# Changelog Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). Semver: MAJOR rewrites the five rules, MINOR adds a top-level capability, PATCH refines. ## [1.1.4] - 2026-05-07 - **Changed** prose-style pass across all 20 published markdown and HTML files: removed all em dashes (349 instances), replaced with colons, periods, semicolons, commas, or parentheses per context. Aligns the prose register with MLA conventions where they do not conflict with technical-doc style. ISO 8601 dates kept in machine-readable contexts (JSON, YAML frontmatter, sitemap, audit-log filenames). - **Fixed** heading-style artifacts from the bulk substitution: `Rule N`, `Tier N`, `Claim N`, `ADR-NNNN`, and `Specimen / Methodology / Audit` H1s now use `:` instead of `.` separators. - **Fixed** `CHANGELOG.md` version-date headers use Keep-a-Changelog convention `## [X.Y.Z] - YYYY-MM-DD` (hyphen-minus, not em dash). - **Fixed** two infinitive-fragment artifacts (`*disprove* it: to find …` instead of `*disprove* it. To find …`) in `standard.md` Rule 5 and `deepsec/SKILL.md` step 2. - No changes to the five rules or four templates. ## [1.1.3] - 2026-05-07 - **Added** 12 sitemap entries: `SECURITY.md`, `CHANGELOG.md`, all 6 ADRs + `docs/decisions/README.md`, `audits/README.md` + the 2 audit logs. - **Added** `vercel.json` wildcard `/(.+\\.md)` Content-Type rule. Every `.md` file in the deployed tree now renders as text/markdown with CORS open without per-file rules. - **Changed** `specimens/stablecoin.md` Cross-reference summary trimmed from a 22-line claims table to a 4-line summary that points to the audit log + `references.json` for full claims and reproducible queries. Audit log is the canonical record; methodology keeps the worked example with queries; specimen no longer duplicates. - **Fixed** cosmetic phrasing line in `standard.md` "How to Adopt" section: stale "this is v1.0" reworded to "v1.x.x lives at /standard.md (rules and templates unchanged across v1)". ## [1.1.2] - 2026-05-07 - **Fixed** ADR-0005:11 cited the umbrella as ADR-0004; corrected to ADR-0006. - **Fixed** `standard.md` Decisions list omitted ADR-0006. Added with "umbrella for ADR-0004 and ADR-0005" note. - **Fixed** `specimens/methodology.md` schema for `verified_via` only listed `"exa" | null` while `references.json` data uses `"exa"`, `"head"`, `"manual"`, and `null`. Schema documented to match data; aligned with ADR-0004's tool-agnostic principle. - **Fixed** stale `v1.0.3` "Standard applied" / "Standard:" / canary-line refs in `deepsec/SKILL.md`, `specimens/methodology.md`, `specimens/stablecoin.md`, and `standard.md` closeout template. Bumped to v1.1.1. Historical references in changelog narrative kept. - **Fixed** v1.1.0 changelog entry stale "15 verified" → "35 verified after the standards-spine audit round folded in". Internal review pass (via the new `requesting-code-review` skill); no changes to the five rules or four templates. ## [1.1.1] - 2026-05-07 - **Added** PR-review mode (`process --diff`) coverage in `deepsec/SKILL.md` workflow and `standard.md` run-report section. Direct invocation, auto-creates project, CI-gating-friendly exit codes (`0` / `1`), `--comment-out` PR-comment markdown. - **Added** `triage` (step 4b). Lightweight P0/P1/P2 classification using cheaper Claude Sonnet 4.6 default; useful pre-`process` backlog scoring. - **Added** `enrich` (step 5c). Git committer + ownership data into `FileRecord.gitInfo`; powers supply-chain and governance lenses. - **Changed** `deepsec/SKILL.md` cost model: Codex GPT-5.5 is now the upstream default for `process`; Claude Opus 4.7 via `--agent claude`. Both via Vercel AI Gateway. - **Changed** `standard.md` run-report layout reference: `FileRecord` / `RunMeta` / `ProjectConfig` schemas linked to upstream [`docs/data-layout.md`](https://github.com/vercel-labs/deepsec/blob/main/docs/data-layout.md) as source of truth. - **Changed** `deepsec/SKILL.md` frontmatter `version: "1.1.1"`. Tracks upstream `vercel-labs/deepsec` PRs #57 (PR-review primitives), #53 (prompt reorg + 64-framework / 13-ecosystem coverage), #59 (Codex GPT-5.5 default), and #62 (deepsec source checked into the public repo). ## [1.1.0] - 2026-05-07 - **Added** Reference Discipline section in `standard.md`: 5-tier source classification, ≥ 2 independent Tier-1/2/3 source triangulation rule, 90-day `verified_on` floor. - **Added** `/methodology` (Exa-driven cross-reference playbook) and `/references.json` (99-entry unified index; 35 entries `verified_via` / `verified_on: 2026-05-07` after the standards-spine audit round folded in). - **Added** `docs/decisions/`: 6 ADRs (license, absorption resistance, severity tiers, Exa-as-recommended, 5-tier classification, Reference Discipline introduction). - **Added** `audits/2026-05-07-stablecoin-cross-reference.md`: inaugural audit log; 8/8 highest-leverage claims confirmed, 5 enrichments surfaced. - **Added** `SECURITY.md` (ISO/IEC 29147 disclosure contact). - **Added** `deepsec/SKILL.md` step 5b (triangulate cited references) + "What this skill blocks" failure-modes section. - **Changed** `deepsec/SKILL.md` frontmatter `version: "1.1.0"`. Activation canary stays at v1.0 per ADR-0002. ## [1.0.3] - 2026-05-06 - **Added** official run-report format aligned to upstream `deepsec`'s `data//runs/` filesystem. - **Added** Benchmarks section (conformance / operational / outcome / adoption layers). - **Added** May-2026 spine entries: CISA + 5-eyes joint guidance, CoSAI / OASIS agentic IAM, NIST AI Agent Standards Initiative. - **Changed** Severity tiers locked to upstream `CRITICAL / HIGH / HIGH_BUG / MEDIUM / BUG` (ADR-0003). ## [1.0.2] - 2026-05-06 - **Added** patterns from prior-art skills: three-phase methodology, HIGH-CONFIDENCE filter, parallel false-positive filter, repo-grounded-evidence rule, security frontmatter, DO-NOT-TRIGGER clause. - **Added** spine entries: OWASP Agentic Skills Top 10, CSA MAESTRO, Snyk *SKILL.md to Shell Access* research. ## [1.0.1] - 2026-05-06 - **Added** absorption-resistance v1.0 (ADR-0002): activation precedence, forced-acknowledgement canary, conflict-detection rule. - **Added** `/standard/claude-md-snippet.md` adopter snippet, "Surviving your CLAUDE.md" section. ## [1.0.0] - 2026-05-06 - **Added** initial publication: 5 rules, 4 templates, standards spine, MIT, deep-linkable, applied to Vercel's `deepsec`.