v0.5.0: libghostty-vt by default, terminal-query replies, and a fail-closed wait

Added

• Default semantic actions (wait, snapshot, screen hash, batch render-wait, host replay) now use libghostty-vt when the optional native package is installed, falling back to ghostty-web when it isn't. Visual artifacts (screenshot, record export --format webm) still default to ghostty-web. Explicit --renderer, AGENT_TTY_RENDERER, and config.json.defaultRenderer overrides keep precedence (#157).
• Host replies to terminal capability queries on the live PTY: OSC 10 (foreground), OSC 11 (background), and DSR ESC[5n (status). Eliminates the Neovim 0.12+ E1568 startup warning leaking into captures. Replies are written as child input and are not appended to the event log, so snapshots, screenshots, and recordings are unaffected (#163).
• Dashboard: pressing Enter in a maximized view now restores it, mirroring Esc. Footer hint updated to esc/⏎ restore (#153).
• CLI exit-code contract documented in docs/USAGE.md (full 0–11 mapping plus batch fail-fast / --keep-going semantics), with a top-of-README anchor nav and a grouped command-surface table (#150).

Changed

• Standalone wait now exits 11 (WAIT_TIMEOUT) on timeout while still emitting the existing ok: true envelope with timedOut: true / matched: false. Makes shell composition fail closed (agent-tty wait … && next-step). Closes #151 (#165).
• Local-state hardening: the per-session RPC socket directory is 0o700, the socket file 0o600, and persisted state files (session manifests, Home Registry) 0o600, regardless of umask. The Home and session directories are locked to 0o700 and events.jsonl to 0o600, so the full terminal byte stream (which can contain secrets) is no longer world-readable (#158, #161).
• Snapshot/wait performance: dropped a redundant deep clone of the event log in the libghostty-vt backend and skipped per-event Zod re-validation on the trusted live-host replay path (seq ordering is still enforced) (#161).
• Pre-1.0 versioning: feat: commits now bump the minor version (e.g. 0.4.x → 0.5.0) instead of being flattened into patches. Breaking changes still bump minor; 1.0.0 remains an explicit Release-As: decision (#152).

Fixed

• Dashboard redraws immediately on terminal/tmux pane resize. Previously, panes kept stale geometry for up to ~1.5s on idle sessions; now they track the new size on the first post-resize frame. Also removes a latent NaN-width path on non-TTY stdout (#162).
• The standing release-please PR is now opened on release-please--branches--main (the package-name component suffix is gone) (#147).
• The README status-version badge is wired into release-please extra-files and bumps with each release PR (#156).

Docs

• README tagline mentions agent-browser alongside Playwright (#155).
• RELEASE.md support contract reworded to be version-agnostic so release-please bumps no longer stale it (#158).
• dogfood-tui skill clarifies when to use live terminal evidence vs source/tests, and that text snapshots are not authoritative for CJK/emoji column-width questions (#164).

---

Install from npm once the trusted publish job for this workflow completes:

npm install -g "agent-tty@0.5.0"
agent-tty version --json

If you need a registry-independent fallback, install the verified tarball asset from this release directly:

VERSION=0.5.0
RELEASE_TAG=v0.5.0
TARBALL_URL=https://github.com/coder/agent-tty/releases/download/v0.5.0/agent-tty-0.5.0.tgz

npm install -g "$TARBALL_URL"
agent-tty version --json

For private releases or environments that require authenticated downloads, fetch the asset first and then install locally:

gh release download "v0.5.0" --repo "coder/agent-tty" --pattern "agent-tty-0.5.0.tgz"
npm install -g "./agent-tty-0.5.0.tgz"
agent-tty version --json

SHA-256 checksum: 60877b6161abfd7e1ee15bdeb2d45231586f4f1d214f0f3e4b4dbc6bfba3c662 (see agent-tty-0.5.0.tgz.sha256 for the portable checksum file).

This workflow prepares one verified tarball and reuses it across GitHub Release assets and npm publishing instead of rebuilding it.