chore(release): 2.7.1

[chernistry]

Cuts the 2.7.1 maintenance and bugfix release.

• Bumps the version in pyproject.toml (and the uv.lock self-entry) from 2.7.0 to 2.7.1, which is what the auto-release gate keys on.
• Adds human release notes at docs/release-notes/v2.7.1.md.

What is in 2.7.1

• Fix: Codex adapter usable with a ChatGPT OAuth login (model selection, OAuth detection, and the demo --real summary crash). (fix(codex): respect non-Claude model selection and OAuth, fix demo summary #2086)
• Security: cleared the open code-scanning and Dependabot findings, trimmed CI token permissions to least privilege, and bumped the flagged dependencies to their fixed versions. (chore(security): resolve code-scanning and Dependabot findings #2087, chore(deps): clear remaining pip-audit advisories (pyjwt, python-multipart) #2083, and the security dependency PRs)
• Docs: Web UI screenshots (docs(gui): add screenshots for all seven web UI screens #2061) and the first community benchmark (community(benchmarks): add component benchmark results from Intel i3-6006U Linux #2065).

On merge, a green main run triggers auto-release to tag v2.7.1 and hand off to publish.

Summary by Sourcery

Prepare the 2.7.1 maintenance release with version bump, security hardening, dependency updates, and accompanying release notes.

New Features:

• Document the first community-submitted component benchmark and expand Web UI docs with full-screen screenshots.

Bug Fixes:

• Restore Codex adapter usability with ChatGPT OAuth logins, including correct model selection, OAuth-session detection, and preventing demo summary crashes.

Enhancements:

• Clean up code quality by resolving refurb idiom findings across multiple modules to keep static analysis surfaces clean.

Build:

• Refresh base images and toolchain components, including Python image, observability stack, database, package managers, and CI actions.

CI:

• Tighten CI job permissions to least privilege and document remaining write scopes while clearing code-scanning and Dependabot findings.

Documentation:

• Add detailed release notes for v2.7.1 describing fixes, security changes, and documentation updates.
• Update Web UI documentation with screenshots for all interface screens and include the first community benchmark entry.

Summary by CodeRabbit

• Bug Fixes

  • Restored access for users with a ChatGPT subscription.
  • Fixed scheduler/model selection issues for incompatible model tier names.
  • Improved account session detection to avoid incorrect API key warnings.
  • Resolved a crash in the demo flow when loading live status data.

• Security

  • Tightened access permissions for certain background jobs.

• Documentation

  • Updated web UI docs with screenshots.
  • Added a new community benchmark example.

[sourcery-ai]

Reviewer's Guide

Prepares the 2.7.1 maintenance release by bumping the project version and adding human-readable release notes that document fixes, security/dependency updates, documentation changes, and quality cleanups included in the release.

Sequence diagram for auto-release flow triggered by version bump to 2.7.1

sequenceDiagram
    actor Developer
    participant GitHubMain as GitHub_main_branch
    participant CI as CI_pipeline
    participant AutoRelease as auto_release_gate
    participant Registry as artifact_registry

    Developer->>GitHubMain: merge release_PR(version_2_7_1)
    GitHubMain-->>CI: trigger_main_workflow
    CI->>AutoRelease: run_auto_release_gate(version_2_7_1)
    AutoRelease-->>CI: gate_passes
    CI->>GitHubMain: create_tag_v2_7_1
    CI->>Registry: publish_release_artifacts_v2_7_1

Loading

File-Level Changes

Change	Details	Files
Bump project version to 2.7.1 for the auto-release pipeline.	Update the project version field from 2.7.0 to 2.7.1 to align with the intended release. Ensure the lockfile self-entry reflects the new version so tooling and auto-release gates see a consistent version.	pyproject.toml uv.lock
Add detailed human release notes for v2.7.1.	Create a new release-notes document describing the Codex adapter OAuth/login and demo fixes. Document security-related CI token permission trims and dependency upgrades driven by code scanning and Dependabot. Record documentation updates (Web UI screenshots and community benchmark) and refurb-driven code quality cleanups for this release. Specify the release date and clarify that merging with a green main run triggers auto-release tagging and publish.	docs/release-notes/v2.7.1.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

Review-bot acknowledgement summary

• Must-address findings: 0 (0 acknowledged, 0 open)
• Informational findings: 0

All must-address findings are resolved or acknowledged.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[github-actions]

Sonar insights (advisory, no merge-block)

Snapshot of bernstein on the configured Sonar instance:

Metric	Value
Coverage	80.1
Code smells	0
Bugs	0
Vulnerabilities	0
Security hotspots	0

Run bernstein doctor sonar locally for the full surface.

This comment is a soft signal. The Sonar scan runs on push to main; the PR check itself never fails on smells.

[github-actions]

bernstein doctor observe for PR #2090 (chore/release-2.7.1): ok=1, warn=1, fail=0, error=0, skipped=2

sonar -- OK (project bernstein)

metric	value	delta	threshold	status
coverage_pct	80.1%	new	80.0%	ok
code_smells	0	new	50	ok
bugs	0	new	0	ok
vulnerabilities	0	new	0	ok
security_hotspots	0	new	0	ok

code-scanning -- WARN (1 open alert(s))

metric	value	delta	threshold	status
open_alerts	1	new	0	warn
critical_alerts	0	new	0	ok
high_alerts	1	new	0	warn
medium_alerts	0	new	-	ok
low_alerts	0	new	-	ok

Skipped backends (credentials not configured)

• glitchtip: BERNSTEIN_GLITCHTIP_TOKEN not set
• dt: DTRACK_URL/TOKEN/PROJECT not set

See docs/observability/unified-doctor.md for backend setup notes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 42659cf3-317f-4355-a007-4d25b5ba0a85

📥 Commits

Reviewing files that changed from the base of the PR and between 7269e73 and 8f475b2.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock, !**/*.lock

📒 Files selected for processing (2)

• docs/release-notes/v2.7.1.md
• pyproject.toml

---

📝 Walkthrough

Walkthrough

Adds v2.7.1 release notes covering fixes, security and dependency updates, docs and community items, and quality cleanups. Bumps the project version in pyproject.toml from 2.7.0 to 2.7.1.

Changes

v2.7.1 release update

Layer / File(s)	Summary
Release notes content docs/release-notes/v2.7.1.md	Records the v2.7.1 release date and adds fixes, security and dependency updates, docs and community items, and quality cleanups.
Project version bump pyproject.toml	Updates [project].version from 2.7.0 to 2.7.1.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• sipyourdrink-ltd/bernstein#2039: Updates the same pyproject.toml [project] version field in a release bump.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the release, but it does not follow the required What/Why/How and checklist template.	Add the template sections What, Why, How, and Checklist, including the required verification and documentation items.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise and accurately identifies the release bump to 2.7.1.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/release-2.7.1

---

_{Comment @coderabbitai help to get the list of available commands.}

[chernistry]

Superseded by the 2.8.0 release: this cycle added a feature (worktrees unlock) and two reliability fixes, so the bump is a minor (2.8.0) rather than a patch. Re-cutting.