Skip to content

Releases: fatecannotbealtered/gitlab-cli

v1.2.15

Choose a tag to compare

@github-actions github-actions released this 08 Jul 10:13

[1.2.15] - 2026-07-08

Fixed

  • Package-manager update success now reports the final post-install state (current_version == target_version, update_available: false) and clears the cached update notice immediately after the package manager commits.
  • Post-swap Skill-sync partial-success details now also report target_version and update_available: false, so agents can tell the binary is already at the target version even though the Skill still needs syncing.
  • Windows Go test binaries (*.test.exe) no longer read or write the real user update-notice cache by default.

v1.2.14

Choose a tag to compare

@github-actions github-actions released this 02 Jul 06:32

[1.2.14] - 2026-07-02

Changed

  • Bumped github.com/theupdateframework/go-tuf/v2 to 2.4.2 (#13) — the TUF client used by update's trust-root/signature verification, vendored into the release binary.

Fixed

  • npm ci lockfile drift fixed. The per-platform optionalDependencies subentries in package-lock.json (node_modules/@fateforge/gitlab-cli-*) were missing their version, so once those platform packages were published, npm ci failed its consistency check (lock file's <pkg>@ does not satisfy <pkg>@<version>). The version bump (scripts/version-files.js) now syncs the lockfile platform subentries too, and check-version.js guards them, so the drift can't silently recur.

v1.2.13

Choose a tag to compare

@github-actions github-actions released this 29 Jun 02:44

[1.2.13] - 2026-06-29

Fixed

  • update notice cache reads are now version-aware: a cached update_available notice is suppressed once the running binary is already at or past the cached latest version. This closes a gap on the package-manager update path, which upgrades through the manager without clearing the cache, so within the 24h cache TTL business commands no longer kept advertising an update to a version already installed.
  • update now routes a Homebrew-managed install (detected by path or the install-method override) through the package-manager-driven path (brew upgrade gitlab-cli) instead of letting it fall through to the standalone in-place binary swap. Replacing a Cellar-managed binary in place would desync Homebrew's metadata; the manager now owns the upgrade (CLI-SPEC §14).

v1.2.12

Choose a tag to compare

@github-actions github-actions released this 25 Jun 15:31

[1.2.12] - 2026-06-25

Added

  • Canonical JSON contract is now single-sourced from the ai-native-cli-spec template (pinned via .agent/SPEC_VERSION=v1.4). contract/contract.json is vendored and generates internal/contract/contract_gen.go; the error-code → exit → retryable mapping and schema_version now derive from it, so they cannot drift from the fleet contract. E_CANCELLED is registered in contract/contract-ext.json (exit 5, non-retryable) to keep it valid. A new conformance test (internal/output/contract_conformance_test.go) asserts every emitted error code, the exit/retryable mapping, the envelope key sets, and meta keys match the contract.

Changed

  • The bundled .agent/ specs are now synced (not hand-maintained) from ai-native-cli-spec@v1.4, which adds the machine-readable contract governance (CLI-SPEC §3.1) and the install-method dispatch note for update. A check-spec CI guard is added to the npm-audit job to fail closed on drift of the vendored specs/contract or the generated module.
  • update now drives the package manager for npm/Go-managed installs. A bare gitlab-cli update runs npm install -g @fateforge/gitlab-cli@<version> (or go install …@<version>) on the user's behalf, then syncs the Skill, reporting status: "installed". The binary is never mutated in place under a package manager. --check/--dry-run stay read-only and preview the package-manager command without running it. A package-manager failure reports E_IO (exit 1) with binary_replaced: false and the exact command to run manually.

v1.2.11

Choose a tag to compare

@github-actions github-actions released this 25 Jun 06:06

[1.2.11] - 2026-06-25

Fixed

  • update discover/download failures are now classified by the upstream HTTP status type through the single ErrorCodeFromStatus mapping instead of being collapsed into E_NETWORK or sniffed out of the human-readable message (CLI-SPEC §6): a 404 is the non-retryable E_NOT_FOUND (exit 3), 429E_RATE_LIMITED, 5xxE_SERVER, transport errors stay E_NETWORK. The discover-stage failure now carries the same stage/current_version/binary_replaced invariant as the other stages.
  • The verify_signature stage now splits transport vs integrity: a failure fetching the Sigstore bundle is reported as a retryable network/HTTP failure (classified by status), while only a genuinely missing/invalid signature stays the non-retryable E_INTEGRITY. Previously any bundle-download blip was misreported as an integrity failure an agent must not retry. The TUF trust-root refresh in the in-process verifier is now bounded by a timeout and cancelled on ctx (SIGINT) rather than running on an unbounded http.DefaultClient.
  • A TUF trust-root refresh failure during verify_signature is now also classified as retryable network, not E_INTEGRITY. When the embedded-TUF metadata refresh fails because the Sigstore TUF registry is down/slow/DNS-unresolvable — the bounded 30s refresh timing out while the parent context is still alive, or the fetch returning a transport error — the verifier wraps it as a trust-root-unavailable network condition (E_TIMEOUT exit 8 for a deadline, E_NETWORK exit 7 for a transport error, retryable:true). Previously this transient network step collapsed into the non-retryable E_INTEGRITY (exit 1), telling an agent not to retry a forged-release verdict that had not actually occurred. Only a genuine signature/identity/checksum mismatch remains E_INTEGRITY.
  • install_method is now a real probe of the running executable's path (npm node_modules, Homebrew Cellar, go install GOPATH/bin, otherwise binary; overridable via GITLAB_CLI_INSTALL_METHOD). The field was previously declared but never assigned, so it was always omitted from update results and notices.
  • A successful self-update now clears the cached update_available notice immediately after the binary swap, so business commands stop nagging to update to the version that was just installed (the next active check rewrites the cache).

Changed

  • Windows self-update now performs the binary swap in place atomically via the same cross-platform rename trick used on Unix (write .<base>.new → rename the in-use binary to .<base>.old → rename .new into place → restore .old on failure → remove .old on success, ignoring a still-locked .old on Windows). The previous Windows path that wrote a .cmd shim and scheduled a replace-on-restart is gone: update now reports status: "installed" / binary_replaced: true immediately on every platform, and no longer emits the pending_path field or a scheduled status.

v1.2.10

Choose a tag to compare

@github-actions github-actions released this 22 Jun 15:32

[1.2.10] - 2026-06-22

Added

  • The cached update-available notice now also appears in every command's meta.notices (CLI-SPEC §3, §14), read only from the local cache with zero network I/O — business commands surface the cached notice without ever phoning home. It is omitted when the cache has nothing to report. The active-check commands (context / doctor / update --check) keep their fresh data.notices view.
  • Update notices are now severity-graded at check time from the embedded CHANGELOG delta between the running and latest versions: warning when the delta contains a security entry or the latest crosses a major version, otherwise info (critical is reserved). The computed severity is stored in the cache, so the cached meta.notices carries the right level.

v1.2.9

Choose a tag to compare

@github-actions github-actions released this 21 Jun 10:04

[1.2.9] - 2026-06-21

Changed

  • update is now a single command with no confirm token. A bare gitlab-cli update performs the whole self-update in one call — resolve latest (or --target-version) → verify signature → verify checksum → replace binary → sync Skill — and is exempt from the --dry-run--confirm <token> write gate (in-process Sigstore verification is the safety guarantee, not an agent's review of a preview). update --check and update --dry-run stay as optional read-only flags; --dry-run now issues NO confirm_token and NO expires_at. update is idempotent: already-latest returns ok with a no-op. Other write commands are unchanged.

Added

  • Staged failure & interruption envelope for update. Every update failure carries stage (discover|download|verify_signature|verify_checksum|replace|skill_sync), current_version, binary_replaced, and skill_sync_status. Failures are classified by next action: discover/download → retryable E_NETWORK/E_TIMEOUT/E_RATE_LIMITED; signature/checksum → non-retryable E_INTEGRITY (exit 1, unchanged fail-closed behavior); replace stage local failures → E_IO (exit 1) or E_FORBIDDEN (exit 4) instead of being misclassified as E_NETWORK. A skill-sync failure after a successful binary replace is now PARTIAL SUCCESS (ok:false, binary_replaced:true, retryable:true) carrying skill_sync_command, instead of a hard error that hid the binary already being updated.
  • SIGINT/SIGTERM during update is trapped: it unwinds to a clean state, always cleans the temp dir, and still emits a terminal JSON envelope (E_INTERRUPTED, exit 130) stating the post-state per the stage invariant.
  • New error codes E_IO (→ exit 1) and E_INTERRUPTED (→ exit 130) added to the output error package and code→exit mapping.

v1.2.8

Choose a tag to compare

@github-actions github-actions released this 16 Jun 19:51
99e324c

[1.2.8] - 2026-06-16

Added

  • repo commit list now answers "commits by a person over a time range" and scales across scopes. New flags: --author (server-side author filter, GitLab 15.10+), --with-stats (per-commit additions/deletions/total, so an agent can size output without any diff), and --all-branches (all refs, not one branch). The scope selector is --project (now repeatable / comma-separated), --group (every project under the group tree, subgroups included), or --all-projects (every project the token can see; fail-closed without --author). Multi-project scopes fan out client-side (CLI-SPEC §15): each commit item carries its project, and data reports scope, projectsScanned, and projectErrors[] — a project that fails to scan is reported, not silently dropped, and never aborts the rest.
  • repo commit diff <sha> returns the per-file diff for one commit (structured files[] with oldPath/newPath, newFile/deletedFile/renamedFile, computed additions/deletions, and the diff patch). It is a heavy sub-resource kept out of commit list: triage with commit list --with-stats, then read diffs only for the SHAs that matter. --fields newPath,additions,deletions yields a cheap inventory without the patch text; --path narrows to one file.

v1.2.7

Choose a tag to compare

@github-actions github-actions released this 16 Jun 14:05

[1.2.7] - 2026-06-16

Fixed

  • npm optionalDependencies platform-package pins now match the package version. The previous release bumped the top-level version but left the pins at the prior version, so npm install resolved a stale platform binary (the new wrapper with the old binary). The publish workflow now rewrites optionalDependencies from the package version before npm publish, so the pins can no longer drift from the single source of truth.

v1.2.6

Choose a tag to compare

@github-actions github-actions released this 16 Jun 12:41

[1.2.6] - 2026-06-16

Changed

  • update now verifies the release Sigstore signature on checksums.txt in-process (embedded sigstore-go, bootstrapped from the embedded TUF trust root) instead of shelling out to an external cosign. Verification is mandatory and fail-closed: a missing signature bundle, a signature that does not verify against this repo's tagged release-workflow identity, or a checksum mismatch all refuse the update — there is no skip path. Releases are now signed with cosign sign-blob --new-bundle-format.

Security

  • Release-integrity failures (missing/invalid signature or checksum mismatch) now return the non-retryable E_INTEGRITY error code (exit 1) instead of a retryable network code, so an agent treats a possible supply-chain issue as a hard stop rather than retrying.