Skip to content

Releases: ambient-code/platform

Release v0.2.7

12 May 13:56
@github-actions github-actions
v0.2.7
28874a9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.7 Latest
Latest

Release v0.2.7

Changes since v0.2.6

🎉 First-Time Contributors

  • quay-devel

Mark Turansky (3)

  • fix(manifests): add NetworkPolicy allowing runner pods to reach ambient-code namespace (#1553) (28874a9)
  • fix(runner): write Google credentials as {email}.json with timezone-naive expiry (#1557) (96c7843)
  • fix(control-plane,manifests): resolve MCP sidecar TLS and api-server proxy failures (#1546) (136db29)

quay-devel (1)

  • fix(operator): attach X-Ambient-Session-Token on all operator→runner calls (#1556) (19840da)

dependabot[bot] (1)

  • chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /components/runners/ambient-runner in the uv group across 1 directory (#1551) (1fdc5e7)

Full Changelog: v0.2.6...v0.2.7

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.7

Metric Value Δ vs Previous
PRs analyzed 4 -26 ↓
Critical issues 2 -21 ↓
Major issues 5 -115 ↓
Issues per PR 1.8 -3.0 ↓
Coverage gaps 5 -120 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.7 2026-05-11 4 2 5 1.8 5

Top Uncovered Patterns

  1. Fix TypeScript compilation error in mock typing. (2 occurrences, impact: 8) — frontend
  2. Prefer the current user's credential file before scanning the directory. (2 occurrences, impact: 6) — runner
  3. Silently returning "" on transient errors recreates the 401 this PR is fixing. (1 occurrences, impact: 3) — operator
  4. Add explicit namespace scoping for this policy (1 occurrences, impact: 3) — manifests
  5. Scope ingress to backend pods, not all pods (1 occurrences, impact: 3) — manifests

Recommended Guardrails

CLAUDE.md Conventions

  • Fix TypeScript compilation error in mock typing.: Enforce via convention (needs specific rule)
  • Prefer the current user's credential file before scanning the directory.: Enforce via convention (needs specific rule)
  • Silently returning "" on transient errors recreates the 401 this PR is fixing.: Enforce via convention (needs specific rule)
  • Add explicit namespace scoping for this policy: Enforce via convention (needs specific rule)
  • Scope ingress to backend pods, not all pods: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for fix typescript compilation error in mock typing. enforcement in TypeScript code
  • PreToolUse hook for prefer the current user's credential file before scanning the directory. enforcement in Python code
  • PreToolUse hook for silently returning "" on transient errors recreates the 401 this pr is fixing. enforcement in Go code
  • PreToolUse hook for add explicit namespace scoping for this policy enforcement in TypeScript code
  • PreToolUse hook for scope ingress to backend pods, not all pods enforcement in TypeScript code
Assets 4
Loading

Release v0.2.6

11 May 12:23
@github-actions github-actions
v0.2.6
a455af3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.6

Release v0.2.6

Changes since v0.2.5

🎉 First-Time Contributors

  • João Vilaça

jsell-rh (13)

  • chore(sdk): regenerate all SDKs with typed action methods (#1524) (3b05694)
  • fix(sdk): extend generator to support typed action methods (#1523) (444697c)
  • feat(sdk): optional token, relative baseUrl, display_name, execution fields (#1513) (3cdb4b6)
  • feat(frontend): add catch-all proxy route for ambient API v1 (#1511) (523a060)
  • fix: resolve golangci-lint errcheck and unused findings (#1507) (e5af6bc)
  • fix(scheduled-sessions): CI lint and review feedback (#1503) (80f9aed)
  • feat(scheduled-sessions): OpenAPI spec + optional agent_id + execution fields (#1502) (27cd77d)
  • refactor(frontend): add ports/adapters API layer for backend migration (#1492) (1b4ec53)
  • feat(frontend): markdown rendering improvements with syntax highlighting (#1476) (c09b35c)
  • refactor: unified spec, skills, and workflow organization (#1488) (15429ad)
  • feat(ui): add scroll-to-bottom button and improve scroll navigation (#1491) (9db12b3)
  • feat(cli): k9s-style TUI resource browser (#1468) (3d9d991)
  • fix(control-plane): map AgentID in gRPC session event deserialization (#1472) (9affddf)

github-actions[bot] (10)

  • deps(runner): bump claude-agent-sdk 0.1.80 (#1541) (a455af3)
  • deps(runner): bump claude-agent-sdk 0.1.77 (#1533) (ed0e6b4)
  • chore: update model manifest (#1530) (070520c)
  • deps(runner): bump claude-agent-sdk 0.1.76, anthropic 0.100.0 (#1516) (64ac3ae)
  • deps(runner): bump claude-agent-sdk 0.1.73, anthropic 0.98.1 (#1495) (c8e0ff9)
  • deps(runner): bump claude-agent-sdk 0.1.72 (#1489) (7379f13)
  • deps(runner): bump claude-agent-sdk 0.1.71 (#1479) (975bb5e)
  • deps(runner): bump claude-agent-sdk 0.1.69 (#1474) (d347d53)
  • deps(runner): bump claude-agent-sdk 0.1.68 (#1467) (146a289)
  • deps(runner): bump claude-agent-sdk 0.1.66, anthropic 0.97.0 (#1459) (954024d)

Mark Turansky (10)

  • spec(security): add security boundary specification and refactor model spec (#1514) (a32da5f)
  • fix(google-oauth): add PKCE support to fix missing code_verifier error (#1481) (0b405b4)
  • fix(google-oauth): set correct OAuth redirect URI for workspace-mcp in runner pods (#1480) (7ba24ef)
  • spec: add ScheduledSession Kind, session sub-resources, and generic proxy surface (#1456) (7e7eded)
  • fix(api-server): handle Keycloak service-account- prefix in OIDC username matching (#1465) (89f4a70)
  • fix(api-server): register pre-auth interceptors when only GRPC_SERVICE_ACCOUNT is set (#1455) (44893b9)
  • fix(api-server): recognize OIDC service tokens as service callers for gRPC authz (#1452) (17d66f1)
  • fix(manifests): reconcile base manifests with MPP — add missing CP and api-server config (#1450) (725c995)
  • fix(manifests): add roles permission to control-plane ClusterRole (#1449) (e247e38)
  • fix(manifests): add CP token server Service and CP_TOKEN_URL for runner gRPC auth (#1448) (ab0b389)

dependabot[bot] (5)

  • chore(deps-dev): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in /e2e in the npm_and_yarn group across 1 directory (#1540) (1f2b53c)
  • chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates (#1539) (e66be46)
  • chore(deps): bump python-multipart from 0.0.26 to 0.0.27 in /components/runners/ambient-runner in the uv group across 1 directory (#1521) (d5fa97b)
  • chore(deps): bump the go_modules group across 2 directories with 1 update (#1462) (7b88431)
  • chore(deps): bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in /components/backend in the go_modules group across 1 directory (#1446) (720bad8)

ambient-code[bot] (5)

  • fix(frontend): mobile responsive layout issues (#1538) (ecff69a)
  • feat(frontend): add sidebar filters for author and status (#1512) (7149354)
  • fix(operator): defer workflow reconciliation until runner is ready (#1487) (6347f32)
  • feat(ui): add scroll-to-top button in session view (#1483) (d1645a9)
  • fix(vertex): switch CLOUD_ML_REGION default from us-east5 to global (#1453) (85af3da)

Gage Krumbach (2)

  • feat(frontend): display workspace name in session UI views (#1544) (44a9b17)
  • feat(build): add org.opencontainers.image.revision OCI label to ambient-control-plane and ambient-mcp (#1543) (af35928)

Jeremy Eder (1)

  • fix(runner): add health probes and improve INITIAL_PROMPT error logging (#1529) (6821b77)

João Vilaça (1)

  • fix(frontend): parse cron scheduled session times as UTC (#1496) (933691f)

Bob Gregor (1)

  • feat(frontend): add FTUE welcome wizard for first-time users (#1473) (e6f1828)

Full Changelog: v0.2.5...v0.2.6

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.6

Metric Value Δ vs Previous
PRs analyzed 16 -14 ↓
Critical issues 3 -20 ↓
Major issues 39 -81 ↓
Issues per PR 2.6 -2.2 ↓
Coverage gaps 38 -87 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.6 2026-05-11 16 3 39 2.6 38

Top Uncovered Patterns

  1. Fix TypeScript compilation error in mock typing. (2 occurrences, impact: 8) — frontend
  2. Normalize the redirect base URL before concatenation. (2 occurrences, impact: 6) — frontend, operator
  3. Handle the integrations query failure path. (2 occurrences, impact: 6) — frontend
  4. Fix ST1000 by adding a package comment for views. (2 occurrences, impact: 6) — cli
  5. Critical: referenced Secret keys do not exist in the base ambient-api-server Secret (1 occurrences, impact: 4) — manifests
  6. Liveness probe will not restart containers due to RestartPolicyNever (1 occurrences, impact: 3) — operator
  7. Public contract break in AgentAPI.start() return type (1 occurrences, impact: 3) — sdk
  8. Resource IDs not URL-encoded in path segments—fix must be applied to generator, not generated file (1 occurrences, impact: 3) — sdk
  9. Fix runs() return type — generator emitted Record<string, unknown> instead of SessionList. (1 occurrences, impact: 3) — sdk
  10. Create endpoint schema exposes server-managed fields as client input (1 occurrences, impact: 3) — api-server

Recommended Guardrails

CLAUDE.md Conventions

  • Fix TypeScript compilation error in mock typing.: Enforce via convention (needs specific rule)
  • Normalize the redirect base URL before concatenation.: Enforce via convention (needs specific rule)
  • Handle the integrations query failure path.: Enforce via convention (needs specific rule)
  • Fix ST1000 by adding a package comment for views.: Enforce via convention (needs specific rule)
  • Critical: referenced Secret keys do not exist in the base ambient-api-server Secret: Enforce via convention (needs specific rule)
  • Liveness probe will not restart containers due to RestartPolicyNever: Enforce via convention (needs specific rule)
  • Public contract break in AgentAPI.start() return type: Enforce via convention (needs specific rule)
  • Resource IDs not URL-encoded in path segments—fix must be applied to generator, not generated file: Enforce via convention (needs specific rule)
  • Fix runs() return type — generator emitted Record<string, unknown> instead of SessionList.: Enforce via convention (needs specific rule)
  • Create endpoint schema exposes server-managed fields as client input: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for fix typescript compilation error in mock typing. enforcement in TypeScript code
  • PreToolUse hook for normalize the redirect base url before concatenation. enforcement in Go code
  • PreToolUse hook for handle the integrations query failure path. enforcement in TypeScript code
  • PreToolUse hook for fix st1000 by adding a package comment for views. enforcement in TypeScript code
  • PreToolUse hook for critical: referenced secret keys do not exist in the base ambient-api-server secret enforcement in TypeScript code
  • PreToolUse hook for liveness probe will not restart containers due to restartpolicynever enforcement in Go code
  • PreToolUse hook for public contract break in agentapi.start() return type enforcement in TypeScript code
  • PreToolUse hook for resource ids not url-encoded in path segments—fix must be applied to generator, not generated file enforcement in TypeScript code
  • PreToolUse hook for fix runs() return type — generator emitted record<string, unknown> instead of sessionlist. enforcement in TypeScript code
  • PreToolUse hook for create endpoint schema exposes server-managed fields as client input enforcement in TypeScript code
Loading

Release v0.2.5

23 Apr 21:34
@github-actions github-actions
v0.2.5
551e4f2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.5

Release v0.2.5

Changes since v0.2.4

🎉 First-Time Contributors

  • jsell-rh

Mark Turansky (2)

  • fix(manifests): add OIDC client credentials to control-plane deployment (#1445) (551e4f2)
  • fix(api-server,control-plane): replace remaining AutoMigrate with raw SQL, fix CP_RUNTIME_NAMESPACE (#1442) (9e787d2)

jsell-rh (2)

  • fix(frontend): correct GitHub callback path and add production ConfigMap patch (#1443) (74900d0)
  • fix(frontend): pass redirect_uri for multi-cluster GitHub App OAuth (#1441) (d845d7f)

Jeremy Eder (1)

  • Rename Sharing to Pair Prompting and improve grant dialog UX (#1444) (47e770f)

Full Changelog: v0.2.4...v0.2.5

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.5

Metric Value Δ vs Previous
PRs analyzed 2 -28 ↓
Critical issues 1 -22 ↓
Major issues 1 -119 ↓
Issues per PR 1.0 -3.8 ↓
Coverage gaps 2 -123 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.5 2026-04-23 2 1 1 1.0 2

Top Uncovered Patterns

  1. Critical: referenced Secret keys do not exist in the base ambient-api-server Secret (1 occurrences, impact: 4) — manifests
  2. Restore required constraints in agents DDL (1 occurrences, impact: 3) — api-server

Recommended Guardrails

CLAUDE.md Conventions

  • Critical: referenced Secret keys do not exist in the base ambient-api-server Secret: Enforce via convention (needs specific rule)
  • Restore required constraints in agents DDL: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for critical: referenced secret keys do not exist in the base ambient-api-server secret enforcement in TypeScript code
  • PreToolUse hook for restore required constraints in agents ddl enforcement in TypeScript code
Loading

Release v0.2.4

23 Apr 17:59
@github-actions github-actions
v0.2.4
d7533c8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.4

Release v0.2.4

Changes since v0.2.3

Mark Turansky (1)

  • fix(runner): restore operator-path credential fetch broken by alpha migration (#1439) (d7533c8)

dependabot[bot] (1)

  • chore(deps): bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 in /components/ambient-api-server in the go_modules group across 1 directory (#1435) (278f6bb)

Jeremy Eder (1)

  • fix: use absolute paths for all Claude Code hook commands (#1434) (e170db0)

Full Changelog: v0.2.3...v0.2.4

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.4

Metric Value Δ vs Previous
PRs analyzed 1 -29 ↓
Critical issues 1 -22 ↓
Major issues 1 -119 ↓
Issues per PR 2.0 -2.8 ↓
Coverage gaps 2 -123 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.4 2026-04-22 1 1 1 2.0 2

Top Uncovered Patterns

  1. Add NOT NULL constraint to owner_user_id column in migration. (1 occurrences, impact: 4) — api-server
  2. Add `components/ambient-sdk/ (1 occurrences, impact: 3) — ci

Recommended Guardrails

CLAUDE.md Conventions

  • Add NOT NULL constraint to owner_user_id column in migration.: Enforce via convention (needs specific rule)
  • Add `components/ambient-sdk/: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for add not null constraint to owner_user_id column in migration. enforcement in TypeScript code
  • PreToolUse hook for add `components/ambient-sdk/ enforcement in TypeScript code
Loading

Release v0.2.3

22 Apr 14:30
@github-actions github-actions
v0.2.3
341747a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.3

Release v0.2.3

Changes since v0.2.2

Mark Turansky (2)

  • fix(ci,api-server): fix control-plane build context and migration parameter mismatch (#1428) (341747a)
  • fix(ci,api-server): add control-plane + mcp to build pipelines, fix migration parameter mismatch (#1426) (0eaa121)

github-actions[bot] (1)

  • deps(runner): bump claude-agent-sdk 0.1.65 (#1422) (36dc70a)

dependabot[bot] (1)

  • chore(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in /components/ambient-mcp in the go_modules group across 1 directory (#1427) (ab3d790)

Full Changelog: v0.2.2...v0.2.3

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.3

Metric Value Δ vs Previous
PRs analyzed 8 -22 ↓
Critical issues 18 -5 ↓
Major issues 58 -62 ↓
Issues per PR 9.5 +4.7 ↑
Coverage gaps 67 -58 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.3 2026-04-22 8 18 58 9.5 67

Top Uncovered Patterns

  1. Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths. (3 occurrences, impact: 12) — sdk
  2. Add resource limits and pin DB image to immutable digest. (3 occurrences, impact: 10) — manifests
  3. Paginate both project and per-project session fetches. (2 occurrences, impact: 7) — cli, other
  4. Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent. (2 occurrences, impact: 6) — backend
  5. Thread the request-scoped K8s client into these Secret helpers. (2 occurrences, impact: 6) — backend
  6. Add NOT NULL constraint to owner_user_id column in migration. (1 occurrences, impact: 4) — api-server
  7. Add explicit timeout to all Gerrit proxy fetch calls (1 occurrences, impact: 4) — frontend
  8. Fix Gerrit response-shape parsing (currently breaks instance extraction) (1 occurrences, impact: 4) — runner
  9. Do not keep stale Gerrit config after fetch failures (1 occurrences, impact: 4) — runner
  10. Serialize credential refresh/cleanup across concurrent runs. (1 occurrences, impact: 4) — runner

Recommended Guardrails

CLAUDE.md Conventions

  • Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths.: Enforce via convention (needs specific rule)
  • Add resource limits and pin DB image to immutable digest.: Enforce via convention (needs specific rule)
  • Paginate both project and per-project session fetches.: Enforce via convention (needs specific rule)
  • Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent.: Enforce via convention (needs specific rule)
  • Thread the request-scoped K8s client into these Secret helpers.: Enforce via convention (needs specific rule)
  • Add NOT NULL constraint to owner_user_id column in migration.: Enforce via convention (needs specific rule)
  • Add explicit timeout to all Gerrit proxy fetch calls: Enforce via convention (needs specific rule)
  • Fix Gerrit response-shape parsing (currently breaks instance extraction): Enforce via convention (needs specific rule)
  • Do not keep stale Gerrit config after fetch failures: Enforce via convention (needs specific rule)
  • Serialize credential refresh/cleanup across concurrent runs.: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for critical: inboxmessageapi endpoints use /projects routes instead of inbox-message-specific paths. enforcement in TypeScript code
  • PreToolUse hook for add resource limits and pin db image to immutable digest. enforcement in TypeScript code
  • PreToolUse hook for paginate both project and per-project session fetches. enforcement in TypeScript code
  • PreToolUse hook for reject all mixed auth-field combinations, not just httptoken + gitcookiescontent. enforcement in Go code
  • PreToolUse hook for thread the request-scoped k8s client into these secret helpers. enforcement in Go code
  • PreToolUse hook for add not null constraint to owner_user_id column in migration. enforcement in TypeScript code
  • PreToolUse hook for add explicit timeout to all gerrit proxy fetch calls enforcement in TypeScript code
  • PreToolUse hook for fix gerrit response-shape parsing (currently breaks instance extraction) enforcement in Python code
  • PreToolUse hook for do not keep stale gerrit config after fetch failures enforcement in Python code
  • PreToolUse hook for serialize credential refresh/cleanup across concurrent runs. enforcement in Python code
Loading

Release v0.2.2

22 Apr 00:44
@github-actions github-actions
v0.2.2
d39cb88
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.2

Release v0.2.2

Changes since v0.2.1

Jeremy Eder (2)

  • fix(security): authenticate AG-UI runner endpoints to prevent cross-session attacks (#1378) (256d97d)
  • feat: add Gerrit integration connector for code review workflows (#1387) (b993135)

dependabot[bot] (1)

  • chore(deps): bump lxml from 6.0.2 to 6.1.0 in /components/runners/ambient-runner in the uv group across 1 directory (#1400) (d39cb88)

Mark Turansky (1)

  • feat(runner,manifests): alpha migration PR 6+7 — runners and Kustomize overlays (#1379) (1aa8b42)

Full Changelog: v0.2.1...v0.2.2

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.2

Metric Value Δ vs Previous
PRs analyzed 7 -23 ↓
Critical issues 17 -6 ↓
Major issues 57 -63 ↓
Issues per PR 10.6 +5.8 ↑
Coverage gaps 65 -60 ↓

Trend

Release Date PRs Critical Major Per PR Gaps
v0.2.0 2026-04-10 30 23 120 4.8 125
v0.2.2 2026-04-21 7 17 57 10.6 65

Top Uncovered Patterns

  1. Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths. (3 occurrences, impact: 12) — sdk
  2. Add resource limits and pin DB image to immutable digest. (3 occurrences, impact: 10) — manifests
  3. Paginate both project and per-project session fetches. (2 occurrences, impact: 7) — cli, other
  4. Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent. (2 occurrences, impact: 6) — backend
  5. Thread the request-scoped K8s client into these Secret helpers. (2 occurrences, impact: 6) — backend
  6. Add explicit timeout to all Gerrit proxy fetch calls (1 occurrences, impact: 4) — frontend
  7. Fix Gerrit response-shape parsing (currently breaks instance extraction) (1 occurrences, impact: 4) — runner
  8. Do not keep stale Gerrit config after fetch failures (1 occurrences, impact: 4) — runner
  9. Serialize credential refresh/cleanup across concurrent runs. (1 occurrences, impact: 4) — runner
  10. Fix namespace mismatch in CP_TOKEN_URL (1 occurrences, impact: 4) — manifests

Recommended Guardrails

CLAUDE.md Conventions

  • Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths.: Enforce via convention (needs specific rule)
  • Add resource limits and pin DB image to immutable digest.: Enforce via convention (needs specific rule)
  • Paginate both project and per-project session fetches.: Enforce via convention (needs specific rule)
  • Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent.: Enforce via convention (needs specific rule)
  • Thread the request-scoped K8s client into these Secret helpers.: Enforce via convention (needs specific rule)
  • Add explicit timeout to all Gerrit proxy fetch calls: Enforce via convention (needs specific rule)
  • Fix Gerrit response-shape parsing (currently breaks instance extraction): Enforce via convention (needs specific rule)
  • Do not keep stale Gerrit config after fetch failures: Enforce via convention (needs specific rule)
  • Serialize credential refresh/cleanup across concurrent runs.: Enforce via convention (needs specific rule)
  • Fix namespace mismatch in CP_TOKEN_URL: Enforce via convention (needs specific rule)

Hookify Rules

  • PreToolUse hook for critical: inboxmessageapi endpoints use /projects routes instead of inbox-message-specific paths. enforcement in TypeScript code
  • PreToolUse hook for add resource limits and pin db image to immutable digest. enforcement in TypeScript code
  • PreToolUse hook for paginate both project and per-project session fetches. enforcement in TypeScript code
  • PreToolUse hook for reject all mixed auth-field combinations, not just httptoken + gitcookiescontent. enforcement in Go code
  • PreToolUse hook for thread the request-scoped k8s client into these secret helpers. enforcement in Go code
  • PreToolUse hook for add explicit timeout to all gerrit proxy fetch calls enforcement in TypeScript code
  • PreToolUse hook for fix gerrit response-shape parsing (currently breaks instance extraction) enforcement in Python code
  • PreToolUse hook for do not keep stale gerrit config after fetch failures enforcement in Python code
  • PreToolUse hook for serialize credential refresh/cleanup across concurrent runs. enforcement in Python code
  • PreToolUse hook for fix namespace mismatch in cp_token_url enforcement in TypeScript code
Loading

Release v0.2.0

10 Apr 20:28
@github-actions github-actions
v0.2.0
5e5f584
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.0

Release v0.2.0

Changes since v0.1.4

🎉 First-Time Contributors

  • Matt Knop
  • Vishali Kamenani
  • ambient-code[bot]
  • angaduom

ambient-code[bot] (15)

  • feat: add org.opencontainers.image.revision OCI label to all container images (#1270) (4137eed)
  • fix: resolve stale Amber Session check runs stuck in_progress (#1255) (2da4ada)
  • fix: update public-api Dockerfile Go version from 1.24 to 1.25 (#1279) (0c5a8e2)
  • fix: improve amber-issue-handler UX (eyes reaction, comments, session links) (#1268) (0f68aa9)
  • fix: remove --insecure-skip-tls-verify from CI oc login commands (#1272) (45ff21f)
  • fix: change default model for new sessions to sonnet-4.6 (#1265) (c2fb97a)
  • fix: align ambient-runner Dockerfile build context with other components (#1260) (d5555f7)
  • feat: custom MCP server configuration per session and project (#1251) (09cf5f1)
  • fix(docs): update GitHub Action docs to match ambient-action v0.0.5 (#1233) (1f254b2)
  • fix: return error when ValidateJiraToken receives malformed URL (#1186) (68d8306)
  • fix(runner): update GITHUB_TOKEN for gh CLI after credential refresh (#1185) (865dd9d)
  • docs: update local-* target references to kind-* equivalents (#1184) (85ef723)
  • fix: enable CodeRabbit auto-review on alpha branch (#1235) (0c95b38)
  • fix(docs): pin zod to v3 to fix docs build (#1223) (f2ca496)
  • fix: display UTC and local timezone in Scheduled Sessions UI (#1195) (f7efeef)

Gage Krumbach (11)

  • feat: improve Slack notification formatting + read issue comments (#1238) (e341b83)
  • feat: live model switching for running sessions (#1239) (07d6126)
  • feat: review queue as readiness gate with Slack notifications (#1240) (c994ec5)
  • fix: read issue comments for full context (#1237) (1d94340)
  • fix: RHOAI MLflow deploy - channel mismatch and auto-create DB secret (#1228) (33be9af)
  • feat: Slack notification on PR creation (#1227) (bcd258c)
  • feat: post check runs on PRs with Amber session link (#1201) (70171b4)
  • feat: add Gmail scopes and bump workspace-mcp to 1.17.1 (#1202) (005806f)
  • Reduce Google Workspace MCP OAuth scopes using granular permissions (#1198) (7270194)
  • chore: bump ambient-action to v0.0.5 (#1197) (cc9ad31)
  • feat: amber GHA — stop-on-run-finished, prompt split, security fixes (#1193) (013f33f)

Jeremy Eder (4)

  • fix(operator): add mlflow.kubeflow.org RBAC to operator ClusterRole (#1286) (5e5f584)
  • fix(deps): resolve 13 Dependabot security alerts (#1284) (2389565)
  • feat(ci): auto-generate loading tips from release metadata (#1044) (5768e12)
  • fix: improve frontend mobile responsiveness (30666a6)

Sidney Glinton (3)

  • CI: Support for pull-reviews video (#949) (0b84775)
  • Deployment for Observability Dashboard (#1261) (519f9e4)
  • perf: add SSAR cache, event log tail reads, and agent status cache (#1026) (ffe4a21)

dependabot[bot] (3)

  • chore(deps): bump the go_modules group across 2 directories with 2 updates (#1256) (02d3d96)
  • chore(deps): bump vite from 6.4.1 to 6.4.2 in /docs in the npm_and_yarn group across 1 directory (#1230) (ab7307a)
  • chore(deps): bump vite from 7.3.1 to 7.3.2 in /components/frontend in the npm_and_yarn group across 1 directory (#1229) (97ab8c0)

Edson Tirelli (2)

  • fix(runner): framework-agnostic observability naming + MLflow trace IDs (#1283) (3dd8436)
  • feat(runner): optional MLflow tracing parallel to Langfuse (#1263) (81c601f)

Ken Dreyer (2)

angaduom (1)

  • Fix hover card covering delete button in sessions sidebar (#1246) (9c0bbeb)

Matt Knop (1)

Martin Prpič (1)

  • Migrate LDAP integration from legacy to IPA (#973) (b130dc8)

Michael Skarbek (1)

  • chore(deps): bump google.golang.org/grpc to v1.79.3 (#1074) (17161ac)

Patrick Martin (1)

  • feat(frontend): show workspace name in sidebar (#1150) (95c1703)

Vishali Kamenani (1)

  • Preserve scroll position when switching between chat and file tabs (#1125) (32faa39)

Full Changelog: v0.1.4...v0.2.0

Loading

Release v0.1.4

03 Apr 17:42
@github-actions github-actions
v0.1.4
440f5b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.1.4

Release v0.1.4

Changes since v0.1.3

Gage Krumbach (1)

  • fix: increase minio PVC to 2Ti to match UAT (#1196) (440f5b9)

Full Changelog: v0.1.3...v0.1.4

Loading

Release v0.1.3

03 Apr 17:10
@github-actions github-actions
v0.1.3
d9106f3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.1.3

Release v0.1.3

Changes since v0.1.2

🎉 First-Time Contributors

  • Edson Tirelli
  • Patrick Martin
  • Timothy S. Williams

Gage Krumbach (20)

  • feat: add stopOnRunFinished CRD field + improve activity tracking (#1192) (5c54225)
  • feat: consolidate Amber Handler — single workflow for all AI automation (#1180) (f56fb3c)
  • fix: wait for DSC v2 API and add DB migration for MLflow deploy (#1188) (7d9f8c7)
  • fix: wait for DataScienceCluster CRD before applying DSC (#1187) (2118509)
  • feat: split triage and pr-fixer into separate GHA workflows (#1177) (54b5803)
  • fix: route scheduled follow-up prompts through backend AG-UI proxy (#1161) (703a6f5)
  • fix: restore OPERATOR_IMAGE valueFrom in backend manifest (#1160) (30c45e9)
  • fix: remove OPERATOR_IMAGE from manifest to avoid deploy failure (#1159) (7fc332f)
  • fix: use root path for runner AG-UI endpoint in trigger (#1158) (1421371)
  • fix: correct backend deployment name in CI workflows (#1156) (b6bffdb)
  • fix: inject BOT_TOKEN into runner container for INITIAL_PROMPT auth (#1153) (8a73621)
  • fix: use SHA tags everywhere in CI, remove detect-changes (#1147) (05baf7c)
  • feat: add jira-write feature flag for per-workspace Jira write access (#1138) (4b12c81)
  • feat: add reuse last session option for scheduled sessions (#1136) (497f938)
  • fix: scheduled sessions fail due to Service name exceeding 63-char K8s limit (#1129) (3ac925a)
  • Revert "spec: skills and workflows — discovery, installation, and usage" (#1119) (65e454c)
  • spec: skills and workflows — discovery, installation, and usage (#1117) (06993c5)
  • fix: disable MinIO bucket versioning to prevent unbounded storage growth (#1099) (595d790)
  • ci: push PR images to Quay and tag full stack for deployment (#1077) (c18c02c)
  • ci: push PR images to Quay for pre-merge testing (#1076) (208e4e2)

Jeremy Eder (14)

  • feat(runner): upgrade to UBI 10, add glab CLI, pin versions, add freshness workflow (#1091) (8188e53)
  • feat: add unleash-flag skill for feature flag workflow (#1176) (86c8957)
  • feat: add stale issue workflow (#1170) (4b928a0)
  • fix(runner): restore tool error reporting on ToolCallEndEvent (#1100) (0af8f62)
  • chore(ci): consolidate GHA workflows and reserve SDK bumps for dedica… (#1142) (095990c)
  • fix(deps): address Dependabot security alerts (#1165) (159fdb8)
  • feat: add /pr-fixer skill for triggering PR fixer workflow (#1144) (b28fb27)
  • feat: automated SDK version bump workflow with feature analysis (#987) (9c11bc8)
  • fix: cap access key token lifetime at 1 year, remove never-expire (#1141) (f50505a)
  • Rename sdk-drift-check.yml to ambient-sdk-drift-check.yml (#1140) (e4021d2)
  • chore: add CodeRabbit configuration for automated PR reviews (#1066) (f9dc970)
  • fix: add Token Lifetime selector to Access Keys page (#1084) (77ace72)
  • docs: improve dev-cluster skill with Vertex AI, Unleash, and troubleshooting (#1108) (d1117d8)
  • fix: resolve Docker image prefix mismatch for kind-local deploys (#1105) (3722575)

dependabot[bot] (5)

  • chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates (#1155) (2c4b10d)
  • chore(deps-dev): bump dompurify from 3.3.1 to 3.3.3 in /docs in the npm_and_yarn group across 1 directory (#1087) (8ac0f85)
  • chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /components/runners/ambient-runner in the uv group across 1 directory (#1086) (2ac0cf4)
  • chore(deps): bump the npm_and_yarn group across 4 directories with 3 updates (#1069) (0b81397)
  • ci(deps): bump actions/checkout from 4 to 6 (#993) (9ceb4ca)

github-actions[bot] (2)

Bob Gregor (2)

  • fix: eliminate broken pipe warnings in benchmark harness (#1148) (1a98e43)
  • feat: Local DevEx: Component Hot Reloading, component benchmarks for warm/cold builds (#1095) (40a1e6c)

Ken Dreyer (2)

  • remove minikube from Makefile (#1036) (2bc8e00)
  • surface network errors from integration token validation (#1062) (48b7f09)

Edson Tirelli (1)

  • Adding RHOAI MLflow component into the cluster (#1166) (bb23a92)

Patrick Martin (1)

  • fix: add OC_USER and OC_EMAIL to dev-env .env.local (#1151) (26687af)

Christian Vogt (1)

  • fix(frontend): thread branch and autoPush through new session repo flow (#1169) (c0270d8)

Timothy S. Williams (1)

  • feat(frontend): add scheduled session editing UI (#1106) (072f1a1)

Rahul Shetty (1)

  • fix(grafana): Resolve issue with add-grafana make command & add new K8s dashboard (#1018) (28cd90b)

Mark Turansky (1)

  • chore(ci): sync alpha branch from main on every push (#1089) (f81b269)

Full Changelog: v0.1.2...v0.1.3

Loading

Release v0.1.2

27 Mar 14:43
@github-actions github-actions
v0.1.2
f1f5bb1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.1.2

Release v0.1.2

Changes since v0.1.1

github-actions[bot] (3)

  • [Amber] Fix: Bug: File upload rejects WinZip archives due to strict Content-Type MIME validation (#1053) (f1f5bb1)
  • [Amber] Fix: Bug: Custom workflows default to workflows/default as the path when no path is specified breaking user expectations (#1048) (2b5b2aa)
  • [Amber] Fix: fix(runner): mid-run GITHUB_TOKEN refresh via MCP tool does not reach CLI subprocess (#1068) (a126200)

dependabot[bot] (2)

  • ci(deps): bump docker/build-push-action from 6 to 7 (#995) (2bf8d2f)
  • ci(deps): bump dorny/paths-filter from 3 to 4 (#994) (60f96a0)

Jeremy Eder (1)

  • feat(backend): filter disabled workflows from OOTB listing (#1054) (f73f1d2)

Bob Gregor (1)

  • fix(frontend): New Session Context: Keyup/KeyDown event listeners, fix repo "badge X" does not work (#1072) (eedc650)

Full Changelog: v0.1.1...v0.1.2

Loading