v1.12.0

What's Changed

Added

• Plugin README documentation — 9 new READMEs for all marketplace plugins
• guard-protected-bash.py — Bash hook blocking commands that write to protected files
• Devcontainer secrets — secrets block for GH_TOKEN, NPM_TOKEN, GH_USERNAME, GH_EMAIL
• Post-start hook system — extensible /usr/local/devcontainer-poststart.d/ runner
• Git worktree support — project detection, system prompt guidance, protected-files-guard coverage
• CLAUDECODE=null — allows nested Claude Code sessions (claude-in-claude)

Changed

• Feature version pinning — all features pinned to explicit versions (agent-browser 0.11.1, ast-grep 0.40.5, biome 2.4.2, ruff 0.15.1, pyright 1.1.408, node 1.6, rust 1.4, claude-code 1.1, etc.)
• Default shell: bash → zsh — VS Code terminal and tmux profiles
• Security hardening — dangerous-command-blocker adds 7 new patterns (Docker escape, bare force push, find -exec rm, git clean -f); both guard scripts fail closed on JSON parse errors
• ccms build cache — cached binary for faster container rebuilds
• setup.sh — Claude Code update runs in background; failure diagnostics; post-start hooks
• inotify-tools — moved to build-time install (tmux feature)
• Container memory — 4GB/8GB → 6GB/12GB recommendation
• Writing system prompt — new Emotional Architecture section

Removed

• mcp-reasoner — entire feature deleted
• splitrail — entire feature deleted

Full changelog: CHANGELOG.md

Install: npx codeforge-dev

v1.11.0

What's New

New Features

• ccms — Session history search CLI (Rust binary) for searching Claude Code JSONL transcripts with boolean queries, role filtering, time scoping, and project isolation
• ccw — Writing-mode alias with dedicated creative-writing system prompt
• workspace-scope-guard — Safety plugin that blocks writes and warns on reads outside the working directory
• /spec-build — Orchestrates full implementation lifecycle from an approved spec (plan → build → review → close)
• /spec-review — Standalone deep implementation review against a spec
• CWD status line widget — Shows current working directory in ccstatusline
• inject-cwd hook — Injects working directory context into every tool response
• Rust runtime added as a devcontainer feature

Bug Fixes

• setup-aliases.sh idempotency — Fixed aliases disappearing on container re-open. Replaced cleanup+guard pattern with block-marker delete-and-rewrite strategy

Spec Workflow Overhaul

• Domain-based organization — Specs now live in .specs/{domain}/{feature}.md instead of version directories
• ROADMAP → MILESTONES — Renamed throughout all skills and templates
• Acceptance criteria markers — Three-state tracking: [ ] (not started), [~] (implemented), [x] (verified)
• Expanded lifecycle — /spec-review inserted before /spec-update in post-implementation workflow

Other Changes

• LSP plugin gains declarative lspServers configuration (pyright, typescript, gopls)
• git-state-injector now injects working directory even outside git repos
• System prompt formatting cleanup (line unwrapping, no content changes)
• __pycache__ excluded from npm tarball and git tracking
• Skill count: 28 (was 26)

Full changelog: see CHANGELOG.md

Install: npx codeforge-dev@1.11.0