v0.13.4

Sidecar file metadata inventory and Lode error path validation

Summary

Files written via storage.put() are now tracked in Lode snapshot metadata, enabling downstream consumers to enumerate sidecar files without prefix-scanning storage. Targeted integration tests provide evidence for Lode V1_READINESS §5 error path validation.

Highlights

• Sidecar file inventory: storage.put() files tracked in snapshot Metadata["sidecar_files"] with path, filename, content_type, and size fields
• Consumer-facing flush boundaries: file refs flush on event and metrics writes only — chunk writes do not drain pending refs
• Lode sentinel tests: ErrPathExists (immutability on double-write) and ErrNotFound (stale snapshot ID) validated from Quarry's actual code paths
• End-to-end pipeline test: full file_write IPC frame → PutFile → event flush → sidecar_files in snapshot, with strict assertion that exactly one snapshot carries the metadata
• Contract and docs: CONTRACT_LODE.md § Sidecar File Inventory, guides/lode.md, and PUBLIC_API.md updated

Upgrade Notes

• No breaking changes — sidecar file metadata is additive (new Metadata key on existing snapshots)
• Downstream consumers can optionally read snapshot.Manifest.Metadata["sidecar_files"] to discover files; existing prefix-scan workflows continue to work

Full Changelog: v0.13.3...v0.13.4

v0.13.3

Harden CI permissions and patch vulnerable transitive dependencies

Summary

Security-focused patch release that enforces least-privilege GITHUB_TOKEN scope across CI workflows and remediates all open Dependabot advisories for transitive devDependencies.

Highlights

• Add explicit permissions: contents: read to ci.yml, nightly.yml, and release-dry-run.yml — resolves 19 CodeQL code-scanning alerts
• Patch flatted to 3.4.0 — unbounded recursion DoS in parse() revive phase
• Patch minimatch to 3.1.4 — ReDoS via nested extglobs (scoped to ^3 to preserve glob@7 compatibility)
• Patch rollup to 4.59.0 — arbitrary file write via path traversal
• Patch basic-ftp to 5.2.0 — path traversal in downloadToDir()
• All patched packages are transitive devDependencies only — zero production impact

Known Limitations

• Overrides are pinned to exact remediated versions; upstream packages have not yet bumped their own dependency ranges

Full Changelog: v0.13.2...v0.13.3

v0.13.2

Browser endpoint portability and release tooling hardening

Summary

Adds the QUARRY_BROWSER_ENDPOINT env var for container-native browser pool configuration, fixes the pre-run health gate to accept tokenized and path-prefixed external browser services, introduces task version:bump for single-command lockstep releases, and ensures all release tooling runs on macOS.

Highlights

• QUARRY_BROWSER_ENDPOINT env var binds to --browser-ws-endpoint, enabling Compose-native browser pool configuration without YAML config mounts
• Pre-run browser health gate warns on probe failure instead of hard-failing — preserves compatibility with tokenized or path-prefixed external WS endpoints
• task version:bump V=X.Y.Z updates all lockstep targets, rebuilds SDK and executor bundle, and verifies lockstep in a single command
• Multi-crawler deployment topology and browser endpoint documentation added to container guide
• Release tarball now includes built SDK (pnpm run build before pnpm pack)
• scripts/version-bump.sh and Taskfile.yaml version tasks use portable sed/grep for macOS support

Upgrade Notes

• If you relied on the pre-run health gate to hard-reject unreachable browser endpoints, note that it now logs a warning and continues. The executor will still fail fast via Puppeteer if the browser is genuinely unreachable.

Full Changelog: v0.13.1...v0.13.2

v0.13.1

Build observability and version hygiene patch

Summary

Embeds the git commit SHA into all binary build paths so quarry --version shows the actual commit instead of unknown, and sweeps stale version references left behind by v0.13.0.

Highlights

• quarry --version now shows the short commit hash across all build paths — Taskfile, CI release, Docker, and local task docker:build
• Extracted COMMIT Taskfile var with graceful fallback for non-git builds (source archives)
• Docker builds receive the commit SHA via --build-arg since .git is excluded from the Docker context
• Swept stale v0.12.2 references from README, SUPPORT, and IMPLEMENTATION_PLAN that were missed in v0.13.0
• Fixed hardcoded ContractVersion in Redis Streams adapter test fixtures

Upgrade Notes

• No breaking changes — drop-in replacement for v0.13.0
• Local Docker builds should use task docker:build to automatically embed the commit SHA

Full Changelog: v0.13.0...v0.13.1

v0.13.0

Pluggable Redis Streams event sink for real-time event delivery

Summary

v0.13.0 introduces a pluggable event sink model with a Redis Streams backend. Unlike post-run adapters, event sinks publish every event in real time as the executor produces it, enabling downstream consumers to watch events across all runs on a single stream.

Highlights

• Redis Streams event sink — publishes every event via XADD during run execution with configurable stream key, max length, TTL, and retry behavior (#222, #223)
• Fan-out event sink — multiple sinks can be activated simultaneously with independent delivery semantics (mandatory fails the run on error; best_effort logs and continues)
• --event-sink CLI flag — repeatable flag to activate sinks (lode, redis); both can be used together in the same run
• Full CLI flag set — --event-sink-redis-url, --event-sink-redis-stream-key, --event-sink-redis-max-len, --event-sink-redis-ttl, --event-sink-redis-timeout, --event-sink-redis-retries, --event-sink-redis-delivery
• Contract updates — CONTRACT_INTEGRATION.md and CONTRACT_CLI.md extended with event sink model, delivery semantics, and flag specifications

Upgrade Notes

• No breaking changes. Existing runs without --event-sink flags behave identically to v0.12.x.
• To enable real-time event streaming, add --event-sink redis --event-sink-redis-url redis://localhost:6379 to your quarry run command.
• Event sinks and post-run adapters (--adapter) can be used together in the same run.

References

• #222 — Feature request: pluggable Redis Streams event sink
• #223 — Implementation PR
• #224 — v0.13.0 release prep

Full Changelog: v0.12.2...v0.13.0

v0.12.2

Actionable error hints for Node ESM JSON imports

Summary

Bare JSON imports crash under Node ESM with an opaque error. The executor now annotates the error with a clear explanation and fix, plus a full version reference sweep prevents stale docs.

Highlights

• Executor: loadScript() detects JSON import attribute errors and appends an actionable hint showing the correct with { type: 'json' } syntax (#219, #218)
• Docs: JSON import troubleshooting section added to PUBLIC_API.md (#219)
• Docs: Full sweep of all version references — 13 files, 45 occurrences — eliminates stale version strings (#217)

Known Limitations

• See PUBLIC_API.md § Known Limitations for current limitations

Full Changelog: v0.12.1...v0.12.2

v0.12.1

Resilient concurrent writes via Lode v0.9.0 CAS retry

Summary

Patch release that upgrades Lode to v0.9.0 and enables bounded CAS retry on the write path. Concurrent runs writing to the same storage partition no longer fail terminally on snapshot conflict — commits retry up to 3 times with jittered exponential backoff.

Highlights

• Lode v0.9.0: Upgraded from v0.8.0 — adds opt-in automatic CAS retry on ErrSnapshotConflict (#215)
• CAS retry on writes: Both FS and S3 dataset constructors now use WithRetryCount(3) — data files are written once, only manifest re-parent and pointer CAS are retried (#215, #213)
• IPC performance: Reduced IPC overhead and eliminated batcher busy-wait spin loop (#205)
• Internal refactoring: Extracted iox package for deferred-close resource cleanup helpers (#209)
• CI fixes: Release workflow preserves existing release notes (#200); JSR publish retries on transient failures (#201)

Upgrade Notes

No breaking changes. The CAS retry is transparent — existing scripts and configurations work without modification. Runs that previously failed with policy_failure on snapshot conflict will now succeed automatically.

Full Changelog: v0.12.0...v0.12.1

v0.12.0

Storage batching, memory pressure awareness, and end-to-end storage error propagation

Summary

v0.12.0 closes all remaining items from the v1.0 readiness assessment. Storage writes can now be pipelined with bounded concurrency, scripts can query memory usage across Node, browser, and cgroup sources, and storage backend failures propagate end-to-end through the first bidirectional IPC frame.

Highlights

• Storage batching — createStorageBatcher(storage, { concurrency }) wraps ctx.storage.put() with bounded-concurrency pipelining (default 16), fail-fast semantics, and flush() drain (#196)
• Memory pressure API — ctx.memory.snapshot() returns heap, browser, and cgroup usage with a composite pressure level; ctx.memory.isAbove(level) provides boolean threshold checks; cgroup v2/v1 auto-detection (#196)
• End-to-end storage error propagation — file_write_ack is the first bidirectional IPC frame; backend write failures now reject the storage.put() promise as recoverable errors instead of being silently swallowed (#197)
• Lode upgrade — Lode storage library upgraded from v0.7.3 to v0.8.0

Known Limitations

• file_write_ack requires runtime ≥ 0.12.0 — older runtimes trigger a fire-and-forget fallback where storage.put() resolves without confirmation
• Cgroup v1 environments reporting memory limit ≥ 2^62 are treated as unlimited (cgroup: null)
• ctx.memory.snapshot({ browser: true }) returns browser: null when no Puppeteer page is available

Full Changelog: v0.11.0...v0.12.0

v0.11.0

Script validation, structured exit reporting, and storage key returns

Summary

v0.11.0 adds --dry-run for CI-friendly script validation without execution, --report for structured JSON exit reporting, and storage.put() now returns the resolved Hive-partitioned storage key. This release also includes a comprehensive code quality sweep across Go, TypeScript, tests, and documentation.

Highlights

• --dry-run flag: Validate that a script loads, exports a run function, and has valid hook signatures — without launching a browser or writing to storage. Enables CI smoke tests and faster dev iteration.
• --report <path> flag: Write a structured JSON report on exit containing run outcome, metrics, policy stats, artifact counts, and proxy usage. --report - writes to stderr.
• storage.put() return value: Now returns StoragePutResult with a key field containing the resolved Hive-partitioned storage path, computed client-side with no IPC round-trip.
• Pre-release hardening: 44-finding audit addressed — errors.New over fmt.Errorf, t.Context() over context.Background(), interface → type across SDK, explicit IPC test timeouts, missing contract-critical test coverage added.
• Release workflow compliance: Releases are now created as drafts requiring manual body authoring per the project release format standard.

Upgrade Notes

• storage.put() return type changed from Promise<void> to Promise<StoragePutResult>. Existing code that ignores the return value is unaffected.
• --dry-run requires only --script and --run-id; storage, policy, proxy, and adapter flags are skipped entirely.

References

• #189 — --report flag
• #190 — storage.put() return value
• #191 — --dry-run flag
• #192 — Pre-release sweep

Full Changelog: v0.10.0...v0.11.0

v0.10.0

Workspace module resolution, browser stability hardening, and zombie process cleanup

Summary

v0.10.0 adds --resolve-from for workspace module resolution and ships two critical browser stability fixes — zombie server detection with safe process cleanup, and Chrome crash prevention from /dev/shm exhaustion in containers.

Highlights

• --resolve-from CLI flag for workspace module resolution — registers an ESM resolve hook that retries bare-specifier resolution from a specified directory (#178)
• Zombie browser server detection — fast-path /proc status check before health check avoids 2s wasted on dead processes; stale process groups killed only after verifying PID ownership via cmdline check (#182)
• --disable-dev-shm-usage on all Chromium launch paths — Chrome uses /tmp instead of /dev/shm for IPC, eliminating renderer crashes from shared memory exhaustion in containers (#185)
• Transient /json/list failure tolerance — browser server idle monitor now requires 3 consecutive failures before exit; non-OK HTTP responses correctly count as failures (#185)
• Chromium launch args centralized into chromiumArgs() helper; idle poll evaluation extracted into pure evaluateIdlePoll() with 18 unit tests

References

• #178 — --resolve-from CLI flag
• #181 — zombie browser server investigation
• #182 — zombie detection and stale process cleanup
• #183 — Chrome crash root cause investigation
• #185 — /dev/shm hardening and retry tolerance

Full Changelog: v0.9.0...v0.10.0

What's Changed

• feat(resolve-from): ✨ add --resolve-from CLI flag for workspace module resolution by @justapithecus in #178
• test(resolve-from): ✅ add end-to-end integration test for ESM resolve hook by @justapithecus in #179
• chore(version): 🔖 bump lockstep version to 0.10.0 by @justapithecus in #180
• fix(runtime): 🐛 detect zombie browser servers and kill stale process groups by @justapithecus in #182
• fix(executor): 🐛 prevent Chrome crashes from /dev/shm exhaustion and transient health failures by @justapithecus in #185
• feat(ai): 🏗️ establish governance framework with CLAUDE.md and ARCH_INDEX alignment by @justapithecus in #184
• chore(docs): 📝 add #182 and #185 fixes to 0.10.0 changelog by @justapithecus in #186

Full Changelog: v0.9.0...v0.10.0