- Moved generated opencode agent/skill prompt bodies into standalone Markdown files under
src/opencode/and embedded them withinclude_str!, keeping the installed integration self-contained while making prompt diffs and README links easier to review. - Tightened generated audit/review agent prompts around a compact deterministic protocol and reference lenses (ASVS/MASVS, grugbrain, and artifact/dependency size), while preserving no-sampling/no-skipping chunk rules.
- Added an
existing_reportMCP tool and updated audit/review agents to read existingISSUES.md/REVIEW.mdonce, carry forward still-current findings, and supersede stale report content when rendering the new report.
- Preserved workspace-relative paths when
repo_manifest/repo_chunkstarget a directory scope, avoiding path evidence drift for narrowed audit/review inputs.
oy setupnow writestool_output(max_bytes: 262144,max_lines: 20000) into the generated opencode config so a default-sized oy chunk (DEFAULT_TARGET_TOKENS = 64000at ~4 chars/token) fits in one tool result instead of being truncated to a preview by opencode's 51_200-byte default. opencode exposes this knob only at the config root, so the bump applies to all agents in the written scope (global by default, workspace under--workspace); existing user values for these two keys are overwritten and unknown sibling keys are preserved. Generated audit/review agents document the coupling and instruct the model to prefer narrowerpathvalues over raisingtarget_tokensabove 64000.
- Updated generated oy agents (
oy-plan,oy-edit,oy-auto,oy-enhancer) to clone/checkout reference code into the workspace under.tmp/ref/<name>/and keep it locally git-ignored via.git/info/exclude, instead of/tmp,/tmp/opencode, or~/. Avoids external-directory permission prompts and keeps per-workspace isolation without tracked.gitignorechanges.
- Allowed release publishing to use a
RELEASE_TOKENrepository secret when enterprise policy keeps the default ActionsGITHUB_TOKENread-only for release creation. - Made GitHub release creation idempotent so rerunning a tag workflow updates release notes and clobbers uploaded assets instead of failing on an existing release.
- Accepted file paths as well as directory paths for
repo_manifestandrepo_chunks, avoiding deterministic MCP failures when audit/review agents target a specific evidence file. - Updated generated audit/review agents to raise
target_tokensfor oversized files, keep summary/chunk calls on the same deterministic input, avoid unchanged retries after tool failures, and prefer focused paths when root chunks are too large or noisy. - Made oversized chunk errors and MCP schemas point agents at the
target_tokensrecovery path explicitly.
- Accepted absolute MCP input paths that resolve inside the workspace for
repo_manifest,repo_chunks,sloc, andoutline, while preserving rejection of parent traversal and paths outside the workspace.
- Restored audit/review report transparency lines for skill-backed opencode workflows by moving command-context rendering into the deterministic MCP report tools.
oynow delegates AI workflows to opencode. The defaultoycommand installs/updates global integration files and launchesopencode --agent oy.- Convenience commands (
oy run,oy chat,oy model,oy audit,oy review,oy enhance) wrap generated opencode commands; unknown top-leveloyargs pass through to opencode. - Audit/review/enhance workflows now live in generated agents, skills, and commands.
oy run,oy chat, and defaultoymap old safety modes to generated primary agents:oy,oy-plan,oy-edit, andoy-auto.- Generated agents now emit short phase markers during longer non-interactive work.
slocnow shells out totokeiwhen available instead of embedding thetokeicrate; the tool is omitted from MCP listings whentokeiis not onPATH.outlinenow shells out to Universal Ctags when available instead of embedding tree-sitter grammars; the tool is omitted from MCP listings when Universal Ctags is not onPATH.oy doctornow reports optionaltokei/Universal Ctags availability and printsmise/Homebrew install hints when they are missing.- Refreshed Cargo.lock to current Rust 1.96-compatible dependency releases.
oy setupwrites~/.config/opencode/opencode.json, agents, and skills. Useoy setup --workspacefor project-local.opencodesetup.oy mcpstarts a local stdio MCP server exposing deterministic repository helpers:repo_manifest,repo_chunks,git_diff_input, optionalsloc, optionaloutline,render_audit_report, andrender_review_report.
- Removed the legacy native LLM/provider/session/chat/tool-loop stack from
src/agent/,src/llm/, and the old model-callable tool registry. - Removed native implementations of shell, edit, webfetch, repo clone, todo, ask, think, search, read, and patch tools; opencode owns those capabilities.
- Removed embedded tree-sitter grammar dependencies; install Universal Ctags separately to enable the optional
outlineMCP tool. - Removed the embedded
tokeidependency; installtokeiseparately to enable the optionalslocMCP tool. - Removed the obsolete good-first-issues document; starter work should now come from the current MCP roadmap.
- Removed
oy run --out;oy runnow always streams opencode output directly. Use shell redirection to save output.
src/net.rs— sharedis_public_ip()helper used by both webfetch (src/tools/network.rs) and credential transport (src/llm/route/auth.rs). Normalises IPv4-mapped-IPv6 addresses and blocks multicast and deprecated site-local IPv6 ranges. Added focused tests for IPv4-mapped-IPv6 and unique-local alignment (REVIEW #1).
src/tools/registry.rs,src/tools/args.rs— gatedToolId::Outlinevariant anddefault_depth()behind#[cfg(feature = "outline")], matching the existing feature gating onmod outlineand the outlineToolDef. Builds without--features outlineno longer warn about dead code (REVIEW #1 High).src/llm/test/executor.rs(748 lines) — split intochat_tests.rs(6 Chat Completions tests, ~240 lines) andresponses_tests.rs(9 Responses API tests, ~310 lines).executor.rsretains 3 shared transcript tests and theread_tool_spechelper; all 19 tests pass unchanged (REVIEW #1 Medium).src/tools/tests/workspace_tools.rs(667 lines) — split into tool-oriented files undersrc/tools/tests/:patch.rs(9 tests, ~239 lines),search.rs(7 tests, ~201 lines),replace.rs(3 tests, ~74 lines),read.rs(3 tests, ~68 lines),list.rs(3 tests, ~62 lines),sloc.rs(1 test, ~23 lines). Old file removed; all 48 workflow tests pass unchanged (REVIEW #1 Medium).src/cli/config/paths.rs— extracted atomic-write implementation (write_workspace_batch,prepare_workspace_write,commit_workspace_writes, backup/rollback,PreparedWorkspaceWrite,CommittedWorkspaceWrite) into newsrc/cli/config/atomic_write.rs. The public API (write_workspace_file,write_workspace_batch) remains unchanged as thin delegation wrappers;paths.rsdrops from 353 to ~210 lines (REVIEW #1 Low).src/tools/preview.rs— split 862-line file into sub-modules undersrc/tools/preview/:common.rs(shared helpers),workspace.rs(list, read, search, replace, patch, sloc, outline),network.rs(webfetch, repo_clone),process.rs(bash),planning.rs(todo, think, ask). The parent file is now a 99-line re-export shell. All files under 400 lines; all preview tests pass unchanged (REVIEW #3).src/cli/config/paths.rs— movedrestrict_to_owner(Windows ACL) tosrc/cli/config/platform/windows.rsbehind#[cfg(windows)]. Addedsrc/cli/config/platform/mod.rswith#[cfg(windows)]re-export. The two call sites inwrite_private_fileandcreate_private_dir_allnow route throughsuper::platform::restrict_to_owner(REVIEW #4).src/agent/model/tests.rs— moved 10#[ignore]live integration tests and helpers (is_auth_error,assert_model_responds,assert_model_uses_tool,Echo,EchoArgs) to newsrc/agent/model/live_tests.rs. Unit test file drops from 841 lines to ~675 lines; live tests stay#[ignore]and run withcargo test --lib --ignored(REVIEW #5).src/audit/input.rsnow includes git-diff input support:collect_diff_files(parsesgit diffoutput intoAuditFileitems, skipping binary diffs),parse_numstat, andbuild_diff_manifest. These replace the previousReviewChunk/DiffItem/NumstatEntrytypes and duplicated chunking/validation functions insrc/review.rs(REVIEW #2).src/review.rs— deletedReviewChunk,DiffItem,NumstatEntrystructs and five duplicated functions (split_git_diff_items,chunk_diff_items,ensure_chunks_fit,parse_numstat,diff_manifest). Bothprepare_workspace_inputandprepare_diff_inputnow go through the sharedAuditFile/AuditChunktypes andchunk_files/ensure_chunks_fit_prompt/chunk_texthelpers. All tests pass unchanged.src/llm/route/auth.rs—is_loopback_or_private_ipnow delegates to!crate::net::is_public_ip, gaining IPv4-mapped-IPv6 normalisation and site-local IPv6 blocking that the previousIpAddr::is_*methods missed.
snapshottool. The 0.10.6 implementation was a model-callable stub that returnedsuccess: truefor no-op actions; it has been removed from the registry, schema, args, and preview surface. Any in-flight model call that namessnapshotwill now surface asunknown tool: snapshotthrough the documented fail-closed path.- Dead
GrepMode::Fuzzyarm insearch_exact_file. The only producer ofGrepModein the crate (search_mode) emitsRegexorPlainText; the third arm now usesunreachable!()so the match stays exhaustive (a future enum addition breaks the build here) while the intent is honest. - One-line
render_with_batandrender_plain_with_batpassthroughs insrc/cli/ui/render.rs. Both wrappers were renamed-thinned versions ofrender_bat; they are inlined at their five call sites and removed.
repo_clonenow parses scp-stylegit@host:owner/repo[.git]references and preserves an optional#fragment(treated as a sub-path/ref annotation, not a URL fragment). The threegitinvocations are wrapped intokio::time::timeout(300 s for clone/fetch, 30 s forrev-parse) and the tool is now registered asexternal_side_effect = trueso the transient-retry guard intools::invoke_innercovers it. Parsing ofhttps://…#fragmentandgit+ssh://…URLs is preserved.audit::runis decomposed intoprepare(collect files, build manifest, security index, and chunk plan, load priorISSUES.md, validate against--max-chunks),async fn execute(single-chunk fast path or multi-chunk + reduce with bounded parallelism), andfinalize(transparency line, structured-findings block, succinct summary, optional SARIF render, write). Behaviour, progress events, and outputs are unchanged; all 34 audit tests pass.plan_patchandplan_apply_patchinsrc/tools/workspace/patch.rsnow share abuild_patch_planhelper that owns the directory/symlink/size/read/decode guards, the skip-if-unchanged short-circuit, the display-path dedup check, and the diff computation. The two callers pass only the per-format apply step (unified diff viadiffy::applyor*** Begin Patchviaapply_context_hunks); behaviour and all 12 patch tests are preserved.is_supported_by_native_openaiis renamed tois_supported_by_native_backendinsrc/agent/opencode_models.rs. The predicate covers every native protocol (OpenAI-compatible, Anthropic, Bedrock Converse, Gemini) and excludes onlyvertexai; the new name matches the file's "do not add local provider/model registries" comment and the single call site ininto_adapter_models.
src/audit/report.rsis decomposed into three focused submodules plus a thin facade.report.rsis now a 19-line re-export shell; the original five concerns live intransparency.rs(snippet, shell quoting, transparency line, succinct findings summary, markdown post-processing),findings.rs(typedFinding/FindingLocation/FindingSummary, markdown + JSON extraction, structured-findings round-trip), andenhance.rs(FindingSource,EnhanceFinding, enhance parsing,markdown_heading,clean_title,is_no_finding_title). External callers keep usingcrate::audit::report::*; theauditmodule test count is unchanged (39 tests pass) and theaudit::rundecomposition from week 2 is preserved.src/llm/providers/route.rs:prepare_openai_chat,prepare_xai_chat, andprepare_openrouter_chatnow share abuild_api_key_route(profile, auth_provider, auth_missing_msg, additional_params)helper. The three OpenAI-shaped builders shrink to profile lookup + body-options resolution + a single call into the helper;RouteAuth::ApiKey,base_url: Some(...),query_params: None, anddefault_output_tokens: Noneare set in one place. Anthropic / Google / Azure / Cloudflare / Bedrock paths stay separate because they use differentRouteAuthshapes.src/tools/network.rs:PublicWebfetchClient::from_target's 60-line redirectPolicy::customclosure now calls a newvalidate_public_url_target(url) -> Result<()>helper that single-sources the scheme allowlist, host validation, IP-literal handling, and per-socketvalidate_public_ipcheck. The closure itself drops to a 10-line redirect-count + match-on-helper form, andPublicWebfetchTarget::resolvenow runs the same helper before pinning the async-resolved addrs so a public-at-first host cannot drift to a private-IP target before the request is even built. Three new unit tests cover the helper.src/agent/transcript.rs:with_compacted_tool_outputsandwith_all_tool_outputs_compactedcollapse into a singlecompact_tool_outputs(messages, max_bytes, re_compact)helper. The only difference between the two public methods was theif text.contains("[tool output compacted]") { continue; }guard, which is now the!re_compactbranch of one helper. Both public methods become 3-line wrappers; the call sites insrc/agent/session.rs(cache-aware compaction + aggressive re-compaction) are unchanged and all session tests pass.
- New workspace tools:
repo_clone(git clone/refresh for remote repo analysis),outline(structural file outline),snapshot(conversation context checkpoints), andthink(structured reasoning). read_multiple_filesnow supportstail_linesper file; preview tool for bat-backed file previews.
- Bumped MSRV to Rust 1.96 and refreshed Cargo.lock (30 crate updates including fff-grep/search 0.8.4, reqwest 0.13.4, hyper 1.10.1).
- Session and transcript improvements; refactored tool registry and schema/args modules.
- Native Gemini/Anthropic/Bedrock protocol fixes and OpenAI route tweaks.
- Native Anthropic Messages protocol support for OpenCode-routed models (e.g. direct Anthropic API via OpenCode), with dedicated provider profile and endpoint stripping.
- Moved Anthropic routing out of the OpenAI-compatible bucket into its own
is_anthropic_api()classifier and added coverage to the opencode models tests. - Minor style and import-ordering cleanups in
audit/report,cli/app/enhance_cmd, and LLM route modules.
- Removed legacy top-level task/continue/resume CLI argument rewrites; use explicit
oy run ...forms. - Split the large tools test module into boundary-focused test modules and refreshed architecture/contributor docs for the current native LLM boundary.
- Scoped OpenRouter provider-body options to OpenRouter routes, made the model-info cache key model-specific, and tightened audit/SARIF finding extraction to explicit severity headings instead of broad Markdown-heading guesses.
- Moved unsupported-provider enforcement into route resolution and split
agent::modelinto facade, execution, metadata-cache, reasoning, and test modules. - Added a native Gemini protocol for Google AI Studio/OpenCode Gemini models, including SSE parsing, function calling, usage mapping, and Gemini tool-schema projection.
- Restored
webfetchpublic IP classification to maintainedip_rfcglobal-address semantics, with explicit denials for multicast and deprecated IPv6 site-local ranges.
- Preserved raw terminal/ANSI output through
bash, markdown, diff, and always-coloured bat-backed previews so bat/terminal formatting is not replaced with visible escape glyphs.
- Reorganized the Rust-native LLM backend toward OpenCode
packages/llm: schema/events, provider profiles, route auth/framing/transport, protocol modules, cache policy, and tool runtime are now separated and covered by focused tests. - Expanded native provider routing for xAI, OpenRouter, Azure OpenAI, Cloudflare AI Gateway, Cloudflare Workers AI, and Amazon Bedrock Converse while keeping Anthropic/Gemini providers fail-closed until their protocols are ported.
- Added OpenCode-style cache policy placement for inline-cache protocols and Bedrock Converse cache-point lowering with AWS event-stream decoding and SigV4/bearer auth support.
- Added terminal title/zellij pane progress updates for human-mode sessions while keeping quiet/JSON output clean.
- Completed Month 6 of the LLM internals roadmap: prompt-level provider retries are now side-effect aware, transient retry backoff uses fewer jittered attempts, Chat/Responses share tool-round budget handling, and model-visible schemas better describe common risky or malformed tool arguments.
- Completed Month 5 of the LLM internals roadmap: native OpenAI-compatible Chat/Responses tool loops now mark tool failures with
TOOL_ERROR/RECOVERY, hint enabled tools for unknown names, block repeated identical failed calls, cap model-visible tool output with head/tail preservation, and stop long tool-only churn without lowering the default tool-round budget. - Made audit input handling fail before truncating review chunks that exceed the model budget, and escaped terminal/control sequences in
bashstdout/stderr before they enter tool output or previews. - Added fuzzy path suggestions to missing
readtool errors while keepingreadexact-only and requiring a follow-up explicit path.
- Preserved trusted syntax-highlighting/color ANSI in tool previews while still neutralizing untrusted terminal escape bytes from tool output and file content.
- Accepted
*** Begin Patch/*** Update File:patch tool input for existing UTF-8 files while continuing to reject create/delete, symlink, binary, non-UTF8, and out-of-workspace patches. - Stopped sending unsupported
previous_response_idin native OpenAI Responses tool loops by replaying function calls/results ininput. - Round-tripped DeepSeek
reasoning_contentthrough native OpenAI-compatible Chat Completions tool loops. - Sanitized terminal-bound tool progress, previews, errors, markdown, and diff previews to neutralize model/tool-supplied escape bytes before display.
- Replaced local public IPv4 classification logic for
webfetchwithip_rfcglobal-address classification plus explicit public-fetch denials for multicast and deprecated IPv6 site-local addresses. - Removed credential-like environment variables from
bashchild processes by default and documented the remaining shell trust boundary. - Added focused maintenance coverage for the tool approval matrix, expanded webfetch IP cases, shell environment filtering, and
oy doctor --helpsnapshots. - Simplified local tooling so
mise installplusjust checkuses only the pinned stable Rust toolchain andjust;just cikeeps optional nextest/Miri parity checks.
- Completed Month 4 of the LLM internals roadmap: the native OpenAI-compatible Chat/Responses backend is now the default for OpenAI, Copilot API-token, and OpenCode-compatible routes;
src/tools/llm.rsadapts tools directly tooy'sllm::LlmToolboundary; and the previous external backend dependency, adapters, native-backend feature flag, and GitHub-token Copilot shim were removed. - Completed Month 3 of the LLM internals roadmap: native OpenAI Chat and Responses requests route through a non-streaming backend with focused request/response goldens, while auth lookup and provider metadata stay in
agent::auth/OpenCode. - Completed Month 2 of the LLM internals roadmap: transcripts now store
oy-ownedllm::Messagevalues,agent::modelaccepts those messages directly, tool schema exposure stays in oneoyregistry, and previous backend-specific message/tool conversions live in adapter modules only. - Added the Month 1
src/llm/facade foroy-owned LLM request/response, message, tool-spec, route, and backend-trait types while keeping the then-current backend behind one adapter seam.
- Reissued the release so GitHub Actions can publish the expected CI-built binary assets without the duplicate immutable-release state from v0.9.3.
- Made the
patchtool more tolerant of LLM-generated diffs by retrying raw unprefixed paths when the defaultstrip = 1target does not resolve.
- Improved failed patch-application errors with the failing hunk number and guidance to re-read the file before regenerating stale hunks.
- Added a
patchworkspace tool for applying unified/git diffs to existing UTF-8 files, with file-write policy gating, approval previews, output summaries, and focused coverage for rejected unsafe patch shapes.
- Switched workspace diff generation from
similartodiffyso tool previews emit applyable unified diffs. - Retried transient Rig
ApiResponseparse failures through the normal LLM backoff path.
- Google Gemini (
opencode/gemini-3-flash,opencode/gemini-3.1-pro) and Anthropic Claude models via OpenCode are now visible inoy modeland usable for chat/audit. - Live integration tests for Google, Anthropic, DeepSeek, and Kimi models including tool-calling smoke tests. Run with
cargo nextest run --run-ignored ignored-only live_.
ISSUES.mdis always excluded from the initial audit collection context; existingISSUES.mdcontent is included in the final prioritise/rewrite step so the model can carry forward still-relevant findings.
- Stripped ESC (
\x1b) characters from model output inrender_markdownandpaintto prevent terminal ANSI escape injection (CWE-150, OWASP ASVS V5.3.4). - Replaced
{err:#}alternate formatting with plain{err}inmain.rs,chat.rs, andprogress.rsto avoid leaking API keys through error chains (OWASP ASVS V7.3). - Added
192.0.0.0/24(IETF Protocol Assignments) to theis_public_ipv4blocklist, closing an SSRF bypass intool_webfetch(OWASP ASVS V5.2.6). - Replaced
unsafe { std::env::set_var/remove_var }calls in/thinkingwith a thread-safeLazyLock<RwLock<Option<String>>>store, eliminating undefined behaviour from concurrent environment mutation.
- Derived all audit sizing constants (chunk size, reduce prompt limit, findings budget, security index) from the current model's token limits instead of hardcoded values.
- Derived context config input limit and output reserve ratio from model-specific token limits via OpenCode metadata, so session compaction and budget enforcement adapt per model.
- Replaced the hardcoded
context_config()withcontext_config_for_model()that takes optional model input/output limits; env varsOY_CONTEXT_LIMITandOY_CONTEXT_OUTPUT_RESERVEstill override.
- Removed
rig-bedrockandrig-vertexaidependencies,src/agent/bedrock.rs, Bedrock/VertexAI chat routes, and all associated provider mappings, auth status, and docs. - Removed dead code:
wrap_linefunction,ProviderInfo.modelfield,OpenCodeVariantstruct field, and the now-unusedtextwrapdependency.
- Replaced low-level LLM plumbing with Rig agents.
- Simplified model metadata routing.
- Used OpenCode model metadata for reasoning capability and effort discovery.
- Fixed Bedrock adaptive thinking params and Converse routing regression.
- Trimmed the Rust library surface so only the command runner and diagnostic helper remain stable public API; internal modules are now crate-private.
- Moved snapshot coverage into the modules that own chat command help and tool preview rendering.
- Split CLI UI rendering/progress/text helpers and session storage/no-op guard helpers into smaller modules for local reasoning.
- Replaced ad-hoc JSON construction in tool implementations with typed internal output structs before serialization.
- Updated
ISSUES.mdwith validation status for remediated and still-open audit findings.
- Enforced disabled-network policy inside the
webfetchsink before URL resolution or outbound I/O. - Prevented
listglob expansion from reporting entries whose canonical path resolves outside the workspace through symlinks. - Hardened audit input skipping for more secret-like filenames, including
.env.*, credentials, secrets, and token files. - Serialized transcript compaction input as escaped JSON records and marked message bodies as untrusted data to avoid pseudo-XML prompt-boundary confusion.
- Kept SARIF generation available when one model-produced code reference is unsafe by omitting only that result location.
- Preserved middle audit findings during reduce compaction by trimming per finding instead of raw head/tail truncation.
- Shell-quoted the Docker mount argument printed by
doctorfor container safety guidance.
- Updated agent guidance to favor simple, direct, data-oriented code with explicit local data/control flow, stable boundaries, and measured performance.
- Audit prompts now flag complexity that complects concerns, hides state/dataflow, blocks local reasoning, or obscures performance/security boundaries.
- Transcript compaction now preserves design constraints, invariants, and rejected abstractions when they affect follow-up work.
webfetchnow follows public redirects by default and sends non-credentialed document-friendlyUser-Agent/Acceptheaders so common public docs URLs work without extra model-supplied headers.
- Bounded large-audit reduce prompts so high-chunk audits compact candidate findings before hitting model prompt limits.
- Added
oy audit --format sarif, writing SARIF 2.1.0 output tooy.sarifby default for GitHub code scanning ingestion.
- Audit transparency snippets now quote shell-sensitive model, output, and focus values.
- Centralized text/binary decoding for audit and file tools.
- Scoped
OPENAI_API_KEYandOPENAI_BASE_URLto OpenAI/OpenAIResp requests so they are not applied to unrelated providers. - Stopped Bedrock Mantle discovery from accepting OpenAI credentials or endpoint overrides; Mantle now requires Bedrock-specific bearer credentials.
- Reworked
oy auditas a deterministic no-tools audit pipeline that writesISSUES.mdby default, embeds OWASP ASVS/MASVS plus grugbrain guidance, and uses full-repo or map→reduce review depending on repository size. - Added generated audit report transparency lines showing the
oy auditcommand/model context used.
- Consolidated the agent stack into
src/agent.rsand CLI/runtime UI/configuration intosrc/cli.rs, leaving a smaller top-level module surface for future maintenance. - Reorganized
src/tools.rswith explicit review sections while keeping the tool registry in one place. - Audit progress now emits consolidated phase updates instead of per-chunk detail spam.
- Audit reports now request and backfill a succinct all-findings summary with code refs, while reserving detailed writeups for the most severe 10-20 findings.
- Audit review input is now collected by the Rust runner rather than discovered by model tool calls, making included text and chunking deterministic.
readpreviews now clamp long code lines to the terminal preview width and expand tabs to stable columns so line-number gutters do not visually drift.
Consolidated changes since v0.7.5.
- Native AWS Bedrock Converse support with AWS SDK credential loading, SSO-expiry detection,
aws sso loginretry, and tool-use conversion. - Bedrock Mantle routing via Bedrock API bearer tokens,
AWS_BEARER_TOKEN_BEDROCK, and contemporary Moonshot/Kimi model hints. - OpenCode Zen/Go routing shims (
opencode::,opencode-go::) withOPENCODE_API_KEY, endpoint overrides, and fallback to~/.local/share/opencode/auth.json.
- Tightened terminal UX with dense grouped tool-call progress, bat-like text previews, color-aware markdown/diff rendering, and clearer truncation.
- Simplified docs and examples around
--mode,copilot::, OpenAI, AWS Bedrock, OpenCode, and local OpenAI-compatible defaults. - Moved built-in prompts/tool descriptions into Rust, removed the TOML prompt asset, and trimmed terminal rendering dependencies.
- Refreshed the Rust toolchain/dependency baseline, including AWS SDK-backed Bedrock integration.
Major changes since v0.5.1.
- Bedrock Mantle provider support for AWS credential/SigV4 mode, including model listing against the Mantle endpoint.
- A
SECURITY.mdpolicy pointing researchers to the WA Government vulnerability disclosure process.
- Audit runs now show clearer wait/progress reporting while long-running review work is in flight.
- Audit dependency assessment now records Renovate warnings in
ISSUES.mdand keeps the phase1 summary idempotent.
- Bedrock Mantle chat requests now fall back from
/v1/responsesto/v1/chat/completionswhen a model does not support the responses API. - Resumed audits continue to backfill missing
run_configstate and restore the generated transparency snippet inISSUES.md. - Audit review flow was tuned for better speed and output quality.
- Audit reports now always upsert the transparency snippet instead of only when
# Audit Issuesis the first line, so banner/comment preambles no longer suppress it. - Resumed audits now backfill missing
run_configstate and reapply the transparency line before review continues. - Phase3 audit summary rewrites now reinsert the transparency line if the summary pass removes it.
Major changes since v0.4.6.
- Session continuation and resume for
oy chatandoy runvia--continue-sessionand--resume <name-or-number>. - Built-in modes for common approval policies:
plan,accept-edits, andauto-approve. oy renovate-localfor running Renovate locally and writing lookup reports to.tmp/renovate-<date>.json.- An audit transparency snippet in generated
ISSUES.mdreports showing theoycommand used.
- Reworked
oy auditinto a resumable three-phase workflow (plan,review,summary) with per-workspace audit state stored in the session cache. - Switched audit reporting to an inbox-based
ISSUES.mdflow so chunk reviews append findings first, then condense and reorganize them into the final summary. - Improved audit chunking, retry/stall handling, and progress validation; audit retries with smaller chunks if a review pass fails to update
ISSUES.md. - Improved CLI/runtime previews, session handling, and test coverage while removing redundant helper code.