Holistic v0.6.5: Security & Robustness Hardening graduation

Holistic v0.6.5: Security & Robustness Hardening

This release finalizes the M009b security milestone, ensuring Holistic is more resilient, transparent, and security-hardened.

Key Enhancements

• Read-Only MCP Server: Refactored the 'serve' command to enforce a strict read-only contract. It now performs passive hook status checks at startup without mutating the repository.
• Safe Mode Propagation: Centralized configuration management to ensure 'safeMode' is respected across the CLI, Daemon, and Initialization layers, providing privacy-first documentation generation.
• Repository Containment: Refined path validation to ensure repo-configured output paths stay strictly within the repository root.
• Regression Test Suite: Added 88 tests covering version consistency, build integrity (cryptographic verification), and core security logic.

Under the Hood

• Bumped version to v0.6.5 across the codebase and documentation.
• Refined health diagnostics and corruption handling for state files.
• Verified non-mutating build pipeline on both Windows and Linux.

v0.6.4: Holistic Security & Robustness Hardening (M009)

v0.6.4 Security and Robustness Hardening

This release successfully completes the M009 milestone, significantly hardening Holistic against malicious configuration, data corruption, and unsafe build practices.

Highlights

• Repository Path Containment: Enforced strict boundaries for all output paths to prevent directory traversal.
• State Integrity: Corrupted state.json files are now automatically preserved as .corrupt-timestamp.json for audit.
• Non-Mutating Build Pipeline: Refactored the build process to use a staging area, keeping src/ pristine.
• Optimized MCP Hooks: Read-only hook staleness check on client connection.
• Provenance and Safe Mode: Added versioned traceability headers and a minimal-instruction mode.
• Comprehensive testing: 87 tests passing, including a new security integration suite.

v0.6.3

• Smarter health diagnostics (info status is now healthy).
• Actionable remediation suggestions in holistic doctor.
• New holistic doctor --json for machine-readable output.
• Hardened redaction engine to prevent false-positives.
• 100% test pass rate with expanded integration coverage.

v0.6.2: Locking in Holistic Maturity

Changelog

0.6.2 - 2026-04-12

Locking in Holistic Maturity (M007). This release hardens the security model, improves diagnostic transparency, and ensures system stability with expanded coverage and robust build processes.

• Implemented Deep Config Validation: holistic doctor now validates mcpLogging levels, sync strategies, and interval settings, providing actionable feedback on configuration drift.
• Hardened Secret Redaction Engine: Redaction now preserves original assignment operators (e.g. = vs :) and includes robust coverage for Azure and Stripe keys.
• Categorized CLI Help Architecture: Refactored help text into Setup, Read-Only, and Mutating sections to explicitly communicate the project's trust model.
• Improved Build Resilience: Hardened the production build script to guarantee source integrity even during compiler failures.
• Optimized MCP Notification Flow: Suppressed project greetings for idle sessions to reduce log noise and maintain a clean developer experience.
• Added Privacy Mode Integration Tests: Verified mandatory "early-exit" privacy guards in Git hooks and system scripts when portableState is disabled.

0.6.1 - 2026-04-12

Trust & Privacy Hardening (M006). This release implements a "Consent-First" read-only architecture, strengthens privacy boundaries for portable state, and introduces configurable MCP logging and enhanced secret redaction.

• Implemented Read-Only Command Policy: Routine commands (status, resume, diff, search) are now strictly non-mutating. They will surface health warnings for outdated hooks but will never fix them silently.
• Hardened Privacy Mode Enforcement: When portableState is disabled (Privacy Mode), generated shell scripts and Git hooks now exit early to prevent any accidental remote state synchronization.
• Added MCP Logging Privacy: Introduced mcpLogging configuration (off | minimal | default). Defaults to minimal to prevent session objectives and titles from leaking into system logs.
• Expanded Secret Redaction: significantly strengthened the redaction engine to identify and scrub JWT tokens, Bearer tokens, AWS keys, and PEM private key blocks.
• Added Redaction Quality Tests: Integrated 8 new unit tests to verify that sensitive patterns are correctly scrubbed while preserving normal text.
• Added SECURITY.md: Published a comprehensive technical disclosure of Holistic's trust model, data residency guarantees, and safety architecture.

0.6.0 - 2026-04-11

Comprehensive Reliability & UX Refinement (M005). This release finalizes the security hardening milestone, introduces granular bootstrap controls, and adds support for explicit portable-state management.

• Added Granular Bootstrap Flags: Users can now surgically enable setup items with --yes-hooks, --yes-daemon, --yes-mcp, --yes-attr, and --yes-claude.
• Added --portable flag to init and bootstrap to explicitly toggle Portable State (Privacy Mode) during setup.
• Refined Bootstrap Pre-flight UX: The pre-flight check now clearly differentiates between "Core Configuration" (covered by --yes) and "Optional/Explicit" items.
• Fixed Runtime Script Resolution: Resolved a critical production bug where the CLI incorrectly searched for .ts files in built environments; now correctly resolves .js files when TypeScript stripping is unavailable.
• Hardened Read-Only Diagnostics: Refactored holistic doctor and getSetupStatus to be strictly read-only, ensuring health checks never inadvertently modify Git hooks or repository state.
• Improved MCP Server Transparency: Sanitized startup logging to prevent context leakage in system logs while maintaining full context availability via the holistic_resume tool.
• Aligned Claude Code Hook Detection: Fixed a bug where holistic doctor misreported Claude hook status by incorrectly checking the filesystem instead of settings.json.

0.5.5 - 2026-04-10

Major Security & Trust Hardening (M005) to eliminate silent automation and improve auditability.

• Added Consent Gating to holistic bootstrap: The CLI now displays a summary of system-modifying actions (daemon, hooks, Claude setup) and requires an explicit --yes flag to apply them.
• Added holistic doctor command for repository setup diagnostics and background sync health monitoring.
• Implemented Privacy-First Defaults: Remote portable-state syncing is now disabled by default. Users must explicitly opt-in by setting "portableState": true in the repo config.
• Eliminated Silent Error Suppression: Background sync scripts (PowerShell & Bash) now use timestamped logging to .holistic/system/sync.log. Failures are now visible in holistic doctor and holistic status.
• Hardened Git-Native Snapshotting: Refactored repo snapshotting to use git ls-files, ensuring $O(\text{changes})$ performance and native .gitignore compliance.
• Gated Handoff Commits by Default: Removed automatic Git commits from the handoff command. Holistic now prepares a pending-commit.txt for manual review, with an optional --commit flag for automated workflows.

0.5.4 - 2026-04-09

Security hardening in response to socket.dev AI-based package scanner flags.

• Removed -WindowStyle Hidden from the Windows daemon startup .cmd — the daemon now runs in a visible window, consistent with how macOS and Linux handle it.
• Downgraded PowerShell execution policy from -ExecutionPolicy Bypass to -ExecutionPolicy RemoteSigned in all three generation sites (setup.ts, sync.ts, bin/holistic.cmd). RemoteSigned is sufficient for locally-generated scripts and does not suppress antivirus or security monitoring.
• Fixed a real code quality bug in bin/holistic.cmd: the COMMIT_MSG variable read from pending-commit.txt was used unquoted in a git commit -m call. Special characters (&, |, >, <, ") are now stripped before use to prevent cmd.exe argument injection.
• Added SECURITY.md with transparent disclosure of what Holistic installs (daemon, startup entries, git sync), what it does not do (no exfiltration, no credential access, no external services), and an explanation of known scanner false positives.
• Added Security & Privacy section to README.md linking to SECURITY.md.

0.5.3 - 2026-04-09

Hardened state management for fresh repos and path-moved environments, and added a repair command to regenerate stale machine-local helpers.

• Added holistic repair to regenerate .holistic/system/ helpers from the current repo config — fixes repos whose local helpers pointed at stale or moved paths after bootstrap.
• Fixed fresh-repo state locking — the lock file parent directory is now created before attempting to acquire the lock, preventing silent failures in repos that have never had a checkpoint.
• Fixed checkpoint seeding — new sessions created from a carryover handoff or pending work now inherit real context instead of boilerplate fallback text.
• Fixed packaged-install helper generation — generated .holistic/system/holistic and holistic.cmd now target dist/*.js instead of dist/cli.ts, so they work correctly in globally-installed (non-source) environments.
• Wired repair dispatch into the CLI — holistic repair now appears in help output and routes correctly.

0.5.2 - 2026-03-28

Cross-platform polish and hook-warning noise reduction shipped as part of the S07 technical polish slice.

• Reduced hook refresh warning noise by aggregating custom-hook skip messages instead of emitting one per hook file.
• Tracked .gitattributes under Holistic management and aligned cross-platform line-ending rules for generated Holistic files.
• Published npm package holistic@0.5.2 and created GitHub tag/release v0.5.2.

0.5.1 - 2026-03-28

Shipped the S04 edge-case health diagnostics slice and released it as holistic@0.5.1.

• Added a daemon-health diagnostics evaluator with two warning classes:
  • stale checkpoint warning when no checkpoint is recorded for 3+ days
  • unusual pattern warning when 50+ files are changed without checkpoint evidence
• Integrated diagnostics into startup surfaces through shared greeting formatting so MCP startup notifications and /holistic output stay in parity.
• Added boundary and regression coverage for 3-day and 50-file thresholds, below-threshold negatives, and diagnostic (non-blaming) warning language.
• Published npm package holistic@0.5.1 and created GitHub tag/release v0.5.1.

0.4.2 - 2026-03-26

Published the README heading fix that should have landed with the prior patch release.

• Renamed the README section heading from What it feels like now to What it feels like with HOLISTIC so the public docs match the intended wording.
• Re-published the package so npm and GitHub both reflect the corrected README copy.

0.4.1 - 2026-03-26

Polished the public README language and improved how Holistic surfaces top-level command failures.

• Renamed the README section to What it feels like with HOLISTIC and removed the stray npm start wording from the day-to-day workflow description.
• Improved the CLI top-level failure path so commands show a clearer Holistic command failed. banner before printing the underlying error.
• Kept stack traces available when present so debugging detail is still visible after the friendlier error header.

0.4.0 - 2026-03-26

Stopped Holistic from auto-pushing the working branch during sync, filled out the missing adapter matrix, and gave each supported tool a more specific operating guide.

• Stopped checkpoint and handoff auto-sync helpers from pushing the current working branch; they now mirror only the portable Holistic state ref.
• Updated generated handoff guidance so Holistic prepares a pending handoff commit instead of implying that it will commit or push code automatically.
• Added/generated missing adapters for Gemini, GitHub Copilot, Cursor, Goose, G...

v0.6.1 - Trust & Privacy Hardening (M006)

This release represents a comprehensive hardening of Holistic's security model, focusing on a "Consent-First" read-only architecture, strengthened privacy boundaries, and enhanced secret redaction.

Key Features & Improvements

• Read-Only Command Policy: Routine commands (status, resume, diff, search) are now strictly non-mutating, providing health warnings without silent repo changes.
• • Privacy Mode Enforcement: Hardened boundaries for portableState: false with early-exit guards in all generated sync scripts and hooks to prevent accidental remote traffic.
• • Granular MCP Privacy: Introduced mcpLogging configuration (off | minimal | default) to protect session metadata.
• • Elite Secret Redaction: Significantly expanded the redaction engine to identify and scrub JWT tokens, Bearer tokens, AWS keys, and PEM private key blocks.
• • Technical Disclosure: Published SECURITY.md detailing the trust model and data residency guarantees.
• • 100% Test Coverage: Verified safe behavior with 76 automated tests, including new redaction quality audits.

v0.6.0 - Reliability & UX Refinement (M005)

Comprehensive Reliability & UX Refinement (M005). This release finalizes the security hardening milestone, introduces granular bootstrap controls, and adds support for explicit portable-state management.

• Added Granular Bootstrap Flags: Users can now surgically enable setup items with --yes-hooks, --yes-daemon, --yes-mcp, --yes-attr, and --yes-claude.
• Added --portable flag to init and bootstrap to explicitly toggle Portable State (Privacy Mode) during setup.
• Refined Bootstrap Pre-flight UX: The pre-flight check now clearly differentiates between "Core Configuration" (covered by --yes) and "Optional/Explicit" items.
• Fixed Runtime Script Resolution: Resolved a critical production bug where the CLI incorrectly searched for .ts files in built environments; now correctly resolves .js files when TypeScript stripping is unavailable.
• Hardened Read-Only Diagnostics: Refactored holistic doctor and getSetupStatus to be strictly read-only, ensuring health checks never inadvertently modify Git hooks or repository state.
• Improved MCP Server Transparency: Sanitized startup logging to prevent context leakage in system logs while maintaining full context availability via the holistic_resume tool.
• Aligned Claude Code Hook Detection: Fixed a bug where holistic doctor misreported Claude hook status by incorrectly checking the filesystem instead of settings.json.

v0.5.5 - M005 Security & Trust Hardening

What's new

Security & Privacy

• Consent gating on holistic bootstrap - shows a plan of system changes and requires --yes to apply
• • Privacy-first defaults - remote portable-state syncing is now opt-in (portableState: true in config)
• • Timestamped sync logging - background PowerShell/Bash scripts now log to .holistic/system/sync.log
• • New holistic doctor command - audits machine setup and sync log health at any time
• • holistic status now includes sync diagnostics - no more guessing what's happening in the background

Core hardening

• Git-native snapshotting via git ls-files - respects .gitignore, O(changes) performance
• • Handoff commits now require --commit flag - Holistic prepares pending-commit.txt for review by default
• • Zero shell injection - internal commit logic stripped of shell wrappers

README & docs

• Added shields.io badges (npm version, test status, license, Node.js >=24)
• • Added Why trust this? trust summary section
• • Standardized section separators throughout

Tests

• 67 automated tests, all passing
• • Test runner hardened with real git init for cross-platform compatibility

v0.5.4 - Security Hardening

Security Hardening

This release addresses security flags raised by socket.dev's AI-based package scanner.

Fixes

• Removed -WindowStyle Hidden from the Windows daemon startup .cmd — the background process now runs visibly, consistent with macOS and Linux behavior
• Downgraded -ExecutionPolicy Bypass to RemoteSigned in all three generation sites (setup.ts, sync.ts, bin/holistic.cmd) — sufficient for locally-generated scripts and no longer suppresses AV/security monitoring
• Fixed cmd.exe argument injection in bin/holistic.cmd — special characters are now stripped from COMMIT_MSG before use in git commit -m

New

• SECURITY.md — full transparent disclosure of what Holistic installs (daemon, OS autostart entries, git sync), what it does NOT do (no exfiltration, no credential access, no external services), and an explanation of known scanner false positives
• Security and Privacy section added to README, linking to SECURITY.md

Links

• npm package
• SECURITY.md
• CHANGELOG

v0.5.3

holistic@0.5.3

Hardened state management for fresh repos and path-moved environments, and added a repair command to regenerate stale machine-local helpers.

What's new

• holistic repair — regenerates .holistic/system/ helpers from the current repo config, fixing repos whose local helpers pointed at stale or moved paths after bootstrap
• Fix: fresh-repo lock — the lock file parent directory is now created before lock acquisition, preventing silent failures in repos with no prior checkpoint
• Fix: checkpoint seeding — new sessions from a carryover handoff or pending work now inherit real context instead of boilerplate placeholder text
• Fix: packaged-install helpers — generated holistic / holistic.cmd wrappers now correctly target dist/*.js in globally-installed environments
• Fix: repair CLI dispatch — holistic repair now appears in --help and routes correctly

Install / update

npm install -g holistic

v0.5.2

Highlights

• Reduced hook-refresh warning noise by aggregating custom-hook skip diagnostics into one line.
• Tracked in-repo and aligned cross-platform line-ending policy.
• Completed S07 technical polish slice artifacts and UAT notes.

Verification

• npm test
• npm run build
• npm run test:smoke

npm

• Published as holistic@0.5.2