Skip to content

Commit 6444fc8

Browse files
LykhoydaLykhoyda
committed
Merge branch 'main' into fix/issue-106-flow-skeleton-bundling
# Conflicts: # .claude-plugin/marketplace.json # .claude-plugin/plugin.json # CHANGELOG.md # scripts/cdp-bridge/package.json
2 parents 119824e + d2e26f8 commit 6444fc8

14 files changed

Lines changed: 1358 additions & 15 deletions

CHANGELOG.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,41 @@ Format follows [Keep a Changelog](https://keepachangelog.com/).
5050
opt-outs, conflict-rename, malformed-bundle defense in depth, and
5151
no-app.json fallback. Suite: 1312 → 1341 passing.
5252

53+
## [0.44.37] — 2026-05-12
54+
55+
### Added (GH #91 acceptance #3 closeout — per-project verification config)
56+
57+
- **`verification.successShapes` and `verification.mutationMethods` per-project
58+
overrides** in `.rn-agent/config.json` for the mutation-absence detector.
59+
Closes the last open acceptance criterion on GH #91. Detector itself shipped
60+
in `fed0dd0` (Apr 28).
61+
- New `loadVerificationConfig(projectRoot)` reads the config once per project
62+
root and caches the result. Defaults are preserved (no behavior change) on
63+
missing file, parse error, missing `verification` block, empty arrays, or
64+
all-invalid regex strings — apps that don't opt in see zero change.
65+
- **ReDoS-via-typo guard** (Codex review conf 90): patterns longer than 200
66+
chars are dropped before compilation, and matched-input length is capped
67+
at 256 chars in `isSuccessShape`. Bounds regex evaluation cost on the
68+
`cdp_navigate` / `cdp_navigation_state` / `proof_step` hot path so a
69+
developer typo can't stall the MCP event loop.
70+
- **Empty-array means defaults**, not "disable detection" (Codex review conf
71+
92). Silent loss of a safety net is the worse failure mode; explicit disable
72+
is reserved for a future `verification.disable: true` flag.
73+
- **Observability**: one stderr log line on first config load per project root
74+
(`[verification] loaded config from .../.rn-agent/config.json (patterns: N,
75+
methods: M)`). Makes "is my config picked up?" a one-line check, without
76+
needing SIGHUP/watcher reload machinery.
77+
- 18 new tests cover the loader, overrides, ReDoS guards, cache behavior, and
78+
the observability log. Suite: 1312 → 1330 tests, all passing.
79+
80+
### Notes
81+
82+
- `device_press` / `cdp_interact` wirings remain **intentionally deferred** as
83+
documented in the original `fed0dd0` commit message: these tools don't carry
84+
nav-state intent, and the success-shape signal is captured downstream by the
85+
next `cdp_navigation_state` call. Adding nav-state fetches per tap would
86+
bloat the hot path for noise this PR considers low-value.
87+
5388
## [0.44.36] — 2026-05-12
5489

5590
### Fixed (Phase 134.2-followup — device_deeplink url injection)

0 commit comments

Comments
 (0)