Changed

• MCP server compatibility: Updated rmcp dependency from 0.16.0 to 1.1.0 and adapted code for non-exhaustive struct construction using Default::default() pattern (#636).

Added

• Kiro and Codex S-tier alignment (38 new rules): Added 22 Kiro rules: KIRO-010 through KIRO-014 (missing inclusion mode, steering doc length, duplicate names, conflicting inclusion modes, markdown structure issues), KR-AG-008 through KR-AG-013 (agent missing name, agent missing prompt, duplicate tool entries, empty tools array, toolAliases references unknown tool, secrets in agent prompt), KR-HK-007 through KR-HK-010 (hook timeout out of range, duplicate event handlers, command uses absolute path, secrets in hook command), KR-MCP-003 through KR-MCP-005 (missing required args, invalid MCP URL, duplicate MCP server names), and KR-PW-005 through KR-PW-008 (step missing description, duplicate keywords, name invalid characters, secrets in power body). Added 16 Codex rules: CDX-AG-004 through CDX-AG-007 (AGENTS.md size limit, missing file references, missing project context, contradicts config.toml), CDX-APP-002 through CDX-APP-003 (invalid skills configuration, invalid profile configuration), and CDX-CFG-013 through CDX-CFG-022 (sandbox_workspace_write mode, model value, model_provider value, model_reasoning_summary value, history configuration, tui configuration, file_opener value, MCP OAuth config, model_context_window value, model_auto_compact_token_limit value). Brings total rule count to 342 (#603).
• OpenCode expanded coverage (18 new rules): Added OC-DEP-001 through OC-DEP-004 (deprecation warnings for the mode, tools, autoshare, and CONTEXT.md fields), OC-CFG-008 through OC-CFG-012 (logLevel enum, compaction.reserved minimum, skills URL array, MCP server timeout, MCP OAuth config), OC-AG-005 through OC-AG-008 (top_p range, named color enum, redundant steps/maxSteps pair, hidden boolean type), OC-LSP-001 through OC-LSP-002 (LSP command requires extensions array, extensions must be non-empty), and OC-TUI-001 through OC-TUI-003 (unknown TUI keys, scroll_speed minimum value, diff_style enum). Brings total OpenCode rules to 43 and total rule count to 304 (#630).

Added

• OpenCode validation rules: Added validation rules for OpenCode configuration (#601).
• Kiro target support: Added Kiro to TargetTool and CLI --target kiro handling across CLI, core config, MCP, and LSP target parsing.
• Kiro config validation parity: .agnix.toml validation now accepts tools = ["kiro"] and Kiro-specific disabled rule prefixes (KIRO-*, KR-SK-*).
• README supported tools update: Added a Kiro row to the Supported Tools table with current rule coverage (KIRO-*, KR-SK-*) and current file surface (.kiro/steering/**/*.md and .kiro/skills/**/SKILL.md) (#596).
• Kiro S-tier CI gate: Added an explicit Kiro S-tier Gate step in the main CI test job that executes dedicated Kiro gate checks for target behavior, docs/rule parity integrity, and real-world manifest coverage on every PR/push (#602).
• Kiro fixture expansion: Added fixture packs for Kiro powers, agents, hooks, and MCP settings plus integration tests to keep the corpus present and CLI-runnable (#599).
• Kiro real-world repo coverage: Added/updated explicit Kiro-tagged real-world repos (awsdataarchitect/kiro-best-practices, dereknguyen269/derek-power, cremich/promptz, Theadd/kiro-agents) and tightened CI gating to require the expanded baseline in tests/real-world/repos.yaml (#598).
• Kiro schema foundations: Added dedicated schema modules for .kiro/agents/*.json, .kiro/hooks/*.kiro.hook, POWER.md, and Kiro MCP configs to support structured parsing with explicit error metadata (#595).
• Kiro S-tier promotion: Moved Kiro CLI from B tier to S tier in project memory docs (CLAUDE.md/AGENTS.md) and added Kiro CI gate coverage to prevent regression (#592).
• Kiro file type detection expansion: Added dedicated KiroPower, KiroAgent, KiroHook, and KiroMcp file type detection with registry coverage to route these surfaces through the validation pipeline (#594).

Changed

• Kiro docs and tests: Expanded integration/contract tests for Kiro target paths and updated usage docs to clarify legacy --target behavior versus tools = [...] filtering.
• Kiro authoring parity follow-up: Kiro agent completions now emit JSON-formatted insert text (quoted values and JSON key syntax) and fixture docs now explicitly clarify that KiroMcp detection currently targets .kiro/settings/mcp.json only (#612, #613).

Added

• .clinerules/*.txt file support: agnix now detects and validates .clinerules/*.txt files as ClineRulesFolder file type. Rules CLN-001 through CLN-004 now apply to .txt files in addition to .md files, matching Cline's actual behavior.
• CDX-006 rule: Validates project_doc_fallback_filenames semantics in Codex CLI configuration (#569).

Fixed

• OC-004 config key allowlist expanded: Added 9 missing top-level keys (autoshare, enterprise, layout, logLevel, lsp, mode, skills, snapshot, username) to KNOWN_TOP_LEVEL_KEYS in the OpenCode schema, eliminating false-positive OC-004 warnings for valid opencode.json fields. All 9 OC rules re-verified against current OpenCode source on 2026-02-27.
• CUR-016 environment.json validation rewritten: Schema now matches the current Cursor Cloud Agent spec - install is required, terminals is optional (was previously required), and build (with dockerfile and context) and update fields are now validated. Snapshot-based approach replaced with field-level structural validation. Includes 12 new unit tests.
• CUR-001 to CUR-016 verified_on dates updated: All 16 Cursor rules re-verified against current Cursor documentation on 2026-02-26.
• spec-baselines.json expanded: Baseline entries added for CUR-007 through CUR-016 to enable cross-version regression detection.
• Zed extension fixes: Removed mdc language definition per upstream review (#559), added license files (#560), bumped extension version (#562).
• Updated yanked wasm-bindgen and js-sys dependencies (#561).

Changed

• Unified design system: Import shared design tokens from agent-sh/design-system. Switch from Outfit to Inter font. Add font preconnect hints to Docusaurus config. Keeps teal accent and light/dark mode.
• GitHub Copilot rule revalidation (COP-001 to COP-018): Refreshed evidence links and guidance for current custom-agent docs, added strict type checks for infer (boolean only), and aligned COP schema coverage for custom-agent keys (name, disable-model-invocation, user-invocable, metadata) with updated fixtures and generated rule docs (#567).
• CI: Added shared CI workflows, Claude Code review, and git hooks (#557).
• Docs: Updated Zed extension links to marketplace (#563).

Added

• XP-008 rule: New MEDIUM-severity cross-platform rule that warns when CLAUDE.md contains Claude-specific directives (context:fork, agent fields, allowed-tools, hooks, @import) outside a guarded ## Claude Code section, helping users targeting Cursor avoid silently-ignored configuration

Security

• Fix minimatch ReDoS vulnerability: Added npm overrides in website/package.json to force minimatch@^10.2.1, resolving Dependabot alert #75 (ReDoS via repeated wildcards in serve-handler's transitive minimatch@3.1.2 dependency)
• Update wasm-bindgen: Bumped wasm-bindgen from 0.2.109 (yanked) to 0.2.110 along with related crates (js-sys, web-sys, wasm-bindgen-test, etc.)

Performance

• WASM conversion optimization: Refactored WasmDiagnostic::from_diagnostic to take ownership of Diagnostic and its fields, eliminating unnecessary string cloning when converting diagnostics to the WASM-compatible representation in agnix-wasm

Added

• LSP pub(crate) testability refactor: Made internal modules (backend, code_actions, completion_provider, diagnostic_mapper, hover_provider, position, vscode_config) and Backend struct fields/methods pub(crate) to enable crate-internal test access. Added Backend::new_test() constructor (gated behind #[cfg(test)]) and 18 new tests in testability_tests.rs verifying that all promoted pub(crate) items are accessible from the crate root. No public API changes.
• Improved frontmatter parsing test coverage: Added exhaustive unit tests for frontmatter_value_byte_range, frontmatter_key_offset, and frontmatter_key_line_byte_range in agnix-core. Covers unquoted/quoted values, comments, CRLF endings, indented keys, and malformed input.
• build_lenient() on LintConfigBuilder: New builder terminal that runs security-critical glob pattern validation (syntax, path traversal, absolute paths) while skipping semantic warnings such as unknown tool names and deprecated field warnings. Intended for embedders that accept future or unknown tool names without rebuilding. ConfigError::AbsolutePathPattern variant added for absolute-path glob patterns (#475)
• Expanded autofix coverage: Added with_fix() autofix support to 38 additional validation rules across AGM, AMP, AS, CC-AG, CC-HK, CC-PL, CC-SK, CDX, COP, CUR, GM, KIRO, MCP, OC, PE, and REF categories, bringing total fixable rules from 59 to 97 (42% of all rules)
• Kiro steering file validation: 4 new validation rules (KIRO-001 through KIRO-004) for .kiro/steering/*.md files - validates inclusion modes (always, fileMatch, manual, auto), required companion fields, glob pattern syntax, and empty file detection
• Cross-platform and reference validation expansion: 5 new rules - XP-007 (AGENTS.md exceeds Codex CLI 32KB byte limit), REF-003 (duplicate @import detection), REF-004 (non-markdown @import warning), PE-005 (redundant LLM instructions), PE-006 (negative instructions without positive alternatives)
• Roo Code support: 6 new validation rules (ROO-001 through ROO-006) for .roorules, .roomodes, .rooignore, .roo/rules/*.md, .roo/rules-{slug}/*.md, and .roo/mcp.json configuration files
• Cursor expanded coverage: Added 7 new validation rules (CUR-010 through CUR-016) for .cursor/hooks.json, .cursor/agents/**/*.md, and .cursor/environment.json, including stricter field validation and case-insensitive path detection.
• Windsurf support: Added 4 validation rules (WS-001 through WS-004) for .windsurf/rules/*.md and .windsurf/workflows/*.md directories, plus legacy .windsurfrules detection. Includes file type detection, character limit enforcement (12,000), and empty file warnings.
• Gemini CLI expanded coverage: Added 6 new validation rules (GM-004 through GM-009) for .gemini/settings.json hooks configuration, gemini-extension.json manifests, and .geminiignore files. Added 3 new file type detectors and validators.
• Codex CLI expanded validation: CDX-004 (unknown config keys), CDX-005 (project_doc_max_bytes exceeds 65536 limit); updated CDX source_urls to official docs
• OpenCode expanded validation: OC-004 (unknown config keys), OC-006 (remote instruction URL timeout warning), OC-007 (invalid agent definition), OC-008 (invalid permission configuration), OC-009 (variable substitution syntax validation)
• agnix-wasm crate: New WebAssembly bindings for the validation engine, enabling browser-based validation without a server
• validate_content() API: New pure function in agnix-core for validating content strings without filesystem I/O
• filesystem feature flag: agnix-core now gates filesystem-dependent code (rayon, ignore, dirs) behind a filesystem feature (enabled by default), allowing WASM compilation with default-features = false
• agnix-core std requirement documentation: Added crate-level documentation in lib.rs, Cargo.toml, and README.md clarifying that agnix-core requires std unconditionally and that the filesystem feature flag does not enable no_std support. Resolves downstream confusion for WASM consumers using default-features = false (#485)
• Web playground UI polish: Teal gradient background, staggered animations, panel shadows, focus glow, SVG icons, active preset state, empty state with checkmark, loading spinner, prefers-reduced-motion support
• Inline editor diagnostics: Red/yellow/teal wavy underlines via @codemirror/lint, gutter markers, hover tooltips with rule ID and message
• Auto-fix in playground: WASM now exposes Fix data; per-diagnostic "Fix" buttons and "Fix all" button apply replacements directly in the editor
• New playground presets: AGENTS.md, .claude/agents/reviewer.md, plugin.json; enriched .claude/settings.json hooks preset
• Backend revalidation regression tests: Added coverage for did_save project-trigger revalidation and stale generation guard behavior in agnix-lsp backend tests
• Confidence-tiered autofix engine: Fix metadata now supports confidence, alternative groups, and dependencies; CLI adds --fix-unsafe and --show-fixes; core exposes confidence-based FixApplyMode/FixApplyOptions
• CI crate graph parity test: New workspace-level test validates that all Cargo.toml workspace members are documented in CLAUDE.md, AGENTS.md, README.md, SPEC.md, and CONTRIBUTING.md - prevents architecture-doc drift
• resolve_validation_root file-input tests: 7 integration tests covering single-file validation mode - validates file-input path behavior, unknown file type handling, project-level rule scoping, and nonexistent file edge case (#450)
• ImportsValidator concurrency and multi-file cycle tests: 11 new tests covering thread-safety under concurrent validation, multi-file import cycles (3- and 4-file chains), depth boundary conditions at and below MAX_IMPORT_DEPTH (complementing existing above-boundary coverage), diamond dependency graphs, and mixed valid/invalid import scenarios (#456)
• UTF-8 boundary _checked Fix constructors: Added 6 new Fix constructor variants (replace_checked, replace_with_confidence_checked, insert_checked, insert_with_confidence_checked, delete_checked, delete_with_confidence_checked) that accept content: &str and validate UTF-8 char boundary alignment via debug_assert! in debug builds - no-ops in release builds (#463)
• LSP concurrent revalidation stress tests: 8 new stress tests covering concurrent document open/close cycles, rapid config changes dropping stale batches, concurrent changes to the same document, config change during active validation, concurrent project and per-file validation, high document count revalidation after a single config change, concurrent hover requests during active validation, and rapid project validation generation guard behavior (#458)
• MAX_REGEX_INPUT_SIZE precise boundary tests: 27 tests covering the exact 65536-byte limit for all 12 guarded regex functions across markdown.rs, prompt.rs, and cross_platform.rs - each function gets an at-limit (processed) and one-byte-over (rejected) test; also confirms extract_imports and extract_markdown_links are unrestricted (byte-scan/pulldown-cmark, not regex) (#457)

Changed

• API: Removed #[non_exhaustive] from ValidationResult struct - all fields are public and the attribute was unnecessarily preventing struct literal construction and exhaustive destructuring outside the crate (#487)
• CoreResult type alias removed (breaking): CoreResult<T> has been removed from the public API. Use LintResult<T> (i.e., Result<T, LintError>) instead. LintError is a public alias for CoreError; both remain exported. (#477)
• __internal module feature-gated: The __internal module in agnix-core is now behind the __internal Cargo feature; it was previously unconditionally public which created semver obligations for internal items (#472)
• normalize_line_endings promoted to stable public API: Accessible at the crate root (agnix_core::normalize_line_endings) without requiring the __internal feature (#472)
• Project-level validation extracted to rules/project_level.rs: Extracted run_project_level_checks, join_paths, and associated unit tests from pipeline.rs into a new rules/project_level.rs module; adds 7 new unit tests for AGM-006, XP-004/005/006, and VER-001 behaviors (#474)
• build_unchecked() scoped to test/internal use: LintConfigBuilder::build_unchecked() is now gated behind #[cfg(any(test, feature = "__internal_unchecked"))] and marked #[doc(hidden)]. External embedders should migrate to build_lenient(). The __internal_unchecked feature in agnix-core is available for integration tests that construct intentionally-invalid configs (#475)
• Core refactor: Replaced the DEFAULTS const array in registry.rs with 8 private category ValidatorProvider structs. Public API (ValidatorRegistry, ValidatorRegistryBuilder, with_defaults()) is unchanged; this is an internal reorganization only.
• validate_file / validate_file_with_registry return type (breaking): Both functions now return LintResult<ValidationOutcome> inste...

Release v0.12.3

Release v0.12.2

Release v0.12.1

Release v0.12.0