chernistry/bernstein

v1.10.3 — AGENTS.md canonical generator + cross-CLI rewrite

This is the release that fixes the polyglot problem. One canonical AGENTS.md per repo, rewritten on demand into the native shape every coding agent expects, drift-checked in CI.

AGENTS.md generator (closes #1087)

bernstein agents-md reads the repo's task primitives (roles, hooks, skills, capability matrix, install snippets) and emits an AAIF AGENTS.md that is the single source of truth. From that canonical IR it rewrites into:

• Cursor .cursor/rules/*.mdc with YAML frontmatter (description, globs, alwaysApply).
• Claude Code CLAUDE.md with @imports and the soft 200-line cap honoured.
• Aider CONVENTIONS.md plus an .aider.conf.yml read: pin so it loads on every session.
• Goose .goosehints plaintext.

Five subcommands: generate (preview to stdout), write (single target), sync (canonical + all four CLI shapes in one pass), verify (CI gate — fails on drift), diff (shows what's stale). The IR is schema-free by design; the AAIF spec deliberately doesn't impose one, and locking us in would have meant fighting upstream every quarter.

Per-turn task-budget countdown

bernstein run now prints a one-line countdown banner each turn: remaining $/tokens against the task budget, with the Anthropic prompt-caching-2024-07-31 beta header lit up so cache hits actually land. Operators stop guessing how many turns are left before the wallet stops; CI runs flagged for cost ceiling get a real per-turn signal instead of a single post-mortem.

Adversary-reviewer role

A new role profile dedicated to "what would an attacker do with this PR?": adversarial test case design, threat model deltas, escape-hatch hunting. Chains naturally after reviewer in role-pipeline configs; not loaded by default.

Adapters

• Junie CLI adapter (#1075). First-class adapter for JetBrains Junie. BYOK across Anthropic / OpenAI / Google / xAI / OpenRouter / Copilot proxy. (Already shipped in the v1.10.2 narrative; promoted here because it landed between the v1.10.2 tag and the actual hand-written notes.)

Reliability and hardening

• Airgap verify + network policy. Three adversarial gaps closed in bernstein verify <wheelhouse> and the --profile airgap egress gate (#1072). Path traversal, IPv6 host parsing without brackets, and a TOCTOU between manifest read and signature check.
• Rework-ledger file mode tightened to 0o600 (#1084). The cascade router's JSONL outcome ledger had a permissive umask; tightened so other local users on shared hosts can't read which models you fall back to or which prompts get redone.

Coverage

CLM adapter edge cases covered: frozen config, broad master-key filter, mTLS hostname check (#1078). q_dev login fixture made platform-aware so the Windows job stops flaking (#1096).

Tooling

• Auto-release switched to PR-based bumps (#1080). GitHub branch protection on main blocks GITHUB_TOKEN direct pushes; the auto-release flow now opens an auto/bump-vX.Y.Z PR with auto-merge enabled instead, so the patch bump satisfies the same required checks every other change does.
• CodeQL paths filter dropped on pull_request (#1082). The path filter on a required check produced a deadlock. Docs-only PRs could never satisfy the gate. Filter retained on push.
• Gemini review retries on 5xx/429 (#1064). Exponential backoff so transient API blips don't bounce the AI-review job.

Docs

• README em-dash clause-glue dropped (main + 9 translations, #1081). Anti-LLM-tell pass.
• Air-gap user guide expanded (#1068). Surfaced from the install / quickstart entry pages.
• Internal ticket-ref breadcrumbs dropped from public docs (#1061). No more (audit-XXX) leaking out of the docstring layer.

Install

pipx install --upgrade bernstein

Container: ghcr.io/sipyourdrink-ltd/bernstein:1.10.3.

Full changelog: https://github.com/sipyourdrink-ltd/bernstein/compare/v1.10.2...v1.10.3