chore(release): v5.8.0 — campaign motor (Fase 2)

Bump plugin.json 5.7.0 -> 5.8.0, README version badge + version-history row,
and CHANGELOG [5.8.0]. Covers the full Fase 2 campaign motor (durable ledger,
read-only campaign-cli, human-approved campaign-write-cli + /config-audit
campaign, cross-repo backlog, per-repo plan export with execution-by-reuse)
plus the pre-release cleanup (knowledge-refresh wiring, CLAUDE.md trim).

Scanner count 15, agents 7, commands 20 -> 21, tests 1091 -> 1168. All counts
verified green via self-audit --check-readme.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-06-23 12:03:36 +02:00
commit 759daa7201
3 changed files with 54 additions and 2 deletions

View file

@ -1,7 +1,7 @@
{
"name": "config-audit",
"description": "Multi-agent workflow for analyzing, reporting, and optimizing Claude Code configuration across your entire machine",
"version": "5.7.0",
"version": "5.8.0",
"author": {
"name": "Kjell Tore Guttormsen"
},

View file

@ -5,6 +5,57 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [5.8.0] - 2026-06-23
### Summary
"Campaign motor" — a durable, machine-wide audit **campaign** that sits ABOVE individual sessions.
A single audited repo is one session; a fleet of repos is a campaign. This release adds a durable
ledger (per-repo lifecycle + machine-wide roll-up), a read-only reporter and a human-approved write
surface behind one `/config-audit campaign` command, a cross-repo prioritized backlog, and per-repo
plan export — with execution deliberately **reusing** the existing implement/rollback engines rather
than adding new machinery. The whole campaign surface is `-cli`/lib only, so the scanner count stays
**15**, agents **7**, and the snapshot suite is untouched; commands 20 → **21**.
### Added
- **Durable campaign ledger (`scanners/lib/campaign-ledger.mjs`).** The ledger that sits above
sessions: a repo list + per-repo lifecycle (`pending → audited → planned → implemented`) + a
machine-wide roll-up (counts by status and by severity, aggregated across repos). Persists to a
single JSON file **outside** the plugin dir (`~/.claude/config-audit/campaign-ledger.json`, next
to `sessions/`) so it survives uninstall / reinstall / upgrade. Pure transforms
(`createLedger` / `addRepo` / `setRepoStatus` / `rollUp`) with `now` injected (never the clock) +
a soft `validateLedger` + a thin IO shell; `schemaVersion` stamped from the start.
- **Cross-repo prioritized backlog (`buildBacklog`).** One machine-wide work list — each item is a
repo (the ledger tracks per-repo severity *counts*, not individual findings), ordered by a
weighted severity score (`critical:1000 / high:100 / medium:10 / low:1`) with a deterministic
tie-break so criticals always win. Includes only repos not yet `implemented` that have known
findings.
- **`/config-audit campaign` (commands 20 → 21).** A thin orchestrator that always **reports** first
(read-only `campaign-cli`: status, roll-up, backlog) and, for `init` / `add` / `set-status`,
proposes the change and mutates **only on explicit human approval** via `campaign-write-cli` — it
never hand-edits the ledger JSON (verification duty). `add --discover <root>` finds git repos
under a root to pick from; marking a repo `audited` attaches findings-by-severity from its session
(or user-provided counts), never invented.
- **Per-repo plan export (`campaign-export-cli`).** `--repo <path>` resolves the repo's linked
session, reads its `action-plan.md`, and (under opt-in `--write`) drops a provenance-stamped,
byte-faithful copy into that repo's own `docs/config-audit-plan-<session>.md` — a durable record
next to the code it changes. Advisory gates for "no session linked" / "no action plan yet".
### Changed
- **Execution by reuse.** A campaign adds no execution engine of its own: the exported `docs/` file
is the durable record, while `/config-audit implement` (backup + apply + verify) and
`/config-audit rollback` do the work, then `campaign set-status <repo> implemented` records it.
- **`knowledge-refresh` wired into the surface.** The v5.7.0 `knowledge-refresh` command shipped but
was never routed; it is now in the `/config-audit` router (argument-hint + routing) and the `help`
command table.
- **CLAUDE.md trimmed to lean invariants.** The 19 per-scanner / per-block implementation notes
moved verbatim into `docs/scanner-internals.md` ("Implementation notes"); CLAUDE.md drops
540 → 134 lines (raising its own config grade B → A). A real "Conventions" section now points at
`.claude/rules/`.
### Tests
- 1091 → **1168** (campaign ledger +28, read-only campaign-cli +8, campaign-write-cli +11,
cross-repo backlog +12, plan-export +18).
## [5.7.0] - 2026-06-21
### Summary

View file

@ -6,7 +6,7 @@
*AI-generated: all code produced by Claude Code through dialog-driven development. [Full disclosure →](../../README.md#ai-generated-code-disclosure)*
![Version](https://img.shields.io/badge/version-5.7.0-blue)
![Version](https://img.shields.io/badge/version-5.8.0-blue)
![Platform](https://img.shields.io/badge/platform-Claude_Code_Plugin-purple)
![Scanners](https://img.shields.io/badge/scanners-15-cyan)
![Commands](https://img.shields.io/badge/commands-21-green)
@ -661,6 +661,7 @@ This plugin is cautious by design — configuration files are important, and a b
| Version | Date | Highlights |
|---------|------|-----------|
| **5.8.0** | 2026-06-23 | "Campaign motor" — a durable, machine-wide audit **campaign** that sits ABOVE individual sessions (one repo = one session; a fleet of repos = a campaign). **Ledger:** `~/.claude/config-audit/campaign-ledger.json` (outside the plugin dir → survives uninstall/upgrade) tracks a repo list + per-repo lifecycle (pending→audited→planned→implemented) + a machine-wide roll-up by status & severity; pure transforms with injected `now`. **`/config-audit campaign` (commands 20→21):** read-only report (`campaign-cli`) + human-approved writes (`campaign-write-cli`: init / add / set-status) — reports first, mutates only on explicit approval, never hand-edits the ledger. **Cross-repo backlog:** one severity-weighted prioritized pick-list (`buildBacklog`, `critical:1000/high:100/medium:10/low:1`). **Plan export + execution-by-reuse:** `campaign-export-cli --write` drops a planned repo's plan verbatim into its own `docs/`; execution reuses the existing `/config-audit implement` + `rollback` (no new execution machinery). All campaign code is `-cli`/lib → scanner count stays **15**, agents **7**, byte-stable. Plus pre-release cleanup: `knowledge-refresh` wired into the router + help; CLAUDE.md trimmed 540→134 lines (impl notes → `docs/scanner-internals.md`, config grade B→A). 1168 tests |
| **5.7.0** | 2026-06-21 | "Optimization lens" — first detector of the «optimally shaped?» axis (vs «correct?»), plus a living knowledge layer. **Register:** `knowledge/best-practices.json`, a provenance-stamped, schema-validated best-practices register (first runtime-consumed `knowledge/` file). **OPT scanner (count 14→15):** `CA-OPT-001` (LOW) a ≥6-step CLAUDE.md procedure that would fit better as a skill, citing register entry `BP-MECH-003`. **`/config-audit optimize` + `optimization-lens-agent` (opus, agents 6→7):** prose-judgment lens for lifecycle→hook (`BP-MECH-001`), unscoped path→rule (`BP-MECH-002`), "never"→permission (`BP-MECH-004`); pre-filter recall + opus precision gate. **`/config-audit knowledge-refresh` (commands 19→20):** deterministic stale-check (injected reference date, 90-day cadence) + web re-verify/poll, human-approved writes only. Last two are agent/web-driven (not byte-stable). 1091 tests |
| **5.6.0** | 2026-06-20 | "Steering-model II" — the load-pattern / compaction-survival model lands end-to-end. **Foundation:** `active-config-reader` now enumerates rules, agents, and output styles (alongside CLAUDE.md/plugins/skills/hooks/MCP), each tagged `loadPattern` (always / on-demand / external) + `survivesCompaction` from the published loading model; the frontmatter parser also reads YAML block sequences (`paths:` lists). **B (load-pattern accounting):** `manifest` reports component-level sources (the double-counting plugin roll-up is gone), tags every source with the load-pattern triple, and leads with an **always-loaded subtotal** ("tokens that enter context every turn"); `token-hotspots` annotates each ranked hotspot with its load pattern. **C (output styles):** new orchestrated **OST** scanner (count 13→**14**) — `CA-OST-001` a custom style stripping built-in coding instructions (missing `keep-coding-instructions: true`, V10), `CA-OST-002` a plugin style with `force-for-plugin: true` overriding the user's `outputStyle` (V11), `CA-OST-003` a settings `outputStyle` resolving to no known style (dead config). Doc-verified; frozen v5.0.0 snapshots preserved via strip-helpers, SC-5 regenerated. 1023 tests |
| **5.5.0** | 2026-06-20 | "Steering-model I" — two additive compaction-durability / dead-config findings (count stays **13**, `--json`/`--raw` byte-stable). Per the official "what survives compaction" model: RUL flags a large (>50-line) **path-scoped** rule not re-injected after compaction (LOW); CML flags a **nested** (subdir) CLAUDE.md not re-injected after compaction (LOW). PLH flags a plugin agent setting `hooks`/`mcpServers`/`permissionMode` — Claude Code ignores these for plugin subagents, so it's dead config (`permissionMode` = MEDIUM false-security, `hooks`/`mcpServers` = LOW). Known limitation: the frontmatter parser reads inline `paths:` but not YAML block sequences (deferred to v5.6 Foundation). 961 tests |