v0.12.8 — Fix web update on detached HEAD

Fix

• steroids web update no longer fails with "unrelated histories" on detached HEAD. Now uses git fetch + git checkout <tag> (or latest main as fallback), matching the launch command's behavior.

Full Changelog

v0.12.7...v0.12.8

v0.12.7 — System Pressure Guard & Disk Cleanup

What's New

• System pressure guard — checks boot volume free space (<10GB), memory pressure (<20% free), and swap usage (>8GB) before spawning runners
• Provider env sanitization — strips API keys from child process env, redirects npm/pnpm/Playwright/Prisma caches to real home to prevent bloat
• Disk cleanup enhancements — wakeup-global-cleanup now sweeps stale provider homes and prunes completed workspaces; also available via steroids gc --temp-files
• Gemini provider fix — now uses sanitized env via super call instead of bypassing cache redirection
• WebUI improvements — enhanced AI setup modal and role selector in onboarding flow
• Intake pipeline updates — fixes to report detail page and data hooks; API route improvements for intake and AI model picker

Full Changelog

v0.12.6...v0.12.7

v0.12.6

Changes

• AI config modal alignment: Provider and Model dropdowns now sit on the same baseline
• Visible refresh button: Moved inline next to the Model dropdown with better contrast
• Visible delete button: Moved into reviewer card header row, no longer requires hover to see

Full Changelog: v0.12.5...v0.12.6

v0.12.5

Changes

• Collapsible sidebar sections: HuggingFace and Ollama sections now default to collapsed
• Ollama icon: Replaced generic chip icon with Ollama llama logo in sidebar
• loadedModels safety: Fixed potential crashes when Ollama returns no running models (optional chaining)

Full Changelog: v0.12.4...v0.12.5

v0.12.4

Bug Fixes

• Fix build failure from missing status command — src/commands/status.ts was imported by index.ts but never committed, causing steroids web to fail with a TypeScript compilation error.
• Fix npm audit high-severity vulnerability — Updated rollup to resolve path traversal CVE (GHSA-mw96-cpmx-2vgc).

Process

• Added pre-publish build gate to release runbook — npm run build (CLI) and cd WebUI && npm run build (dashboard) are now mandatory before publishing. Also requires npm audit with no high/critical vulnerabilities.

Full Changelog: v0.12.3...v0.12.4

v0.12.3

Bug Fixes

• Fix silent data loss in parallel merge — When pool slots push workstream branches to GitHub, the integration workspace now correctly resolves the canonical remote URL before fetching, preventing the "0 commits applied, N skipped" failure mode where completed work was silently dropped.

• Fix spawn race condition in stale session cleanup — closeStaleParallelSessions now respects workstream lease_expires_at, preventing freshly-spawned sessions from being prematurely closed before their runners register.

• Add zero-commit auto-merge warning — Defense-in-depth detection when all workstreams are skipped with 0 commits applied and 0 conflicts, alerting operators to remote URL misconfiguration.

Design Document

Full root-cause analysis and 5 rounds of cross-provider adversarial review: docs/plans/2026-03-08-parallel-merge-orphan-fix.md

Full Changelog: v0.12.2...v0.12.3

v0.12.2

Bug Fix

• Fix steroids web subcommands: web stop, web update, web status were broken — the command received raw argv instead of parsed arguments, causing all subcommands to fail with "Unknown subcommand: web"

Full Changelog: v0.12.1...v0.12.2

v0.12.1

Bug Fix

• Fix reviewer removal in AI setup modal: The delete button for reviewers was hidden when exactly 2 reviewers were configured, making it impossible to remove one

Full Changelog: v0.12.0...v0.12.1

v0.12.0

What's Changed

• Unified opencode provider: Replaced individual huggingface, ollama, openai, and minimax provider implementations with a single opencode CLI provider, reducing ~1,500 lines of code
• Fixed circular import: Extracted PROVIDER_NAMES to its own module to break circular dependency between schema.ts and loader.ts
• Fixed web-config command: Removed duplicate code block and fixed out.error() call signatures

Full Changelog: v0.11.1...v0.12.0

v0.11.0 — HF & Ollama Provider Integration

What's New

Hugging Face Provider

• HF provider adapter with routing policies (serverless, dedicated, local), SSE error parsing
• HF Hub client, model registry with curated list ranking, token auth
• Web UI sidebar pages: Account, Model Library with search, Ready to Use with routing policy selector
• HF usage tracking metrics module and admin dashboard widgets with cost estimates and rate limit display
• Model picker popup extended with HF model groups
• 24h auto-refresh, provider comparison panel, error handling for rate limits and gated models

Ollama Provider

• Ollama API client, connection manager (local + cloud), model registry with cache
• Refactored provider adapter: streaming, dual-endpoint strategy, concurrency semaphore, cloud auth
• Model picker popup extended with Ollama model groups
• Ollama usage tracking with timing metrics, tokens/sec, VRAM status dashboard widgets
• Pull progress UI, cold-start timeout handling, VRAM display, error UX polish

Model Usage

• Model usage API endpoint with multi-project aggregation
• Frontend types, API client, format utilities
• ModelUsage page components with routing and sidebar entry

Infrastructure

• Global DB V20 migration with hf_usage, hf_paired_models, ollama_usage, ollama_paired_models tables
• model_capability_error added to ProviderErrorType (retryable: false)
• Fixed applyEnvOverrides colon parsing for multi-colon model names (e.g., ollama:llama3:latest)

Full Changelog: v0.10.62...v0.11.0