v0.35.0

Added

• Central module marketplace foundations (OpenSpec change marketplace-01-central-module-registry) with multi-location discovery, source tracking (builtin/marketplace/custom), and source-priority shadow handling.
• New module registry client and installer workflows for fetching registry index, secure module download with checksum verification, install/uninstall operations, and core compatibility validation.
• New specfact module command group with install, uninstall, search, list, and upgrade subcommands.
• New docs: Installing Modules and Module Marketplace, plus architecture and sidebar updates for marketplace workflows.

Changed

• Module package metadata now includes source to persist module origin across discovery and lifecycle registration.
• README module lifecycle baseline now includes marketplace command entry points.

v0.34.1

Fixed

• specfact backlog refine --auto-bundle no longer persists bundle mapping history into bundle manifest files (for example .specfact/bundle.yaml); mapping history remains in dedicated mapping config state.
• Bundle ID candidate derivation no longer falls back to the manifest filename stem (bundle.yaml -> bundle), preventing false rejection of valid explicit bundle:<id> tags.
• OpenSpec change order/archive tracking was synchronized for Wave 1 closure (verification-01-wave1-delta-closure) and related archived status markers.

v0.33.0

Added

• New policy-engine module package with lazy-loaded specfact policy command group.
• specfact policy validate for deterministic policy evaluation with hard failures and dual output (json, markdown, or both).
• specfact policy suggest for confidence-scored, patch-ready suggestions with explicit no-auto-write behavior.
• Policy configuration loader for .specfact/policy.yaml supporting Scrum DoR/DoD fields, Kanban column entry/exit requirements, and SAFe PI readiness fields.
• Integration tests for policy commands in tests/integration/commands/test_policy_engine_commands.py with recorded TDD evidence.

Changed

• Updated Agile/Scrum and DevOps adapter integration guides with policy engine command usage and workflow guidance.
• specfact policy validate and specfact policy suggest now apply --limit to backlog item group count when --group-by-item is enabled (instead of truncating sub-item findings/suggestions).
• Grouped-mode policy output now avoids duplicate top-level flat arrays and emits grouped payloads with summary metadata for cleaner consumption.
• Policy command docs and OpenSpec change artifacts were updated to document grouped-limit semantics and grouped output behavior.

Fixed

• Resolved type-check errors in policy_engine/main.py by introducing typed grouped payload structures and explicit payload typing.

v0.32.1

Added

• Git worktree lifecycle helper: scripts/worktree.sh with create, list, cleanup, and help commands.
• Worktree helper unit tests: tests/unit/tools/test_worktree_helper.py covering protected-branch rejection, branch-type guardrails, deterministic paths, and cleanup behavior.
• New OpenSpec change package: workflow-01-git-worktree-management with proposal, design, spec delta, validation report, and TDD evidence.

Changed

• Repository instructions now enforce worktree-first development for parallel branches and explicitly block dev/main worktrees.
• OpenSpec workflow command docs (.cursor/commands/wf-create-change-from-plan.md, .cursor/commands/wf-validate-change.md) now require dedicated worktree execution and validate worktree-aware task structure.
• Active OpenSpec change task files were normalized to worktree-first branch setup commands to reduce direct-work-on-dev risk.

v0.32.0

Added

• Enhanced module manifest security and integrity (arch-06, fixes #208)

  • Publisher and integrity metadata in module-package.yaml (publisher, integrity.checksum, optional integrity.signature).
  • Versioned dependency entries (module_dependencies_versioned, pip_dependencies_versioned) with name and version specifier.
  • crypto_validator: checksum verification (sha256/sha384/sha512) and optional signature verification.
  • Registration-time trust checks: manifest checksum verified before module load; failed trust skips that module only.
  • SPECFACT_ALLOW_UNSIGNED and allow_unsigned parameter for explicit opt-in when using unsigned modules.
  • Signing automation: scripts/sign-module.sh and .github/workflows/sign-modules.yml for checksum generation.
  • Documentation: docs/reference/module-security.md and architecture updates for module trust and integrity lifecycle.

• Schema extension system (arch-07, Resolves #213)

  • extensions dict field on Feature and ProjectBundle with namespace-prefixed keys (e.g. backlog.ado_work_item_id).
  • Type-safe get_extension(module_name, field, default=None) and set_extension(module_name, field, value) with contract enforcement.
  • Optional schema_extensions in module-package.yaml to declare target model, field, type_hint, and description.
  • ExtensionRegistry for collision detection and introspection; module registration loads and validates schema extensions.
  • Guide: Extending ProjectBundle.

v0.31.1

Added

• CI log artifacts: PR Orchestrator workflow now uploads test logs (test-logs) from hatch run smart-test-full and repro logs/reports (repro-logs, repro-reports) from the contract-first-ci job so failed runs can be debugged by downloading full logs from the Actions Artifacts section without re-running locally.
• Documentation: "CI and GitHub Actions" section in Troubleshooting describing artifact names and how to download and use them.

Changed

• Tests job in .github/workflows/pr-orchestrator.yml now runs hatch run smart-test-full (single full-suite step with log output to logs/tests/) and uploads logs/tests/ as the test-logs artifact.
• Contract-first-ci job captures specfact repro stdout/stderr to logs/repro/ and uploads repro-logs and repro-reports (.specfact/reports/enforcement/) as artifacts on every run.

v0.31.0

Added

• Backlog dependency-analysis module package (backlog-core) with provider-agnostic graph models and analyzers.
• specfact backlog command suite for dependency-centric workflows:
  • analyze-deps
  • trace-impact
  • sync
  • verify-readiness
  • diff
  • promote
  • generate-release-notes
• Nested backlog delta workflow under specfact backlog delta:
  • status
  • impact
  • cost-estimate
  • rollback-analysis
• Project backlog integration commands:
  • specfact project link-backlog
  • specfact project health-check
  • specfact project devops-flow
  • specfact project snapshot
  • specfact project regenerate
  • specfact project export-roadmap

Changed

• Backlog command discoverability now follows impact-first ordering with command groups shown before leaf commands.
• Backlog ceremony workflows are grouped under specfact backlog ceremony with clearer subcommands:
  • standup
  • refinement
• project regenerate mismatch UX:
  • default summary-only output for plan/backlog mismatches
  • optional --verbose for detailed mismatch lines
  • optional --strict to fail on mismatches

Fixed

• Resolved legacy/duplicate command registration behavior for backlog module integration under a shared backlog top-level group.
• Resolved missing backlog-core lazy-load path in project health/dependency flows (No module named 'backlog_core').
• Enriched provider dependency extraction for graph analysis:
  • GitHub: normalized relationship extraction (blocks, blocked by, related, parent/child conventions) and graph type enrichment
  • ADO: relationship mapping parity for hierarchy/dependency/related links

v0.30.4

Fixed (0.30.4)

• Backlog refine mixed-format parsing hardening
  • Prevented duplicate Notes content in normalized writeback output when mixed ## Description + inline **Notes**: formatting is returned by Copilot.
  • Preserved internal headings (for example ## Risks) inside label-style Notes: blocks instead of truncating at the heading line.
  • Improved parser section-boundary handling so label capture flushes only at canonical section boundaries.
• Copilot refinement instruction quality
  • Added explicit expected output scaffold for refinement responses.
  • Added explicit rule to omit unknown metadata fields (no placeholders such as (unspecified) or provide area path).

Changed (0.30.4)

• Version: Bumped to 0.30.4 (patch).

v0.30.3

Fixed (0.30.3)

• Backlog refine writeback parsing for ADO/GitHub
  • specfact backlog refine --write now parses structured refinement output (markdown headings and label-style fields like Description:, Acceptance Criteria:, Story Points:, Business Value:, Priority:) into canonical fields before adapter writeback.
  • ADO writeback now avoids writing labeled refinement blocks verbatim into description and instead updates mapped fields with split canonical values.
  • GitHub writeback now preserves canonical field updates even when refined bodies include structured headings that do not explicitly include all core field sections.
• Refine command maintainability
  • Decomposed backlog refine orchestration into focused helper methods (stdin refinement capture, update-field construction, writeback, optional OpenSpec comment) to reduce top-level command complexity while keeping behavior parity.

Changed (0.30.3)

• Version: Bumped to 0.30.3 (patch).

v0.30.2

Fixed (0.30.2)

• Backlog daily/refine filter parity and selection semantics
  • Added missing global filter flags to specfact backlog daily: --search, --release, --id (parity with refine).
  • Fixed daily issue-window semantics so --first-issues/--last-issues are applied over the full filtered candidate set (not pre-truncated by default limit).
  • Added assignee column in daily standup tables and fixed GitHub --assignee me/@me handling to use provider semantics without incorrect literal local post-filtering.
• Interactive comment UX
  • specfact backlog daily --interactive now renders comments in scoped panel blocks (refine-like) for clearer context.
  • Interactive default remains latest-comment-first; explicit --first-comments/--last-comments now controls the displayed comment window and shows omitted-count hints.
  • Interactive navigation now supports Post standup update on the currently selected story; successful post feedback includes explicit story ID and URL.
• GitHub adapter contract binding bug
  • Fixed icontract decorator placement in GitHubAdapter so interactive standup comment posting no longer fails with contract-argument binding errors (item/update_fields) when checking comment capability.
• Docs and prompt updates
  • Updated daily/refine docs and prompt templates with standardized filter parity guidance (--search, --release, --id, --first-issues, --last-issues) and clarified comment behavior (interactive latest-only vs export/summarize full context by default).

Changed (0.30.2)

• Version: Bumped to 0.30.2 (patch).