v2026.05.06

What's New in v2026.05.06

hex-relay: standalone Telegram control-plane

The relay-bot used to live inside skills-catalog/ln-030-vps-bootstrap/references/relay-bot/ — a templated artifact rendered at install time. This release lifts it out as a first-class TypeScript product at agents/hex-relay/ with its own README, redeploy runbook, and operator runbook. The skill now points at the deployed agent rather than shipping its source.

Typed contracts everywhere — Fastify gained a Zod type provider; every route now declares request/response schemas, errors flow through structured validation responses, and /health exposes both runtime status and buildInfo (relay schema + package version). A reusable runProcess utility with timeout handling replaces ad-hoc child_process logic in systemd godStatus and tmux pane code.

Stronger env validation — Zod schemas for unit fragments, linux usernames, absolute POSIX paths, and optional hostnames replace loose string checks across src/config/env.ts. Misconfigurations surface at boot, not at first request.

Inbound durability and the control lane — relay-bot v6 introduces a serialized control lane (run_control) that gates session mutations and inbound delivery. The DB schema gained kind, media_path, attempts, next_attempt, delivered_at, todo_state, health_snapshots, task_poll_state, and ownership-aware session columns. Inbound rejects, terminal statuses (failed/abandoned), and token-bucket rate limiting harden the Telegram bridge.

Local voice transcription — optional ffmpeg + whisper.cpp pipeline (RELAY_VOICE_TRANSCRIPTION, WHISPER_CPP_BIN, WHISPER_CPP_MODEL). The inbound handler accepts voice messages, validates size/duration, stores media, and inserts a transcribing row; a VoiceTranscriptionWorker polls those rows, runs local transcription, promotes to queued with transcript or marks rejected. Service unit MemoryMax raised to 2G to fit the model.

Task polling and handoff — dispatch scheduling moved off tmux-injection. A 15-minute /tasks/poll route fetches provider tasks, persists state in task_poll_state, and notifies the primary operator at most once per 24h. Telegram /tasks command, task-card keyboard, and per-user handoff handlers are wired end-to-end.

Per-user god-sessions: real isolation

god-session is now a systemd template unit (%-style @<telegram_user_id>). Each Telegram user gets their own instance with per-user runtime files under /var/lib/${PROJECT_NAME}/users/<id>, scoped tmux sockets and panes, and a bubblewrap-based agent-sandbox.sh that enforces project + user work-plane isolation while binding only read-only auth credentials from the shared BOT_USER. agent-update restarts every active *-god@*.service. Codex sandbox defaults hardened to workspace-write.

Robust resume — god-session.sh now prefers explicit --resume from last-session.id or the newest jsonl by mtime, never silently spawning a fresh session. Failed resumes move the failing pointer aside, classify the failure (auth_failed, etc.), and emit enriched JSON error events with project/service/user/session/runtime metadata. The errorAlerter worker formats those into actionable admin messages.

ln-030-vps-bootstrap: new skill

A new L3 standalone skill in setup-environment documents a one-shot, idempotent VPS bootstrap for Claude Code + Codex agent workloads. Per-project envsubst (PROJECT_NAME, SERVICE_PREFIX, BOT_USER, ...), REPO_URL/REPO_REF verified clone semantics, configurable RELAY_HOOK_PORT and DISPATCH_COMMAND_NAME, idempotent .env.local seeding via append helper, and a register-telegram-commands script that registers commands both globally and scoped to all_private_chats.

The fleet registry is VPS-local: ops/environments/ in the repo holds templates only; the live registry lives at /etc/agent-fleet/environments on the VPS, owned by the host. Plan/apply artifacts must include registry path + digest evidence.

MCP packages

hex-line — lib/search.mjs now splits ripgrep output on /\r?\n/ so Windows summary-mode counts files correctly. New generic-external-repo fallback workflow scenarios (W1 outline-read, W2 summary-to-edit-ready, W3 verified dry-run edit). Anchor-extraction regexes in the round-trip and CHECKSUM_MISMATCH smoke tests tightened so they no longer accidentally match substrings of mtime timestamps.

hex-graph — audit_workspace gained limit (default 5, cap 25) and clone_member_limit (default 3; 10 with verbosity=full); clone-group rows emit members=N shown=M and .clone_members_more group=g omitted=K for large groups. File discovery is now gitignore-aware via git ls-files -co --exclude-standard, with a deterministic walker fallback for non-git dirs honoring root .gitignore. index_project invokes resetProjectGraph for a single-transaction full rebuild — stale packages/modules can no longer leak forward across ignore-rule changes. reindexFile (watcher path) stays incremental.

hex-ssh — README now documents per-tool connectTimeoutMs / keepaliveIntervalMs / execTimeoutMs / transferTimeoutMs rows so docs match the v1.6.0 schema split. Smoke regression guard validates that connect/keepalive timeouts flow through to ssh2 readyTimeout/keepaliveInterval and that changed timeout tuples open a separate pooled connection.

hex-line v1.27.1 → v1.29.0
hex-graph v0.16.0 → v0.19.0
hex-ssh v1.6.1 → v1.7.0

Host-neutral skills

Skills are now host-neutral across Claude and Codex — wording and tooling references no longer assume a single agent host.

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

Full changelog: CHANGELOG.md

v2026.04.21

What's New in v2026.04.21

hex-line: one grammar to rule every response

Previous versions spoke three dialects at once — prose headers, emoji warnings, and JSON envelopes — each accumulated release by release. Agents had to reparse the shape on every call. This release collapses everything into a single Response grammar defined in PROTOCOL.md: one action-line, then #section headings, .entry primary rows, !detail warnings, and > executable follow-up pointers. Nothing else.

The cleanup is not cosmetic. Net output drops -37% bytes across the tool surface with no change to response shape — smaller context for the agent, faster reads, identical semantics.

Structural safety — edit_file now auto-strips boundary-echo while preserving real closing delimiters (}, ), ], });). The "agent accidentally drops the outer scope's trailing brace" bug — long a quiet corruption source on nested blocks — is fixed. A post-edit lexical brace-balance check runs on every mutation, gated on structural-risk signals so strings, templates, and JSX don't trigger false positives.

replace_between hardening — the most conflict-prone edit primitive gained an optional range_checksum. Pass it from a fresh read and the tool validates the exact bytes being replaced; ambiguous-delimiter anchors emit lone_delimiter_anchors warnings in conservative mode, or surface CONFLICT before write in strict mode.

Quality of life — new warnings array on edit_file output, compact space-separated verify entries, reduced post-edit context payload, throttled graph_fix hints, and a fix so suggested_read_call emits file_path (the parameter read_file actually accepts).

hex-line v1.17.0 → v1.27.0

hex-graph: text-only protocol

Hex-graph used to return both a JSON structuredContent envelope and a content[0].text summary — two payloads describing the same result. This release retires structuredContent and outputSchema entirely. Every response is a single content[0].text body rendered through the shared action-line grammar, identical in shape to hex-line. One protocol. One parser. Half the bytes.

Pointers that actually resolve — expansion_hint follow-up pointers now carry path plus the canonical selector chain (symbol_id > workspace_qualified_name > qualified_name > name+file). When an agent expands a result, it retries with the exact identifier that produced the row — no more fuzzy re-lookups on common names.

Up-front resolution quality — a new #quality section on every query exposes the query family, support tier, languages, frameworks, quality basis, and known-limitations count. Clients see which resolution tier the answer came from before reading the body.

102/102 semantic tests pass against the new protocol.

hex-graph v0.13.0 → v0.15.0

hex-ssh: schema matches behavior

Every hex-ssh tool advertised execTimeoutMs, transferTimeoutMs, connectTimeoutMs, and keepaliveIntervalMs — but the runtime silently ignored execTimeoutMs on upload/download and transferTimeoutMs on exec-path tools. The schema lied.

The monolithic connection props were split into baseConnProps + execTimeoutProps + transferTimeoutProps. Exec-path tools (remote-ssh, ssh-read-lines, ssh-edit-block, ssh-search-code, ssh-write-chunk, ssh-verify) now expose only execTimeoutMs. Transfer tools (ssh-upload, ssh-download) expose only transferTimeoutMs. All tools also gained per-call overrides for connect/keepalive so slow hosts no longer need global config changes.

hex-ssh v1.4.2 → v1.6.0

Gemini dropped from advisor role

Codex is now the sole external parallel-advisor for skill groups 200/300/310/510. Fallback is Opus self-review. Gemini CLI stays a first-class install/sync target — the installer still provisions it, syncer still writes GEMINI.md — but it no longer participates in multi-agent reviews. Cleanup landed across agent_registry.json, agent_runner.mjs, and the shared agent delegation/review/memory references.

Docs & infrastructure

• Five Claude hook events documented — SessionStart, PreToolUse, PostToolUse, ConfigChange, PermissionDenied each get full design docs with flow diagrams and redirect semantics
• Plan-mode enforcement — mutating MCP tools are hard-blocked in plan mode; Monitor pattern docs added for long-running background tasks
• MCP output contract split — MCP_OUTPUT_CONTRACT_GUIDE and MCP_TOOL_DESIGN_GUIDE now declare structured vs text-grammar families and when to pick each
• AGENTS docs unified — single MCP result envelope reference shared across agent instruction files
• CI repaired — hash-collision test switched to strict conflict policy for deterministic throws, 11 missing test suites restored, deleted runtimes cleaned out of the matrix
• Windows coordinator ergonomics — coordinator CLI error messages now hint at the .hex-skills/ temp-path workaround for the Git Bash /tmp/ mismatch; Phase 7 skip fix in plan_review mode (anti-skip blockquote + per-mode table)

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

Full changelog: CHANGELOG.md

v2026.04.10

What's New in v2026.04.10

hex-line: progressive disclosure

The read/search surface was redesigned around a discovery-first principle. Instead of always returning full edit-ready blocks, read_file now defaults to a minimal plain partial read — low token cost, fast orientation. When the agent needs verified edits, it opts in with edit_ready: true and verbosity: "full" to get the canonical hash-anchored blocks.

Line-ending preservation — edits now write back the file's original line endings (LF/CRLF/CR) instead of normalizing to LF. Hashing works on normalized logical text; the physical file shape stays intact.

Scope boundaries — mutating tools stay inside the current project root by default. allow_external: true is required to edit temp or external paths — no more accidental writes outside the repo.

Graph staleness handling — stale graph data never gates correctness. hex-line suppresses stale hints, schedules per-file refreshes, and escalates to one background indexProject when several files go stale inside the burst window.

Summary-first grep — grep_search defaults to summary output. Edit-ready hunks with graph annotations require explicit content + edit_ready.

hex-line v1.12.0 → v1.16.0

hex-graph: summary-first output

Heavy tools now default to verbosity: "compact" and summary-first output. They return counts, previews, available_expansions, resolution_quality, and provenance_summary upfront — the client sees exactly how much a deeper expansion will return and which resolution tier the answer comes from. No more dumping the whole graph in one call.

Expanded use-case API — richer inspect/reference/trace workflows with bounded expansion controls (expand, expand_limit, depth, max_hops, min_confidence).

SCIP module fix — createRequire replaced with getPackageInfo() to keep package.json lookup inside the published package root.

hex-graph v0.8.0 → v0.12.0

Artifact-first coordinators & stateful workers

The orchestration model was rewritten to be artifact-driven. Coordinators now advance only from machine-readable coordinator/worker artifacts — no more implicit state passing. Workers keep persisted runtime state and emit JSON summaries for aggregation.

New runtime contracts and helper scripts were added across all coordinator families (audit, coordinator, dependency, modernization, quality, task, worker runtimes). 293 files changed across skills-catalog, docs, and site content.

Skills & infrastructure

• Planning runtime contracts — new/updated contracts for scope decomposition, epic planning, story planning, task planning, and worker runtimes with coordinator summary contract
• Guard tests — dependency-runtime and epic-planning-runtime guard tests added; coordinator consistency scan
• Skill refreshes — ln-200, ln-201, ln-210–ln-310, ln-840 updated with runtime alignment and improved prompts

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

Full changelog: CHANGELOG.md

v2026.04.05

What's New in v2026.04.05

hex-graph: from parser to production code intelligence

The graph engine completed its entire 6-stage evolution in this release. What started as a parser-first indexer is now a multi-tier code intelligence system.

Compiler-backed precision — TypeScript, Python, and C# now get precise symbol resolution on top of the parser-first base. Two confidence tiers (parsed vs precise) coexist; precise facts override weaker candidates but both remain explainable through explain_resolution.

Interprocedural dataflow — find_dataflows evolved from local summary hops to a real source→sink flow engine. Assignment, argument, return, and property propagation across multiple hops with evidence-rich path explanations. Useful for security audits, refactoring impact, and understanding unfamiliar code.

Framework-aware overlays — The graph now understands 9 frameworks: React, Next.js, Express, Nest, Django, FastAPI, Flask, Laravel, and ASP.NET Core. Routes, middleware chains, DI registrations, and component boundaries surface as real edges — so framework-wired endpoints no longer appear as dead exports.

Public quality system — Capabilities, support tiers, and quality targets are now generated artifacts queryable through MCP, not handwritten README prose.

SCIP interchange — Optional import/export of precise symbol facts for tool interoperability. Native SQLite graph stays canonical; imported facts are provenance-tagged overlays.

PR review that understands risk — analyze_changes replaced generic symbol traversal with a diff-aware semantic risk snapshot. The PR review benchmark went from 13% to 64% savings.

hex-graph v0.5.2 → v0.8.0

hex-line: editing with explainable code awareness

The old graph integration gave opaque summaries. The new contract surfaces real structured facts: callers, downstream flow, clone siblings, and edit impact — visible in read_file, outline, grep_search, and edit_file.

When a file changes between read and edit, agents used to fail and re-read everything. Now edit_file returns ready-to-use retry payloads, so recovery is a single call instead of starting over. verify and changes return canonical output contracts — predictable structure every time.

hex-line v1.9.0 → v1.12.0

hex-ssh: Windows remote support

SSH to Windows hosts broke on path handling — backslash/forward-slash confusion corrupted file operations. The new remotePlatform parameter (auto/posix/windows) normalizes paths per platform automatically.

hex-ssh v1.3.0 → v1.4.0

Skills & infrastructure

• Explicit model in 32 skills — claude-sonnet-4-6 declared instead of inheriting parent model
• Hook reliability — safeExit via writeSync prevents output loss on exit
• GitHub Actions → Node.js 24 — checkout@v6, setup-node@v6, deploy-pages@v5
• 5 CI stability fixes — split guard paths, SSH key isolation, cross-platform workspace discovery, native binary detection

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

Full changelog: CHANGELOG.md

v2026.03.27

What's New in v2026.03.27

• Runtime unification — all coordinators enforce runtime contracts with manifest/state/checkpoint schemas; all workers produce JSON summary artifacts. 6 domain-specific runtime CLI packages (story-gate, audit, review, optimization, environment, docs-quality)
• Hex MCP server releases — hex-line v1.7.0 (safety audit, 105 smoke tests, PROTOCOL.md), hex-graph v0.4.1 (find_clones, 15 tools, layered rewrite), hex-ssh v1.2.0 (connection pool, security modules)
• Skills overhaul — ln-010 assess-dispatch-verify pattern, ln-014 instruction file manager, ln-840 A/B benchmark, ln-150 removed
• Infrastructure — skills/ → skills-catalog/ (fix 768-entry autocomplete duplication), GitHub Pages MCP section, marketplace install flow updated
• Agent review simplified — debate protocol replaced with AGREE/REJECT verification + iterative refinement loop

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

v2026.03.21

What's New in v2026.03.21

• hex MCP family — 3 npm MCP servers: hex-line (hash-verified file editing, 10 tools), hex-ssh (remote file ops over SSH, 6 tools), hex-graph (code knowledge graph, 7 tools); rebranded from sharpline
• hex MCP v2 — output style system, hash-hint fallback, anchor-based editing, benchmark v3 (91-98% savings on multi-step workflows); hex-line v1.1.0, hex-ssh v1.1.0, hex-graph v0.2.0 published to npm
• Setup Environment plugin — 7th plugin extracted from agile-workflow: ln-010 coordinator + 4 workers (agent installer, MCP configurator, config syncer, instructions auditor)
• Research skills consolidated — ln-001 and ln-002 merged into ln-310 and ln-220 via shared layer; research methodology and docs creation extracted to shared references
• Best practice guides — MCP Tool Design, Hook Design, Prompt Caching; hooks redesigned with dangerous command blocker

Install

/plugin add levnikolaevich/claude-code-skills

All plugins & docs: README.md

v2026.03.19

Claude Code Skills v2026.03.19

Production-ready plugin suite for Claude Code:

Plugin	What it does
agile-workflow	Scope decomposition, Story/Task management, Execution, Quality gates, Pipeline orchestration
documentation-pipeline	Full project docs with auto-detection (backend/frontend/devops)
codebase-audit-suite	Security, Code quality, Tests, Architecture, Persistence performance
project-bootstrap	CREATE or TRANSFORM projects to production-ready Clean Architecture
optimization-suite	Performance profiling, Dependency upgrades, Code modernization
community-engagement	GitHub triage, Announcements, RFC debates, Response automation

Install

/plugin add levnikolaevich/claude-code-skills

What's New

• Python → Node.js ESM — all runtime scripts (.py) replaced with .mjs: agent_runner, 3 hooks, analyze_test_logs; Python dependency eliminated ⚠️ BREAKING
• ln-1000 redesign — TeamCreate/heartbeat replaced with sequential Skill() calls; quality gate (ln-500) and test planning (ln-520) can no longer be skipped ⚠️ BREAKING
• Bundled hashline.mjs — hash-verified file editing tool included in repo; external hashline-edit MCP dependency removed ⚠️ BREAKING
• ln-162 D10/D11 — new skill review dimensions: Cross-Skill Behavioral Contracts and Resource Lifecycle Integrity
• Tool preferences centralized — single source of truth in mcp_tool_preferences.md; 4 SKILL.md sections deduplicated

Full changelog: CHANGELOG.md

v2026.03.17

Claude Code Skills v2026.03.17

Production-ready plugin suite for Claude Code:

Plugin	What it does
agile-workflow	Scope decomposition, Story/Task management, Execution, Quality gates, Pipeline orchestration
documentation-pipeline	Full project docs with auto-detection (backend/frontend/devops)
codebase-audit-suite	Security, Code quality, Tests, Architecture, Persistence performance
project-bootstrap	CREATE or TRANSFORM projects to production-ready Clean Architecture
optimization-suite	Performance profiling, Dependency upgrades, Code modernization
community-engagement	GitHub triage, Announcements, RFC debates, Response automation

Install

```bash
/plugin add levnikolaevich/claude-code-skills
```

What's New

• Multi-cycle optimization — performance pipeline iterates (profile → research → validate → execute → repeat) until target met or plateau detected
• Cross-service performance profiling — traces bottlenecks across microservices (monorepo, git submodules, docker-compose)
• Community Engagement plugin — automated GitHub community management: triage, announcements, RFC debates, responses
• Token efficiency: output normalization — reduces noise in test runners, build auditors, profilers, log analyzers
• Skill reviewer automated script — ln-162 checks now run via executable run_checks.sh

Full changelog: CHANGELOG.md