Skip to content

v0.1.0

Choose a tag to compare

View all tags
@ZviBaratz ZviBaratz released this 03 Mar 14:03
· 82 commits to main since this release
v0.1.0
7f276bc
This commit was signed with the committer’s verified signature.
ZviBaratz Zvi Baratz
SSH Key Fingerprint: pTg/yHMJ12aTzA2DHB6U1PIf7CNnlflcZSQjegf1eoI
Verified
Learn about vigilant mode.

Changelog

v0.1.0 — 2026-03-03

Features

  • ego-simulate: Added ESLint errors as rejection reason #23 (weight 5) to the taxonomy — crash-at-runtime bugs from undefined references now score appropriately (#2, PR #5)
  • ego-simulate: ego-lint FAIL results now integrate into taxonomy scoring — each unmapped FAIL adds weight 5, WARNs route to Advisory Notes (#3, PR #6)

Bug Fixes

  • ego-review: Added "NOT a signal" exception to ai-slop checklist item #4_destroyed + _initializing (re-entrancy guard) is not the over-engineered state machine anti-pattern (#1, PR #4)

Changed

  • ego-lint: Version-gated R-WEB-01/02/10/11 (setTimeout/setInterval/clearTimeout/clearInterval) to max-version: 44 — GJS provides native polyfills since GNOME 45
  • ego-lint: Extended license check to recognize LICENSE.rst/.md/.txt and COPYING variants
  • ego-lint: Downgraded uuid-matches-dir from FAIL to WARN — cloned repos don't match UUID
  • Moved "How This Was Built" section earlier in README for transparency
  • Promoted scripts/new-rule.sh as primary contribution workflow in CONTRIBUTING.md
  • Added fixture validation checklist and debugging tips to CONTRIBUTING.md
  • Separated hara-hachi-bu regression into tests/run-regression.sh
  • Named hara-hachi-bu as regression baseline in README
  • Strengthened community ownership messaging in README
  • Updated stale assertion/fixture counts in docs

What's Included

  • 124 pattern rules in rules/patterns.yaml covering web APIs, deprecated APIs, security, import segregation, AI slop detection, GNOME 44–50 migration, and more
  • 17 structural check scripts (Python/bash) for metadata validation, lifecycle symmetry, resource graph construction, async safety, GObject patterns, preferences validation, schema checks, package validation, disclosure checks, polkit validation, schema usage analysis, and accessibility
  • Cross-file resource tracking — builds a resource graph (signals, timeouts, widgets, D-Bus, file monitors, GSettings) and detects orphaned resources
  • Version-gated rules — GNOME 44–50 migration rules that only fire when the extension's declared shell-version includes the relevant version
  • Contributor toolingscripts/new-rule.sh for scaffolding rules (with next-ID suggestion), scripts/validate-fixture.sh for fixture validation, scripts/validate-rule.sh for rule testing, apply-patterns.py --validate for rule file validation
  • 153 test fixtures with 416 assertions
  • CI integration — GitHub Actions and GitLab CI examples in docs/ci-integration.md

False Positive Reduction

  • Removed R-SEC-07 (redundant clipboard check — quality/clipboard-disclosure is a strict superset)
  • Consolidated quality/private-api output into a single warning per check instead of up to 6
  • Changed verdict to count unique check IDs instead of raw warning lines
  • Fixed quality/gettext-pattern fix message (was suggesting this.gettext(), now suggests ESM import)
  • Added deduplicate: true to R-SEC-20 to reduce noise on multi-file pkexec references

Documentation

  • Added First Contribution Workflow, Where to Find Sources, severity upgrade criteria, and License sections to CONTRIBUTING.md
  • Expanded Tier 2 contribution guide with script selection table covering all 13 check scripts
  • Broadened PR template to cover non-rule contributions (bug fixes, docs, tooling)
  • Added co-maintainer onboarding path to GOVERNANCE.md
  • Added Help Wanted subsection to README surfacing self-contained gaps
  • Added troubleshooting section to rules/README.md

Research Basis

Rules are grounded in analysis of 9 real EGO reviews, 109 extracted requirements from gjs.guide, GNOME Shell GitLab guideline evolution across versions 44–50, and reverse-engineered patterns from 5 popular approved extensions. 8 unwritten reviewer rules were identified and encoded. Full research: docs/research/.

Known Limitations

  • Polkit action ID validation not yet implemented (if pkexec used, .policy file not verified)
  • Schema filename validation partial (warns but doesn't block on filename mismatch)
  • Module-scope mutable state detection not yet implemented (Map/Set at module level)
  • Full gap list: docs/research/gap-analysis.md
Assets 2
Loading