v0.7.8-nightly.202606190803.9ca510c5

Nightly Build (v0.7.8-nightly.202606190803.9ca510c5)

Changes since v0.7.7-nightly.202606180752.9279c59f:

c78c65b refactor(repo mirror): reuse ResolveControlPlaneTarget for the list header
85d2e44 feat(repo mirror): header naming the login server in mirror list
7c3e161 refactor(auth): extract targetForContext shared by both resolvers
3c70158 fix(repo mirror): route cluster-addressed commands to the cluster's core
e940f11 Potential fix for pull request finding
626a034 redact: route OPF progress to stderr instead of /dev/tty
9ea2071 Update Pi extension for context injection
bb784c6 Fix trail finding stale-any API filter
1c559e1 fix(redact): order OPF prompt defaults
8767fe1 strategy: stop resolvePushSettings tests from fetching github.com
985b5e2 test(trail): cover link request and branch cleanup
1fd4f9f fix(trail): fetch existing remote branch before create
156687b fix(trail): validate branch name before trail creation
f183303 fix(trail): avoid wasted remoteBranchPushed assignment
aaddab2 refactor(redact): remove vestigial shard-scoping from pre-push OPF rewrite
c79b386 fix(redact): address PR 1246 review feedback
8130997 fix(trail): default new trails to Open instead of Draft
280f3f4 Apply suggestions from code review
95b41a4 chore(trail): trim comments in trail create branch handling
81a1a3d changelog 0.7.7
bc2225a fix(redact): close privacy + memory hazards in batching layer
f7ea4cd perf(strategy): batch OPF across unpushed commits in pre-push rewrite
dc40fb6 fix(trail): require branch push to origin before creating a trail
ad3a8eb feat(redact): batch OPF inference across multiple blobs
e35a48a refactor(mirror): use explicit clusterArgAt index in collaborators list
e1ed824 docs(coreapi): correct cache-TTL comment to match cachedTokenTTL
c41ab4c fix(coreapi): honor exchange expires_in when caching exchanged tokens
4a937e7 fix(coreapi): assert token_exchange_url path in validateExchangeURL
94030f4 build(coreapi): run gofmt -s in the generate recipe
a0527ac fix(mirror): write collaborators add success to stdout
8724321 feat(mirror): add repo mirror collaborators add/remove/list
8d0007d test(coreapi): parity with entiredb cross-juris transport + LimitReader
b82a741 test(coreapi): mark cross-juris transport tests parallel
6a23ba4 fix(coreapi): satisfy lint + race detector on cross-juris transport
2c931f4 docs(coreapi): correct client comments for cross-juris transport
9f926c3 fix(coreapi): handle cross-jurisdiction routing for control-plane commands
cb9be5f fix(trail): decide create slug against the resolved base (single source)
bd0d346 refactor(trail): reuse the open repo for default-branch detection
f9efb84 fix(trail): default create --branch to the checked-out branch (Bug 1)
b68e063 test OPF metadata recovery path
bf3c9f2 address remaining OPF review feedback
7d667c3 address PR feedback on checkpoint cleanup
e05c2d2 Drop redundant temporary field from checkpoint Stores
f324879 address OPF review feedback
10436bd checkpoint: trim v1.1 removal leftovers
0398c0c tests: remove stale resume helper
b0f941d docs: remove checkpoints v1.1 architecture notes
051354e checkpoint: remove v1.1 mirror machinery
d76654a checkpoint: collapse committed refs to v1
0747ca9 checkpoint: centralize store construction behind Open (Phase 0)
2bc0ee3 fix(checkpoint): add nolint:ireturn to NewCommittedReader
83b589d fix(redact): close privacy holes flagged in PR 1236 final review
8151b3b fix(redact): address remaining PR 1236 review feedback
e4a8e46 fix(redact): address PR 1236 review comments
337f1e1 refactor(redact): remove dead OPF abstractions
e1a0ce0 feat(strategy): delete shadow branches once their checkpoints are pushed
6d54ea4 perf(redact): scope OPF rewrite to the commit's own shard
36ced06 feat(redact): interactive prompt + ENTIRE_OPF env var before pre-push rewrite
42a0927 feat(redact): OPF runs at pre-push, not commit time
cd4d873 fix(review): make manifest_test session-state tests time-relative
295d7be refactor(redact): type-wrap pre-redacted prompts; move OPF test helpers
672044c fix(checkpoint): drop unused strings import in prompts_test.go
6008464 docs(redact): document Optional OpenAI Privacy Filter setup
8123aef feat(checkpoint): wire OPF into committed-checkpoint writes only
083292d feat(redact): add OpenAI Privacy Filter as opt-in 8th layer

v0.7.7

Added

• entire trail (work in progress): trail context is now injected into the model when trails are enabled, an entire trail delete subcommand was added, and entire trail create --branch defaults to the checked-out branch, alongside command-behavior fixes (#1435, #1455, #1456, #1447)
• Interactive resume picker for stopped/idle sessions (#1445)
• entire repo mirror collaborators with add/remove/list subcommands (#1458)
• ENTIRE_TOKEN support, along with git-remote-entire push reliability fixes (#1438)

Changed

• Auth was hardened by removing static fallbacks, the legacy store, and the v1 provider (#1410)
• External agent transcripts are now compacted for --full/--verbose display (#1421)
• Runner configs moved from .entire/runners/v2 to .entire/runners (#1442)
• entire repo create now stamps a usable entire:// remote in its JSON output (#1441)

Fixed

• Fixed dot-dot-prefixed repo path filtering and prevented checkpoint symlink target disclosure (#1395, #1415)
• entire auth status dates are now stable across timezones (#1407)
• Restored the keyring timeout and corrected stale auth fallback comments (#1430)
• Existence checks on Entire-owned paths now use os.Lstat (#1449)
• entire search now supports Entire mirror remotes (#1452)
• Control-plane commands now handle cross-jurisdiction routing (#1457)

Housekeeping

• Tests now isolate the token store and git config so spawned binaries skip the keychain, and the trail test build was repaired after the auth-fallback removal (#1450, #1448, #1436)
• Parallelized pure agent tests and standardized git test repository setup (#1406, #1390)
• Copilot E2E now detects the trust dialog case-insensitively (#1446)
• Dependency bumps (#1432, #1437)

Thanks

Thanks to @stale2000 for fixing dot-dot-prefixed repo path filtering, preventing checkpoint symlink target disclosure, keeping entire auth status dates stable across timezones, and improving the test suite!

v0.7.7-nightly.202606180752.9279c59f

Nightly Build (v0.7.7-nightly.202606180752.9279c59f)

Changes since v0.7.7-nightly.202606170803.4287f89a:

a8bce4b fix(trail): treat context-cancel of the delete prompt as a clean cancel
7b71638 test(trail): cover delete HTTP path; clearer number-arg error
e07baf0 fix(trail): run the delete confirmation form with RunWithContext
43832a4 feat(trail): add 'entire trail delete' subcommand
2cd6b9d Expand external transcript display coverage
cdc08e8 Add external transcript display regression
42175e9 search: restore clear error for empty remote URL
ba35ac0 search: reject remote paths with extra segments
f72b778 search: accept entire:// mirror remotes
5ef1842 resume picker: make worktree porcelain parsing block-scoped (trail finding)
5d9e2a5 resume picker: address Copilot/Cursor review comments
098e392 resume picker: attribute default-branch checkpoints correctly (legacy fallback)
784ad29 resume picker: fix worktree-clash guidance (wrong session + shell injection)
5866380 resume picker: resume the selected session, not the branch's latest
b0e068b resume picker: clarify local scope with a hint
103fcd7 Add interactive resume picker for stopped/idle sessions
57a22a3 Avoid deleting pre-existing remote branch on trail create cleanup
b920294 build(deps): bump github.com/ogen-go/ogen
28f560a cli: drop dead defer in test TestMain that os.Exit skips
57e506d Potential fix for pull request finding
6a2ed44 cli: isolate the token store in tests so spawned binaries skip the keychain
2716736 Address trail review follow-ups
1a6c8a5 Align trail create and phase handling with API
8b77a7c rewind: restrict MetadataDir fallback to the .entire/metadata subtree
062d8bb use os.Lstat for existence checks on files we own
cd34f63 rewind: guard MetadataDir against path traversal in local-file fallback
33cb6db test: isolate git config in attach tests to fix TempDir cleanup flake
a5e8ef6 Fix trail command behavior
0677238 fix(e2e/copilot): detect trust dialog case-insensitively
2e2ff13 refactor(e2e/copilot): extract startup-dialog detection into helper
a4275fd Move runner configs from .entire/runners/v2 to .entire/runners
7491bad coreapi: explain why ENTIRE_TOKEN path has no cluster-trust gate
6c0e477 git-remote-entire: don't fail push on feeder errors after send-pack exited cleanly
0d6abf6 git-remote-entire: close receive-pack response from the feeder, not main
0c9bb1a coreapi: ENTIRE_TOKEN env override for control-plane CLI
ad79a85 fix: inject only after context decision is persisted
cb5986e fix: refresh trails cache independently of enable report
ce0119b fix: escape trail enablement probe path components
7f43f99 fix: cache trail enablement off the prompt path
cc43e1e fix: skip trail context injection for review sessions
32c3604 fix: bound git remote resolution under the trails probe timeout
1144985 fix: address review + green CI for trail context injection
a96118d feat(agents): inject trail context into the model when trails are enabled
a3e3b75 Tighten compaction ordering comment
36b0b39 Tighten transcript compaction comments
e9afcd8 Compact only the transcript that will be rendered
c9cbc10 Scope native transcript before compacting for display
f38a3d4 Compact external agent transcripts for --full/--verbose display

v0.7.7-nightly.202606170803.4287f89a

Nightly Build (v0.7.7-nightly.202606170803.4287f89a)

Changes since v0.7.7-nightly.202606160808.d40a4991:

cce6f83 repo create: guard repoCreateOutput against a nil repo
7de7dce repo create: stamp a usable entire:// remote in the JSON output
874f745 Use shared repo initialization in metadata walker test
1346d04 Potential fix for pull request finding
708725e fix(trail): repair test build after auth-fallback demolition
3d2b68b Prevent checkpoint symlink target disclosure
966164a Preserve legal dot-dot-prefixed repo paths

v0.7.7-nightly.202606160808.d40a4991

Nightly Build (v0.7.7-nightly.202606160808.d40a4991)

Changes since v0.7.6-nightly.202606140745.87512403:

f6d50f8 build(deps): bump github.com/ogen-go/ogen in the go-dependencies group
fa23d62 docs: fix stale "static resolution" fallback comments
1101538 changelog 0.7.6
613cdaf tokenstore: bound OS keyring calls with a timeout
b73d4f2 Avoid redundant trail status parsing
1b5ab1e Validate trail fallback list options
7719135 Add Entire runner configs
16beeac Validate trail list options before auth
81a9dfa Centralize data API auth handling
3626440 mise: fold build:e2e into the plain build task
7990afe another URL fix.
53fe66f fix local dev URL
6c240a0 login: drop persistLogin's unused errW parameter
7fc8614 login: restore u.Redacted() in parseLoginServer errors
5306712 auth: remove contexts under a single locked Modify
15b28f5 cli: reject claim-free login tokens at validation, not at save
64ae399 auth: broaden discovery-unavailable wording to missing-or-unreachable
eaf01d1 docs: describe auth comments in present tense
91bb7e6 auth: make logout credential deletion part of the success contract
087f5a4 docs: align README, comments, and host-resolution doc with no-fallback auth
de7206b api: delete AuthBaseURL(); the env var is gate-only (COR-393)
37de13a auth: delete the legacy keyring store and pre-contexts migration (COR-393)
6241533 auth: collapse provider routing to OIDC constants, drop v1 (COR-393)
10aa97e auth: discovery-only data-API resolution, delete TokenForResource (COR-393)
b683975 cli: make auth status/logout context-only (COR-393)
3381355 auth: error instead of static fallback when no context is active (COR-393)
7d8d5fb Keep auth status dates stable across timezones
3e2dde4 Reduce serial drag in pure agent tests
bc0714d Stabilize git-backed tests with shared repo setup

v0.7.6

Added

• entire blame and entire why labs commands for tracing which session and checkpoint last touched a file or line (#1305)
• entire login now defaults to a browser sign-in flow with a --device fallback, and accepts a --server flag to target a specific core (retiring ENTIRE_AUTH_BASE_URL) (#1366, #1404)
• entire enable is now reported to the backend (#1385)
• Checkpoints v1.1 (work in progress): the v1.1 ref is now pushed to the remote (rollout milestone 2), mirroring is streamlined behind CommittedRefs, entire doctor checks and repairs the v1.1 committed-read mirror, and topology coverage was extended to the checkpoint picker and cleanup (#1380, #1376, #1350, #1351)

Changed

• entire search now supports all result types, aligning the CLI with the web UI (#1399)
• Control-plane and data-API commands now follow the active auth context: control-plane commands resolve against the selected context, the data API discovers its endpoint via /.well-known/entire-api.json, and entire repo mirror mints repo-scoped tokens via cluster discovery (#1367, #1377, #1402)
• Data-API auth handling is now centralized (#1428)
• Checkpoint "steps" are now counted by prompts rather than file-modifying turns (#1347)
• entire investigate renders findings diagrams as top-down box flowcharts (#1414)
• entire checkpoint rewind is now deprecated ahead of removal (#1401)
• Added Entire runner configs (#1429)

Fixed

• Hardened the browser sign-in fallbacks (#1403)
• Pi's live skill-capture model is now locked, with a guard against a duplicate extractor (#1383)
• Fixed CLI ANSI escape rendering under TERM=cygwin (#1291)

Housekeeping

• Tests no longer touch the user's real config, cache, or keychain, and the spawned entire binary in E2E tests stays off the real OS keychain (#1411, #1368)
• Fixed a flaky TestSafelyAdvanceLocalRef temp-dir cleanup race (#1378)
• Refreshed the coreapi spec to tolerate unknown response fields (#1375)
• Fixed a lint/package-name issue (#1418)
• Updated the CLI docs overview link (#1379)
• Dependency bumps (#1416, #1426)

Thanks

Thanks to @suhaanthayyil for contributing the entire blame and entire why labs commands!

v0.7.6-nightly.202606140745.87512403

Nightly Build (v0.7.6-nightly.202606140745.87512403)

Changes since v0.7.6-nightly.202606130727.ef7c706a:

299d2b1 build(deps): bump the go-dependencies group with 3 updates
9f453fc trail list: push filters, limit, and pagination to the server
adfe5a0 trail list: show shown/total counts when --limit truncates
4767f3d trail: align status values with the server's simplified set
ee8d7d0 trail list: name active status filter in empty state

v0.7.6-nightly.202606130727.ef7c706a

Nightly Build (v0.7.6-nightly.202606130727.ef7c706a)

Changes since v0.7.6-nightly.202606120747.5d41fa61:

6540073 fix: adapt attribution to the two-arg checkpoint.NewGitStore
78dc379 build(deps): bump the go-dependencies group across 1 directory with 9 updates
529ec2a attribution: make summary percentages sum to 100
b71641e attribution: extract shared blame-table rendering scaffolding
cf66e7a attribution: surface session fallback and unreadable session metadata
0326b95 attribution: collapse duplicate candidate/context structs into one type
a17eb09 attribution: scope Mixed to the touching session and unify authorship rule
fed0f65 Hide blame/why commands and advertise them in labs
6ecc60c Polish compact blame output
c2a4c72 Make blame output compact by default
2e14aab Support SHA-256 attribution object IDs
70d1cae did run /simplify
9a4d558 Add Entire blame and why commands

v0.7.6-nightly.202606120747.5d41fa61

Nightly Build (v0.7.6-nightly.202606120747.5d41fa61)

Changes since v0.7.6-nightly.202606110752.e3838b8c:

25a0909 docs, scripts: stop referencing retired ENTIRE_AUTH_BASE_URL
51ebf09 api: skip retired-env gate test when the var is present-but-empty
f94a1da login: skip unreachable legacy entry for non-default --server, redact URL errors
1d0695d cli: add entire login --server, retire ENTIRE_AUTH_BASE_URL (COR-393)

v0.7.6-nightly.202606110752.e3838b8c

Nightly Build (v0.7.6-nightly.202606110752.e3838b8c)

Changes since v0.7.6-nightly.202606090725.7ef77eaf:

15e37e0 fixed lint/package name issue
e7f51de flowchart: fix bugbot findings — & in labels, %% semantics, wide runes
888afd8 investigate: move renderer to investigate/flowchart, drop dev script
fe71aa6 address Copilot review feedback on e2e rewind helpers
e5bbf58 userdirs: single resolver for the per-user config and cache dirs
ce433ab fallback
7af38da testdirs: align test name and assertion with the documented invariant
5360643 fix(trail): clarify finding-batch decode error message
38e4704 fix(trail): align update + finding-add with current trails API
b0fc281 mermaidascii: drop derivable parse flag, fold flag-shape into pair table
d1a2dd0 testdirs: assert against real config/cache paths, not $HOME prefix
ac483f2 investigate: add example diagrams for the render-mermaid preview script
4801b30 tests: never touch the user's real config, cache, or keychain
5d81897 investigate: render findings diagrams as top-down box flowcharts
f11b138 docs: align comments with strict-200 OAuth check, fix interface wording
334df98 login: simplify flow selection after review
1663939 login: fall back to the device flow when the loopback listener fails
4f8ab5e login: fall back to the device flow in SSH sessions
86c9baa login: time out the browser sign-in wait after 5 minutes
2f7fe5d search: count --all-repos in the empty-query fast-fail guard
f209837 auth: resolve cluster context once per mirror wait, not per re-mint
30318e5 cli: restore nolint:exhaustive directive in explain.go
7ef3a57 search: address PR review — repo scoping, HasFilters, JSON invariant
2ebd0d8 cli: apply --wait-timeout before the first clone-probe token mint
1e9b4a7 deprecate 'entire checkpoint rewind' ahead of removal
aadf0b9 search: dedup detail renderers behind a shared detailWriter
e771cac auth: drop test-only seam setter, dedup repo_token test setup
821be3e auth: route RepoScopedToken through cluster discovery (COR-395)
ae74825 search: redesign TUI results as master-detail list with pinned detail
41a7d48 auth-go: Use https://github.com/entireio/auth-go/releases/tag/v0.5.0
7bfb2cf auth-go: Use entireio/auth-go@f943c0b
1d2b6ba test: correct stale browser-flow comment
ec2a59f login: drop ireturn nolint via concrete flow; tidy output spacing
49a77a8 login: fix lint (errcheck blank-assign, ireturn)
ba9a891 go.sum: tidy stale auth-go entry after rebase
659f09f login: show auth host instead of the long authorize URL
9bf3b25 login: align browser-flow output with the device flow
9f71e0c go.mod: bump auth-go to authcode-loopback-flow branch
8406635 login: default to loopback browser flow, add --device fallback
5a1f93c search: support all result types (checkpoints, commits, sessions) and align with UI
179a6cd coreapi: refresh spec — tolerate unknown response fields