Changelog

• 38a4146 Ack rejected Telegram updates and surface them via logs and counter [SC-77]
• af4b0d2 Add path sanitizer hook and bound response bodies in apiclient [SC-76]
• 99cdb58 Add star history chart to README
• 51b9320 Bound LeafCache and collapse concurrent generators [SC-76]
• 9c830b0 Bound concurrency, read deadlines, and dial timeouts on server paths [SC-76]
• ec48643 Bound queues and validate inputs in external clients [SC-76]
• 6fdbfab Bump codecov/codecov-action from 5.5.4 to 6.0.0
• 21d9d22 Bump github.com/charmbracelet/bubbles
• 70b398d Bump github.com/rs/zerolog from 1.34.0 to 1.35.0
• 33b1fcb Bump modernc.org/sqlite from 1.47.0 to 1.48.1
• eb2b963 Cap Telegram dispatch prompt length at 2000 bytes [SC-77]
• 7eb66d7 Chat-aware Telegram allowlist with group-chat default-deny [SC-77]
• 2246707 Clean up logic edge cases across providers [SC-76]
• 157e732 Detect bug tickets across trackers and route them to human-bug-plan
• 7129fd0 Disable redirect following by default in apiclient [SC-76]
• 381899b Graceful shutdown and consistency fixes for long-lived handlers [SC-76]
• 4b7923b Harden error paths around I/O and atomic writes [SC-76]
• 483f7c0 Improve CLI arg parsing for global flags [SC-76]
• a486a02 Improve index sync prune safety and kind-filtered search [SC-76]
• c1df1e4 Introduce tracker-agnostic review handoff via PM-ticket comments
• a142c8b Log marshal/write failures and keep destructive wrapper independent [SC-76]
• a6c86dc Log only parameter names for OAuth callback [SC-76]
• 151c0b9 Merge pull request #11 from StephanSchmidt/dependabot/github_actions/codecov/codecov-action-6.0.0
• 2fff17f Merge pull request #13 from StephanSchmidt/dependabot/go_modules/modernc.org/sqlite-1.48.1
• 6beb90e Merge pull request #8 from StephanSchmidt/dependabot/go_modules/github.com/charmbracelet/bubbles-1.0.0
• cf41248 Merge pull request #9 from StephanSchmidt/dependabot/go_modules/github.com/rs/zerolog-1.35.0
• 3219845 Migrate Claude session dirs in place without touching binaries [SC-76]
• 1551d52 Nil-check listener returns and drop dead assignment [SC-76]
• faddfe1 Propagate LoadOrCreateToken errors and bounds-check prefix [SC-76]
• d3a432f Propagate vault config parse errors [SC-76]
• ab85965 Reclaim pending confirmations on lifecycle errors [SC-76]
• 4f0ef85 Refactor daemon env handling to per-request context [SC-76]
• 2b56ce7 Refuse to proceed with split CA material [SC-76]
• 952b12e Render markdown tables faithfully when source has no header [SC-76]
• 3b2042f Revert "[HUM-92] Add passive version-update notice to human CLI"
• 3503455 Revert "[HUM-92] Fix staticcheck SA5011 false positives in pre-existing tests"
• e1b6d3e Revert "[HUM-92] Suppress pre-existing gosec false positives with nosec annotations"
• 182ef88 Simplify HookEventStore subscriber lifecycle [SC-76]
• 036e91f #25 Apply gofmt/goimports cleanup
• 6033ade #25 Fix two failing tests
• fb4dc1f #25 Suppress pre-existing gosec G204 false positive in browser/open_darwin.go
• 4266094 #25 Upgrade Go 1.26.2→1.26.3 and golang.org/x/sys v0.43→v0.44
• a5d78fa Surface read and iteration errors instead of swallowing them [SC-76]
• d99588b Tighten PendingConfirm approver validation [SC-76]
• 70293ec Tighten input handling in RunDeleteIssue prompt [SC-76]
• 239a53f Tighten input validation for URL and shell boundaries [SC-76]
• 448d080 Tighten lock scope and shutdown ordering across daemon paths [SC-76]
• 838e4f5 Tighten validation and error handling across providers [SC-76]
• 5d0dddd Update confirm-op tests for stricter approver check [SC-76]
• ab02b7c Validate OAuth callback request and prevent duplicate sends [SC-76]
• 9a07813 Warn at startup when Telegram instance has empty allowlist [SC-77]
• fc71beb [HUM-59] add NetworkEventEmitter interface and proxy emit sites
• 2c42c16 [HUM-59] add NetworkEventStore and network-events daemon route
• dd76e82 [HUM-59] fetch network events on monitor snapshot ticks
• f7db09a [HUM-59] render bottom-anchored ambient network activity panel
• 3c0c66a [HUM-59] wire NetworkEventStore into daemon and OAuth relay
• b670285 [HUM-60] commits reference both PM and engineering tickets
• de91946 [HUM-61] scope human-reviewer diff to ticket's commits
• 2bfbd61 [HUM-63] Fix nilaway and gocyclo lint failures in make check
• 8aeb9c1 [HUM-64] Upgrade Go module dependencies
• 2b5e525 [HUM-65] Upgrade Go to 1.26.2 to fix stdlib security vulnerabilities
• 3e85ce8 [HUM-66] Auto-select trackers by role in ideate and plan skills
• d285583 [HUM-68] Add native devcontainer management with feature installation
• c1bd3b1 [HUM-70] Add TUI agent spawn via tmux split
• fd8127f [HUM-70] Auto-cleanup devcontainer agents on session exit
• a5b1fa7 [HUM-70] Clean up devcontainer and agent code
• 860acdd [HUM-70] Container-only agents with image caching
• a880ecd [HUM-70] Fix TUI agent spawn: configdir from .humanconfig, daemon on 0.0.0.0
• 1b84c29 [HUM-70] Run Claude as vscode user in devcontainers
• 3441da2 [HUM-70] TUI agent spawn uses dangerously-skip-permissions
• 8a77fd7 [HUM-70] Target agent pane to project's tmux window
• 45c9518 [HUM-71] Add prerequisite checks to human init
• 70f29da [HUM-71] Remove agent worktree management
• 2af32d4 [HUM-71] Remove githelper package and ClickUp link command
• a2fb56a [HUM-72] Fix container instances not showing in TUI project tabs
• 8ff6187 [HUM-73] Add sparkline, per-tool percentages, and error rate to stats panel
• a0ab512 [HUM-74] Add 271 tests to raise coverage from 74% to 80%
• 11b8e68 [HUM-74] Enforce 80% coverage threshold in Makefile and CI
• 21a995a [HUM-74] Fix lint errors: staticcheck, errcheck, nilaway, gocyclo
• 7e9a874 [HUM-74] Ignore all *.out coverage artifacts in .gitignore
• 94ada67 [HUM-75] Add project config step to init wizard
• 2c0d52a [HUM-77] Fix Shortcut issues list returning empty without --project
• b7153cf [HUM-78] Fix GitLab issues list without --project only returning user-created issues
• e205f63 [HUM-79] Add test coverage for platform, browser, and ClickUp error paths
• 1efb9dc [HUM-80] Fix TUI not showing container agent activity
• f29fe87 [HUM-81] Background agent stop on exit for instant feedback
• 8b58014 [HUM-81] Fix devcontainer not stopping when Claude exits
• 36130b9 [HUM-81] Remove inline agent stop, rely on daemon cleanup
• 1b81aba [HUM-82] Isolate container .claude and install LSP servers in devcontainers
• 064ec1c [HUM-83] Add logo package and fix gitignore pattern
• bf1aad6 [HUM-83] Improve human init wizard UX
• c6de3bd [HUM-84] Add async agent stop via daemon for non-blocking cleanup
• d82a2ad [HUM-84] Add periodic zombie sweep for orphaned agent containers
• 498ad18 [HUM-84] Persist .claude.json across devcontainer rebuilds
• 69ea79f [HUM-84] Remove agent from list immediately on async stop
• 96...

Changelog

• 81abd1f Add commit-msg hook with docs-only exemption [SC-74]
• 5a459ee Add url.PathEscape to API client path parameters [SC-72]
• 14d9a38 Bind daemon to localhost by default to prevent network exposure [SC-71]
• 3e6acdb Default-deny Telegram allowlist to prevent unauthenticated RCE [SC-71]
• d7b34e2 Fix FTS5 escaping, JSON injection, dir perms, delete confirm, input validation [SC-72]
• 5ee8874 Fix WIQL injection, HTTP URL warning, token fallback, YAML escaping [SC-72]
• d5a1a6c Fix safe mode bypass and destructive op confirmation bypass [SC-71]
• 2b86b08 Harden daemon: constant-time auth, env allowlist, connection limit, token redaction [SC-72]
• bb77e72 Move TUI confirm prompt from footer to centered modal dialog [SC-75]
• 4c4aad6 Pin CI actions to SHA, add permissions and security job, filter MCP env [SC-72]
• 23054a7 Prevent self-approval of destructive operations [SC-71]
• 8a47f2e Restrict devcontainer mount to ca.crt only [SC-71]
• 4acaf42 Strengthen FUSE redaction, SafeProvider, and config permissions [SC-72]
• 46d15c6 Strip control characters from Telegram dispatch prompts [SC-71]
• 3316d89 Suppress unfixed Moby/docker false positives in govulncheck [SC-73]
• 1a412f9 Update README tagline to 'The AI Software Factory' positioning
• 240eaf5 Validate CA certificate fetched from daemon over TCP [SC-71]

Changelog

• 62ed984 Add ClickUp connector with hierarchy browsing, subtasks, and custom fields
• fedc5d6 Add TUI project tabs with --project flag [SC-57, HUM-48]
• ad9e581 Add URL field to tracker.Issue across all providers
• ac1f2d3 Add clickup link pr and link commit commands
• 2cada76 Add comment fetching step to human-planner agent
• 62e240d Add configurable role field to tracker instances
• 1ca2894 Add create ticket dialog to TUI with n keypress
• dd7d7cf Add daemon-gated interactive confirmation for destructive operations
• c93c9c0 Add multi-project daemon routing [SC-57, HUM-48]
• 39e835e Add per-project env token scoping [SC-57, HUM-48]
• dc8d201 Add pluggable vault secret resolution and generic config loader
• 083eae1 Auto-dispatch /human-ready after creating a ticket in TUI
• 8f8f2c1 Consolidate remote server and child processes into single instance
• dfb85c2 Detect remote Claude Code instances in TUI and label as Host (R)
• e7bc3a5 Fix case-sensitive team key lookup in Linear status commands
• 5134964 Improve daemon confirmation flow and credential diagnostics
• b2cd821 Refine agent prompts for planning, execution, and review skills
• d5bce29 Replace os.Chdir with DirProject constant, resolve container cwd [SC-57, HUM-48]
• 056bb68 Rewrite findbugs skill as iterative loop with candidate accumulation
• c0134c9 Rewrite security skill as iterative loop with candidate accumulation
• 71046bb Scope TUI dispatch to active project tab [SC-57, HUM-48]
• c56829d Split 1Password SDK provider into CGO/no-CGO build variants
• 2bae5f9 Update documentation for ClickUp, vault, and daemon features
• fb4702a Update human-ready skill to auto-update tickets with improved descriptions
• d8500ca Wire per-project cwd and env lookup end-to-end [SC-57, HUM-48]

Changelog

• 6f0b4f9 Add /human-gardening skill for codebase health analysis
• a712b36 Add /human-ideate skill for challenge-driven PM ticket creation
• c1f8ef9 Add /human-sprint skill and fix ideator agent embed registration
• 099c495 Add destructive operation logging and Telegram/Slack notifications
• fe67493 Add issue selection and tmux dispatch to TUI
• f839fd4 Add pipeline readiness state to TUI issues panel
• 3c873a2 Add policy-as-config for declarative agent operation rules
• af1f962 Auto-upgrade lifecycle hooks on daemon start
• 8ddd2fb Clean up duplication and dead code across codebase
• 5c343c2 Embed gstack-inspired ethos principles in all human agent prompts
• 16bd186 Extract PID file helpers into internal/daemon to fix layer violation
• 41aac39 Move provider-specific credSpecs out of internal/tracker abstraction
• c1fbdc4 Refactor brainstorm skill into multi-agent pipeline
• 9631f2c Remove /human-done as a user-facing skill
• 1245296 Remove hardcoded tracker references from plan and sprint skills
• c690512 Replace fmt.Errorf with errors.WithDetails across codebase
• 3e4aeeb Update README with /human-ideate, /human-sprint, and pipeline dashboard
• 946ba3d Update tagline in README
• 429017f Use orange for issue keys and grey for status column in TUI

Features

• Add MITM proxy with traffic logging and CA certificate generation
• Add issues panel to TUI showing open tickets from configured trackers
• Add notification sound when Claude instance goes idle (WSL/Linux/macOS)
• Add richer Claude Code state detection with daemon-first hook delivery
• Add runtime log mode toggle (off/meta/full) for traffic logging
• Add l key to TUI for cycling traffic log mode
• Route tracker operations through daemon for better credential handling

Bug Fixes

• Fix TUI showing wrong state for ExitPlanMode/AskUserQuestion
• Fix stale hook state overriding JSONL when async hooks arrive out of order
• Fix daemon env var race condition with mutex
• Fix dispatcher seen map memory leak with bounded pruning
• Fix env override precedence: instance-specific takes priority over global
• Fix broken and weak test assertions across test suite

Other

• Completed subagents now auto-hide 5s after finishing instead of lingering
• Separate proxy and traffic intercept in init wizard
• Configure devcontainer for MITM proxy and Node.js CA trust

Changelog

• 90d0cef Add "human ping" command to check daemon connectivity
• e3ce904 Add Claude Code session migration step to human init
• 30e15fd Add TUI screenshot to Dashboard section in README
• f9ae8d7 Add daemon info file for auto-discovery and simplify devcontainer config
• b90c96b Add explicit daemon connection tracking via ClientPID ping
• efa7174 Add host.docker.internal fallback to human ping
• 5db900e Add proxy connection status to TUI
• 3dd9f1d Add working trackers display to TUI
• 05fa703 Document that apiclient.Client is not safe for concurrent modification
• c17781c Extract syncProject to reduce cyclomatic complexity
• 6462b07 Fix JQL injection via unquoted project name in Jira client
• 8b3cb9e Fix Linear GraphQL queries: use DateTimeOrDuration for updatedAt filter
• b855f56 Fix MCP translator: add nil conn guard and scanner.Err checks
• 3656052 Fix TOCTOU race in Shortcut member name cache
• 7b6bb2d Fix Windows isProcessAlive always returning true
• dd91c55 Fix buffered reader data loss in daemon client OAuth flow
• 9cd4f9b Fix context cancellation handling in socket relay accept loop
• b59aa41 Fix daemon server ignoring client environment variables
• c328a54 Fix goroutine drain in Forward on context cancellation
• 5c2b237 Fix ignored LastInsertId error in SQLite upsert
• 3e7f496 Fix ignored os.Setenv errors and extract discoverDaemon helper
• 0cbf47a Fix missing scanner.Err check in readProxyAck
• 20b8d97 Fix race condition on dispatcher queue and seen map
• 582f819 Fix struct field alignment and remove blank lines after imports
• 092523e Fix unescaped query parameters in Figma image export
• 1b0c26d Make --project optional in issues list for cross-project listing
• 4be672c Remove unreachable dead code in SNI parser
• 50aba92 Replace "daemon" label with ⚡ emoji in TUI
• e0bfb3f Replace PID-based daemon liveness with TCP probe and add cross-container discovery
• 7d82c03 Set daemon addresses in devcontainer remoteEnv via human init
• 62567a1 Support cross-project indexing when no projects configured
• bc49945 Trim CLI usage section in README to concise examples
• 576b176 Update CLAUDE.md with daemon auto-discovery docs
• 7f7576b Update README to match website content and current feature set
• d44ff5c Update dependencies for v0.14.0 release
• 099c864 Walk process tree to find ancestor Claude PID for daemon connection tracking

Changelog

• 140b483 Add --debug flag to TUI showing probe reasoning as JSON
• 14912ba Add --debug flag to TUI writing probe reasoning to log file
• f68545d Add 5s debounce to JSONL probe to prevent flickering during tool loops
• fd66c6c Add Claude Code hooks for event-based status detection
• 4b312e5 Add JSONL session log parser for Claude Code status tracking
• 4a28f1d Add LSP setup wizard step to human init
• 0332a19 Add Notion workspace indexing to search index
• 3cac4fa Add PID field to Instance struct for host process tracking
• 3d2042d Add Slack notifications for AI agent activity (Shortcut #41)
• 69c6ba3 Add Telegram dispatch to daemon — auto-send messages to idle Claude agents [SC-40]
• 2440758 Add URL-based ticket resolution and auto-configuration
• 118718a Add beautiful TUI with spinners, progress bars, and adaptive colors
• becc68d Add fetch generation tracking and suppress logs during TUI
• 67bcb07 Add hookevents package for reading Claude Code hook events
• e8dc66b Add incremental index sync with UpdatedAt/UpdatedSince across all providers
• 9fb89a6 Add local search index with SQLite full-text search
• 1e034a8 Add modular probe-based state detection for reliable busy/ready indicator
• 5969325 Add project assignment when creating Linear issues
• 7416821 Add tests for cmdtracker, cmdprovider, and cmdusage packages
• 12588c9 Add two-tier TUI refresh, hook events, and inline session display
• 061d4f8 Carry forward panes in quick fetch instead of re-discovering
• ac1d93c Color instance labels pink when busy, teal when idle
• c987d34 Display time window in local timezone instead of UTC
• 495acd8 Export formatModelRows, totalTokens, formatMemory from usage.go
• 700b42a Extract DecodeJSON helper to eliminate provider boilerplate
• de45d62 Extract monitor package, simplify TUI to pure rendering
• dc012e8 Fix host state detection showing Busy when session is Ready
• 8e77d16 Fix probe false-Ready: probes only report Busy or abstain, never Ready
• de6614d Fix session fallback using OSStateFallbackProbe instead of ReadyStateReader
• 100bb81 Fix stale session causing always-green: fall back to newest JSONL
• e276bfc Fix state flickering: CPUProbe takes two readings 100ms apart
• 6a6cf91 Fix stuck-busy from stale JSONL streaming entries
• 869576a Fix tmux pane state by matching via PID instead of Cwd
• 31c1773 Improve Claude instance discovery and usage tracking
• 6927ec4 Install Claude Code hooks during personal mode setup
• 688bea0 Make instance headers pink (#d73d73)
• 7f9593b Move DirWalker to discovery.go, findNewestJSONL from state.go
• 47820f9 Move FileReader and OSFileReader to logparser/types.go
• 9dbf3df Raise CPUProbe window to 500ms and threshold to 15%
• 7c5cbf5 Register index, search, and tui commands in CLI
• e2cc47a Remove FUSE secfs tests
• ff9bb0f Remove activity detection (probes, state watcher, state readers)
• cc21250 Remove usage window header from TUI
• 55a4e71 Show Claude PID in tmux pane listing
• 1b8cdfa Show busy/ready state for Claude instances in TUI tmux listing
• be18829 Show hostname in TUI header and instance label in usage section
• 47c2756 Simplify probe logic: assume Ready, any Busy signal wins
• f1b0f3d Stabilize JSONL file selection with mtime tolerance tiebreaker
• eba8d7f Suppress gosec false positives in discovery and diagcreds
• 2e77cb9 Update CLAUDE.md with tracker tokens, traceability, and Shortcut project name
• c29e727 Use human brand colors in TUI theme
• 723f0e2 Warn when configured trackers are skipped due to missing credentials

Changelog

• cb18944 Add *.cov to .gitignore
• bbf90da Add configurable HTTP client timeout to apiclient
• d3a7c11 Add container memory usage to human usage via Docker stats API
• 13941e2 Add internal/apiclient package for shared HTTP API client
• 49e5e1c Add multi-instance discovery with Docker support and colored state indicators
• 66df4dc Add nil guard for conn.Close in MCP translator
• 7f52aa3 Add per-provider timeout to tracker instance probing
• a4371d3 Add secure devcontainer setup instructions to README
• 0bc77ea Add tmux pane discovery to detect Claude processes across panes
• d23544a Bump gitlab.com/tozd/go/errors from 0.11.0 to 0.11.1
• e0c1031 Expose ContainerID in discovered instances for downstream matching
• afe50cb Extract CLI commands into cmd/ subpackages
• 9ad4cd7 Extract devcontainer prerequisite check with Docker detection
• 2b07272 Extract shared config loader with generic LoadInstances
• 69b1dae Fix %% escape handling in errors.WithDetails format string parser
• d0901a5 Fix feature ordering and escape ampersand in postStartCommand
• 48ed3b9 Fix low-severity bugs: off-by-one, byte-by-byte read, unsafe assertion
• 65eaf0a Fix resource leaks and bounds checks in chrome, daemon, and proxy
• 3d5f2ab Merge pull request #5 from StephanSchmidt/dependabot/go_modules/gitlab.com/tozd/go/errors-0.11.1
• 68cb298 Migrate all provider configs to shared config.LoadInstances
• 4a5a5d1 Migrate all providers to use shared apiclient.Client
• 4aeec9b Refactor usage command and integrate tmux pane listing
• 764feda Show Node.js 22 as fixed pre-selected stack in init wizard

Changelog

• 34fc25e Fix install and init commands failing when HUMAN_DAEMON_ADDR is set

Changelog

• ae6c8f7 Add CGO_ENABLED=0 to goreleaser for static builds
• 72f3977 Fix trailing whitespace in README
• 124d1f0 Refactor init wizard into steps and add language stack selection