feat: initial implementation — all 35 requirements across phases 1-3
Backend (Spring Boot 3.2 / Java 21 / PostgreSQL): - JWT auth with BCrypt password hashing - User profile + Mifflin-St Jeor BMR calculator - Food search + barcode via OpenFoodFacts API with local cache - Meal CRUD with user data isolation and ownership checks - AI photo analysis (OpenAI Vision) with confidence intervals - AI correction feedback loop for personalisation - Flyway DB migrations + RFC-7807 error responses Mobile (React Native / TypeScript): - Full navigation stack (Auth → Tabs → Home stack) - Design tokens (WCAG 2.2 AA colours, 8px grid, 48px touch targets) - 10 screens: Login, Register, Home, Search, Camera, AI Result, Edit Meal, Daily Details, History, Profile - Confidence-aware calorie display (kcal ± range) - Repeat last meal shortcut + macro tracking Docs: - docs/PLAN-AND-REQUIREMENTS.md - docs/traceability.csv (35 requirements, all Implemented)
This commit is contained in:
191
CHANGELOG.md
Normal file
191
CHANGELOG.md
Normal file
@@ -0,0 +1,191 @@
|
||||
# Changelog
|
||||
|
||||
All notable changes to the Virsaitis project will be documented in this file.
|
||||
|
||||
Format based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
||||
This project uses [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
---
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [3.0.3] - 2026-04-21
|
||||
|
||||
### Fixed
|
||||
- **MCP field mapping**: Extension client now correctly maps MCP server's `reason` field to `message` and `consequence` to `consequences` — fixes "Virsaitis (TIER-3): undefined" notification (REQ-EXT-002 AC4, REQ-EXT-003)
|
||||
|
||||
### Changed
|
||||
- Version bumped from 3.0.2 → 3.0.3
|
||||
|
||||
## [3.0.2] - 2026-04-21
|
||||
|
||||
### Fixed
|
||||
- **Validation regex**: Module version footer check now handles bold markdown (`**Version**: 3.0.0`) in addition to italic and plain formats — fixes 11/14 false failures in `virsaitis.validateFramework` (REQ-EXT-020 AC4)
|
||||
- **Silent setup validation**: Post-install validation skipped during auto-setup chain when MCP server is not yet running — eliminates misleading "3/14 passed" warning during first-run bootstrap (REQ-EXT-016)
|
||||
|
||||
### Changed
|
||||
- Version bumped from 3.0.1 → 3.0.2
|
||||
|
||||
## [3.0.1] - 2026-04-21
|
||||
|
||||
### Added
|
||||
- Zero-touch bootstrap: extension auto-detects missing framework on activation and triggers setup chain without user intervention (REQ-EXT-019)
|
||||
- `isSetupInProgress()` guard: file-save interceptor bypasses enforcement during initial setup (REQ-EXT-002)
|
||||
- Silent mode for `installFramework()` and `configureMcpJson()` to suppress reload prompts during auto-setup (REQ-EXT-016)
|
||||
- Status bar `setSetupInProgress()` state with spinner animation (REQ-EXT-004)
|
||||
|
||||
### Changed
|
||||
- **extension.ts**: Activation rewritten — detect framework → auto-setup if missing → defer enforcement until complete (REQ-EXT-001)
|
||||
- **setup-wizard.ts**: Rewritten as orchestrator with `runAutoSetup()` — no more `.setup-skipped` markers, "Remind Me Later" defers to next activation (REQ-EXT-019)
|
||||
- Publisher changed to `accenture-baltics`
|
||||
- Version bumped from 3.0.0 → 3.0.1
|
||||
|
||||
### Removed
|
||||
- `shouldShowWizard()` function and `.setup-skipped` marker file — replaced by stateless auto-setup detection (REQ-EXT-019)
|
||||
|
||||
## [Unreleased — Extension Phase 1–7 Summary]
|
||||
|
||||
### Added — VS Code Extension (Phase 1–7)
|
||||
- **VS Code Extension v3.0.0**: Complete three-layer governance enforcement extension (13 source files, 1,651 LOC)
|
||||
- Extension activation <200ms via `onStartupFinished` with async MCP spawn (REQ-EXT-001)
|
||||
- File save interception: `files.readonlyInclude` pre-emptive block + post-save MCP validation + auto-revert (REQ-EXT-002)
|
||||
- MCP stdio client: child process spawn, JSON-RPC tool calls, AbortController timeout (REQ-EXT-003)
|
||||
- Status bar: 7 states (Active/Disconnected/Reconnecting/Error/Disabled/Not Installed/Node.js Required) with accessibility (REQ-EXT-004)
|
||||
- File decoration: 🛡️ badge + yellow color on protected files in Explorer tree (REQ-EXT-005)
|
||||
- Override request command: 3-step input, override record, MCP audit trail, temporary file unlock (REQ-EXT-006)
|
||||
- Configuration: 5 settings (`enabled`, `failOpen`, `mcpServerPath`, `logLevel`, `mcpTimeout`) with hot-reload (REQ-EXT-007)
|
||||
- VSIX packaging: 688 KB, bundled MCP server + 24 governance templates, no node_modules (REQ-EXT-008)
|
||||
- Webpack build: extension.js (commonjs2) + esbuild MCP server, production hidden-source-map (REQ-EXT-009)
|
||||
- Test suite: 136 tests, 83% statement coverage, 85% branches, 89% functions, 80% enforced thresholds (REQ-EXT-010)
|
||||
- MCP lifecycle: spawn on activation, 30s health checks, crash recovery (exponential backoff 1s/2s/4s, max 3), graceful shutdown (REQ-EXT-011)
|
||||
- Secret scanning: post-save `scan_secrets` call, auto-revert on detection, binary/large file skip (REQ-EXT-012)
|
||||
- MCP auto-configuration: `.vscode/mcp.json` generation with server merge (REQ-EXT-013)
|
||||
- Output channel logging: "Virsaitis" channel, severity filtering, no PII (REQ-EXT-014)
|
||||
- Cross-platform: case-insensitive path matching on Windows/macOS, platform-aware process signals (REQ-EXT-015)
|
||||
- Framework installation: 24-file deploy from bundled portable, AC9/AC10/AC11 guards, backup, progress notification (REQ-EXT-016)
|
||||
- Framework detection: hub presence check, version parsing, partial install detection, foreign content scan (REQ-EXT-017)
|
||||
- Framework update: semver comparison, backup before overwrite, no-downgrade guard, custom file preservation (REQ-EXT-018)
|
||||
- Setup wizard: 5-step QuickPick flow (Welcome → Prerequisites → Install → Validate → Complete), skip/complete markers (REQ-EXT-019)
|
||||
- Validate command: 14-file inventory, structure validation, version footer check, MCP server tool count, JSON report (REQ-EXT-020)
|
||||
- Prerequisite check: `node --version` validation ≥18, check-before-spawn, `setNodeRequired` status bar state (REQ-EXT-021)
|
||||
- Master toggle: `virsaitis.enabled=false` disables all interception/scanning, removes readonlyInclude, MCP stays alive (REQ-EXT-007 AC5)
|
||||
- Manual test checklist: 28-item validation checklist for Extension Development Host testing (REQ-EXT-010 AC4)
|
||||
- Extension README.md: architecture, commands, configuration, dependencies, build pipeline, traceability
|
||||
- VSIX distributed to `virsaitis-distribution/virsaitis-3.0.0.vsix`
|
||||
|
||||
### Added — MCP Server (prior iteration)
|
||||
- HMAC-SHA256 audit log integrity checksums (`configureAuditHmac`, `VIRSAITIS_HMAC_KEY`)
|
||||
- Streaming audit log reader (constant memory via `createReadStream` + `readline`)
|
||||
- ReDoS-safe CONNECTION_STRING regex with non-overlapping character classes
|
||||
- **REQ-EXT requirements rewrite**: 10→15 requirements aligned with stdio architecture
|
||||
- REQ-EXT-011: MCP Server Lifecycle Management (spawn/restart/shutdown)
|
||||
- REQ-EXT-012: Secret Scanning on Save (TIER-0, block on detection)
|
||||
- REQ-EXT-013: MCP Server Auto-Configuration (mcp.json generation)
|
||||
- REQ-EXT-014: Output Channel Logging (dedicated Virsaitis channel)
|
||||
- REQ-EXT-015: Cross-Platform Compatibility (Win/macOS/Linux)
|
||||
- REQ-EXT-016: Governance Framework Installation (portable package deploy)
|
||||
- REQ-EXT-017: Governance Framework Detection (presence + version check)
|
||||
- REQ-EXT-018: Governance Framework Update (version upgrade with backup)
|
||||
- REQ-EXT-019: First-Run Setup Wizard (guided onboarding)
|
||||
- REQ-EXT-020: Governance Framework Validation Command
|
||||
- REQ-EXT-021: Runtime Prerequisite Check (Node.js ≥ 18)
|
||||
- REQ-EXT-016: Updated with MCP server installation (AC3/AC4/AC9), backup on overwrite
|
||||
- REQ-EXT-016: Portable package manifest expanded to ~22 files: 14 governance + skills scaffold + docs folder + requirements templates (with glossary) + README + USAGE-GUIDE + CHANGELOG template. v2 agent excluded.
|
||||
- REQ-EXT-019: Wizard now includes prerequisite check step before install
|
||||
- REQ-EXT-011 AC7: Added `virsaitis.restartMcp` manual restart command (finding: action button had no registered command)
|
||||
- REQ-EXT-007 AC5: Added master toggle behavior spec — `enabled=false` disables all interception/scanning, keeps MCP alive, status bar shows Disabled
|
||||
- REQ-EXT-018 AC2: Added `virsaitis.updateFramework` command registration (was only triggerable via notification)
|
||||
- REQ-EXT-008 AC8: Added `engines.vscode: "^1.85.0"` minimum version constraint
|
||||
- REQ-EXT-016 AC10: Added scaffold file conflict handling — skips existing non-governance files (README.md, CHANGELOG.md, etc.)
|
||||
- REQ-EXT-016 AC11: Added foreign `.github/` content detection — pre-flight check detects non-Virsaitis copilot-instructions, agents, and modules before install; offers Backup & Install or Cancel
|
||||
- REQ-EXT-016: Portable package file count corrected to 24 (was ~22)
|
||||
|
||||
### Changed
|
||||
- REQ-EXT-002 AC1: Protected file patterns now parsed from governance hub file instead of non-existent `operation='list-protected'` MCP call
|
||||
- REQ-EXT-003: HTTP client → stdio transport (child process spawn via MCP SDK)
|
||||
- REQ-EXT-002: Rewritten — `onWillSaveTextDocument` save cancellation replaced with two-strategy approach: pre-emptive `files.readonlyInclude` for protected files + post-save `onDidSaveTextDocument` validation with automatic revert (VS Code API cannot cancel saves)
|
||||
- REQ-EXT-012: Changed from "block save" to "post-save scan + automatic revert" pattern (aligned with VS Code API limitations)
|
||||
- REQ-EXT-008: VSIX size limit relaxed from 5MB to 10MB (accommodates bundled MCP server + governance templates)
|
||||
- REQ-EXT-008: Explicit sideload-only distribution (no VS Code Marketplace publishing), added AC2 sideload install + AC7 no marketplace deps
|
||||
- REQ-EXT-019: Wizard implementation specified as multi-step QuickPick flow (`window.createQuickPick()` with `step`/`totalSteps`)
|
||||
- REQ-NFR-014 AC1: VSIX size limit aligned to 10MB (was 5MB)
|
||||
- REQ-EXT-007: 3 settings → 5 settings (mcpServerUrl removed, added mcpServerPath/logLevel/mcpTimeout)
|
||||
- REQ-EXT-010: Renamed from "Extension Development Host Testing" to "Extension Testing" (unit + manual)
|
||||
- Requirements index: total 71→77, MCP status updated to Tested, Agent to Implemented
|
||||
- Feature list: renumbered to accommodate 5 new extension features
|
||||
- End-to-end stdio transport tests (9 tests via `StdioClientTransport`)
|
||||
- Sliding-window rate limiter for all MCP tool calls (`RateLimiter` class, 100/60s default)
|
||||
- Configurable multi-file log rotation (`configureRotationCount`, 1–10 backups)
|
||||
- `describeConfig()` now explicitly masks `hmacKey` as `***configured***`
|
||||
- Shannon entropy-based secret detection for obfuscated secrets
|
||||
- RFC 4180-compliant CSV parser (`parseCsvLine`) for traceability.csv
|
||||
- SHA-256 checksum field on audit entries with `verifyChecksum()` tamper detection
|
||||
- MCP Functions Reference (`virsaitis-mcp/MCP-FUNCTIONS.md`)
|
||||
- MCP Test Cases Reference (`virsaitis-mcp/MCP-TEST-CASES.md`)
|
||||
- MCP Dependencies Reference (`virsaitis-mcp/MCP-DEPENDENCIES.md`)
|
||||
|
||||
### Changed
|
||||
- Audit log reader now streams instead of loading entire file into memory
|
||||
- Traceability.csv updated: REQ-EXT-001 through REQ-EXT-021 all status=Tested, implementation/test refs populated
|
||||
- Traceability.csv updated: REQ-MCP-001 through REQ-MCP-011 all status=Tested with 277 tests
|
||||
- MCP Server metrics: 14 source files (2,799 LOC), 14 test files (2,639 LOC), 277 tests, 100% function coverage
|
||||
- VS Code Extension metrics: 13 source files (1,651 LOC), 13 test files, 136 tests, 83% statement coverage
|
||||
- Requirements index: REQ-EXT status updated from Draft to Tested, total requirements 77
|
||||
|
||||
## [3.0.0] - 2026-04-20
|
||||
|
||||
### Added
|
||||
- Anchor lines (governance-first line 1) on all 14 governance files (REQ-GOV-002)
|
||||
- Sandwich closes (key rules + definition library ref + hub link) on all modules (REQ-GOV-008)
|
||||
- 26 attention tripwires across 9 modules to combat attention decay (REQ-GOV-008)
|
||||
- Definition library moved to `.github/virsaitis-definition-library.md` and added to protected files (REQ-GOV-001)
|
||||
- Glossary cross-link in hub navigation and definition library (REQ-GOV-008)
|
||||
- AI requirement creation policy in requirements-engineering module (REQ-GOV-004)
|
||||
- Brownfield project onboarding section in Agent v3.0 (REQ-AGT-006)
|
||||
- Task-based Smart Context Loading replacing component-based loading (REQ-GOV-008)
|
||||
|
||||
### Changed
|
||||
- **Agent v2.0 → v3.0**: Full rewrite with 10 counter-techniques applied, 557→262 lines (REQ-AGT-001)
|
||||
- **agent-standards.md**: Compressed 470→208 lines with full rewrite (REQ-GOV-008)
|
||||
- **skills-standards.md**: Compressed 616→207 lines with full rewrite (REQ-GOV-008)
|
||||
- **Hub**: Removed workspace tree, compressed machine policy, added Reference section (REQ-GOV-008)
|
||||
- MCP transport: All references corrected from HTTP to stdio across 5 modules (REQ-MCP-002)
|
||||
- `.github/` folder governance: Updated create_file rules in agent-standards (REQ-GOV-001)
|
||||
- Protected files list: Added definition library, wildcarded agent pattern, removed virsaitis-requirements (REQ-GOV-001)
|
||||
- Security-controls: Prohibition framing → task-integration framing (REQ-GOV-009)
|
||||
- Discovery-First: core-policies now delegates to development-workflow as authority (REQ-GOV-006)
|
||||
- TIER system duplication resolved — core-policies is sole authority (REQ-GOV-003)
|
||||
- Source multiplication wording differentiated between core-policies and Agent v3.0 (REQ-GOV-002)
|
||||
- All 14 files version-bumped to 3.0.0 (REQ-GOV-011)
|
||||
- Quick Reference table rewritten for end-user tasks (REQ-GOV-008)
|
||||
- Definition library: Updated protected file patterns, added v3.0 formatting (REQ-GOV-001)
|
||||
- Distribution: Portable package structure updated with definition library and agent v3.0 filename (REQ-GOV-011)
|
||||
|
||||
### Fixed
|
||||
- integration-patterns machine policy: `MCP_TO_EXTENSION=http_api` → `stdio`
|
||||
- extension-standards: `StatusBarItem.text` syntax error in code example area
|
||||
- distribution-deployment: Agent filename `Virsaitis.agent.md` → `Virsaitis-3.0.agent.md`
|
||||
- distribution-deployment: MCP server env var path updated to v3.0 agent
|
||||
- core-policies version footer: `v2.0.0` → `v3.0.0`
|
||||
|
||||
### Removed
|
||||
- Strategic decision line from hub (internal-only context)
|
||||
- Workspace structure tree from hub (token waste)
|
||||
- Duplicate Discovery-First 11-step workflow from core-policies (now in development-workflow only)
|
||||
|
||||
## [2.0.0] - 2026-02-17
|
||||
|
||||
### Added
|
||||
- Hub-and-spoke modular governance architecture (1 hub + 11 modules)
|
||||
- Agent v2.0 (CHIEF Agent, 557 lines)
|
||||
- 85 requirements across 8 categories
|
||||
- Traceability CSV with full REQ-ID mapping
|
||||
- Requirements documentation suite (functional, non-functional, glossary, risk register)
|
||||
- 11 copilot-modules covering all governance domains
|
||||
|
||||
## [1.0.0] - 2026-01-15
|
||||
|
||||
### Added
|
||||
- Initial Virsaitis governance concept
|
||||
- Single-file Agent.md approach
|
||||
- Basic TIER system definition
|
||||
Reference in New Issue
Block a user