v0.6.0

v0.6.0 — Alternate agent support

Breaking

• --claude-yolo replaced by --agent claude. Agent-specific files moved from container/ to container/<agent>/.

Added

• Goose agent (--agent goose): repo-watch, agent-watch, slash commands. Auth via goose configure inside container.
• Per-agent directory structure: container/<agent>/ holds instructions, repo-watch.sh, agent-watch.sh, setup.sh. Universal files stay in container/.
• install_goose() in sandbox.py — installs Goose CLI and libgomp1 dependency.
• list_agents() discovers available agents by scanning container/ subdirectories.
• ensure_agent_commented() in goose repo-watch — posts fallback comment if the agent doesn't comment on an issue (prevents re-trigger loop).
• issue-commands.json: per-agent flags structure under agents.<name>. Goose entries present but empty (no --disallowedTools equivalent; relies on task_prefix).

Fixed

• Goose invocation uses set +e in subshell to prevent inherited errexit from killing the process mid-task.

Full Changelog: v0.5.0...v0.6.0

v0.5.0

v0.5.0 — CI Watch

Host-side polling worker that picks up /test-pr and /test-pr-bug comments on agent PRs, runs them in hardened throwaway containers, and posts results back as a dedicated sandbox-ci bot the agent can't impersonate.

• CI Watch — new ci-watch.py background worker to run tests with full log attachment to PRs. Managed via sandbox up/sandbox down lifecycle commands.
• Fully optional — enabled during sandbox setup, stored in .env. Agent instructions are conditionally rendered at container startup: when ci-watch is off, the agent never sees CI commands or "Trigger CI" workflow steps.
• New slash commands — /search, /security, /fix, /refactor, /deps for research, auditing, and targeted work.

Fixes:

• repo-watch triggering loop on CI bot comments
• ci-watch log attachment
• conflicting agent instructions between CLAUDE.md and repo-watch-prompt.md
• default poll interval bumped to 10s.

Full Changelog: v0.1.1...v0.5.0

v0.4.0

Overhauls repo-watch functionality

• Review overhaul: Review is now handled directly by fetch-sandbox.py instead of a dedicated container, simplifying the architecture and hardening security — the reviewer API key never enters any container.
• Slash commands: Added extensible slash commands to repo-watch (/plan, /review, /explain, /test) that modify the agent's prompt and tool-calling behavior.

Misc:

• Base branch selection: The agent can now work on any branch, with CLAUDE.md profiles to support branch-specific configurations.
• Simplified fetch-sandbox.py to use URL-based fetching instead of adding remotes (with optional --remote flag for fixed-remote usage)
• User text attachments on Gitea comments are now visible to the agent

Full Changelog: v0.3.0...v0.4.0

v0.3.0

Docker-in-Docker support, security hardening

• Docker-in-Docker: New --docker flag enables sandboxed containers to run Docker themselves (via sysbox/crun), for agents that need to build or test containers
• Security hardening: Pin Gitea image to 1.25, generate explicit GITEA_SECRET_KEY, disable issues on admin mirror repos

Misc fixes:

• Persistent env vars for login shells, correct --all flag on sandbox operations, DIND-aware barrier checks
• Agent audit logs: Tool calls now log actual content

Full Changelog: v0.2.0...v0.3.0

v0.2.0

General overhaul to barrier-check

Full Changelog: v0.1.1...v0.2.0

v0.1.1

Added three GitHub Actions workflows for automated static analysis on every push and PR:

• ShellCheck — shell script linting
• Opengrep — Python security patterns
• Trivy — Dockerfile and docker-compose misconfiguration scanning

All three enforce a no-inline-suppression policy: contributors cannot bypass checks with source file comments (# shellcheck disable, # nosemgrep, # trivy:ignore). Exceptions are centralized in the workflow configs and .trivyignore.yaml.

Code fixes to conform:

• Removed unused GITEA_HOST variable from agent/entrypoint.sh
• Fixed ShellCheck warnings in container/repo-watch.sh (declare/assign separation, unused parameter, redirect without command)
• Added non-root reviewer user to review/Dockerfile
• Pinned continuumio/miniconda3 tag in agent/Dockerfile.python

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Full Changelog: v0.1.0...v0.1.0