Release 1.3.0 (2026-04-23)

Bug fixes

• use markdown-standards in validate-markdown.sh for CI parity (#14) Switch validate-markdown.sh from raw markdownlint to markdown-standards, which now supports single-file mode (standard-tooling#203). This ensures the PostToolUse hook runs the same checks as CI (markdownlint + structural checks for standalone docs).

• fix markdownlint and structural check failures (#16) Fix pre-existing markdown failures on develop: use compact table style (MD060), shorten lines (MD013), and add Table of Contents to README.md.

• skip Cargo.toml and Cargo.lock in generic TOML validation (#18) Generic TOML validators (taplo) cannot understand Rust-specific manifest semantics such as dependency specifications. Skip these files silently.

• add PreToolUse hook to block bash associative arrays (#29) macOS ships bash 3.2 which does not support associative arrays (declare -A, added in bash 4.0). Claude Code repeatedly uses them in ad-hoc commands, causing silent failures. This hook mechanically enforces the constraint.

• fix marketplace.json source schema and resolve markdownlint errors (#31)

• update skills, hooks, and bootstrap for container-first execution via st-docker-run (#37) All skills now run gh and st-* commands inside the dev container via st-docker-run instead of assuming tools are on PATH. Validation hooks delegate to st-docker-run for markdownlint, ruff, mypy, ty, shfmt, shellcheck, yamllint, and actionlint. The bootstrap agent verifies st-docker-run availability instead of checking PATH for individual tools. Ref #35.

CI

• use dev-docs container for docs CI (#27)

Documentation

• cross-ref git-workflow guide and refresh hook entries (block-memory-writes removed, block-protected-branch-work now worktree-aware) (#48)
• docs: cross-ref git-workflow guide and refresh hook entries (block-memory-writes removed, block-protected-branch-work now worktree-aware)

Refreshes docs/site/docs/hooks/index.md after the #44 and #45 hook changes and ties it to the new canonical git-workflow guide in standard-tooling.

Features

• add 5 core PreToolUse guardrail hooks (#1) Implements P1 from issue standard-tooling#177: mechanical enforcement of workflow rules via PreToolUse hooks delivered through the plugin.

Hooks added: - block-raw-git-commit: forces use of st-commit - block-raw-gh-pr-create: forces use of st-submit-pr - block-protected-branch-work: prevents commits on main/develop - block-heredoc: prevents shell escaping failures from heredoc syntax - block-memory-writes: enforces auto-memory policy (no MEMORY.md writes)

All hooks use the permissionDecision deny mechanism with actionable error messages explaining the correct alternative.

• add bootstrap session-start agent (#2) Implements P2 from issue standard-tooling#177: a bootstrap subagent that runs at session start to validate the development environment.

The agent checks: - Repository profile (docs/repository-standards.md) - Current branch (warns if on protected branch) - Standard-tooling PATH availability (st-commit discovery) - Standards-and-conventions local checkout - Git hooks configuration

Emits a structured preflight status report summarizing the environment state.

• migrate 8 skills from standards-and-conventions (#3) Implements P3 from issue standard-tooling#177: migrate shared skills into the plugin.

Skills migrated (8): - branch-workflow (hardcoded path fixed) - project-issue (hardcoded path fixed) - summarize (consolidated — 3 wrapper skills dropped) - pr-workflow - publish - dependency-update - deprecation-triage - rtfm

Changes from source: - Dropped summarize-soc, summarize-operations, summarize-decisions wrappers (parent summarize skill handles all modes via mode selection) - Replaced hardcoded $HOME/dev/github/standard-tooling with discovery logic that checks ../standard-tooling then .standard-tooling

• add 3 post-action hooks for finalization, deprecation, and stop guard (#4) Implements P5 from issue standard-tooling#177: post-action hooks delivered via the plugin.

Hooks added: - remind-finalize (PostToolUse/Bash): after st-submit-pr, injects context reminding Claude to run st-finalize-repo after the PR merges - detect-deprecation-warnings (PostToolUse/Bash): after test commands, detects deprecation warnings in output and prompts deprecation-triage - stop-guard-finalization (Stop): blocks Claude from stopping if a PR was submitted in the session but st-finalize-repo was not run

All 10 test scenarios pass (4 trigger + 6 allow paths).

• add self-hosted marketplace for plugin distribution (#5) Adds marketplace.json so consuming repos can install the plugin via: /plugin marketplace add wphillipmoore/standard-tooling-plugin /plugin install standard-tooling@standard-tooling-marketplace

Or via .claude/settings.json extraKnownMarketplaces for automatic team deployment.

• add MkDocs site scaffold, changelog infrastructure, and CI workflows (#7)
• MkDocs Material site with mike versioning under docs/site/
• Documentation pages for hooks, skills, and agents
• cliff.toml and cliff-release-notes.toml for changelog generation
• docs.yml workflow for GitHub Pages deployment

• publish.yml workflow for tag-and-release with version bump PR

• add PostToolUse file validation on Write|Edit (#12) Add validate-on-edit dispatcher and per-language validators (Python, shell, markdown, YAML, TOML) that run immediately after Write|Edit. Auto-fixable issues are fixed in place; unfixable issues block the agent with exit 2. All tools are required — missing tools fail loudly.

• add CI workflows and rulesets (#19)

• feat: add CI workflows for PR and push validation

Adds Tier 2 (push) and Tier 3 (PR) CI workflows matching the ecosystem pattern: shellcheck, markdownlint, mkdocs-build, security-and-standards, and release gates with version divergence checking.

• adopt git worktree convention for parallel AI agent development (#43) Applies Phase 3 of the worktree-convention rollout from wphillipmoore/standard-tooling#258.

Adds .worktrees/ to .gitignore and a Parallel AI agent development section to CLAUDE.md describing the structure, rules, and canonical Agent prompt contract. Links to the canonical spec in standard-tooling.

• make block-protected-branch-work.sh worktree-aware (opt-in via .gitignore signal) (#45) Rewrites block-protected-branch-work.sh to enforce the parallel-AI- agent worktree convention from wphillipmoore/standard-tooling#258:

• If the repo has .worktrees/ in its .gitignore (the signal that the convention has been adopted), require that commits originate from inside $toplevel/.worktrees/<name>/. The main tree is read-only under the convention — any commit initiated from the project root is denied with a worktree-specific message.

• Otherwise, fall back to the long-standing behavior: block commits on main or develop. Repos that haven't adopted the convention are unaffected.

This is the "hybrid, opt-in via adoption signal" option from #40 — safe to land without coordinated fleet changes since the check only activates where the signal is present, and the whole fleet already carries that signal after the worktree-convention cascade (wphillipmoore/standard-tooling#258).

How effective cwd is determined

The hook needs the effective directory where git will actually run the commit — not the Bash tool's reported cwd, which stays at the project root across invocations. Two common patterns are handled:

• cd <dir> && <commit-command> — walks into the worktree first
• git -C <dir> commit ... — inline dir override

If neither pattern is present, the tool_input cwd is used. If the effective dir isn't a git repo at all, the hook exits 0 rather than blocking — avoids false positives on non-git work.

Manual tests run

All five scenarios behave as specified:

1. Non-commit command → allow (exit 0).
2. st-commit from project root on adopted repo → deny, worktree message.
3. cd <worktree-path> && st-commit on adopted repo → allow.
4. st-commit on develop in non-adopted repo → deny, legacy protected-branch message.
5. cwd already inside <worktree-path> on adopted repo → allow.