Releases: vouchdev/vouch
Releases · vouchdev/vouch
Release list
Claude Code session auto-capture
Added
- auto-capture: claude code sessions are harvested via hooks and filed as a
single pending session-summary proposal for human approval. aPostToolUse
hook (vouch capture observe) appends compact tool-use observations to an
ephemeral, gitignored.vouch/captures/<session>.jsonlbuffer; a
SessionEndhook (vouch capture finalize) rolls the buffer plus a git-diff
backstop into onesessionpage proposal — mechanical, no llm, and never
auto-approved. aSessionStartbanner (vouch capture banner) nudges the
next session when captured summaries await review. opt out with
capture.enabled: falsein.vouch/config.yaml. - session-start recall: a
SessionStarthook (vouch recall) injects a digest
of every live approved claim ([id] text) plus approved page titles into a
new claude session's context, so it starts aware of the reviewed KB. only
approved knowledge is emitted; archived / superseded / redacted claims are
excluded; size-guarded byrecall.max_charswith an explicit truncation
notice. opt out withrecall.enabled: false. vouch install-mcp claude-codenow merges its hooks and read-only permission
allowlist into an existing.claude/settings.json(ajson_mergeinstall
strategy) instead of skipping it, so the capture / recall hooks land on
projects that already have a settings file. idempotent; user entries are
preserved.- GitHub PR auto-labeling: a pull-request metadata-only labeler workflow now
applies vouch surface labels from.github/labeler.yml, keeps those labels
in sync as files change, and adds OpenClaw-stylesize: XSthrough
size: XLlabels based on non-doc changed lines. Maintainers can also run
it manually to backfill labels on already-open PRs. vouch detect-themes— cross-session pattern detection via deterministic
entity co-occurrence scoring.kb.detect_themesis read-only (returns
ranked clusters);kb.propose_themeroutes synthesis pages through the
review gate so they appear inkb.list_pending. Supports--proposefor
one-shot propose-all and--jsonfor machine-readable output. Configurable
viathemes.min_sessions,themes.min_claims,themes.top_k, and
themes.enabledinconfig.yaml(#311).- dual-solve JSON, review-ui job, and choose responses now include
changed_filesfor each candidate and the kept branch, so desktop and browser
clients can show the resulting files without parsing unified diffs.
Changed
vouch dual-solve --sandboxdefault docker image is now
vouch/coder:latest(wasamika/coder:latest).
Fixed
vouch pending(and every bulklist_*path) no longer crashes when a
single artifact file is unreadable — a corrupt or mojibake yaml is skipped
with a warning instead of aborting the whole listing.- all text-mode file i/o under
src/vouch/now pinsencoding="utf-8", so a
non-utf-8 locale (e.g. latin-1) can no longer mangle non-ascii claim text
into raw control bytes that the yaml loader rejects, nor crash on write.
Packaging
- restored the tag-triggered
release.ymlworkflow that was accidentally
deleted alongside unrelated files in the #95 squash. It publishes to PyPI
via Trusted Publishing (OIDC) exactly as before, and now also creates the
GitHub release for the tag with the built sdist and wheel attached and the
matching CHANGELOG section as the release body. - restored the
vouch-kbdistribution name inpyproject.toml— the same
#95 squash had reverted it tovouch, which PyPI rejects (the name belongs
to an unrelated project, and the trusted publisher is registered for
vouch-kb). The installed command is stillvouch. - container image: every release now also pushes
ghcr.io/vouchdev/vouch
(linux/amd64 + linux/arm64, taggedX.Y.Z,X.Y, andlatest). The
entrypoint is thevouchCLI with the stdio MCP server as the default
command; bind-mount the project root at/data. Built from the new
repo-rootDockerfile; installs thewebextra, leaves embeddings out. - the
[1.0.0]section below was restored: a merge after the release folded
its entries back under[Unreleased], dropping the version header.
Docs
- example KBs now carry their own screenshots:
examples/README.mdand the
tiny/+decision-log/READMEs embed terminal renders ofvouch status,
search,show,audit, and a supersessiondiffagainst the shipped
fixtures, so a reader can see what vouch looks like before installing it.
Images live underdocs/img/examples/and are generated deterministically
from the fixtures bydocs/img/examples/render.py(make examples-screenshots);tests/test_example_screenshots.pyasserts the
committed SVGs stay reproducible (#286).
v0.1.0
[0.1.0] — 2026-05-26
Packaging
- Published to PyPI as
vouch-kb(thevouchname was already taken by an
unrelated project); the installed command is stillvouch. Install with
pipx install vouch-kb. A tag-triggered release workflow publishes via PyPI
Trusted Publishing (OIDC).
Added
- Seed a cited starter source and claim during
vouch init, print first-run
next steps, and document a 30-second onboarding tour (#54).
Fixed
- Add
put_relation_idempotent()toKBStoreand use it insupersede()andcontradict()so retrying after a partial failure converges to a consistent state instead of raisingValueError. - Raise
ProposalError("forbidden_self_approval")inproposals.approve()whenapproved_by == proposal.proposed_by, enforcing the review-gate guarantee documented in the README and CONTRIBUTING. crystallize()now setsreview.approver_role: trusted-agentcontext so single-agent sessions can be crystallized without hitting theforbidden_self_approvalguard (#47).- Bundle import rejects tar members whose path escapes
kb_dir(CVE-2007-4559, #9). Previously a crafted.tar.gzwith a member named../../evil.txtcould write outside.vouch/; the manifest allow-list did not prevent this because the manifest lives inside the same tarball.import_apply,import_check, andexport_checknow validate every member path and raise on unsafe names. - Fix
vouch searchCLI: assign backend label per code path so substring fallback results are no longer mislabelled asfts5; update stale docstring to reflect multi-backend search surface (#52). vouch crystallizenow indexes its session-summary page into FTS5 so it surfaces fromvouch search/kb.search/kb.contextwithout avouch indexrebuild (#60).- Bundle export uses POSIX
/separators inmanifest.jsonand tar member names on every platform (Windows previously produced self-invalid bundles). Windows bundles produced before this fix should be re-exported. bundle.import_checkandbundle.import_applynow verify each tar member'ssha256againstmanifest.json(#74), so a tampered tarball with an unchanged manifest can no longer land attacker-controlled content;import_applyre-verifies at write time and refuses to record abundle.importaudit event on mismatch.