calorie-counter/CHANGELOG.md

Changelog

All notable changes to the Virsaitis project will be documented in this file.

Format based on Keep a Changelog. This project uses Semantic Versioning.

---

[Unreleased]

[3.0.3] - 2026-04-21

Fixed

• MCP field mapping: Extension client now correctly maps MCP server's reason field to message and consequence to consequences — fixes "Virsaitis (TIER-3): undefined" notification (REQ-EXT-002 AC4, REQ-EXT-003)

Changed

• Version bumped from 3.0.2 → 3.0.3

[3.0.2] - 2026-04-21

Fixed

• Validation regex: Module version footer check now handles bold markdown (**Version**: 3.0.0) in addition to italic and plain formats — fixes 11/14 false failures in virsaitis.validateFramework (REQ-EXT-020 AC4)
• Silent setup validation: Post-install validation skipped during auto-setup chain when MCP server is not yet running — eliminates misleading "3/14 passed" warning during first-run bootstrap (REQ-EXT-016)

Changed

• Version bumped from 3.0.1 → 3.0.2

[3.0.1] - 2026-04-21

Added

• Zero-touch bootstrap: extension auto-detects missing framework on activation and triggers setup chain without user intervention (REQ-EXT-019)
• isSetupInProgress() guard: file-save interceptor bypasses enforcement during initial setup (REQ-EXT-002)
• Silent mode for installFramework() and configureMcpJson() to suppress reload prompts during auto-setup (REQ-EXT-016)
• Status bar setSetupInProgress() state with spinner animation (REQ-EXT-004)

Changed

• extension.ts: Activation rewritten — detect framework → auto-setup if missing → defer enforcement until complete (REQ-EXT-001)
• setup-wizard.ts: Rewritten as orchestrator with runAutoSetup() — no more .setup-skipped markers, "Remind Me Later" defers to next activation (REQ-EXT-019)
• Publisher changed to accenture-baltics
• Version bumped from 3.0.0 → 3.0.1

Removed

• shouldShowWizard() function and .setup-skipped marker file — replaced by stateless auto-setup detection (REQ-EXT-019)

[Unreleased — Extension Phase 1–7 Summary]

Added — VS Code Extension (Phase 1–7)

• VS Code Extension v3.0.0: Complete three-layer governance enforcement extension (13 source files, 1,651 LOC)
• Extension activation <200ms via onStartupFinished with async MCP spawn (REQ-EXT-001)
• File save interception: files.readonlyInclude pre-emptive block + post-save MCP validation + auto-revert (REQ-EXT-002)
• MCP stdio client: child process spawn, JSON-RPC tool calls, AbortController timeout (REQ-EXT-003)
• Status bar: 7 states (Active/Disconnected/Reconnecting/Error/Disabled/Not Installed/Node.js Required) with accessibility (REQ-EXT-004)
• File decoration: 🛡️ badge + yellow color on protected files in Explorer tree (REQ-EXT-005)
• Override request command: 3-step input, override record, MCP audit trail, temporary file unlock (REQ-EXT-006)
• Configuration: 5 settings (enabled, failOpen, mcpServerPath, logLevel, mcpTimeout) with hot-reload (REQ-EXT-007)
• VSIX packaging: 688 KB, bundled MCP server + 24 governance templates, no node_modules (REQ-EXT-008)
• Webpack build: extension.js (commonjs2) + esbuild MCP server, production hidden-source-map (REQ-EXT-009)
• Test suite: 136 tests, 83% statement coverage, 85% branches, 89% functions, 80% enforced thresholds (REQ-EXT-010)
• MCP lifecycle: spawn on activation, 30s health checks, crash recovery (exponential backoff 1s/2s/4s, max 3), graceful shutdown (REQ-EXT-011)
• Secret scanning: post-save scan_secrets call, auto-revert on detection, binary/large file skip (REQ-EXT-012)
• MCP auto-configuration: .vscode/mcp.json generation with server merge (REQ-EXT-013)
• Output channel logging: "Virsaitis" channel, severity filtering, no PII (REQ-EXT-014)
• Cross-platform: case-insensitive path matching on Windows/macOS, platform-aware process signals (REQ-EXT-015)
• Framework installation: 24-file deploy from bundled portable, AC9/AC10/AC11 guards, backup, progress notification (REQ-EXT-016)
• Framework detection: hub presence check, version parsing, partial install detection, foreign content scan (REQ-EXT-017)
• Framework update: semver comparison, backup before overwrite, no-downgrade guard, custom file preservation (REQ-EXT-018)
• Setup wizard: 5-step QuickPick flow (Welcome → Prerequisites → Install → Validate → Complete), skip/complete markers (REQ-EXT-019)
• Validate command: 14-file inventory, structure validation, version footer check, MCP server tool count, JSON report (REQ-EXT-020)
• Prerequisite check: node --version validation ≥18, check-before-spawn, setNodeRequired status bar state (REQ-EXT-021)
• Master toggle: virsaitis.enabled=false disables all interception/scanning, removes readonlyInclude, MCP stays alive (REQ-EXT-007 AC5)
• Manual test checklist: 28-item validation checklist for Extension Development Host testing (REQ-EXT-010 AC4)
• Extension README.md: architecture, commands, configuration, dependencies, build pipeline, traceability
• VSIX distributed to virsaitis-distribution/virsaitis-3.0.0.vsix

Added — MCP Server (prior iteration)

• HMAC-SHA256 audit log integrity checksums (configureAuditHmac, VIRSAITIS_HMAC_KEY)
• Streaming audit log reader (constant memory via createReadStream + readline)
• ReDoS-safe CONNECTION_STRING regex with non-overlapping character classes
• REQ-EXT requirements rewrite: 10→15 requirements aligned with stdio architecture
• REQ-EXT-011: MCP Server Lifecycle Management (spawn/restart/shutdown)
• REQ-EXT-012: Secret Scanning on Save (TIER-0, block on detection)
• REQ-EXT-013: MCP Server Auto-Configuration (mcp.json generation)
• REQ-EXT-014: Output Channel Logging (dedicated Virsaitis channel)
• REQ-EXT-015: Cross-Platform Compatibility (Win/macOS/Linux)
• REQ-EXT-016: Governance Framework Installation (portable package deploy)
• REQ-EXT-017: Governance Framework Detection (presence + version check)
• REQ-EXT-018: Governance Framework Update (version upgrade with backup)
• REQ-EXT-019: First-Run Setup Wizard (guided onboarding)
• REQ-EXT-020: Governance Framework Validation Command
• REQ-EXT-021: Runtime Prerequisite Check (Node.js ≥ 18)
• REQ-EXT-016: Updated with MCP server installation (AC3/AC4/AC9), backup on overwrite
• REQ-EXT-016: Portable package manifest expanded to ~22 files: 14 governance + skills scaffold + docs folder + requirements templates (with glossary) + README + USAGE-GUIDE + CHANGELOG template. v2 agent excluded.
• REQ-EXT-019: Wizard now includes prerequisite check step before install
• REQ-EXT-011 AC7: Added virsaitis.restartMcp manual restart command (finding: action button had no registered command)
• REQ-EXT-007 AC5: Added master toggle behavior spec — enabled=false disables all interception/scanning, keeps MCP alive, status bar shows Disabled
• REQ-EXT-018 AC2: Added virsaitis.updateFramework command registration (was only triggerable via notification)
• REQ-EXT-008 AC8: Added engines.vscode: "^1.85.0" minimum version constraint
• REQ-EXT-016 AC10: Added scaffold file conflict handling — skips existing non-governance files (README.md, CHANGELOG.md, etc.)
• REQ-EXT-016 AC11: Added foreign .github/ content detection — pre-flight check detects non-Virsaitis copilot-instructions, agents, and modules before install; offers Backup & Install or Cancel
• REQ-EXT-016: Portable package file count corrected to 24 (was ~22)

Changed

• REQ-EXT-002 AC1: Protected file patterns now parsed from governance hub file instead of non-existent operation='list-protected' MCP call
• REQ-EXT-003: HTTP client → stdio transport (child process spawn via MCP SDK)
• REQ-EXT-002: Rewritten — onWillSaveTextDocument save cancellation replaced with two-strategy approach: pre-emptive files.readonlyInclude for protected files + post-save onDidSaveTextDocument validation with automatic revert (VS Code API cannot cancel saves)
• REQ-EXT-012: Changed from "block save" to "post-save scan + automatic revert" pattern (aligned with VS Code API limitations)
• REQ-EXT-008: VSIX size limit relaxed from 5MB to 10MB (accommodates bundled MCP server + governance templates)
• REQ-EXT-008: Explicit sideload-only distribution (no VS Code Marketplace publishing), added AC2 sideload install + AC7 no marketplace deps
• REQ-EXT-019: Wizard implementation specified as multi-step QuickPick flow (window.createQuickPick() with step/totalSteps)
• REQ-NFR-014 AC1: VSIX size limit aligned to 10MB (was 5MB)
• REQ-EXT-007: 3 settings → 5 settings (mcpServerUrl removed, added mcpServerPath/logLevel/mcpTimeout)
• REQ-EXT-010: Renamed from "Extension Development Host Testing" to "Extension Testing" (unit + manual)
• Requirements index: total 71→77, MCP status updated to Tested, Agent to Implemented
• Feature list: renumbered to accommodate 5 new extension features
• End-to-end stdio transport tests (9 tests via StdioClientTransport)
• Sliding-window rate limiter for all MCP tool calls (RateLimiter class, 100/60s default)
• Configurable multi-file log rotation (configureRotationCount, 1–10 backups)
• describeConfig() now explicitly masks hmacKey as ***configured***
• Shannon entropy-based secret detection for obfuscated secrets
• RFC 4180-compliant CSV parser (parseCsvLine) for traceability.csv
• SHA-256 checksum field on audit entries with verifyChecksum() tamper detection
• MCP Functions Reference (virsaitis-mcp/MCP-FUNCTIONS.md)
• MCP Test Cases Reference (virsaitis-mcp/MCP-TEST-CASES.md)
• MCP Dependencies Reference (virsaitis-mcp/MCP-DEPENDENCIES.md)

Changed

• Audit log reader now streams instead of loading entire file into memory
• Traceability.csv updated: REQ-EXT-001 through REQ-EXT-021 all status=Tested, implementation/test refs populated
• Traceability.csv updated: REQ-MCP-001 through REQ-MCP-011 all status=Tested with 277 tests
• MCP Server metrics: 14 source files (2,799 LOC), 14 test files (2,639 LOC), 277 tests, 100% function coverage
• VS Code Extension metrics: 13 source files (1,651 LOC), 13 test files, 136 tests, 83% statement coverage
• Requirements index: REQ-EXT status updated from Draft to Tested, total requirements 77

[3.0.0] - 2026-04-20

Added

• Anchor lines (governance-first line 1) on all 14 governance files (REQ-GOV-002)
• Sandwich closes (key rules + definition library ref + hub link) on all modules (REQ-GOV-008)
• 26 attention tripwires across 9 modules to combat attention decay (REQ-GOV-008)
• Definition library moved to .github/virsaitis-definition-library.md and added to protected files (REQ-GOV-001)
• Glossary cross-link in hub navigation and definition library (REQ-GOV-008)
• AI requirement creation policy in requirements-engineering module (REQ-GOV-004)
• Brownfield project onboarding section in Agent v3.0 (REQ-AGT-006)
• Task-based Smart Context Loading replacing component-based loading (REQ-GOV-008)

Changed

• Agent v2.0 → v3.0: Full rewrite with 10 counter-techniques applied, 557→262 lines (REQ-AGT-001)
• agent-standards.md: Compressed 470→208 lines with full rewrite (REQ-GOV-008)
• skills-standards.md: Compressed 616→207 lines with full rewrite (REQ-GOV-008)
• Hub: Removed workspace tree, compressed machine policy, added Reference section (REQ-GOV-008)
• MCP transport: All references corrected from HTTP to stdio across 5 modules (REQ-MCP-002)
• .github/ folder governance: Updated create_file rules in agent-standards (REQ-GOV-001)
• Protected files list: Added definition library, wildcarded agent pattern, removed virsaitis-requirements (REQ-GOV-001)
• Security-controls: Prohibition framing → task-integration framing (REQ-GOV-009)
• Discovery-First: core-policies now delegates to development-workflow as authority (REQ-GOV-006)
• TIER system duplication resolved — core-policies is sole authority (REQ-GOV-003)
• Source multiplication wording differentiated between core-policies and Agent v3.0 (REQ-GOV-002)
• All 14 files version-bumped to 3.0.0 (REQ-GOV-011)
• Quick Reference table rewritten for end-user tasks (REQ-GOV-008)
• Definition library: Updated protected file patterns, added v3.0 formatting (REQ-GOV-001)
• Distribution: Portable package structure updated with definition library and agent v3.0 filename (REQ-GOV-011)

Fixed

• integration-patterns machine policy: MCP_TO_EXTENSION=http_api → stdio
• extension-standards: StatusBarItem.text syntax error in code example area
• distribution-deployment: Agent filename Virsaitis.agent.md → Virsaitis-3.0.agent.md
• distribution-deployment: MCP server env var path updated to v3.0 agent
• core-policies version footer: v2.0.0 → v3.0.0

Removed

• Strategic decision line from hub (internal-only context)
• Workspace structure tree from hub (token waste)
• Duplicate Discovery-First 11-step workflow from core-policies (now in development-workflow only)

[2.0.0] - 2026-02-17

Added

• Hub-and-spoke modular governance architecture (1 hub + 11 modules)
• Agent v2.0 (CHIEF Agent, 557 lines)
• 85 requirements across 8 categories
• Traceability CSV with full REQ-ID mapping
• Requirements documentation suite (functional, non-functional, glossary, risk register)
• 11 copilot-modules covering all governance domains

[1.0.0] - 2026-01-15

Added

• Initial Virsaitis governance concept
• Single-file Agent.md approach
• Basic TIER system definition