What’s Changed [0.1.3] - 2026-05-15
Added
- State File Separation: Comet workflow state now stored in independent
.comet.yamlfile instead of.openspec.yamlsubtree - Three-Layer Reliability Defense:
- Entry verification for all phases with
[HARD STOP]diagnostics - Write-then-verify pattern for all state mutations
- Schema validator script (
comet-yaml-validate.sh) with field, enum, and path validation
- Entry verification for all phases with
- Path Traversal Protection: Input validation for change names to prevent directory traversal attacks
- Guard Script Integration: Automatic schema validation during phase transitions
Changed
- Updated all 9 Comet skills to use
.comet.yamlinstead of.openspec.yamlcomet: subtree - Improved error messages with specific field values instead of generic placeholders
- Enhanced project structure documentation
Security
- Fixed path traversal vulnerability through unvalidated change name inputs
- Schema validation now catches typos and invalid enum values at entry point