v0.18.0

Changelog

Features

• 0726539 feat(harness): wire ResolveForge into load pipeline (ADR-0045 PR 3/7)
• 0a6902e feat(mint): add mint-token CLI command and mintclient package
• 22be06d feat(harness): add remote harness agent discovery via forge API (ADR-0045 Phase 3 PR 2)
• 3305c1a feat(harness): add Lint() diagnostic method for non-fatal harness warnings (ADR-0045 Phase 3 PR 1)
• 3483fbc feat(harness): move GitHub-specific fields into forge.github blocks (ADR-0045 Phase 2 PR 2)
• 3a44b0c feat(triage): handle prerequisites action in post-script (#401)
• 4f6dbc3 feat(review): use "Looks good to me" when no findings instead of structured empty block
• 69dab8e feat: Expand hack/lint-mint-embed-sync to cover additional dir
• 7ac6d8e feat(scaffold): add role and slug to harness templates (ADR-0045 PR 6)
• 855ded7 feat(harness): add DiscoverAgents and Phase 2 plan (ADR-0045)
• 88dc915 feat(harness): wire LoadWithBase into run and lock pipelines (ADR-0045 PR 5/7)
• 9969d7d feat(e2e): gate fork PR runs with pull_request_target
• 9a35c91 feat(config): add create_issues allowlist config (#401)
• a812673 feat(scaffold): add managed-by headers to installed scaffold files
• acecfc3 feat(cli): add --all flag to fullsend lock for batch harness locking
• aeb0f1d feat(fetchsvc): add in-sandbox fetch-skill subcommand and server wiring
• b2055cb feat(triage): replace blocked action with prerequisites in agent prompt (#401)
• ca32f36 feat(layers): add HarnessWrappersLayer for install-time base composition (ADR-0045 Phase 2 PR 4)
• df32289 feat(fetchsvc): add runner-side runtime fetch service for Phase 4
• e492ac7 feat(schema): replace blocked with prerequisites action (#401)
• f3ccb43 feat(harness): add base composition for harness inheritance (ADR-0045 PR 4/7)
• f449b94 feat(harness): add allow_runtime_fetch and max_runtime_fetches fields (ADR-0038 Phase 4 PR 3)

Bug Fixes

• 080368c fix(triage): update post-triage tests for prerequisites action (#401)
• 0ea6a36 fix(dispatch): strip \r from CRLF comment bodies before command matching
• 11bae49 fix(triage): update schema validation tests for prerequisites action (#401)
• 162dce2 fix(skills): address review feedback on e2e-health skill
• 25c69ce fix: reuse reportReconciliationPRs in Uninstall
• 3336cb6 fix: remove stale comment about uninstall layers
• 4533134 fix(cli): tighten error handling in scaffold branch fallback
• 4747760 fix(e2e): remove unused has_fresh_label for shellcheck
• 51c0f75 fix: remove duplicate permission file-type list from Own block
• 6a33a73 fix: remove default fallback from inputs.target-repo in Go setup step
• 6b2c71f fix(review): address api-contract and internal-consistency review findings
• 6f79d87 fix(triage): correct label name in agent prompt and remove dead code (#401)
• 708e248 fix(images): Install Gopls as sandbox to preserve ownership of folders
• 709cfe4 fix(e2e): close gate bypass on non-ok-to-test label events
• 7249b34 fix(skills): remove markdown link syntax from e2e-health example table
• 7aa7cda fix: trim security heuristics to policy directives only
• 7c40a70 fix(skills): escape example link in e2e-health SKILL.md
• 80a414d fix: widen CSMA jitter after rate-limit reset to prevent thundering herd
• 911d142 fix(cli): fall back to PR when default branch is protected
• 98f7303 fix(cli): make scaffold commit messaging explicit about pushing to default branch
• a81599f fix(e2e): correct timeline schema and harden gate job
• a95ef5d fix(e2e): address review feedback on concurrency and auth fallback
• a9d6652 fix: update status comment on cancellation instead of orphaning it
• aad7dd6 fix(e2e): address review nits on updated_at docs and checkout creds
• b4c2edb fix(forge): handle ruleset violations and improve scaffold resilience
• b7f1671 fix(e2e): use event author_association for trusted member gate
• d7648e8 fix(e2e): match gate comment lookup to github-actions[bot]
• e1fd435 fix: address review feedback on sandbox image caching
• e57f10a fix(triage): address review feedback on prerequisites action (#401)
• f7215de fix(e2e): use server-side updated_at for ok-to-test freshness
• fda7dc4 fix(e2e): use github.actor for gate comments and test events errors

Refactoring

• d4a394e refactor: update NewOrgConfig/NewPerRepoConfig callers for create_issues (#401)
• f21436b refactor(scaffold): add base URL generation and content hashing for harness templates

Others

• 09fb17a fix(#2209): remove stale tar before podman save
• 1b49d6c fix(#2017): unenroll repos during uninstall via repo-maintenance workflow
• 2933555 fix(#2024): triage agent must not ask reporters implementation questions
• 2a452c3 fix(#2163): skip PEM prompt in github setup when using mint URL
• 2c1fcd2 perf: cache sandbox image in GitHub Actions
• 2fd249c fix(#2281): use inputs.target-repo in Go setup step
• 3ae6f72 fix(#2343): add post-reset spread to _github_csma_sleep_after_rate_limit
• 42e64f3 feat(#2149): finalize orphaned status comments on hard process termination
• 7006fa2 fix(#2148): thread signal-aware context into sandbox exec
• 7f6d68b style: apply gofmt to all Go source files
• 8c7bec8 fix(#2237): scope anti-premature-resolution rule to user-facing questions
• a24ffd1 style: gofmt config.go after merge
• aa2deca perf(#2222): skip sandbox image pull when cached digest matches remote
• b1dd476 fix(#2279): reset scroll position on document navigation
• b252c40 fix(#2143): add pre-flight GitHub API connectivity check in sandbox
• bce0fcc fix(#2060): set up Go on runner before post-code pre-commit
• d9672ce fix(#2236): reject Signed-off-by trailers in agent commits
• ded059b fix(#2130): mint fresh tokens for status comments on demand
• ede9fff fix(#2149): preserve timestamps and show termination reason in interrupted status comments
• f4309eb Add .codecov.yml configuration
• f54886c fix(#2191): sync protected path lists across all four governance files
• f9cdb6a fix(#2236): address medium/low review findings

v0.17.0

Changelog

Features

• 00ede60 feat(harness): add ForgeConfig struct and merge logic (ADR-0045 PR 1/7)
• 246f73c feat(harness): add optional role and slug fields to Harness struct
• 826f132 feat(resolve): model skills as directories instead of single files
• 28e14d1 feat: add fullsend lock CLI and lock-aware resolution (Phase 3 PR 2)

Bug Fixes

• ce2c94d fix(cli): address PR review findings for binary vendoring
• db20367 fix(cli): drop duplicate vendor steps and reuse ValidArch
• 2f32bdf fix(cli): restore OIDC HTTP timeout and invalid-hex test
• 81f2755 fix(security): close fail-open paths in tirith output parsing
• a422faf fix(web): add SRI to CDN scripts
• 0fad292 fix: define TAB variable in pre-code-test.sh

Refactoring

• a95eb33 refactor(cli): share Linux binary acquisition for run and vendoring

Others

• f1b7de2 Merge branch 'main' into fix/2018-sri-cdn-scripts
• ad16131 Merge pull request #1698 from fullsend-ai/agent/1697-force-flag-regression
• 9435c66 Merge pull request #1792 from fullsend-ai/agent/1787-comment-inline-comments
• d85dcd1 Merge pull request #1834 from fullsend-ai/agent/1541-stale-head-redispatch
• e720d01 Merge pull request #1848 from ggallen/docs/adr-0045-forge-portable-harness-schema
• 289689d Merge pull request #2015 from ifireball/cursor/6974b792
• a20c44f Merge pull request #2021 from dhshah13/fix/2018-sri-cdn-scripts
• ad2b00d Merge pull request #2044 from fullsend-ai/agent/1727-broaden-stale-ref-grep
• de576ed Merge pull request #2068 from fullsend-ai/agent/2067-dispatch-sync-guidance
• edc5f21 Merge pull request #2072 from fullsend-ai/agent/2071-add-public-mint-url
• 4344264 Merge pull request #2081 from fullsend-ai/agent/2073-default-mint-url
• a2ff0b4 Merge pull request #2082 from ggallen/feat/adr0038-phase3-lock-cli
• 5cf543b Merge pull request #2085 from fullsend-ai/bump-tirith-0.3.1
• 4a1ea86 Merge pull request #2089 from fullsend-ai/rbean/commit-message-guidance
• 1281fa9 Merge pull request #2097 from fullsend-ai/ci/merge-queue-skill-monitoring
• eda1e12 Merge pull request #2100 from fullsend-ai/worktree-adr-0045-impl-plan
• bec9015 Merge pull request #2110 from fullsend-ai/agent/2109-remove-dead-scaffold-actions
• 8701e2a Merge pull request #2127 from ggallen/worktree-feat-adr-0045-pr1-forge-config
• 34d8a03 Merge pull request #2128 from fullsend-ai/worktree-adr-0045-pr2-role-slug
• 1f0d66c Merge pull request #2129 from ggallen/worktree-pr7-yaml-semantics-tests
• 45118cd Merge pull request #2139 from fullsend-ai/worktree-fix-skill-directory-model
• 96ff7ac feat(#1727): add bare-word grep pattern guidance for rename PRs
• b7839b5 feat(#2073): default --mint-url to the hosted public mint
• aaf3d9d fix(#1541): re-dispatch review after stale-head discard
• 30802f5 fix(#1697): add force-override logging and regression tests
• 1af7fe7 fix(#1787): post inline comments for COMMENT review verdicts

v0.16.0

Changelog

Features

• ec59225 feat(cli): wire --max-depth and --max-resources flags for transitive resolution
• e3f8953 feat(mint): switch PEM secrets to role-only naming
• 228e036 feat(openshell): upgrade to 0.0.54, fix sandbox integration
• 4b14550 feat(workflows): add wip_limit input to prioritize scheduler
• 7fda456 feat: add internal/lock package for harness dependency pinning

Bug Fixes

• 71ea20d fix(sandbox): bump gopls from 0.18.1 to 0.22.0 for Go 1.26 compat
• ff65fee fix: add deprecation notes and inline GHA injection to summary bullet (#2035)
• 91378a6 fix: add routing categories and exploration budget for security heuristics
• 9279240 fix: address review feedback on challenger sub-agent PR #1812
• e55d31d fix: remove stub injection defense heading in security sub-agent
• d735bee fix: remove trailing blank line in Containerfile
• 4f72309 fix: swap pr-review SKILL.md sections 6d and 6e per human instruction

Others

• 527249c feat(#1797): extract challenger pass into dedicated sub-agent
• 2de00b7 feat(#898): add security heuristics to review sub-agent
• 684a806 feat(#989): add GHA workflow command injection to review security dimensions
• b29f50d feat(#990): require exhaustive variable verification for security claims
• 53df603 fix(#1344): update Go version in code agent sandbox to 1.26.0
• e3bec7f fix(#1939): add prominent protected-paths section to fix agent
• 5383e1f fix(#1958): align merge-base fallback with post-code.sh
• c1502b4 fix(#1958): use merge-base-aware diff for protected-path check in post-fix
• db60ac6 fix(#2027): use start comment author instead of GetAuthenticatedUser in analyzeTimeline
• 58cc443 fix(#2032): suppress macOS AppleDouble files in sandbox uploads
• 50a7389 fix(#2045): use PR head SHA in status comment instead of GITHUB_SHA

v0.15.0

Changelog

Features

• b8c548d feat(cli): tee stream-json output to iteration artifact
• 648ea47 feat(web): add landing page, move doc graph to /graph.html
• 7a7c8eb feat: add transitive dependency resolution to URL resolver (ADR-0038 Phase 2 PR 2)
• c430d13 feat: move agent status comments into fullsend run

Bug Fixes

• eb3eff5 fix(cli): inject stdin into runUninstall for testability
• c67eae0 fix(cli): open installation settings URL on uninstall
• 8ea9880 fix(cli): rename section header to "App uninstall"
• 6534fd3 fix(cli): verify apps were uninstalled after user confirmation
• 242dc4f fix(cli): wait for user confirmation after each app uninstall (#323)
• 3a8a7ba fix(cli): warn when app installation list cannot be verified
• e9ec1f2 fix(e2e): use correct GitHub Actions annotation syntax for file parameters
• fded4f2 fix(scaffold): bump dispatch.yml max-lines for document-start marker
• 55adf48 fix(scaffold): use embedded FS in YAML document-start test
• d719299 fix(skills): use tag name as subject when no custom title
• 691782c fix: actually remove agent artifacts from commit in post-code.sh (#1627)
• f1a8d69 fix: add YAML document start marker to all scaffold YAML files
• 8defe0e fix: address review findings for PR #1871
• 63cc119 fix: show exec error when validation script fails to run

Others

• efbd31c Merge pull request #1238 from fullsend-ai/fullsend/code/issue-1236
• 0a72724 Merge pull request #1239 from fullsend-ai/fix/1237-cutting-releases-blank-first-line
• 390e8e8 Merge pull request #1468 from fullsend-ai/fix/1408-retro-debounce-concurrency
• 2ef42dd Merge pull request #1531 from fullsend-ai/agent/1527-review-dispatch-observability
• 76d8088 Merge pull request #1539 from fullsend-ai/agent/1532-fix-fork-check-token
• be348d5 Merge pull request #1573 from fullsend-ai/fix/uninstall-installation-url
• b54eb30 Merge pull request #1593 from fullsend-ai/feat/tee-stream-json-output
• 20ca6d5 Merge pull request #1627 from fullsend-ai/agent/1625-exclude-agent-work-dirs
• 2ab3063 Merge pull request #1644 from fullsend-ai/agent/1640-fix-bot-user-detection
• 4d2eb58 Merge pull request #1871 from ggallen/feat/status-comments-in-run
• 12e6c21 Merge pull request #1905 from fullsend-ai/fix/sandbox-go-ownership
• 5faa79f Merge pull request #1923 from ggallen/feat/adr0038-phase2-transitive-resolver
• 633cf0e Merge pull request #1936 from fullsend-ai/feat/landing-page
• 9ea038f Merge pull request #1947 from fullsend-ai/agent/1946-add-yaml-doc-start-marker
• 64170dc Merge pull request #1962 from fullsend-ai/ci/e2e-unenroll-debug-logs
• 93be032 Merge pull request #1967 from fullsend-ai/chore/gitignore-playwright-mcp
• e281f3a Merge pull request #2005 from fullsend-ai/agent/2003-fix-paginate-jq-pattern
• 26ea552 Merge pull request #2016 from fullsend-ai/agent/2013-sidebar-links-use-anchor
• 4c3923e fix(#1408): debounce retro workflow to make concurrency group effective
• 8a863b2 fix(#1527): warn when automated review misses initial PR window
• 4df9a2a fix(#1532): use github.token for fork-check in dispatch
• 65d752d fix(#1625): exclude agent working directories from git tracking
• f0cc17c fix(#1640): fall back to /app endpoint for bot user detection
• 969292a fix(#1946): add YAML document start marker to shim workflow template
• 665d26c fix(#1960): include disabled repos in repo-maintenance token scope
• cfcbae9 fix(#1960): simplify yq query and improve e2e failure diagnostics
• ca9bfae fix(#2003): use correct pagination pattern for HUMAN_REVIEW_COUNT
• f8113e7 fix(#2013): use elements for sidebar doc links instead of
• ab61e7f fix(images/code): run gopls install as sandbox user

v0.14.3: fix(workflows): restore fully-qualified paths in reusable-dispatch

Changelog

Bug Fixes

• eb5dc3e fix(workflows): use fully-qualified paths in reusable-dispatch stage jobs

Others

• ee04a59 Merge pull request #1971 from fullsend-ai/fix-per-repo-dispatch-paths

v0.14.2: Features: - Add reusable prioritize workflow and dispatch routing (#1761) - Convert scaffold prioritize.yml to thin caller (#1761) - Log requested and granted token scope in mint

Changelog

Features

• 8304d4c feat(action): log fullsend CLI version at workflow start
• 6121ed2 feat(admin): SPA package, Vite workspace, worker merge, and site CI
• 5e1796e feat(admin): SPA package, Vite workspace, worker merge, and site CI
• 9626f1b feat(admin): TS analyze for dispatch-token layer
• 065a958 feat(admin): TS analyze for enrollment layer
• 1265811 feat(admin): TS analyze for secrets layer
• 8c7675b feat(admin): TS analyze for workflows layer
• b4c6332 feat(admin): UX shell, org list defaults, and plan status through task 9
• 338adf4 feat(admin): UX shell, org list defaults, and plan status through task 9
• f5a06ed feat(admin): boot spinner and single GitHub user fetch
• be2c28d feat(admin): boot spinner and single GitHub user fetch
• a4b640b feat(admin): explain empty org list from GitHub status and scopes
• 544c709 feat(admin): explain empty org list from GitHub status and scopes
• b1bb721 feat(admin): fetch org list from user app installations
• 81e3cfa feat(admin): map GitHub app installations to org rows
• 8fb2e11 feat(admin): optional GitHub App slug in OAuth state for install links
• ca16c64 feat(admin): org layer rollup engine, stack analyze, and spec matrix
• 26b5542 feat(admin): org list analysis with install-first fetch priority
• 3ab1c4f feat(admin): org list install UI and post-install refresh
• 5fe1f86 feat(admin): org list with search-as-you-type
• 4516fbe feat(admin): org list with search-as-you-type
• 982451e feat(admin): plan tasks 3–7 for production OAuth
• e975c48 feat(admin): plan tasks 3–7 for production OAuth
• bd74042 feat(admin): profile recovery, OAuth retry, and org row error popovers
• ea3658a feat(admin): progressive org list, 15-row cap, smaller repo pages
• c25c009 feat(admin): progressive org list, 15-row cap, smaller repo pages
• d34d8cb feat(admin): read-only config repo layer analyze in TS
• 2f12ea0 feat(admin): require Turnstile, OAuth BFF hardening, Wrangler rate limits
• 24224de feat(admin): require Turnstile, OAuth BFF hardening, Wrangler rate limits
• ed292c6 feat(admin): richer OAuth boot screen and cancellable Turnstile
• 984acd8 feat(admin): richer OAuth boot screen and cancellable Turnstile
• 52524e5 feat(admin): session flag for org list refresh after app install
• c054f4d feat(admin): validate slug for GitHub app install URL
• a28d8be feat(admin): wire org list to layer analyze and UX row clusters
• 5f7b3c9 feat(agents): add review agent definition and pr-review skill
• fb33422 feat(agents): dual-mode output for review agent
• c2915d6 feat(appsetup): add retro agent app configuration
• 78059ca feat(ci): add e2e workflow with permissions and broader path triggers
• 75aa15d feat(cli): add --env-file flag and FULLSEND_SANDBOX_IMAGE override
• 05be862 feat(cli): add --keep-sandbox flag to fullsend run
• 9521551 feat(cli): add fullsend github sub-command tree
• 52b468d feat(cli): add inference sub-command for standalone WIF provisioning
• 4c0b0d5 feat(cli): add mint sub-command for standalone GCP mint management
• adaa55c feat(cli): log token scope at start of fullsend run
• 0362cc1 feat(cli): watch repo-maintenance workflow after enable/disable repos
• 533b86b feat(cli): wire URL-referenced harness resources into fullsend run
• d0fa9b5 feat(docs): BFS default route helper for directory targets
• fdc78de feat(docs): data attribute on tree file rows for outline scroll
• f231a1a feat(docs): expand outline ancestors for active file route
• 1205113 feat(docs): resolve directory hashes to BFS default page and sync outline
• ece7fde feat(e2e): add TOTP support for 2FA-enabled GitHub accounts
• d693556 feat(e2e): add keyless GCP auth via Workload Identity Federation
• 4e149b3 feat(e2e): add org pool for parallel test runs
• 574b5e8 feat(e2e): add setup script for new e2e pool orgs
• e87452f feat(e2e): admin e2e tests adapted for v6 admin CLI with dispatch token automation
• 74963c0 feat(e2e): download triage run artifacts on failure
• cff31bc feat(e2e): replace programmatic install/uninstall with CLI subprocess
• 3b36b23 feat(e2e): switch to stored browser session for CI auth (ADR 0010)
• 8ab00a0 feat(e2e): use shared mint and fullsend-ai app set
• 28e7a05 feat(images): add multi-arch (amd64 + arm64) sandbox image support
• cae5d89 feat(mint): add --pem-dir flag to bootstrap app set PEMs during deploy
• c1e83bd feat(mint): add Cloud Run revision awareness to status and enroll commands
• e7011d0 feat(mint): add PEM validation, app verification, and improved UX
• b0840dc feat(mint): log requested and granted token scope
• e740fea feat(prioritize): add RICE scoring agent for issue prioritization
• b752641 feat(repo): improve branch cleanup workflow testability
• cafa9c9 feat(retro): add agent-scaffolding skill to retro harness
• 75ae2b2 feat(retro): add harness config and dispatch workflow
• eabecbe feat(retro): add pre and post scripts for retro agent
• 7c56649 feat(retro): add retro dispatch jobs to shim workflow and update stage list
• 8e65d09 feat(retro): add retro-analysis skill and agent definition
• e1eeb78 feat(retro): add schema, sandbox policy, and env file for retro agent
• 48f6e62 feat(review): anchor severity across re-reviews
• f477090 feat(review): docs-review sub-agent context detection
• 409f803 feat(review): parallel specialized sub-agents for each review dimension
• 89e9283 feat(review): pr-review orchestrator with fan-out dispatch
• 9f3c18e feat(run): add --no-post-script flag to skip post-script execution
• 07acd77 feat(run): auto-resolve Linux binary for cross-platform security scan
• d3e9c49 feat(runtime): abstract Claude Code behind pluggable agent runtime
• 1447e9b feat(sandbox): add sanitizeDownload for symlink and git hooks cleanup
• 7090b6f feat(sandbox): replace SSH/SCP/rsync with OpenShell native CLI
• 6a5c68c feat(scaffold): add review agent definition for deployment
• 11b9ad3 feat(scaffold): add review pipeline infrastructure
• 82c6648 feat(scaffold): add review.env and scan-unicode for sandbox
• 3a26cab feat(scripts): add context URL notices to agent pre scripts
• dfaf313 feat(scripts): add deterministic Unicode steganography scanner
• ee584fa feat(security): add canary pretool hook to catch exfiltration via tool inputs
• 24ba5cd feat(security): add canary token and tool allowlist sandbox hooks
• 59d093f feat(security): add unicode PostToolUse hook for runtime scanning
• ac3d47b feat(skill): add pre-flight and post-flight release procedures
• bf540b1 feat(skills): add /topissues slash command for RICE backlog
• d22aa1d feat(skills): add mint-enroll SRE runbook skill
• cccc782 feat(skills): add standalone code-review skill
• 8ebb756 feat(skills): add version confirmation step to cutting-releases
• 5a5b1c0 feat(triage): add OOTB issue-labels skill (#426)
• 26d9bcc feat(triage): add label_actions to triage result schem...

v0.14.1: Features: - Include fullsend version in scaffold commit messages - Add agent-scaffolding skill to retro harness

Changelog

Features

• ac3d47b feat(skill): add pre-flight and post-flight release procedures

Bug Fixes

• d9a9c9b fix(skill): add git fetch before pre-flight diffs, drop unused lint tool
• d96ffb2 fix(skill): address review findings — confirm force-push, trim to 150 lines, add grep backstop
• 87db5c9 fix(skill): force-update tags in release pre-flight and step 1

Refactoring

• 3f2d20c refactor(skill): deepen pre-flight analysis and scope post-flight checks
• c4b6344 refactor(skill): split cutting-releases into phase files

Others

• 61b17a4 Merge pull request #1709 from fullsend-ai/update-release-skill
• c5d7017 Merge pull request #1953 from fullsend-ai/fix/bot-identity
• 1314c58 fix(#1449): resolve bot identity with GraphQL viewer instead of /app

v0.14.0: Features: - Question action for triage agent (#1811) - Skill frontmatter parser for transitive dependency resolution - Diff-size calibration and correctness prioritization for review sub-agents (#1885, #1762) - Staleness and consumer-completeness checks in correctness sub-agent (#1911, #852) - Parallel specialized review sub-agents - fullsend_ai_ref param for self-consistent version pinning in workflows - --keep-sandbox flag for fullsend run - Cloud Run revision awareness for mint status and enroll - Retro agent scaffolding skill - Fullsend version in scaffold commit messages - Wire URL-referenced harness resources into fullsend run - Pluggable agent runtime abstraction

Changelog

Features

• 8304d4c feat(action): log fullsend CLI version at workflow start
• 6121ed2 feat(admin): SPA package, Vite workspace, worker merge, and site CI
• 5e1796e feat(admin): SPA package, Vite workspace, worker merge, and site CI
• 9626f1b feat(admin): TS analyze for dispatch-token layer
• 065a958 feat(admin): TS analyze for enrollment layer
• 1265811 feat(admin): TS analyze for secrets layer
• 8c7675b feat(admin): TS analyze for workflows layer
• 338adf4 feat(admin): UX shell, org list defaults, and plan status through task 9
• b4c6332 feat(admin): UX shell, org list defaults, and plan status through task 9
• f5a06ed feat(admin): boot spinner and single GitHub user fetch
• be2c28d feat(admin): boot spinner and single GitHub user fetch
• a4b640b feat(admin): explain empty org list from GitHub status and scopes
• 544c709 feat(admin): explain empty org list from GitHub status and scopes
• b1bb721 feat(admin): fetch org list from user app installations
• 81e3cfa feat(admin): map GitHub app installations to org rows
• 8fb2e11 feat(admin): optional GitHub App slug in OAuth state for install links
• ca16c64 feat(admin): org layer rollup engine, stack analyze, and spec matrix
• 26b5542 feat(admin): org list analysis with install-first fetch priority
• 3ab1c4f feat(admin): org list install UI and post-install refresh
• 5fe1f86 feat(admin): org list with search-as-you-type
• 4516fbe feat(admin): org list with search-as-you-type
• 982451e feat(admin): plan tasks 3–7 for production OAuth
• e975c48 feat(admin): plan tasks 3–7 for production OAuth
• bd74042 feat(admin): profile recovery, OAuth retry, and org row error popovers
• ea3658a feat(admin): progressive org list, 15-row cap, smaller repo pages
• c25c009 feat(admin): progressive org list, 15-row cap, smaller repo pages
• d34d8cb feat(admin): read-only config repo layer analyze in TS
• 24224de feat(admin): require Turnstile, OAuth BFF hardening, Wrangler rate limits
• 2f12ea0 feat(admin): require Turnstile, OAuth BFF hardening, Wrangler rate limits
• 984acd8 feat(admin): richer OAuth boot screen and cancellable Turnstile
• ed292c6 feat(admin): richer OAuth boot screen and cancellable Turnstile
• 52524e5 feat(admin): session flag for org list refresh after app install
• c054f4d feat(admin): validate slug for GitHub app install URL
• a28d8be feat(admin): wire org list to layer analyze and UX row clusters
• 5f7b3c9 feat(agents): add review agent definition and pr-review skill
• fb33422 feat(agents): dual-mode output for review agent
• c2915d6 feat(appsetup): add retro agent app configuration
• 78059ca feat(ci): add e2e workflow with permissions and broader path triggers
• 75aa15d feat(cli): add --env-file flag and FULLSEND_SANDBOX_IMAGE override
• 05be862 feat(cli): add --keep-sandbox flag to fullsend run
• 9521551 feat(cli): add fullsend github sub-command tree
• 52b468d feat(cli): add inference sub-command for standalone WIF provisioning
• 4c0b0d5 feat(cli): add mint sub-command for standalone GCP mint management
• adaa55c feat(cli): log token scope at start of fullsend run
• 0362cc1 feat(cli): watch repo-maintenance workflow after enable/disable repos
• 533b86b feat(cli): wire URL-referenced harness resources into fullsend run
• d0fa9b5 feat(docs): BFS default route helper for directory targets
• fdc78de feat(docs): data attribute on tree file rows for outline scroll
• f231a1a feat(docs): expand outline ancestors for active file route
• 1205113 feat(docs): resolve directory hashes to BFS default page and sync outline
• ece7fde feat(e2e): add TOTP support for 2FA-enabled GitHub accounts
• d693556 feat(e2e): add keyless GCP auth via Workload Identity Federation
• 4e149b3 feat(e2e): add org pool for parallel test runs
• 574b5e8 feat(e2e): add setup script for new e2e pool orgs
• e87452f feat(e2e): admin e2e tests adapted for v6 admin CLI with dispatch token automation
• 74963c0 feat(e2e): download triage run artifacts on failure
• cff31bc feat(e2e): replace programmatic install/uninstall with CLI subprocess
• 3b36b23 feat(e2e): switch to stored browser session for CI auth (ADR 0010)
• 8ab00a0 feat(e2e): use shared mint and fullsend-ai app set
• 28e7a05 feat(images): add multi-arch (amd64 + arm64) sandbox image support
• cae5d89 feat(mint): add --pem-dir flag to bootstrap app set PEMs during deploy
• c1e83bd feat(mint): add Cloud Run revision awareness to status and enroll commands
• e7011d0 feat(mint): add PEM validation, app verification, and improved UX
• e740fea feat(prioritize): add RICE scoring agent for issue prioritization
• b752641 feat(repo): improve branch cleanup workflow testability
• cafa9c9 feat(retro): add agent-scaffolding skill to retro harness
• 75ae2b2 feat(retro): add harness config and dispatch workflow
• eabecbe feat(retro): add pre and post scripts for retro agent
• 7c56649 feat(retro): add retro dispatch jobs to shim workflow and update stage list
• 8e65d09 feat(retro): add retro-analysis skill and agent definition
• e1eeb78 feat(retro): add schema, sandbox policy, and env file for retro agent
• 48f6e62 feat(review): anchor severity across re-reviews
• f477090 feat(review): docs-review sub-agent context detection
• 409f803 feat(review): parallel specialized sub-agents for each review dimension
• 89e9283 feat(review): pr-review orchestrator with fan-out dispatch
• 9f3c18e feat(run): add --no-post-script flag to skip post-script execution
• 07acd77 feat(run): auto-resolve Linux binary for cross-platform security scan
• d3e9c49 feat(runtime): abstract Claude Code behind pluggable agent runtime
• 1447e9b feat(sandbox): add sanitizeDownload for symlink and git hooks cleanup
• 7090b6f feat(sandbox): replace SSH/SCP/rsync with OpenShell native CLI
• 6a5c68c feat(scaffold): add review agent definition for deployment
• 11b9ad3 feat(scaffold): add review pipeline infrastructure
• 82c6648 feat(scaffold): add review.env and scan-unicode for sandbox
• 3a26cab feat(scripts): add context URL notices to agent pre scripts
• dfaf313 feat(scripts): add deterministic Unicode steganography scanner
• ee584fa feat(security): add canary pretool hook to catch exfiltration via tool inputs
• 24ba5cd feat(security): add canary token and tool allowlist sandbox hooks
• 59d093f feat(security): add unicode PostToolUse hook for runtime scanning
• bf540b1 feat(skills): add /topissues slash command for RICE backlog
• d22aa1d feat(skills): add mint-enroll SRE runbook skill
• cccc782 feat(skills): add standalone code-review skill
• 8ebb756 feat(skills): add version confirmation step to cutting-releases
• 5a5b1c0 feat(triage): add OOTB issue-labels skill (#426)
• 26d9bcc feat(triage): add label_actions to triage result schema (#426)
• dd372c5 feat(triage): implement triage agent with structured JSON output (Story 3)
• fdba34f feat(triage): process label_a...

v0.13.0: Review Agent Refactor

Changelog

Features

• 0362cc1 feat(cli): watch repo-maintenance workflow after enable/disable repos
• f477090 feat(review): docs-review sub-agent context detection
• 409f803 feat(review): parallel specialized sub-agents for each review dimension
• 89e9283 feat(review): pr-review orchestrator with fan-out dispatch
• b8fe569 feat: add resource resolver for URL-referenced harness resources

Bug Fixes

• 1665e91 fix(cli): update followup commands from 'admin install' to 'github setup'
• 28ed9d1 fix(dispatch): route issues opened/edited to triage in per-repo mode
• 0c8944b fix(docs): touchups for affected docs
• 29b66f6 fix(e2e): retry lock verification read to handle auto_init race
• 3933544 fix: check CSMA output for rate limit errors even on exit 0
• eba425f fix: resolve shellcheck SC2188 warning in pre-fetch-prior-review-test
• e721853 fix: validate array elements for empty/whitespace in audience.UnmarshalJSON

Others

• 3eb2b9f Merge pull request #1550 from ben-alkov/feat-review-agent-parallel-specialized-subagents
• de04c5c Merge pull request #1614 from fullsend-ai/fix/e2e-lock-auto-init-race
• 69f8160 Merge pull request #1615 from fullsend-ai/feat/await-repo-maintenance
• 3ed9351 Merge pull request #1620 from fullsend-ai/agent/1619-fix-grep-pipefail-crash
• 793ff92 Merge pull request #1623 from fullsend-ai/feat/resource-resolver
• 3eb9b96 Merge pull request #1645 from fullsend-ai/agent/1139-fix-install-script-path
• 4a2838e Merge pull request #1652 from fullsend-ai/fix/per-repo-triage-on-issue-open
• 2ff097e Merge pull request #1661 from ifireball/cursor/daac3fe8
• 29c5e46 Merge pull request #1669 from fullsend-ai/agent/1667-fix-bot-exclusion-tests
• 80505ad Merge pull request #1680 from fullsend-ai/docs/remove-proposed-adr-status
• 082f8c4 Merge pull request #1681 from fullsend-ai/ci/add-shellcheck
• 988bb4b Merge pull request #1708 from fullsend-ai/docs-iam-roles
• 4197cff Merge pull request #1711 from fullsend-ai/fix/csma-exit-zero-rate-limit
• 13730e5 Merge pull request #1723 from fullsend-ai/agent/1161-reject-empty-audience
• d826228 Merge pull request #1729 from fullsend-ai/agent/1728-fix-failure-comment-url
• 44b67d8 Merge pull request #1747 from fullsend-ai/fix-inference-followup-cmd
• f55f863 fix(#1139): use repo-root-relative path in step 9 install instructions
• 707f30a fix(#1161): reject empty string in audience.UnmarshalJSON
• 58588b3 fix(#1619): guard grep pipeline in pre-fetch-prior-review.sh
• a67c618 fix(#1667): make bot-exclusion tests exercise the jq filter
• 4498496 fix(#1728): use GITHUB_REPOSITORY for workflow run URL in failure comments

v0.12.0: Merge pull request #1696 from fullsend-ai/ci/fix-empty-test-repo

What's Changed

• feat(cli): log token scope at start of fullsend run by @ralphbean in #1333
• feat(cli): add inference sub-command for standalone WIF provisioning by @waynesun09 in #1258
• feat(cli): add mint sub-command for standalone GCP mint management by @waynesun09 in #1261
• feat(cli): add github sub-command for standalone org/repo setup by @waynesun09 in #1259
• feat: add content-addressed cache for remote resources by @ggallen in #1554
• feat: add schema extensions for remote resource allowlists by @ggallen in #1555
• docs: add role-based setup guide and update CLI docs by @waynesun09 in #1621
• fix(#860): sync org variable visibility when enabling repos by @fullsend-ai-coder[bot] in #862
• fix(#1220): add fix role to PerRepoDefaultRoles for dispatch loop by @fullsend-ai-coder[bot] in #1225
• fix: skip existing-PR check when --force is in comment body by @rh-hemartin in #1138
• ADR 0015: Normative implementation contracts live under docs/normative/ by @ifireball in #1635
• docs: accept ADR 0029 central token mint and secretless .fullsend by @ifireball in #1634
• docs: accept ADR 0012 by @ifireball in #1631
• docs: accept ADR 0014 by @ifireball in #1632
• docs: accept ADR 0013 by @ifireball in #1633
• docs(#669): verify API contracts per code path in code skill by @ifireball in #1231
• fix(reusable-fix): propagate gh pr view failures in eligibility check by @rh-hemartin in #1565
• fix(triage): accumulate prior analysis on re-runs by @rh-hemartin in #1571
• fix: restore setup-agent-env.sh copy in prioritize scaffold workflow by @ifireball in #1457
• docs: accept ADR 0041 and update living docs by @ifireball in #1578
• fix(e2e): fix stale lock recovery and improve lock debugging by @ralphbean in #1612
• Add acli (Atlassian CLI) to sandbox image by @guyoron1 in #1506
• fix(#1496): exclude coder bot PRs from pre-code check by @fullsend-ai-coder[bot] in #1497
• ci: add halfsend-03 through halfsend-06 to e2e org pool by @ralphbean in #1663
• fix: use Cloud Run API for env-var-only mint updates by @waynesun09 in #1664
• fix: prevent grep no-match from crashing pre-fetch-prior-review by @waynesun09 in #1673
• docs: deprecate ADR-0028 (GitLab support) by @ggallen in #1657
• feat: add inference deprovision, split Vertex AI ops from mint enroll by @waynesun09 in #1668
• docs(refactor): running agents locally update by @rh-hemartin in #1658
• fix: deduplicate app slugs and suppress browser opens in CI by @waynesun09 in #1671
• refactor!: rename --source-org flag to --app-set in mint enroll by @waynesun09 in #1677
• feat(mint): add --pem-dir to bootstrap PEMs during deploy by @waynesun09 in #1690
• fix(inference): separate WIF pool from mint to prevent cross-domain interference by @waynesun09 in #1703
• fix: use tarball upload for fullsend binary in sandbox by @ralphbean in #1692
• fix(e2e): seed empty test-repo so enrollment PR creation succeeds by @ralphbean in #1696

New Contributors

• @guyoron1 made their first contribution in #1506

Full Changelog: v0...v0.12.0