v0.7 is the largest structural change ADD has had since v0.1. It reframes the project from “a Claude Code plugin” to “a methodology with runtime adapters.” Codex CLI is a first-class target. Release tags are GPG-signed. Security hardening ships as CI gates rather than policy text. Three community contributors shaped it.
tl;dr — If you already run ADD on Claude Code, upgrade and nothing changes for you; the plugin output is byte-identical. If you use Codex, curl | bash the install script and get the same spec→plan→TDD→verify workflow. If you verify releases, start from v0.7.3 and use git tag --verify.
The reframe
v0.1 through v0.6 treated ADD as a Claude Code plugin. Skills lived under plugins/add/, tool names like Read/Write/AskUserQuestion were baked into every skill's frontmatter, hooks assumed Claude's PostToolUse event model, and the plugin manifest was the distribution vehicle.
That was a distribution choice, not a design one. ADD's actual content — spec-first development, TDD, maturity lifecycle, learning tiers, human-agent collaboration protocols — isn't specific to any runtime. A 5-agent review of the plugin surfaced that ~85% of ADD's bytes are runtime-neutral methodology prose; only ~15% is adapter glue.
v0.7 matches reality to design. The repo now has:
core/ # runtime-neutral source of truth
skills/ rules/ templates/
knowledge/ schemas/ VERSION
runtimes/claude/ # Claude Code adapter
.claude-plugin/ hooks/ CLAUDE.md adapter.yaml
runtimes/codex/ # Codex CLI adapter
adapter.yaml
scripts/compile.py # generator: core + adapter → dist
plugins/add/ # generated Claude plugin (marketplace install target)
dist/codex/ # generated Codex bundle
scripts/compile.py reads core/ plus a runtime's adapter.yaml and produces the runtime-specific artifact. Claude's compiled output is byte-identical to what users already install — no consumer impact. Codex gets a concatenated AGENTS.md and flattened prompts/add-*.md files that install into ~/.codex/.
The payoff users see first: the version-bump checklist that previously touched 8 separate files (plugin.json, marketplace.json, config.json, README, all commands, all skills, reports, website footers) is now echo "0.7.3" > core/VERSION. Everything else propagates through compile. A CI drift check in .github/workflows/compile-drift.yml ensures the committed generated artifacts match the generator output on every PR.
Codex CLI as a real target
One-line install for Codex users:
curl -fsSL https://raw.githubusercontent.com/MountainUnicorn/add/main/scripts/install-codex.sh | bash
You get 24 custom prompts (/add-spec, /add-tdd-cycle, /add-retro, etc.) and an AGENTS.md with the full ruleset. Same methodology, same specs, same spec-before-code enforcement.
What's different on Codex: no PostToolUse hooks (Codex doesn't have a hook API — run /add-verify manually); plain-text confirmations instead of the structured AskUserQuestion popup (the Confusion Protocol and Confirmation Gate still exist, just as prose instead of clickable dialogs); slash-command names use hyphens (/add-spec) rather than Claude's namespaced colons (/add:spec).
Codex install and wiring guide →
How the design was made
v0.7 was designed by deliberately dispatching five AI agents in parallel with non-overlapping scopes and explicit briefing that they were each one of five:
- Anthropic plugin spec compliance — strict audit against the published Claude Code plugin spec
- Install reliability and UX — first-30-minutes experience, failure modes, onboarding
- Codex portability — inventory Claude-specific vs portable content, design the bridge
- Multi-runtime architecture — directory shape, abstraction boundaries, compile strategy
- Security and trust — autonomous execution boundaries, supply-chain, permission scope
Each agent was told “four others are reviewing from different angles — don't discuss X, Y, Z; stay in your lane.” That single instruction was the reason the pattern paid off: every agent surfaced findings the others would have missed.
Specific findings only visible because of the competing frame:
- Swarm 1 (spec): the
hooks/hooks.jsonused undocumented$TOOL_INPUT_*env vars instead of the Anthropic-documentedjq+stdin pattern. Silent risk. - Swarm 3 (Codex): the root
AGENTS.mdwas a sed-mangled copy ofCLAUDE.md— literally contained “Codex --plugin-dir” and “.Codex-plugin/” nonsense. Deleted in this release. - Swarm 4 (architecture): proposed the
core/+runtimes/split with compile-to-dist/. This became the v0.7 structure. - Swarm 5 (security): production deploy gate was behavioral (“NEVER deploy to production during away mode”) rather than technical. Now v0.7.1 enforces a literal
DEPLOY TO PRODUCTIONconfirmation phrase.
No single-agent review would have caught all five classes. The meta-lesson — dispatch parallel agents with deliberately different approaches for problems that have multiple valid angles, then pick winners or synthesize — is now Tier 1 knowledge in core/knowledge/global.md, under “Competing Swarm Pattern.”
Security moved from prose to CI
ADD is a plugin that tells agents how to behave. A malicious PR modifying rules/*.md or a skill's allowed-tools could reshape autonomous execution in ways the user never consented to. v0.7 makes that detectable:
- JSON Schema validation on every SKILL.md and rule file, enforced in
.github/workflows/schema-check.yml. A PR that addsBashto a read-only skill'sallowed-toolsfails the check. - Rule boundary diff check at
.github/workflows/rule-boundary-check.yml. A PR that removesNEVER,Boundaries:, orMUST NOTmarkers gets flagged and requires explicit CODEOWNER approval. - Compile drift check ensures committed
plugins/add/anddist/codex/match the compile output. A PR can't sneak in changes to the generated artifacts without matching core. - GPG-signed release tags from v0.7.3 onward. Public key at
github.com/MountainUnicorn.gpg. Verify any install withgit tag --verify v0.7.3.
Full threat model + disclosure process in SECURITY.md →
Compliance machinery: ADD enforces ADD
Through v0.5 and v0.6, heavy dog-food projects kept skipping retros. One project ran 40 days, 412 commits, 30 specs, and zero retros. ADD's checkpoint machinery was opt-in and silently bypassed at sprint pace.
v0.6's rules/add-compliance.md makes it blocking. /add:away, /add:cycle --plan, and /add:back halt if retro debt exceeds 7 days or 3 away sessions or 15 new learnings since the last retro. Override with --force-no-retro is recorded, and v0.7.1 added density-based abuse detection (0 bypasses: silent, 3+ in 30 days: refuse until retro runs).
A paired rule, registry-sync.md, auto-bumps ~/.claude/add/projects/{name}.json on every checkpoint and flags drift at session start. Before v0.6 this registry was manual and inevitably stale — the dog-food project's registry said 5 learnings when the reality was 55. Fixed.
New commands + modes
Three external contributors shipped significant additions. We merged each PR as submitted and credited the author in CONTRIBUTORS.md + release notes. Structural consolidation is our own work, done in follow-up releases with co-authorship preserved in commits.
/add:docs(thanks Caleb Dunn) — project-type-agnostic documentation skill. Architecture diagrams, API/interface docs, README drift detection. Archetype detection from config or codebase inference. Validated against Home Assistant core./add:roadmap,/add:milestone,/add:promote(thanks Piotr Pawluk) — milestone/maturity management surface. Interactive horizon management, tactical milestone ops (list/switch/split/rescope), evidence-based maturity promotion with 14-category gap analysis and a 50% readiness floor./add:ux(thanks David Giambarresi) — design sign-off gate before implementation. POC = nudge, Alpha+ = hard gate. Prevents the most expensive class of rework: late-breaking design changes on built code.
v0.7.1 added two more modes built on top:
/add:init --quick— greenfield fast path, 5 essential questions, ~2 minutes. For when the full 12-question interview is too much ceremony./add:deployproduction confirm-phrase gate — requires the user to type the literal stringDEPLOY TO PRODUCTION. Case-sensitive, whole-message, immediately-next-message. Runtime check in the skill, not behavioral policy in a rule.
Dog-food retro
ADD is still the project most heavily using ADD. The retro for this arc scored:
| Dimension | Score | Evidence |
|---|---|---|
| ADD methodology adherence | 5.8 / 9 | Spec-before-code violated on the v0.7 architecture extraction; /add:cycle bypassed again (three arcs running) |
| Swarm effectiveness | 8.1 / 9 | 5-agent competing review produced findings no single pass would have caught |
The gap — /add:cycle being bypassed across three consecutive release arcs — is the clearest signal that either the command is too heavy or the abstraction doesn't match how work actually flows. That's a v0.8 design problem, flagged in the retro and CHANGELOG.md.
Upgrading
On Claude Code:
claude plugin update add@add-marketplaceNothing changes on your end. The plugin's directory layout is byte-identical to v0.6.
On Codex:
curl -fsSL https://raw.githubusercontent.com/MountainUnicorn/add/main/scripts/install-codex.sh | bashTo verify a release cryptographically:
curl -fsSL https://github.com/MountainUnicorn.gpg | gpg --import
git tag --verify v0.7.3
# gpg: Good signature from "Anthony Brooke <anthony.g.brooke@gmail.com>"What's next
v0.8 candidates in CHANGELOG.md — /add:cycle rework (three consecutive arcs bypassed it), per-skill Codex overrides for the high-leak skills (/add:away, /add:tdd-cycle, /add:implementer), and marketplace re-submission to the official Claude Code registry.
Full v0.7.3 release notes → · GitHub
Tagged: v0.7 · multi-runtime · codex · security · competing-swarm