Releases: gaurav0107/superhuman
Release list
v0.6.4
v0.6.3
Added
- Automated patch releases on merge (
.github/workflows/release.yml). Every push tomainnow cuts a release: an ordinary merge auto-bumps the patch version across all three manifests, promotes the## [Unreleased]CHANGELOG section into a dated section, commits the bump back tomain, then tags and publishes the GitHub Release. A merge that already carries a new version (a manual minor/major bump) is released as-is instead of being patched past. The version-writing + CHANGELOG promotion is extracted toscripts/release/prepare_release.sh(covered bytests/scripts/test_prepare_release.sh), with strict^X.Y.Z$validation so a malformed manifest version can't reach the workflow. Replacesrelease-tag.yml, which only tagged manual bumps. - Merge gating on
main. Branch protection now requires thesuiteCI checks to pass and all review conversations (CodeRabbit) to be resolved before a PR can merge — a failing check or an unresolved review comment blocks the merge. The release bot pushes its bump commit with aRELEASE_TOKENadmin PAT to get past protection (enforce_admins=false); see CONTRIBUTING → Versioning & releases. - One-command installer (
install.sh). Installs superhuman and its dependent plugins —superpowers(required) andeverything-claude-code/ ECC (recommended) — in a single command via the Claude Code CLI (claude plugin marketplace add/plugin install). Idempotent and re-runnable; checks prerequisites (git/gh/jq/python3+gh auth), and falls back to printing the manual slash-commands when theclaudeCLI isn't onPATH. Flags:--skip-ecc,--codex(clone + symlink the Codex skill),--dry-run. Usage:curl -fsSL https://raw.githubusercontent.com/gaurav0107/superhuman/main/install.sh | bash. Covered bytests/scripts/test_install.sh; README Installation section leads with it.
Fixed
- Installer used the wrong marketplace/plugin IDs, so both dependency installs failed (
Plugin "superpowers" not found in marketplace "superpowers", and likewise for ECC). The marketplace name comes from each repo'smarketplace.json, not the repo slug. Corrected to the verified IDs:superpowers@superpowers-marketplace(viaobra/superpowers-marketplace) andecc@ecc(viaaffaan-m/everything-claude-code). Added a bare-plugin-name retry so a future marketplace rename self-heals instead of hard-failing. README manual commands updated to match.
v0.6.2
Added
- Usage & lifecycle telemetry. Two new opt-out PostHog events extend adoption measurement beyond terminal contribution outcomes, governed by the same single opt-out gate (
SUPERHUMAN_TELEMETRY=off/telemetry.json/print):superhuman_used— emitted (backgrounded, non-blocking) on every command invocation, carryingcommandandversion. All five commands (contribute,contribute-loop,contribution-dashboard,contribution-fleet,repo-finder) are instrumented.superhuman_lifecycle— emitted once after install or a version change (kind=install|update, plusversion,prev_version), inferred from a cached~/.superhuman/global/last_version.jsonsince Claude Code plugins have no native installer hook.scripts/lib/telemetry_common.sh— shared, sourced opt-out/identity/version/send helpers;usage_ping.shrefactored to source it (behavior parity), newusage_event.shemits the two events.
- Payload remains minimal (
distinct_id= GitHub username only);TELEMETRY.mddocuments all three events.
Fixed
usage_event.shno longer writes the lifecycle cache inSUPERHUMAN_TELEMETRY=print(dry-run) mode, so previewing telemetry no longer consumes the one-shot install/update signal.
v0.6.1
Fixed
- PR-body attribution is now rogue-proof — the canonical footer is the single source of truth.
scripts/orchestrator/pr_body_with_attribution.shnow scrubs any model-authored attribution line from the PR body before appending the deterministic🤖 Opened with [Superhuman](…)footer (or, withSUPERHUMAN_ATTRIBUTION=off, emitting the scrubbed body with no footer). This prevents a model-improvised, unlinked, fine-print disclosure line (or double attribution) from replacing the canonical linked footer. Scrubbing is scoped to the footer zone (after the last---, else the trailing paragraph, else the final line) and gated on a structural signal, so legitimate mid-body prose is never touched. The same pass also strips Claude/AI attribution (🤖 Generated with…,Co-authored-by:,noreply@anthropic.com) from the PR body, closing a gap where those were guarded only in commit messages.agents/planner.mdgains a matching defense-in-depth rule: never author attribution in the PR body — the harness owns the canonical footer.
v0.6.0
First tagged release since
v0.5.1. The interim0.7.0/0.7.1/0.8.0version bumps were manifest-only and never tagged, so their changes are consolidated into this release.
Added
- Learning substrate — the system now learns from reviewer feedback instead of repeating it. A durable, typed knowledge base that outlives a single run and generalizes across repos, closing a Birth → Retrieve → Prevent → Enforce → Curate loop so the same review comments stop recurring across merged PRs.
lesson-distilleragent (producer/curator; sole owner of the knowledge base). Seed mode authors a short repo architecture dossier grounded in a deterministic structural scan, and emits deterministic scan rule cards. Curate mode mines a run's classified reviewer comments and merge outcome into typed rule cards, then runs graduated cross-repo promotion, age-based decay, contradiction-demotion, demoted→active re-confirmation, and maintainer-reraise regression logging.- Rule cards (
schemas/rule_card.schema.json) — typed, provenance-tracked convention records. Deterministic cards reference one of a fixed check registry (file_present,file_in_dir,commit_matches,identifier_case); semantic cards carry prose the scorer's LLM pass judges. A card is DATA — no executable field — and a minedcheck.idoutside the registry is force-converted to semantic. - PREVENT —
plannerandbuilderretrieve the dossier + matching cards (select_lessons.sh) and inject them as MUST-follow conventions (planner's Compliance checklist; builder's subagent-driven-development constraints). - ENFORCE —
merge-probability-scorerrunscheck_lessons.shon the diff; an unfixed ENFORCED violation caps the merge score at 75% (blocks merge-ready ≥80%) and lists the rule under Blocking Issues. Shipped violations are logged to a cross-repo regression corpus at terminal only. - Graduated cross-repo promotion — a repo-scoped rule recurring across ≥2 distinct repos becomes a
global-candidate; ≥3 graduates it to enforcedglobalscope. - Scripts (all unit-tested, bash-3.2-safe):
scripts/lessons/{select_lessons,check_lessons,merge_cards,promote_lessons,decay_lessons,record_regression,set_lesson_status}.sh;scripts/profiler/{scan_structure,write_repo_scan,dossier_fresh}.sh;scripts/lib/lesson_checks.sh(fixed check registry + canonical dedupe key). - Observability —
/contribution-dashboardgains a Learning panel: per-repo rule-card counts (total / active / enforced / by kind, plus demoted) and dossier freshness, and a global section with promoted cards (candidate vs. enforced) and the regression alarm log.
- New shared-state files (registered in
agents/SHARED_STATE.md):repo_scan.json(owner repo-profiler);dossier.md,dossier_meta.json,lessons.jsonl,lessons_global.jsonl,lesson_regressions.jsonl(owner lesson-distiller);classified_comments.json(owner resolve-comments — the distiller handoff). Each with a draft 2020-12 schema where applicable. - PR-origin disclosure.
scripts/orchestrator/pr_body_with_attribution.shassembles the PR body and appends a Superhuman origin-disclosure footer, honoringSUPERHUMAN_ATTRIBUTION. Unit-tested bytests/scripts/test_pr_body_with_attribution.sh;agents/opensource-contributor.mdPhase 6 pipes the plan-derived body through it beforegh pr create. - Codex runtime support.
.codex-plugin/plugin.jsonmanifest andskills/superhuman/SKILL.mdadapter expose the full contribution workflow to Codex, executing the sameagents/,scripts/,schemas/contracts inline instead of via subagent dispatch. Includes concretesuperpowers:fallback procedures, a Codex command-equivalent table in the README, and clone + symlink install instructions.
Changed
repo-profilernow publishesrepo_scan.json(deterministic structural scan of the worktree) to ground the dossier.resolve-commentspersists classified, non-suspicious comments toclassified_comments.jsonfor the distiller.opensource-contributorsequences the distiller:MODE=seedafter profiling (Phase 2.5) andMODE=curatepost-terminal (Phase 8.5) — both non-fatal.skills/superhuman/SKILL.mdgained the learning-substrate safety rail for the Codex runtime.- PRs now disclose their Superhuman origin by default — a one-line footer on the PR body (
🤖 Opened with [Superhuman](https://github.com/gaurav0107/superhuman), an open-source contribution agent.). SetSUPERHUMAN_ATTRIBUTION=off(alsofalse/0/no) to suppress it. - Contributor identity is derived from
gh, not hard-coded (agents/builder.mdStep 3,agents/opensource-contributor.mdPhase 0). Whoever installs the plugin contributes under their own name; falls back to theID+login@users.noreply.github.comprivacy address when GitHub hides the email. Both agents guard withgh auth statusand surfaceGH_AUTH_MISSING. - The single-author commit rule is unchanged and now explicitly commit-scoped. Commits carry no
Co-Authored-By:trailers and no AI attribution (pre-push verifier enforces it); the disclosure lives only in the PR body. - Plugin description and keywords updated across the three manifests to reflect dual-runtime (Claude Code + Codex) support.
Security
- Reviewer comments feeding the distiller are treated as EXTERNAL_CONTENT; the distiller extracts ONLY into the constrained rule-card schema. A comment attempting a command, URL, or out-of-repo write is classified
suspicious, logged tomistakes.md, and never minted into a card. Enforced rules feed the scorer's judgment only — they can never expandallowed_commands.jsonor drive builder shell. The active↔demoted transition routes exclusively throughset_lesson_status.sh;merge_cards.shrefuses status-flips-via-merge, so a crafted comment cannot flip an enforced rule by re-merging it.
v0.5.0: bash extraction + schemas + loop primitives
Extracts bash logic from agent prompts into versioned scripts under scripts/, formalises shared-state JSON via schemas/*.schema.json, and adds three loop primitive slash commands. Safety prose (single-author rule, force-with-lease, suspicious-halt) stays inline in agent prompts where it belongs.
No new plugin dependencies.
Highlights
scripts/lib/— atomic state writes, telemetry, mistakes, flake classification, EXTERNAL_CONTENT delim helpersschemas/— 12 JSON Schema (draft 2020-12) files, one per shared-state file;SHARED_STATE.mdcites them instead of inlining JSONCscripts/profiler/—parse_workflows.sh,detect_smoke.sh,catalog_generated.sh(500-entry cap)scripts/scorer/—compute_score.sh,historical_blend.sh(fixes audit §18 paren bug),append_score.sh,record_outcome.sh,regen_cooldown.shscripts/orchestrator/—iteration_cap.sh(3/6/10 by LOC),append_fleet_log.sh,write_run_summary.sh(terminal-state oracle, audit §4),reputation_gate.sh(4 exit codes),audit_impact.shscripts/builder/—push_force_with_lease.sh,smoke_gate.sh,ci_gate.sh(token-level allow/deny + flake-aware),drift_linter.sh- New commands —
/contribute,/repo-finder,/contribute-loop./contribution-dashboardadds latest-loop section. - Plugin manifest — bumped to 0.5.0; no new
requires.pluginsentries.
Invariants preserved
- Single-author commits, no AI attribution
- bash 3.2 portability across all scripts
- Atomic JSON writes via temp + rename
- Force-with-lease only — never plain
--force, never to upstream - flock claim, cap rules, identity-pin verifier, suspicious-halt logic stay inline in agent prompts where they belong
Stats
- 91 files changed, +7,495/−999
- 23 versioned scripts, 35 bash unit tests under
tests/scripts/ - Safety canaries grew, not shrank:
force-with-lease×10,suspicious×27,halt×24
Install
/plugin marketplace add https://github.com/gaurav0107/superhuman
/plugin install superhuman@superhuman
/reload-plugins
PR: #9
v0.3.0: contributor-agent hardening
v0.3.0: contributor-agent hardening
- schemas for generated_files, plan, maintainer_tone, run_telemetry
- repo-profiler catalogs auto-generated files
- planner persists plan.md atomically
- builder: generated-file guard, review-drift linter, flake classifier
- scorer: skips CI-health cap on known-flake failures
- resolve-comments: reads/updates maintainer_tone.json
- orchestrator: plan.md read, mistakes.md pruning, per-phase telemetry
v0.0.1-beta — initial marketplace scaffold
Beta baseline of the superhuman Claude Code plugin.
What's in this release
Snapshot of main at commit fc12619, covering the v1 monolithic
opensource-contributor agent plus the initial skills/agents scaffold.
Commits included
fc12619Drop private-repo install caveat now that the repo is public870599fMake plugin installable via Claude Code marketplace71e4037Initial commit: superhuman plugin scaffold
Installation
Install from the Claude Code plugin marketplace, or clone directly:
git clone https://github.com/gaurav0107/superhuman.gitStatus
Marked pre-release — API surface is unstable and may shift as the v2
specialist-agent architecture lands (tracked in PR #1).
Note on plugin.json version
The embedded .claude-plugin/plugin.json reports 0.1.0; this GitHub
release uses v0.0.1-beta per the requested tag. Future releases will
align the two.