2026-05-26 - 2026-06-26
Overview
143 Pull requests merged by 3 users
Merged
#270 PRD: Separate agent and bottle selection
Merged
#278 ci: add coverage.py reporting
Merged
#280 test: fix integration coverage failures
Merged
#272 PRD: Multi-parent extends: for bottles
Merged
#282 Remove capability apply
Merged
#279 Add ripgrep to agent images
Merged
#276 Fix unescaped quotes/newlines in YAML and gitconfig emitters
Merged
#271 Add explicit timeouts to subprocess and HTTP calls in git-gate paths
Merged
#275 Typed error taxonomy for supervise RPC dispatch
Merged
#274 Harden CGI status-line parsing in git_http_backend
Merged
#273 Anchor relative Dockerfile path to build context
Merged
#267 fix: route remote control through provider startup args
Merged
#266 Validate proposed egress config
Merged
#264 PRD: LOG_FULL egress logging credential redaction
Merged
#263 PRD: Strengthen outbound exfiltration detection
Merged
#265 feat(provider): support startup args settings
Merged
#262 PRD: Egress token-block policy (supervise / redact / block)
Merged
#260 Add leveled severity and structured context to log wrappers
Merged
#250 Default the supervise flag to true
Merged
#211 docs: document egress route fields
Merged
#228 PRD: Gitleaks inline suppression supervision
Merged
#240 PRD: Commit bottle state to an image
Merged
#248 Fix Codex supervise MCP registration
Merged
#239 Defer broken manifest parse errors to preflight
Merged
#246 Fix Shift+Enter not working in macos-container TUI
Merged
#244 Display agent name alongside label in terminal title and list output
Merged
#242 Use label as container slug prefix when provided
Merged
#241 Drop dim colors, rename bright variants to base names
Merged
#238 Better merge behavior for git-gate repos on extends
Merged
#235 Unify identity/provisioned_key into key block
Merged
#229 PRD: macOS Container backend
Merged
#234 fix(git-gate): forward force push as +refspec to upstream
Merged
#231 PRD: macOS Container backend - Part II (launch step)
Merged
#232 PRD: macOS Container backend - Part III (integration coverage)
Merged
#227 Require explicit opt-in for HTTPS Git fetch
Merged
#225 fix(git-gate): forward push options
Merged
#224 Merge egress routes across extends
Merged
#222 PRD: Add built-in Pi agent provider
Merged
#219 Forward agent display identity to prompts
Merged
#210 PRD: Promote smolmachines to default backend; convert Docker to example-only
Merged
#216 Cleanup backend and agent provider abstractions
Merged
#205 PRD: Extended outbound DLP scan surfaces
Merged
#212 fix(egress): strip Authorization before DLP scan
Merged
#207 PRD: Egress traffic logging
Merged
#184 PRD: Named / Labelled Agents
Merged
#190 PRD: User-defined agent provider plugins
Merged
#202 Remove egress-block MCP tool and runtime route-mutation
Merged
#201 Drop unused agent-image apt deps
Merged
#214 ci(prd): add prd-new placeholder convention and numbering workflow
Merged
#203 Log egress block reason to stderr
Merged
#199 fix: migrate integration tests off deprecated APIs and tools
Merged
#200 Rename PRD 0053 to PRD 0052
Merged
#196 PRD 0053: Egress DLP addon
Merged
#188 chore: remove outdated artifacts and fix stale PRD references
Merged
#193 Remove pipelock
Merged
#192 docs: research on DLP alternatives to pipelock
Merged
#187 chore: reduce lint and type-check noise
Merged
#186 PRD 0051: Launch selector
Merged
#180 PRD 0050: Move provider-specific agent logic into contrib
Merged
#183 Research: local Ollama deployment, harness selection, and model sizing
Merged
#182 Research: Gitea webhook agent dispatch and PR session continuity
Merged
#181 Slim README to threat model, features, one diagram, one manifest
Merged
#179 refactor(backend): pass Bottle to provisioners instead of target
Merged
#176 PRD 0049: strip dashboard to supervisor tui
Merged
#170 PRD 0048: SSH deploy-key provisioning
Merged
#173 Extract dashboard state/model layer into dashboard_model.py
Merged
#168 test(git-gate): shell-escaping regression tests (issue #159)
Merged
#166 Harden git_gate.py shell rendering
Merged
#163 Refactor manifest.py into domain-specific modules
Merged
#165 Replace silent BaseException swallowing in Docker teardown with structured warning
Merged
#162 PRD 0047: Git-gate manifest redesign
Merged
#161 fix(git-http): log access-hook denial detail to stdout
Merged
#153 PRD 0046: Remove Git Remote Host Overrides
Merged
#149 PRD 0045: Workspace Porting Plan
Merged
#147 PRD 0044: print parity across backends
Merged
#146 PRD 0043: sidecar pipe lifecycle cleanup
Merged
#145 PRD 0042: smolmachines cross-backend parity tests
Merged
#144 PRD 0041: Git HTTP request bounds
Merged
#143 PRD 0040: backend-aware resume and dashboard reattach
Merged
#142 PRD 0039: smolmachines capability-block remediation
Merged
#141 PRD 0038: smolmachines env contract and secret-safe injection
Merged
#133 PRD 0037: Pipelock YAML Render Contract
Merged
#132 PRD 0036: Codex Auth Redaction Policy
Merged
#131 PRD 0035: Supervise Wait Bounds
Merged
#127 PRD 0034: Sidecar Restart and Shutdown Semantics
Merged
#124 PRD 0033: Manifest Schema Boundaries
Merged
#123 PRD 0032: Decompose smolmachines launch and harden bringup sequencing
Merged
#121 PRD 0031: Provisioned-wins merge + EgressRoute inherits Route
Merged
#119 PRD 0030: Deduplicate egress token resolution across backends
Merged
#110 PRD 0029: Codex host credentials through egress
Merged
#115 PRD 0029: provision egress routes via AgentProvisionPlan
Merged
#114 fix(git-gate): bound daemon client sessions
Merged
#108 Stop injecting Codex API-key placeholder
Merged
#107 PRD 0028: git-gate new-branch push scan scope
Merged
#103 docs(decisions): ADR 0003 — system prompts stay user-directed
Merged
#102 fix(dashboard): surface launch/crash failures (#100)
Merged
#101 docs: surface docs-folder conventions in AGENTS.md
Merged
#97 docs: portable decision history — add ADR-lite log, make PRD 0025 self-contained
Merged
#99 docs: drop "forge" jargon for concrete wording
Merged
#98 docs: mark merged PRDs as Active
Merged
#95 PRD 0027: Agent-level git user identity
Merged
#93 docs: rename CLAUDE.md to AGENTS.md and rebrand provider-agnostic
Merged
#92 refactor(backend): lift shared CA helpers
Merged
#91 PRD 0026: Agent Provider Templates
Merged
#89 feat(bottle): composition via extends: (PRD 0025, issue #88)
Merged
#87 feat(bottle): per-bottle git user.name + user.email via manifest (issue #86)
Merged
#85 fix(sidecar_init): scope EGRESS_TOKEN_* to egress daemon only (issue #84)
Merged
#83 fix(smolmachines): bridge host SIGWINCH into the VM PTY (issue #82)
Merged
#79 feat(cleanup): walk every backend, reap smolmachines orphans too
Merged
#81 fix(dashboard): hoist claude_argv to Bottle ABC so smolmachines pane attach works
Merged
#80 fix(smolmachines): build agent image in launch, not prepare
Merged
#78 feat(cli): cross-backend list active + --backend flag + dashboard picker (issue #77)
Merged
#76 feat(smolmachines): per-bottle loopback alias scopes TSI to single /32
Merged
#73 feat(smolmachines): PRD 0022 sandbox-escape suite green under smolmachines (PRD 0023 chunk 5)
Merged
#74 fix(smolmachines): docker push fails on Docker Desktop — daemon-side route differs from host loopback
Merged
#72 feat(smolmachines): provision_ca + provision_git + provision_supervise (PRD 0023 chunk 4d)
Merged
#71 feat(smolmachines): build agent image from repo Dockerfile (PRD 0023 chunk 4c)
Merged
#70 feat(smolmachines): thread inner Plans + bundle daemons run (PRD 0023 chunk 4b)
Merged
#69 feat(smolmachines): provision_prompt + provision_skills (PRD 0023 chunk 4a)
Merged
#68 feat(sidecars): egress binds 127.0.0.1 when EGRESS_LISTEN_HOST is set (PRD 0023 chunk 3)
Merged
#67 feat(smolmachines): end-to-end launch + Bottle.exec + smoke + probes (PRD 0023 chunk 2d)
Merged
#66 feat(smolmachines): bundle bringup on per-bottle docker bridge (PRD 0023 chunk 2c)
Merged
#65 feat(smolmachines): smolvm subprocess wrapper (PRD 0023 chunk 2b)
Merged
#64 feat(smolmachines): rewrite Smolfile to smolvm 0.8.0 schema + drop gvproxy (PRD 0023 chunk 2a)
Merged
#63 docs(prd-0023): pivot to smolvm + TSI single-IP allowlist
Merged
#62 feat(smolmachines): backend skeleton + Smolfile/gvproxy renderers (PRD 0023 chunk 1)
Merged
#53 docs(prd-0023): smolmachines bottle backend
Merged
#61 fix(sidecars): per-daemon pipelock restart keeps supervise socket alive
Merged
#60 fix(sidecars): apply_routes_change targets the bundle + SIGHUP forwarding
Merged
#59 refactor(sidecars): bundle is the only shape (PRD 0024 chunk 5)
Merged
#58 test(sidecars): integration sweep for the bundle path (PRD 0024 chunk 4)
Merged
#57 refactor(sidecars): drop vestigial start/stop methods (PRD 0024 chunk 3)
Merged
#56 feat(compose): bundle shape behind feature flag (PRD 0024 chunk 2)
Merged
#55 feat(sidecars): bundle image + init supervisor (PRD 0024 chunk 1)
Merged
#54 docs(prd-0024): consolidate per-bottle sidecars into a single bundle
Merged
#52 test(integration): skip sandbox-escape suite under act_runner
Merged
#51 docs(prd-0022): end-to-end sandbox-escape integration test
Merged
#50 feat(dashboard): highlight proposals pane + bell on new proposal
Merged
#49 docs(prd-0021): dashboard as left tmux pane, selected agent as right pane
Merged
#47 feat(attach): --continue on re-attach + keep bottles on dashboard quit
Merged
#46 feat(dashboard): x stops a dashboard-owned bottle
Merged
#45 feat(dashboard): Enter on agents pane re-attaches to bottle
Merged
#44 docs(prd-0020): start + attach to agents from the dashboard
15 Pull requests proposed by 1 user
Proposed
#209 PRD: Install script
Proposed
#284 feat(smolmachines): run backend on Linux
Proposed
#285 PRD: Egress control plane — metering, budgets, and forced cutoff
Proposed
#290 Cover egress_addon adapter and remove coverage omit
Proposed
#291 Split DLP detector-config parsing into its own module
Proposed
#292 Flatten deep nesting in _multiselect_loop
Proposed
#293 Table-drive token-pattern detector tests
Proposed
#294 Risk-weighted coverage policy + diff-coverage gate (ADR 0004)
Proposed
#295 Ratchet egress_addon coverage to >=90% (ADR 0004)
Proposed
#296 Ratchet yaml_subset coverage to >=90% (ADR 0004)
Proposed
#297 Ratchet egress_addon_core coverage to >=90% (ADR 0004)
Proposed
#298 Ratchet git_gate coverage to >=90% (ADR 0004)
Proposed
#299 Ratchet manifest + manifest_agent coverage to >=90% (ADR 0004)
Proposed
#300 Ratchet supervise coverage to >=90% (ADR 0004)
Proposed
#301 Add auto-updated core coverage badge (ADR 0004)
84 Issues closed from 3 users
Closed
#269 Remove bottle from agent manifest
Closed
#277 Add coverage reporting to CI
Closed
#268 Support multiple parents in bottle extends:
Closed
#281 Remove capability apply
Closed
#258 Hand-rolled egress/gitconfig YAML emitters don't escape quotes/newlines
Closed
#255 Audit network/subprocess calls for missing timeouts
Closed
#253 Typed error taxonomy for supervise RPC dispatch
Closed
#254 Harden CGI status-line parsing in git_http_backend
Closed
#256 Egress apply validates with load_routes but sidecar runs load_config (log: bypass)
Closed
#257 LOG_FULL egress logging captures injected Authorization and unredacted bodies
Closed
#259 Strengthen outbound exfil detection: canaries, broadened known-value set, fragmentation-resistant matching
Closed
#261 Allow supervisor to override egress blocks/allow requests
Closed
#252 Structured, leveled logging in log.py
Closed
#249 Remove the supervise flag
Closed
#208 git-gate: restrict gitleaks inline suppression to supervised exceptions
Closed
#194 Add a "commit" utility to store active agent bottle state
Closed
#247 Fix Codex MCP supervise registration after --transport CLI change
Closed
#236 Only fail on agent and bottle manifest parsing for selected agents/bottles
Closed
#245 Shift + enter not working in tui
Closed
#243 Display agent name alongside label in terminal title and list output
Closed
#237 Better merge behavior for git-gate repos
Closed
#104 Allow for short lived, provisioned SSH keys
Closed
#233 bug(git-gate): force push not forwarded to upstream
Closed
#230 Spike: Apple Container networking for macos-container backend
Closed
#226 Block direct HTTPS git clone/fetch paths so repos go through git-gate
Closed
#217 Git gate does not accept force push option
Closed
#220 Spike on removing docker as a dependency for the sidecar
Closed
#223 Merge egress routes when extending
Closed
#221 Add an agent provider for pi
Closed
#218 Forward name and color to TUI prompts for claude and codex
Closed
#206 Promote smolmachines to default backend; convert Docker backend to example-only (resolves DNS sinkhole gap)
Closed
#215 Built in agent provider touch-ups
Closed
#204 Extended outbound DLP scan: headers, query params, paths, DNS lookups
Closed
#171 Named/labelled agents
Closed
#198 Remove runtime route-mutation path (egress-block MCP tool + egress_apply merge)
Closed
#213 PRD numbering: adopt prd-new placeholder + post-merge workflow to eliminate merge-time conflicts
Closed
#195 Egress DLP addon: token detection, secret detection, and prompt injection scanning
Closed
#185 Launch selector
Closed
#177 Move claude and codex agent provider logic into contrib
Closed
#178 Pass bottle to provisioners instead of target
Closed
#174 Convert dashboard to simpler supervisor TUI
Closed
#154 Quality evaluation: main repository scorecard
Closed
#169 SSH deploy-key provisioning (contrib/gitea)
Closed
#158 Extract dashboard state logic into a separate model module
Closed
#159 Add regression tests for shell escaping with malicious Name/Upstream values
Closed
#155 Harden git_gate.py shell rendering with shlex.quote and name validation
Closed
#157 Refactor manifest.py into domain-specific modules
Closed
#156 Replace silent BaseException swallowing in Docker teardown with structured warning capture
Closed
#160 Git-gate manifest redesign
Closed
#105 Git-gate clean step
Closed
#152 PRD 0046: Remove ExtraHosts from git remotes manifest schema
Closed
#150 Dead: provision SSH config for bottles
Closed
#116 Design a workspace-porting abstraction for bottle start
Closed
#112 Agent instances shift around in dashboard unexpectedly
Closed
#96 Print parity across backends
Closed
#134 Second audit: smolmachines parity and Git HTTP hardening
Closed
#140 sidecar pipe lifecycle cleanup
Closed
#111 Smolmachine sidecar doesn't reliably get refreshed
Closed
#139 smolmachines cross-backend parity tests
Closed
#138 Git HTTP request bounds
Closed
#137 Backend-aware resume and dashboard reattach
Closed
#136 smolmachines capability-block remediation
Closed
#135 smolmachines env contract and secret-safe injection
Closed
#117 Complexity hotspots in launch, egress, and auth paths
Closed
#130 Add pipelock YAML render contract tests
Closed
#129 Harden Codex auth redaction policy
Closed
#128 Bound supervise tool-call waits
Closed
#126 Clarify sidecar restart and shutdown semantics
Closed
#125 Split manifest schema boundaries
Closed
#122 Decompose smolmachines launch and harden bringup sequencing
Closed
#120 Simplify egress route merge and consolidate Route types
Closed
#118 Deduplicate egress token resolution across backends
Closed
#109 Codex ChatGPT auth should inject host access token via egress
Closed
#113 Interrupted git-gate pushes can leave receive-pack sessions wedged
Closed
#106 git-gate rejects all new-branch pushes: pre-receive scans full history and trips on test-fixture secrets
Closed
#100 Dashboard launch failure logging
Closed
#94 Allow agent files to set git user identity (name/email)
Closed
#90 Support for different agents
Closed
#88 Agent bottle settings
Closed
#86 Git user config in bottle manifest
Closed
#84 pipelock blocks legitimate egress cred injection (scan_env sees EGRESS_TOKEN_*)
Closed
#82 Dashboard tmux agent pane resize not responsive when using smolmachines
Closed
#77 Backend related CLI improvements
Closed
#75 smolmachines: scope TSI allowlist to a per-bottle loopback alias (v2)
91 Issues created by 2 users
Opened
#75 smolmachines: scope TSI allowlist to a per-bottle loopback alias (v2)
Opened
#77 Backend related CLI improvements
Opened
#82 Dashboard tmux agent pane resize not responsive when using smolmachines
Opened
#84 pipelock blocks legitimate egress cred injection (scan_env sees EGRESS_TOKEN_*)
Opened
#86 Git user config in bottle manifest
Opened
#88 Agent bottle settings
Opened
#90 Support for different agents
Opened
#94 Allow agent files to set git user identity (name/email)
Opened
#96 Print parity across backends
Opened
#100 Dashboard launch failure logging
Opened
#104 Allow for short lived, provisioned SSH keys
Opened
#105 Git-gate clean step
Opened
#106 git-gate rejects all new-branch pushes: pre-receive scans full history and trips on test-fixture secrets
Opened
#109 Codex ChatGPT auth should inject host access token via egress
Opened
#111 Smolmachine sidecar doesn't reliably get refreshed
Opened
#112 Agent instances shift around in dashboard unexpectedly
Opened
#113 Interrupted git-gate pushes can leave receive-pack sessions wedged
Opened
#116 Design a workspace-porting abstraction for bottle start
Opened
#117 Complexity hotspots in launch, egress, and auth paths
Opened
#118 Deduplicate egress token resolution across backends
Opened
#120 Simplify egress route merge and consolidate Route types
Opened
#122 Decompose smolmachines launch and harden bringup sequencing
Opened
#125 Split manifest schema boundaries
Opened
#126 Clarify sidecar restart and shutdown semantics
Opened
#128 Bound supervise tool-call waits
Opened
#129 Harden Codex auth redaction policy
Opened
#130 Add pipelock YAML render contract tests
Opened
#134 Second audit: smolmachines parity and Git HTTP hardening
Opened
#135 smolmachines env contract and secret-safe injection
Opened
#136 smolmachines capability-block remediation
Opened
#138 Git HTTP request bounds
Opened
#137 Backend-aware resume and dashboard reattach
Opened
#140 sidecar pipe lifecycle cleanup
Opened
#139 smolmachines cross-backend parity tests
Opened
#150 Dead: provision SSH config for bottles
Opened
#152 PRD 0046: Remove ExtraHosts from git remotes manifest schema
Opened
#154 Quality evaluation: main repository scorecard
Opened
#155 Harden git_gate.py shell rendering with shlex.quote and name validation
Opened
#156 Replace silent BaseException swallowing in Docker teardown with structured warning capture
Opened
#157 Refactor manifest.py into domain-specific modules
Opened
#159 Add regression tests for shell escaping with malicious Name/Upstream values
Opened
#158 Extract dashboard state logic into a separate model module
Opened
#160 Git-gate manifest redesign
Opened
#169 SSH deploy-key provisioning (contrib/gitea)
Opened
#171 Named/labelled agents
Opened
#174 Convert dashboard to simpler supervisor TUI
Opened
#177 Move claude and codex agent provider logic into contrib
Opened
#178 Pass bottle to provisioners instead of target
Opened
#185 Launch selector
Opened
#194 Add a "commit" utility to store active agent bottle state
Opened
#195 Egress DLP addon: token detection, secret detection, and prompt injection scanning
Opened
#197 Create a quick install script
Opened
#198 Remove runtime route-mutation path (egress-block MCP tool + egress_apply merge)
Opened
#204 Extended outbound DLP scan: headers, query params, paths, DNS lookups
Opened
#206 Promote smolmachines to default backend; convert Docker backend to example-only (resolves DNS sinkhole gap)
Opened
#208 git-gate: restrict gitleaks inline suppression to supervised exceptions
Opened
#213 PRD numbering: adopt prd-new placeholder + post-merge workflow to eliminate merge-time conflicts
Opened
#215 Built in agent provider touch-ups
Opened
#217 Git gate does not accept force push option
Opened
#218 Forward name and color to TUI prompts for claude and codex
Opened
#220 Spike on removing docker as a dependency for the sidecar
Opened
#221 Add an agent provider for pi
Opened
#223 Merge egress routes when extending
Opened
#226 Block direct HTTPS git clone/fetch paths so repos go through git-gate
Opened
#230 Spike: Apple Container networking for macos-container backend
Opened
#233 bug(git-gate): force push not forwarded to upstream
Opened
#236 Only fail on agent and bottle manifest parsing for selected agents/bottles
Opened
#237 Better merge behavior for git-gate repos
Opened
#243 Display agent name alongside label in terminal title and list output
Opened
#245 Shift + enter not working in tui
Opened
#247 Fix Codex MCP supervise registration after --transport CLI change
Opened
#249 Remove the supervise flag
Opened
#251 Out-of-band egress enforcement & cost-control plane (forced cutoff + remote dashboard)
Opened
#253 Typed error taxonomy for supervise RPC dispatch
Opened
#252 Structured, leveled logging in log.py
Opened
#254 Harden CGI status-line parsing in git_http_backend
Opened
#255 Audit network/subprocess calls for missing timeouts
Opened
#257 LOG_FULL egress logging captures injected Authorization and unredacted bodies
Opened
#256 Egress apply validates with load_routes but sidecar runs load_config (log: bypass)
Opened
#258 Hand-rolled egress/gitconfig YAML emitters don't escape quotes/newlines
Opened
#259 Strengthen outbound exfil detection: canaries, broadened known-value set, fragmentation-resistant matching
Opened
#261 Allow supervisor to override egress blocks/allow requests
Opened
#268 Support multiple parents in bottle extends:
Opened
#269 Remove bottle from agent manifest
Opened
#277 Add coverage reporting to CI
Opened
#281 Remove capability apply
Opened
#283 Make smolmachines backed work on linux
Opened
#287 Decompose egress_addon_core.py detector-config parsing
Opened
#286 Cover egress_addon adapter and remove coverage omit
Opened
#288 Flatten deep nesting in tui.py and git_gate.py
Opened
#289 Table-drive DLP detector tests to cut boilerplate