agent-sh/agnix v0.8.0 on GitHub

Added

Real-world validation harness (scripts/real-world-validate.py) with 121 curated repos (tests/real-world/repos.yaml) (#184)
XP-001: detect @import syntax in AGENTS.md files (Claude Code specific)
XP-003: detect OS-specific absolute paths (/Users/, /home/, ~/Library/, ~/.config/)
CC-MEM-005: detect role-play preambles and generic programming principles

Changed

Exclude non-agent markdown files from validation (README.md, CONTRIBUTING.md, docs/, wiki/, etc.) to reduce false positives by 57%
Agent directory files (agents/*.md) take precedence over filename exclusions

Fixed

Operator precedence bug in @import email filtering that incorrectly matched email addresses
Zed editor extension with automatic LSP binary download and MDC file type support (#198)
Documentation website pipeline (#195)
- Added Docusaurus website under website/ with versioned docs and local search
- Added rule-doc generation from knowledge-base/rules.json via scripts/generate-docs-rules.py
- Added docs parity test (crates/agnix-cli/tests/docs_website_parity.rs) and CI workflow (.github/workflows/docs-site.yml)
CI: code coverage reporting with cargo-llvm-cov and Codecov integration (#238)
JetBrains plugin: archive extraction tests for AgnixBinaryDownloader (#255)
- 19 tests covering TAR.GZ/ZIP extraction, binary selection, path traversal protection
- Refactored extraction methods to companion object for testability
- Switched path verification to java.nio.file.Path API for robustness
Internationalization (i18n) support with rust-i18n (#207)
- Support for multiple languages: English (en), Spanish (es), Chinese Simplified (zh-CN)
- CLI flag --locale to set output language
- CLI flag --list-locales to display available locales
- Environment variable AGNIX_LOCALE for system-wide locale setting
- Config field locale in .agnix.toml for project-specific locale
- Automatic locale detection from system settings (LANG/LC_ALL)
- LSP server locale initialization for editor integration
- JSON and SARIF output always in English for CI/CD consistency
- Translation guide in docs/TRANSLATING.md for contributors
- Comprehensive test suite for locale detection and fallback behavior
- IDE locale setting: VS Code (agnix.locale), Neovim plugin, and LSP config bridge
  - Supports explicit null to revert to auto-detection

Changed

Documentation and website navigation now include direct install links for VS Code and JetBrains extensions, plus a prominent website link in the README.
Core: introduce static_regex! macro for validated regex initialization (#246)
- Replaces bare .unwrap() on Regex::new() with descriptive .expect() messages
- Migrates 36 OnceLock<Regex> patterns across 7 files to use the macro
- Converts hooks.rs from once_cell::sync::Lazy to std::sync::OnceLock
- Removes once_cell direct dependency from agnix-core
- Adds per-module test_regex_patterns_compile tests for all static patterns

Fixed

CLI: harden telemetry queue timestamp parsing against malformed data (#231)
- Replace panic-prone byte-index slicing with safe str::get() calls
- Add ASCII guard, separator validation, and range checks (year, month-aware day bounds, hour, minute, second)
- Use checked_sub for day arithmetic to prevent u32 underflow
Config validation: accept VER-* prefix in disabled_rules (#233)
VS Code extension: harden downloadFile() cleanup for stream and HTTP failure paths (#240)
- Closes file/request handles on failure
- Removes temporary download artifacts on failed downloads
- Adds regression tests for non-200, stream-error, and success branches
CLI: gate telemetry module wiring behind telemetry feature while preserving command UX via a non-feature stub (#245)
- telemetry module compiles only when feature-enabled
- Non-feature builds route telemetry calls through telemetry_stub no-op facade
- Added stub-path unit tests and validated both feature and non-feature builds
LSP backend now uses shared Arc<String> document cache entries to avoid full-text cloning on did_change, did_save, codeAction, and hover paths (#244)
LSP now revalidates open documents with bounded concurrency on config changes and drops stale diagnostics from outdated config/content snapshots (#243)

Security

ReDoS protection via regex input size limits (MAX_REGEX_INPUT_SIZE = 64KB)
- Markdown XML tag extraction skips oversized content
- Cross-platform and prompt engineering validators protected
File count limits to prevent DoS attacks
- Default limit of 10,000 files (configurable via max_files_to_validate)
- CLI flag --max-files to override or disable (--max-files 0)
Fuzz testing infrastructure with cargo-fuzz
- Three fuzz targets: fuzz_frontmatter, fuzz_markdown, fuzz_json
- CI runs 5-minute fuzzing on PRs, 30-minute weekly fuzzing
- UTF-8 boundary validation for markdown parsing
Enhanced symlink handling documentation and tests
- Comprehensive tests for Unix and Windows symlink behavior
- MAX_SYMLINK_DEPTH = 40 to prevent circular symlink loops
Security integration test suite (crates/agnix-core/tests/security_integration.rs)
- Symlink rejection, file size limits, path traversal, file count limits
- ReDoS protection validation, concurrent validation safety
Hardened dependency management
- cargo-audit integration (pinned to v0.21.0) in CI
- cargo-deny policy with multiple-versions = deny
- audit.toml and deny.toml configuration files
Security documentation
- SECURITY.md with reporting policy and security configuration
- knowledge-base/SECURITY-MODEL.md with threat model and implementation details
- Audit history tracking and incident response procedures
LSP workspace boundary check hardened (#232)
- Added normalize_path() fallback when canonicalize() fails
- Prevents path traversal via .. components in non-canonical paths

Added

Neovim plugin at editors/neovim/ with full LSP integration (#187)
- Automatic LSP attachment to agnix-relevant files
- Commands: :AgnixStart, :AgnixStop, :AgnixRestart, :AgnixInfo, :AgnixValidateFile, :AgnixShowRules, :AgnixFixAll, :AgnixFixSafe, :AgnixIgnoreRule, :AgnixShowRuleDoc
- Optional Telescope integration for rule browsing
- :checkhealth agnix support
- Installation via lazy.nvim, packer.nvim, vim-plug, or manual
Research tracking document (knowledge-base/RESEARCH-TRACKING.md) with AI tool inventory and monitoring process (#191)
Monthly review checklist (knowledge-base/MONTHLY-REVIEW.md) with February 2026 review completed (#191)
Rule contribution and tool support request issue templates (#191)
Expanded CONTRIBUTING.md with rule authoring guide, evidence requirements, and tier system (#191)
JetBrains IDE plugin with LSP integration (#196)
- Supports IntelliJ IDEA, WebStorm, PyCharm, and all JetBrains IDEs (2023.3+)
- Real-time validation, quick fixes, hover documentation
- Auto-download of agnix-lsp binary from GitHub releases
- Settings UI with LSP path configuration, auto-download toggle, trace level
- Context menu actions: Validate File, Restart Server, Settings
- Uses LSP4IJ for standard LSP client support
agnix schema command for JSON Schema generation (#206)
- Outputs JSON Schema for .agnix.toml to stdout or file
- Generated from Rust types using schemars
Config validation with helpful warnings (#206)
- Validates disabled_rules against known rule ID patterns
- Validates tools array contains recognized tool names
- Warns on deprecated fields (mcp_protocol_version)
VS Code schema association for .agnix.toml autocomplete (#206)
Opt-in telemetry module with privacy-first design (#209)
- Disabled by default, requires explicit agnix telemetry enable
- Tracks aggregate metrics: rule trigger counts, error/warning counts, duration
- Never collects: file paths, contents, user identity
- Respects DO_NOT_TRACK, CI, GITHUB_ACTIONS environment variables
- Feature-gated HTTP client for minimal binary size impact
- Local event queue for offline storage with automatic retry
agnix telemetry subcommand with status/enable/disable commands
Comprehensive telemetry documentation in SECURITY.md
Rule ID validation at collection point (defense-in-depth)
VS Code extension settings UI for configuring all validation options (#225)
- Settings page accessible via "Open Settings (UI)" command
- Live preview of all rules with descriptions
- Changes apply immediately without server restart
- Built with Svelte for reactive UI

Changed

Refactored SkillValidator internal structure for better maintainability (#211)
- Extracted monolithic 660-line validate() method into ValidationContext struct
- Grouped validation logic into 11 focused methods by concern
- Reduced main validate() from ~660 lines to ~78 lines
- All 128 tests pass without modification (zero behavior changes)
Refactored HooksValidator into standalone validation functions (#212)
- Extracted 12 validation rules (CC-HK-001 through CC-HK-012) into standalone functions
- Reduced main validate() method from ~480 to ~210 lines
- Organized validation into clear phases with documentation
- Improved maintainability and testability without changing validation behavior
Split Hook and Skill validator modules into focused files (#242)
- Replaced monolithic rules/hooks.rs and rules/skill.rs with rules/hooks/{mod,helpers,tests}.rs and rules/skill/{mod,helpers,tests}.rs
- No validation behavior changes; refactor is layout-only for maintainability

Fixed

CLI --fix now exits with status 0 when all diagnostics are resolved by auto-fixes (#230)
- Exit status now reflects post-fix diagnostics for non-dry-run fix modes
- Added integration regression test for --fix success after full auto-fix
Imports validation now recovers from poisoned shared ImportCache locks during project validation (#239)
Import traversal now revisits files discovered at shallower depth and avoids duplicate REF-001 diagnostics (#239)

Performance

Benchmark infrastructure with iai-callgrind for deterministic CI testing (#202)
- Instruction count benchmarks immune to system load variance
- Helper script (./scripts/bench.sh) for iai/criterion/bloat workflows
- Scale testing with 100 and 1000 file projects
- Memory usage tracking with tracking-allocator
- CI job blocks merge on performance regressions
- Cross-platform support (Linux/macOS with Valgrind, Windows uses Criterion only)