v1.3.0 — The Integration Integrity Release
Full adversarial audit of every MeowKit component — 15 agents, 60 skills, 9 hooks, 14 rules. Found and fixed 42 critical issues. Components were designed independently but never integration-tested; this release makes the connections real.
The Audit
11 sequential red-team batches, each with a dedicated adversarial reviewer:
| Batch | Scope | Criticals Fixed |
|---|---|---|
| 1 | Core Pipeline (cook, orchestrator) | 5 |
| 2 | Planning & Validation | 5 |
| 3 | Testing & Building | 4 |
| 4 | Review & Security | 5 |
| 5 | Ship & Reflect | 4 |
| 6 | Fix & Debug | 3 |
| 7 | Browser & QA | 1 (+2 deferred) |
| 8 | Architecture & Collaboration | 4 |
| 9 | Meta & Infrastructure | 3 |
| 10 | Frontend & Reference | 4 |
| 11 | Hooks & Rules | 3 |
Total: 43 criticals found, 42 fixed, 1 deferred (browser setup scripts)
Top Fixes
Hooks Actually Work Now
Both preventive enforcement hooks (gate-enforcement.sh, privacy-block.sh) were completely non-functional since v1.0.0 due to an argument mismatch. The hooks expected $1=tool_name, $2=file_path but settings.json only passed $1=file_path. Every security check fell through to exit 0.
Additionally, only 2 of 9 hooks were registered in settings.json. Now all are registered with correct argument passing.
Path Consistency
- Plan files: standardized to
tasks/plans/YYMMDD-name/plan.md - Memory: all references use
.claude/memory/(not barememory/) - ADRs: standardized to
docs/architecture/adr/YYMMDD-title.md - Scripts: full paths to
.claude/skills/meow:cook/scripts/
Agent Names Work
5 phantom subagent_type values in Task() calls were mapped to real agents. Every Task() call now references an agent that exists.
7-Phase Model Everywhere
The workflow-orchestrator was still using a 5-phase model that bypassed Gate 2. Now aligned to the canonical 7-phase pipeline.
Verdict Taxonomy Unified
Three incompatible verdict systems (APPROVE/BLOCK vs PASS/WARN/FAIL) consolidated to PASS/WARN/FAIL. Review dimensions aligned across all files.
Python Venv Enforced
All python script references use .claude/skills/.venv/bin/python3. SessionStart hook warns if venv is missing.
New: Contribution Rules
docs/contribution-rules.md — 10 sections of rules derived from audit findings. Includes a pre-merge checklist that catches the exact class of bugs found in this audit.
Reports
11 detailed audit reports in plans/reports/red-team-*:
- Each traces every finding to specific file + line number
- Each classifies as CRITICAL / MODERATE / MINOR
- Each lists what passes inspection (not just bugs)