mistakes.md pruning, per-phase telemetry

v0.0.1-beta — initial marketplace scaffold

Choose a tag to compare

@gaurav0107 gaurav0107 released this 24 Apr 21:30

Beta baseline of the superhuman Claude Code plugin.

What's in this release

Snapshot of main at commit fc12619, covering the v1 monolithic
opensource-contributor agent plus the initial skills/agents scaffold.

Commits included

  • fc12619 Drop private-repo install caveat now that the repo is public
  • 870599f Make plugin installable via Claude Code marketplace
  • 71e4037 Initial commit: superhuman plugin scaffold

Installation

Install from the Claude Code plugin marketplace, or clone directly:

git clone https://github.com/gaurav0107/superhuman.git

Status

Marked pre-release — API surface is unstable and may shift as the v2
specialist-agent architecture lands (tracked in PR #1).

Note on plugin.json version

The embedded .claude-plugin/plugin.json reports 0.1.0; this GitHub
release uses v0.0.1-beta per the requested tag. Future releases will
align the two.