|
| 1 | +# v2.8.0 |
| 2 | + |
| 3 | +Released 2026-06-25. |
| 4 | + |
| 5 | +A reliability and maintenance release. The Codex adapter works with a ChatGPT OAuth login again, the worktree garbage collector no longer loses unmerged work or wedges itself after a crash, and the open code-scanning and Dependabot security surface is cleared. |
| 6 | + |
| 7 | +## Features |
| 8 | + |
| 9 | +- `bernstein worktrees unlock` inspects and recovers a stuck GC lock. `worktrees gc` holds an exclusive lock for the duration of a sweep; a crashed or killed run could leave it behind. The new command reports who holds the lock (pid, liveness, age), clears it when the owner process is gone, and refuses a lock held by a live, recent process unless `--force` is passed. The unlock is recorded as a tamper-evident `worktree.gc_unlock` event in the HMAC-chained audit log, so an operator recovery is reconstructable rather than a silent file deletion. (#2094) |
| 10 | + |
| 11 | +## Fixes |
| 12 | + |
| 13 | +- Codex with a ChatGPT subscription is usable again. Three things were in the way and all three are fixed: |
| 14 | + - A run pinned to `--cli codex` no longer hands a Claude tier name to `codex exec -m` (Codex rejects `opus`/`sonnet`). For a non-Claude adapter the scheduler now substitutes that adapter's own default model when none is pinned, so the model recorded in the audit chain is the model that actually ran. |
| 15 | + - The adapter detects a Codex OAuth session in `~/.codex/auth.json` (written by `codex login`) and only warns about a missing `OPENAI_API_KEY` when there is neither an API key nor an OAuth session. |
| 16 | + - `bernstein demo --real` no longer crashes on its closing summary; it reads the task list from the real `/status` response shape. (#2086) |
| 17 | +- Worktree GC no longer loses unmerged agent work on a repository whose default branch is not `main`. The graveyard pre-check compared against a hardcoded `main`, so when `main` did not exist the check failed and was read as "nothing to preserve", letting a stale worktree be deleted with its unmerged commits. The base branch is now resolved from the repo default, and an inconclusive check preserves the branch to the graveyard instead of dropping it. (#2093) |
| 18 | +- A worktree GC lock left behind by a crashed or killed run no longer wedges every later `bernstein worktrees gc`. The lock records its owner pid and start time, and a run reclaims a lock once when the owner is gone (or the lock is older than a generous bound), while still refusing a lock held by a live, recent process. (#2093) |
| 19 | + |
| 20 | +## Security and dependencies |
| 21 | + |
| 22 | +- Cleared the open code-scanning and Dependabot findings. The test jobs dropped stale `checks: write` and `pull-requests: write` grants left behind when their reporter actions were removed, so those jobs now run with `contents: read` only; the job-level writes that remain are the minimum each job needs. (#2087) |
| 23 | +- Bumped every dependency the scanners flagged to its fixed version: cryptography, starlette, aiohttp, pypdf, pydantic-settings, pyjwt, and python-multipart on the Python side, and js-yaml and `@babel/core` in the VS Code extension toolchain. (#2059, #2066, #2072, #2073, #2077, #2083, #2087) |
| 24 | +- Routine base-image and toolchain refreshes: the Python base image digest, the OpenTelemetry collector, Prometheus, PostgreSQL, ovsx, react-router, lucide, uv, and the codecov and setup-python actions. |
| 25 | + |
| 26 | +## Docs and community |
| 27 | + |
| 28 | +- The Web UI docs now include screenshots of all seven screens. (#2061) |
| 29 | +- Added the first community-submitted component benchmark, from an Intel i3 on Linux. (#2065) |
| 30 | + |
| 31 | +## Quality |
| 32 | + |
| 33 | +- Resolved the open refurb idiom findings across 15 modules. These are behavior-preserving cleanups that keep the code-scanning surface clean. (#2087) |
0 commit comments