You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cyrus-authored PRs and MRs are now reliably tagged — After every gh pr create/gh pr edit, glab mr create/glab mr update/glab mr edit, or gt submit command, Cyrus automatically appends a hidden <!-- generated-by-cyrus --> marker to the live PR/MR description if it isn't already there. This ensures the GitHub/GitLab webhook handlers can recognize Cyrus-authored PRs (so "Changes requested" events get forwarded back) even when the agent forgets to include the marker in the body it submits. (CYPACK-1141, #1162)
PR guardrail when sessions try to stop with unshipped work — When the agent attempts to end a session, Cyrus now inspects the worktree and blocks the first stop attempt if there are uncommitted changes or commits ahead of the upstream branch, prompting the agent to commit, push, and open a pull request. Sessions with no code changes (e.g. questions, research) stop normally. (CYPACK-1140, #1161)
Remote Claude session transcripts — When CYRUS_APP_URL, CYRUS_API_KEY, and CYRUS_TEAM_ID are all set, Cyrus now mirrors every Claude session transcript to the hosted Cyrus control plane (in addition to the local JSONL on disk). This lets sessions be inspected or resumed from any host, even after the ephemeral worktree is torn down. The transport speaks the Claude Agent SDK's SessionStore contract and passes the full 13-check behavioral conformance suite from the upstream SDK. Set CYRUS_DISABLE_REMOTE_SESSION_STORE=1 to opt out and keep transcripts local-only. (CYPACK-1121)
Optional Sentry error tracking — When both CYRUS_SENTRY_DSN and CYRUS_TEAM_ID are set (and CYRUS_SENTRY_DISABLED is not), all logger.error(...) calls across the codebase (Claude Code/runner errors, edge-worker failures, webhook transport errors, persistence errors, uncaught exceptions, unhandled rejections) are reported to Sentry as Issues, and WARN/ERROR logs plus major lifecycle events (session started/resumed/completed/stopped, Claude session ID assigned, message emitted, webhook received, Claude query options) are forwarded to Sentry Logs tagged with team_id, component, and active session/issue/Claude-session identifiers — debug/info logs stay local to keep volume bounded. CYRUS_TEAM_ID is the single gate for both Issues and Logs: installs without a tenant tag stay silent. Set CYRUS_SENTRY_DISABLED=1 to opt out entirely (also disables the bundled default DSN once it ships). Override the environment tag with CYRUS_SENTRY_ENVIRONMENT, sample errors with CYRUS_SENTRY_SAMPLE_RATE (0.0–1.0). Every event is enriched with a structured cyrus context block alongside linear_workspace/deployment_id if those env vars are set. The Sentry SDK's own internal debug output is gated separately on CYRUS_SENTRY_DEBUG to avoid flooding the terminal. Outgoing events and logs are scrubbed for token-shaped strings and sensitive keys before transmission (including breadcrumbs from console output), and grouped by a stable fingerprint so log messages with embedded IDs/paths don't fragment into one issue per occurrence. No telemetry is sent unless both env vars are present. (CYPACK-1142)
New /linear-webhook endpoint for Linear webhooks — The Linear webhook URL in your OAuth application can now be set to <CYRUS_BASE_URL>/linear-webhook. The legacy /webhook path continues to work for backward compatibility but is deprecated and will log a warning on first use. (CYPACK-1119, #1142)
Base branch update notifications - When your base branch receives new commits while Cyrus is working, the active session is automatically notified to rebase, helping avoid merge conflicts. (CYPACK-978, #1004)
Blocked-by dependency deferral - Issues with unresolved blocked_by relationships are now automatically deferred instead of starting immediately. Cyrus posts an acknowledgment and starts work automatically when all blocking issues are resolved. User re-prompts also re-check blocking status. (CYPACK-978, #1004)
Changed
Bump OpenAI Codex SDK (@openai/codex-sdk) to v0.125.x — Updates the pinned Codex integration to match the current @openai/codex release line bundled by that SDK (codex CLI 0.125.0, including richer codex exec/turn.completed usage fields such as reasoning output tokens observed in streamed JSON sessions). Hosts relying on Cyrus’s pinned CLI via this dependency should behave the same aside from additive telemetry from Codex itself. (CYPACK-1151, #1171)
Cursor sessions now run via the @cursor/sdk TypeScript SDK instead of spawning the cursor-agent CLI; permission allow/deny is now enforced via .cursor/hooks.json rather than .cursor/cli.json (CYPACK-1149).
Warm Claude sessions are now opt-in — On startup, Cyrus no longer pre-spawns Claude Code subprocesses for the 30 most recent sessions by default. To restore the previous near-zero cold-start latency on the first message after a restart, set CYRUS_ENABLE_WARM_SESSIONS=1 in the environment. (CYPACK-1116)
Claude SDK subprocesses now exit at turn end unless warm mode is enabled — When CYRUS_ENABLE_WARM_SESSIONS is unset, the streaming prompt is completed when the SDK emits a result message, which lets the underlying Claude Code subprocess actually exit and free its memory at the end of a turn (restores the pre-warm-sessions behavior). When CYRUS_ENABLE_WARM_SESSIONS=1, the streaming prompt stays open and the subprocess is kept alive so follow-up messages reuse the warm session.
Fixed
Patched 6 high-severity tar advisories pulled in by the new @cursor/sdk integration — The @cursor/sdk → sqlite3 → tar@6.2.1 chain introduced in CYPACK-1149 was flagged by Dependabot for six path-traversal/hardlink/symlink advisories (CVE-2026-24842, CVE-2026-23745, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802, and a related race condition). A root pnpm.overrides entry now pins tar to >=7.5.11 for all transitive consumers; sqlite3's install script and the rest of the dep graph still resolve cleanly. (CYPACK-1159)
Cursor sessions no longer crash with "Could not locate the bindings file" for sqlite3 — The @cursor/sdk switch in CYPACK-1149 introduced a transitive dependency on sqlite3@5.1.7, whose native node_sqlite3.node binding is fetched/built by an install lifecycle script. pnpm 10 blocks dependency lifecycle scripts by default, so fresh installs ended up with sqlite3 present but no native binding, and the first Cursor session on a clean pnpm install crashed at runtime. sqlite3 is now in pnpm.onlyBuiltDependencies so its install script runs and the prebuilt binary lands on disk. (CYPACK-1158, #1174)
Stop signals no longer trigger "Request was aborted" errors on non-warm sessions — Previously, every stop signal called the SDK's query.interrupt() regardless of whether the session was warm, which surfaced an Error: Request was aborted from non-warm sessions. Stop signals now branch on session state: non-warm sessions are stopped immediately on the first signal, while warm sessions retain the existing two-step interrupt-then-stop UX (interrupt on first stop, full terminate on a second stop within 10s). (CYPACK-1145, #1165)
Chat-platform replies (Slack/GitHub) are now posted when warm sessions are enabled — Previously, ChatSessionHandler waited for runner.startStreaming() to resolve before calling the adapter's postReply. With CYRUS_ENABLE_WARM_SESSIONS=1 the streaming prompt stays open across turns, so startStreaming never resolved and no reply was ever posted. Reply posting is now driven by result messages on the runner's message stream, decoupled from session termination. A FIFO queue of pending events per session ensures each turn (initial prompt, resume, or injected follow-up) is paired with its corresponding reply.
Improved ToolSearch presentation in Linear activities — ToolSearch calls now post as a regular action entry (with an expandable result) instead of a bare thought. The parameter reads like "Loading tool schemas: TaskCreate, TaskUpdate" or "Searching tools for: +linear get_issue", and the expanded result shows the tools that were loaded (e.g. "Loaded tools: TaskCreate, TaskUpdate"). (CYPACK-1112, #1134)
Fixed
Fixed garbled activity labels for parallel deferred-tool calls — When Claude issued multiple ToolSearch (or other local deferred-tool) calls in quick succession, Linear sometimes displayed the result under a generic "Tool" label with a raw list of tool names (e.g. Tool / mcp__digitalocean-droplets__droplet-create / ...) instead of the proper ToolSearch action with a formatted result. Internal message processing is now serialized per session so the tool-use handler always registers before its matching tool-result is formatted. (CYPACK-1112, #1134)
Eliminated spurious blank lines in the Linear activity log — Empty/whitespace-only assistant turns no longer produce blank "thought" activities, which previously appeared as an extra empty line between the "Using model: ..." notification and the first real tool call. (CYPACK-1112, #1134)
Security
Tightened sandbox and tool permission defaults — Claude sessions now run with stricter out-of-the-box restrictions: the OS-level sandbox enforces denyRead: ["~/"] + allowRead: ["."] (home directory blocked, worktree allowed) and allowWrite scoped to the session worktree only. On the tool permission side, Read, Edit, and Write are now narrowed to Read(**), Edit(**), and Write(**) to prevent unintended matches. Home directory files (SSH keys, credentials, etc.) are explicitly enumerated and added to disallowedTools at session start, working around the fact that Read(~/**) does not match in Claude Code's permission layer. (#1123)
Addressed open security advisories — Refreshed pnpm-lock.yaml so vulnerable transitive dependencies resolve to their patched versions (protobufjs, path-to-regexp, picomatch, flatted, brace-expansion, yaml, follow-redirects, vite, hono, @hono/node-server) through their existing direct-dep paths, without introducing new pnpm.overrides entries. (CYPACK-1101, #1128)
Changed
Updated @anthropic-ai/claude-agent-sdk to v0.2.117 — Bumps the bundled Claude Code binary from v2.1.116 to v2.1.117 (parity release with no tool-list changes). Also fixes scripts/extract-claude-tools.sh to work with the new native binary structure introduced in SDK v0.2.113 (now resolves the platform-specific optional dependency instead of the removed cli.js). See SDK changelog for details. (CYPACK-1120, #1143)
Update @anthropic-ai/claude-agent-sdk to v0.2.116 — Bumps the bundled Claude Code binary from v2.1.114 to v2.1.116 (parity releases with no tool-list changes). See SDK changelog for details. (CYPACK-1111, #1133)
