uditgoenka/autoresearch v2.2.1

v2.2.1 — Orchestrator Seam Hardening

on GitHub

Harden the autonomous orchestrator'''s deterministic seam against the failure modes an unsupervised loop can hit, and stop hook runtime logs from polluting end-user project repos. No new commands — count stays 14; this is engine/safety hardening, not new surface.

Added

• Two new scripts/orchestrate.sh subcommands (seam now exposes eight): validate-state gates orchestrator-state.json before routing (required fields + coarse type checks) and refuses a malformed ledger; screen-state-predicate re-runs the pinned predicate through screen-cmd on resume. Predicate extraction honors backslash-escaped quotes so a poisoned predicate cannot truncate screening at an interior \" and slip a destructive tail past the gate.
• Independent verify hop. next-hop routes a high-impact accepted change to a fresh verify hop (pending_verify) before declaring DONE or entering the ship gate. Advisory to convergence — never auto-approves ship (stays human-gated). Backward-compatible.
• Predicate pinning + overfit guard — the derived Success predicate is written verbatim into the ledger and reused every cycle/resume so "done" is reproducible; acceptance runs on a held-out set separate from the signal used to choose the change.

Changed

• screen-cmd destructive-command coverage expanded beyond rm/curl|sh: now also refuses netcat exfil (nc/ncat/netcat), raw block-device writes (incl. /dev/sd*,/dev/nvme*,/dev/mmcblk*,/dev/md*,/dev/dm-*,/dev/mapper/*), filesystem format (mkfs), find … -delete, shred, zero-truncate, recursive zero-mode chmod (000/00/0), and curl/wget routed through xargs into an interpreter. Path-qualified invocations (/sbin/mkfs.ext4, /usr/bin/find) caught with the same optional-path-prefix anchor. Known-good commands (parser pipes, normal find, leading-zero modes like 0755, redirect to /dev/null) still pass.
• Version 2.2.0 → 2.2.1 across all 3 plugin manifests, marketplace, and 5 SKILL.md mirrors.

Fixed

• Hook runtime logs no longer pollute (or risk being committed into) project repos (#107). The hook log() helper wrote hook-log.jsonl to a process.cwd()-relative .claude/hooks/.logs/ — so every project running the hooks grew its own untracked log under the repo. Logs now go to a global, per-project-keyed path under ~/.claude/hooks/.logs/{project}-{hash}/, matching the global session-state convention the same module already used. Fail-open, write-only; documented in guide/hooks.md.

Tests

orchestrator 154, hooks 107, regression 50 — all green.

Docs

• guide/autoresearch-orchestrator.md — now documents the verify hop and the widened screen-cmd coverage / escaped-quote re-screen
• guide/hooks.md — new "Runtime Logs" section (global location + sensitivity note)
• docs/system-architecture.md — eight-subcommand seam

Full changelog: docs/project-changelog.md