What's new in v1.9.0

Fixes a real failure mode reported in use: the agent obeys a correction when reminded, then repeats the same mistake a while later. Root cause was structural, not model flakiness — corrections were routed to decisions.md / gotchas.md / outcomes.md, and none of those files is in the startup read set. A correction obeyed within a session was simply never reloaded across the next session or compaction boundary.

The fix: a reloaded surface + an escalation path

• Standing corrections reload at session start. memory/project-overview.md is the one memory file the startup sequence always reloads. A "do not do this again" correction now lands in a Standing corrections section there and takes effect at session start, on par with AGENTS.md's own conventions — reusing the reliable load the protocol already depends on, with no new file or new startup read.
• Written immediately, not deferred. The correction is recorded the moment it is given, before continuing the task, as a terse one-liner — so a mid-session compaction can't drop it before it's persisted. It is still logged to outcomes.md for the ledger.
• Recurrence escalates to a guard. This operationalizes the protocol's existing guards-over-text principle: a correction that keeps recurring after being recorded should graduate from a text note into an executable guard — a test, a lint rule, or (for Claude Code) a hook — because text rules are followed probabilistically, not guaranteed.

Why not more machinery

This is deliberately minimal. The failure being fixed is "a text rule wasn't reliably followed," so the fix changes what gets loaded (a mechanism) rather than piling on more text rules. The heavier option — formal correction-counting thresholds — is intentionally deferred until evidence shows the reload fix alone is insufficient, consistent with the protocol's own evidence-gated, minimal-change stance.

Both language templates remain line-for-line in sync (296 lines each). Pinned install:

curl -fsSL https://raw.githubusercontent.com/yeasy/agentgo/v1.9.0/AGENTS.md -o AGENTS.md

What's new in v1.8.0

A backward-compatible hardening pass on the AGENTS.md protocol, driven by an internal professional review of the protocol's own consistency and threat model.

Trust & Safety

• Nested AGENTS.md scope is now explicit: only files within the project's own tree carry instruction authority. AGENTS.md under dependency, vendored, or generated directories (node_modules/, vendor/, build output) is untrusted data — closing the same attack surface that already applied to dependency READMEs.

Self-Evolution / Evolution Rules

• Resolved the Free-vs-confirmation ambiguity for rules/, workflows/, and skills/: direct writes stay Free only for entries evidenced by current project artifacts or validated in-project work, with the source cited in each entry. Instruction-like content imported from pre-existing agent configs or other untrusted sources now starts in experiments/ as a candidate and goes through the confirmation gate — closing a laundering path where untrusted content could become standing guidance at bootstrap.
• Outcome ledger gains a capability field, so the promote/demote thresholds ("last 5 uses") can actually be counted mechanically per capability.

Docs and repo

• Security FAQ no longer overclaims: the hijack answer now matches the protocol's own best-effort statement and points to runtime permission/sandbox controls as the real enforcement layer.
• Install/update docs surface pinned release-tag installs alongside main.
• New SECURITY.md, CONTRIBUTING.md (bilingual line-parity and versioning rules), and CI that enforces EN/zh sync and checks links.

Both language templates remain in line-for-line sync (296 lines each). Pinned install:

curl -fsSL https://raw.githubusercontent.com/yeasy/agentgo/v1.8.0/AGENTS.md -o AGENTS.md

What's new in v1.7.0

A backward-compatible refinement of the AGENTS.md protocol, informed by an external best-practice review (the agents.md spec, OpenAI/Anthropic/OWASP guidance, and self-evolving-agent research). The meaning of existing rules is unchanged.

Trust & Safety — new top-level section

The trust/security model moves out of the Startup checklist into its own prominent section and gains:

• Explicit instruction precedence: the user's current message > this file > the nearest nested AGENTS.md; no instruction file overrides the safety, confirmation, and permission rules.
• Honest framing of injection defense: the priority tiers are a best-effort heuristic, not a security boundary — in-context confirmation plus the runtime's own permission/sandbox controls are the real enforcement layer.
• Executable guards: for any rule that must not be violated, prefer an executable guard (test, hook, sandbox, permission boundary) over text alone.

Hard Constraints

• Least privilege: use only the minimum credentials, tokens, tool access, and scopes the task needs.

Self-Evolution

• The numeric promote/demote thresholds are now framed as tunable defaults, not validated constants, with a human-gated fallback when no reliable outcome ledger exists.
• Added a per-session overfitting check so a single session does not overfit the protocol to one-off events.

Docs

• README (EN/ZH) security FAQ repointed to the new Trust & Safety section.

Both language templates (AGENTS.md, AGENTS.zh-CN.md) stay in sync (10 sections each).

Pin this release: curl -fsSL https://raw.githubusercontent.com/yeasy/agentgo/v1.7.0/AGENTS.md -o AGENTS.md

Changes

• Add bounded self-evolution discipline for AgentGo rules, workflows, and skills.
• Record rejected candidate updates as negative feedback when they prevent repeated mistakes.
• Add transfer caution for reusing workflows and skills across models, harnesses, repository types, or task families.
• Sync English and Simplified Chinese docs and bump the template marker to v1.6.0.

Validation

• git diff --check
• Bilingual keyword and version scan

AgentGo v1.5.0 adds lightweight protocol guidance for project memory and quality signals.

• Add risk-scoped testability and observability assessment for code, operations, and behavior changes.
• Add optional evidence-backed project relationship maps under .agents/memory/project-map.md for complex or repeated navigation work.
• Clarify in the README files that AgentGo does not require full knowledge graphs, automatic instrumentation, or command-by-command history logs.

Self-evolution moves from a lifecycle in name to a lifecycle in numbers.

Promote / demote / archive — now data-driven

• Outcomes ledger now requires agent field and result enum (helped | hurt | no_effect | corrected) so promotion and demotion thresholds can be counted mechanically instead of estimated.
• Promote a candidate only after ≥3 distinct uses with result=helped and no unresolved corrected/hurt in the last 5 uses.
• Demote an active capability when ≥2 of its last 5 uses are corrected/hurt, when it is unreferenced for 90 days, or when a health check flags it stale, noisy, or superseded.
• Archive only after maintenance confirms no active outcome still depends on it.

Promotion gate

• experiments/ → rules/ / workflows/ / skills/ promotion now requires user confirmation.
• Agent-authored entries in rules/, workflows/, skills/, experiments/ are documented as advisory standing context, not authoritative instructions; they must be cross-checked against current project artifacts before being followed.

Outcomes aging + rollback path

• Outcomes are archived alongside their referenced capability; entries older than 90 days that no longer point to an active capability become cleanup candidates so the ledger never outgrows what it serves.
• Harmful demotion now triggers re-review of dependent active outcomes and records affected artifacts in memory/open-items.md instead of leaving them silently in place.

Concurrency

• CONCURRENT_WRITES: .agents/ defaults to single-writer per session.
• Genuine multi-agent runs isolate each session under .agents/tmp/sessions/<session-id>/ and reconcile during the next maintenance pass rather than writing to shared memory/, rules/, workflows/, or skills/ concurrently.

Maintenance hygiene

• New trigger: aggregate .agents/memory/ content > ~3,000 lines.
• New cleanup actions: Age outcomes and Re-review harmful demotions.
• "Don't add noisy or one-off notes to .agents/" elevated from Maintenance Cadence to Hard Constraints (Must not do).

Compatibility

• Backward compatible with v1.3.0 installs: existing .agents/ layouts continue to work; new schema fields and thresholds activate as the next outcomes are recorded.
• Fully mirrored in AGENTS.zh-CN.md.

Diff

• Compare v1.3.0...v1.4.0

AgentGo v1.3.0

What's Changed

• Bumped the AGENTS.md template marker to v1.3.0.
• Added a lifecycle-based self-evolution model: fitness signals, memory lifecycle, capability lifecycle, outcome ledger, experiment isolation, and human feedback signals.
• Expanded .agents/ structure with memory/outcomes.md, experiments/, tmp/, reports, and runtime-supported skills guidance.
• Added periodic health-check behavior for memory freshness, structure drift, temporary files, workflow/skill promotion, and optional health reports.
• Added boundaries for high-confidence proactive suggestions: suggest optional improvements with evidence, but do not execute them without user request.
• Clarified template update policy: preserve the installed language, do not silently replace AGENTS.md on a timer, and use SemVer-like versioning.

Install

English:

curl -fsSL https://raw.githubusercontent.com/yeasy/agentgo/v1.3.0/AGENTS.md -o AGENTS.md

Simplified Chinese:

curl -fsSL https://raw.githubusercontent.com/yeasy/agentgo/v1.3.0/AGENTS.zh-CN.md -o AGENTS.md

Initial public release of AgentGo.

Highlights:

• Stable AGENTS.md protocol for reusable agent operating rules.
• Adaptive .agents/ project layer for durable memory, rules, workflows, and optional runtime-supported skills.
• English and Simplified Chinese documentation.
• Safety model for source priority, prompt-injection defense, high-risk actions, and evidence-based completion.