Skip to content

Release v0.23.0

Choose a tag to compare

View all tags
@chopratejas chopratejas released this 04 Jun 14:21
· 268 commits to main since this release
v0.23.0
8006293
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

0.23.0 (2026-06-04)

Features

  • copilot: GitHub Copilot subscription mode through Headroom (f4dff9b)

Bug Fixes

  • ccr: scope proactive expansion by workspace (cross-project leak) (197601b)
  • ccr: scope proactive expansion by workspace (cross-project leak) (1bc163f)
  • codex: keep init model_provider at config root (#260) (304dcc7)
  • codex: keep init model_provider at config root (#260) (849b46d)
  • copilot: deterministic subscription token handoff to the proxy (72da461)
  • copilot: support subscription auth through Headroom (ff4a0c6)
  • correct tiktoken encoding for unknown gpt-4 model snapshots (#552) (0e551de)
  • decode/encode owned config, state and template assets as UTF-8 (2f1538a)
  • decode/encode owned config, state and template assets as UTF-8 (fixes #533) (92075b9)
  • docker: upgrade base images to Python 3.13 / debian13 (e6bf7a0)
  • docker: upgrade base images to Python 3.13 / debian13, drop digest pinning (08a2197)
  • docs: bump next.js to 16.2.6 for GHSA-h64f-5h5j-jqjh (CVE-2026-44577) (a6a09e6)
  • docs: mkdocs configuration to build with correct folder (#543) (5557944)
  • docs: update brace-expansion to 5.0.6 to remediate GHSA-jxxr-4gwj-5jf2 (CVE-2026-45149) (6eb6fb5)
  • docs: update bun.lock to next 16.2.6 for GHSA-h64f-5h5j-jqjh (CVE-2026-44577) (91e0937)
  • ignore brackets inside JSON strings when splitting mixed content (#553) (bdcfc32)
  • learn: decode Unix home dirs whose username contains '.', '-' or '_' (211daae)
  • learn: decode Unix home dirs whose username contains '.', '-' or '_' (491a8b3)
  • learn: finish gemini-flash-latest default model sweep (982d01b)
  • learn: finish gemini-flash-latest default model sweep (#532) (d797366)
  • memory: READ-ONLY framing + fail-closed unresolved-project fallback (a178249)
  • memory: READ-ONLY framing + fail-closed unresolved-project fallback (482f80e)
  • update dashboard doc link (#544) (378d77e)
  • Update Next.js to 16.2.4 in docs/bun.lock to address GHSA-gx5p-jg67-6x7h (CVE-2026-44580) (0b9f11a)
  • Update Next.js to 16.2.6 in docs/package.json and package-lock.json to address GHSA-h64f-5h5j-jqjh (CVE-2026-44577) (db5d15f)
  • Upgrade litellm to 1.86.2 to remediate CVE-2026-42271 (07581b9)

Code Refactoring

  • cli: factor shared wrap-subcommand scaffolding (8eeb926)
  • cli: factor shared wrap-subcommand scaffolding (c74ad11)
Assets 17
Loading