Skip to content

v3.3.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 09:50
4b3c73e

v3.3.0

Released 2026-07-11.

An operator-capability release. The dashboard gains authentication with
scoped tokens whose every decision lands a governance receipt, a new agy
adapter joins the matrix with a nightly conformance canary sealing its
probe results, and the run review board projects the run journal into a
web view backed by sealed evidence bundles. Groundwork lands for Windows
parity and for installing bernstein as an agent skill or plugin.

Dashboard authentication and scoped tokens (#2366)

The dashboard is no longer an all-or-nothing surface. Operators issue
scoped credentials, and every authentication decision is a receipt:

  • Password login and scoped bearer tokens coexist; tokens carry either a
    read-only or an operator scope, and route access is enforced per scope.
  • Token grants and revocations are signed journal rows; a tampered grant
    fails signature verification and is treated as no grant at all.
  • Every allow or deny decision is recorded as a governance journal
    receipt, so an access review can reconstruct exactly who reached which
    surface and under which credential.
  • bernstein dashboard-token issues, lists, and revokes tokens from the
    CLI; revocation is itself a signed journal row, never a silent delete.

agy adapter and adapter conformance canary (#2368)

agy joins the adapter matrix, and adapter contracts are now exercised
nightly instead of waiting for a user's broken run:

  • The agy adapter maps goals onto the agy CLI with the same contract
    surface as every other adapter, including golden transcripts and a
    contract fixture.
  • A nightly canary probes every primary adapter against whatever upstream
    version is installed; each probe result is a sealed, content-addressed
    receipt mirrored into the audit chain.
  • A last-green table names the newest upstream version each adapter
    passed with, and every row carries the hash of the receipt that
    attested it. bernstein doctor reads the same projection and advises
    when the installed version is newer than the last attested one.
  • Issue automation is threshold-gated and deduplicated: one upstream
    flake never opens an issue, and the same failure fingerprint never
    opens two.

Run review board core (#2365)

Finished runs can now be reviewed on a board instead of by reading raw
journals:

  • The board is a deterministic projection of the run journal: the same
    journal always produces the same board state, byte for byte, with no
    hand-maintained status anywhere.
  • A web view lists runs with their outcomes, decisions, and artefacts,
    consuming sealed evidence bundles so what the reviewer sees is what the
    journal attests.
  • Further review-board phases (annotations, sign-off flows) are tracked
    separately.

Windows parity groundwork (#2367)

The platform layer gains the pieces Windows needs, validated so far on
the existing test matrix:

  • Process cleanup emits reap receipts into the audit chain, so a killed
    worker tree is reconstructable after the fact on every platform.
  • Job Object process management groups worker processes on Windows the
    way process groups do on POSIX, closing the orphaned-child gap.
  • Worktree isolation is junction-aware, so per-task isolation survives
    filesystems where symlinks require elevation.
  • Full validation on Windows runners is tracked separately.

Agent skill and plugin packaging groundwork (#2369)

Installing bernstein as an agent skill or plugin gets its packaging
foundation:

  • bernstein skills package builds a skill/plugin bundle from the
    packaged templates, with a manifest generated from the package version
    so the bundle can never drift from the release.
  • Each install produces a lineage receipt, so an installed bundle can be
    traced back to the exact release artefact it came from.
  • Remaining distribution surfaces are tracked separately.

Housekeeping

  • Resolved all open scanner alerts: applied suggested idiom cleanups,
    moved dashboard password comparison onto a computationally expensive
    key derivation, and annotated two exception-name-only log lines as
    scanner false positives.
  • Dependency updates.