Valinor changelog

Unreleased — landing since 0.2.2

Tue, 02 Jun 2026 00:00:00 GMT

The capabilities landed on main since the last cut. These are the headline things you can now do as a team adopting Valinor — the exhaustive per-change log lives in CHANGELOG.md.

Improvements

Valinor has a help-center docs site — a curated, searchable, user-facing place to learn the tool, separate from the contributor-facing developer guide. It opens with a getting-started walkthrough and covers Installation, a CLI reference, a Governance overview, and FAQ & troubleshooting.
A whole-repo audit is now a documented, end-to-end flow. Your agent runs the valinor-audit skill, which grades the entire rubric suite over your codebase, then three deterministic commands turn that into a verified, trended score — audit-verify (no unverified deliverable ever renders), audit-record (a grade-only, privacy-safe history), and audit-trend (the score-over-time table).
valinor init now ships the docs-coverage gate — it catches the empty doc placeholder before it rots, using a generic, repo-shape-agnostic default that never false-flags your docs (tighten it with a manifest when you're ready).
The governance triad now reaches the repos you govern in full. valinor init delivers the 17-rule PR-review rubric, three universal deterministic gates plus three opt-in ones (default-off), the agent-file guard, and the ~two-dozen valinor-audit-* skills bundled inside the package — rule, gate, and audit skill, all delivered and version-locked.
Per-gate severity dials and a legacy-onboarding path. Set each gate to error, warn, or off independently, and grandfather an existing repo's debt with a baseline so gates block only on new code — a documented, tested route onto a legacy app without a wall of red CI.
Security and accessibility now have real review teeth. New owasp-top-10 and a11y (WCAG 2.1 AA) review rules close the two quality dimensions that used to be manual-only, and the doctrine's Definition of DONE now points at them honestly.
A stakeholder-ready story over your rising score. The Orbit digest turns the deterministic score-trend table into a Linear-changelog-style narrative you can hand to a client or leadership — verifiable spine, clearly-labeled AI prose on top, never gating CI.

0.2.2

Thu, 28 May 2026 00:00:00 GMT

The scaffolded gates workflow now works out-of-the-box for consumer repos in any GitHub org — the Distribution-v2 cross-org auth lands cleanly.

Improvements

Fixed cross-org GitHub Packages auth: valinor init's workflow now mints its App token explicitly against the cmbrcreative org, so a consumer repo outside that org can resolve and pull @cmbrcreative/valinor instead of silently 401-ing into a non-blocking annotation.
Repositioned Valinor as "self-enforcing engineering discipline for agentic development" — rubric-driven PR review, CI gates, and continuous audit, the same ones Valinor enforces on itself.

0.2.1

Thu, 28 May 2026 00:00:00 GMT

Valinor is now installable as @cmbrcreative/valinor — the npm scope matches the GitHub org, and the GitHub Packages publish actually lands.

Improvements

Renamed the package so adoption is npm i -D @cmbrcreative/valinor from 0.2.1 forward (GitHub Packages requires the npm scope to map to a real GitHub org).

0.2.0

Thu, 28 May 2026 00:00:00 GMT

Valinor moves its publish target to GitHub Packages, and valinor init scaffolds a workflow that works for Camber consumers with no manual fixes.

Improvements

Publishes to GitHub Packages (npm.pkg.github.com) using the auto-injected token — no per-repo NPM_TOKEN to provision.
valinor init scaffolds a consumer-correct workflow out of the box: it pulls the published, versioned CLI from GitHub Packages (roughly 5× faster CI than clone-and-build), derives blocking behaviour from your adoption.mode, pins Node, and degrades gracefully to a ::warning:: when a credential is missing rather than turning CI red.

0.1.0 — Foundation

Wed, 20 May 2026 00:00:00 GMT

The first cut of Valinor as a layered, CI-native quality-governance product you can put on a Camber repo. Valinor is consumer #0 of its own gates — this repository is governed by the very claims, rubrics, and workflows it ships.

What you can do at 0.1.0

Declare your quality bar as code, and enforce it in CI. Write verifiable claims about your repo in claims.yml and let valinor claims-verify fail CI closed on any drift — sub-second, offline-safe file/grep/token checks.
Govern branch protection and repo settings as code — keep branch-protection.json and governance.config.yml in the repo and diff them against live GitHub, so the standard travels with the code.
Add an LLM-review rubric suite — a repo-versioned .greptile/ library of custom review rules (silent-failure, PII-in-logs, type-design, test-quality, comment-accuracy, doc-completeness, change-narrative), each with a documented dossier.
Run a whole-repo Codebase Audit — a composable skill system applies the rubric suite across an existing codebase and produces a graded (A–E), severity-weighted, honesty-disclosed report.
Adopt across greenfield → deep-legacy without red CI on day one — a maturity-aware onboarding dial plus a baseline engine grandfather a repo's pre-existing debt and enforce on new code only.