17 commits since v4.27.0 · 4 feat · 12 fix · 1 chore · no breaking changes
Highlights
Gemini PR Review revival (#602)
Fixed a 4-month silent-fail regression. The workflow was running green on every PR but posting zero review comments due to a broken MCP bridge pattern. Full fix bundle:
- Trigger:
pull_request→pull_request_target— fork PRs now get CI + Gemini feedback (previously received nothing) - Checkout: PR HEAD SHA pinned with
persist-credentials: false - Prompt: Intent Solutions philosophy section added, prompt leads with validator failures and links CONTRIBUTING.md anchors
- Slack:
#operation-hiredping on every review completion
Plane sync workflow (#529)
New GitHub Actions workflow bridging GitHub issues/PRs to the CCP project at projects.intentsolutions.io.
Governance hardening (#602)
CODEOWNERS (Jeremy sole owner), branch protection set to require_code_owner_reviews: true, triple-guarded automerge. External contributions structurally cannot merge without Jeremy's approval now.
Frontmatter cleanup campaign (#604)
Three PRs landed (#605, #606, #607) clearing 23 of 182 pre-existing ccpi validate --strict errors. Remaining 171 tracked as a multi-PR campaign; strict enforcement temporarily downgraded to reporting-only until campaign completes.
External audit response (NLPM / xiaolai)
Validator + CI coverage expanded per xiaolai's NLPM audit (#540, #535-#539).
Security
- Gemini reviewer WIF binding narrowed from org-wide to this repo only
gitleaks+ weeklytrufflehogreplace the prior regex-based secret scan- Branch protection now requires CODEOWNERS approval
Known issues
171 pre-existing agent frontmatter errors tracked in #604. Strict ccpi validate enforcement returns when the final campaign PR lands.
Full details: see CHANGELOG.md
Jeremy made me do it
-claude