github uditgoenka/autoresearch v2.0.2
v2.0.2 — Safety, Concurrency & Resilience Hardening
on GitHub

latest releases: v2.1.2, v2.1.1, v2.1.0...
29 days ago

What's New in v2.0.2

This release hardens safety, concurrency, and resilience across all 11 autoresearch subcommands. Found via a 200-iteration scenario exploration that identified 199 unique edge cases, validated through a full adversarial pipeline (reason → predict → debug → fix → ship).

Install / Update

# New! One-line install (recommended)
npx skills add uditgoenka/autoresearch

# Or update existing installation
/plugin update autoresearch

🔒 Security Hardening

Network scope validation for security audits

  • /autoresearch:security now enforces localhost-only verification templates
  • External URLs discovered in source code (Stripe, Auth0, etc.) are flagged as "requires user authorization" — no runnable commands generated against them
  • All curl examples changed from https://app/... to http://localhost:PORT/... templates

Ship safety gate

  • --force + --auto combination on /autoresearch:ship is now rejected with a clear error message
  • These two flags remove each other's compensating safety controls — combined use created a zero-review deploy path
  • Test failures are always classified as Blockers that --force cannot skip

🔄 Concurrency Safety

Session isolation lock

  • New .git/autoresearch.lock mechanism prevents two /autoresearch sessions from running simultaneously on the same branch
  • Lock contains PID, branch name, and timestamp — stale locks from dead processes are auto-cleaned
  • Different branches can run concurrently (each branch has independent experiment history)

Parallel fix agent isolation

  • /autoresearch:fix parallel mode now requires git worktrees — each agent gets an isolated working directory
  • Worktree branches are merged back after completion
  • Falls back to serial execution if worktrees are unavailable
  • Scope enforcement prevents agents from modifying files outside their assigned scope

🛡️ Resilience & Recovery

Crash recovery for scenario exploration

  • /autoresearch:scenario now writes TSV incrementally (after each iteration, not batched at end)
  • On restart, detects existing exploration state and offers to resume from the last completed iteration
  • Zero work lost on crash — the TSV file IS the checkpoint

Chain handoff on all exit paths

  • /autoresearch:predict now writes handoff.json on every exit path: normal completion, budget halt, user interrupt, and crash
  • Each handoff includes a status field (COMPLETE, BUDGET_HALT, PARTIAL, CRASHED)
  • Chain consumers check status and handle gracefully — no more crashes from missing handoff files

Guard pre-validation for fix loop

  • New Phase 0.5 in /autoresearch:fix runs the guard command once on unmodified code before starting
  • If the guard already fails (typo, missing dependency), offers user choice: continue without guard, fix guard first, or cancel
  • Previously, a broken guard caused 100% of fixes to enter REWORK and get blocked

Progressive retry for documentation

  • /autoresearch:learn validation-fix loop now uses escalating strategies across retries:
    • Retry 1: Targeted fix with original feedback
    • Retry 2: Different approach with accumulated feedback
    • Retry 3: Simplify/reduce scope + all prior feedback
  • Previously all 3 retries used identical prompts producing identical failures

Discovery Process

This release was produced entirely by autoresearch's own tools: 

/autoresearch:scenario --iterations 200 --chain reason,predict,debug,fix,ship
Phase Result
Scenario (200 iterations) 199 scenarios: 18 CRITICAL, 80 HIGH, 89 MEDIUM, 12 LOW
Reason 8 improvement themes prioritized via adversarial Generate→Critique→Synthesize
Predict 5-persona impact analysis (Security Architect, Reliability Engineer, DX Lead, Plugin Expert, Devil's Advocate)
Debug 18 CRITICAL validated: 8 confirmed, 9 partial, 1 disproven
Fix All 8 confirmed bugs fixed (187 lines added across 7 files)
Ship Gate: PASS — all fixes verified, zero regression risk

The 1 disproven finding: shell injection via verify command was already handled by plan-workflow's existing safety screen.

Files Changed

 autonomous-loop-protocol.md  | +32  (session isolation lock)
 fix-workflow.md              | +55  (guard pre-validation + worktree isolation)
 scenario-workflow.md         | +40  (crash recovery + incremental persistence)
 security-workflow.md         | +16 -8  (network scope validation)
 ship-workflow.md             | +17  (force+auto rejection)
 learn-workflow.md            | +15  (progressive retry strategy)
 predict-workflow.md          | +13  (handoff on all exit paths)
 README.md                    | +11 -5  (npx install + option re-lettering)
 SKILL.md (x3 platforms)      | version bump
 command-spec.json            | version bump

Remaining Work (v2.0.3 candidates)

5 MEDIUM-priority items identified but not addressed in this release:

  • Metric-error orphaned commit cleanup in core loop
  • Security --fix re-scan for newly introduced vulnerabilities
  • Scenario prompt injection boundary markers
  • Probe autonomous mode confidence calibration
  • install.sh path validation hardening for sync_dir

Full Changelog: v2.0.1...v2.0.2

Check out latest releases or
releases around uditgoenka/autoresearch v2.0.2

Don't miss a new autoresearch release

NewReleases is sending notifications on new releases.

Get notifications