BlazeUp-AI/Observal](https:

[0.5.0] - 2026-05-13

Added

• slim curl-install to use pre-built images only (deploy) (630a19f)
• add browser-level Playwright e2e tests for 4 UI flows (28f0274)
• user profile picture is configurable (UI) (442bc7c)
• add SBOM generation workflow with CycloneDX and ScanCode (ci) (e6148a1)
• add VulnerableCode vulnerability check script (security) (805934c)
• add ScanCode license policy and enforcement script (compliance) (d40eddb)
• add observal support bundle and inspect commands (cli) (a8d1f54)
• TTL MODIFY COLUMN raw_line to null blobs after 30 days (clickhouse) (fb7a3f3)
• suggest registry components and optimize section token usage (insights) (75bcee3)
• nest subagent sessions inline in trace detail (ui) (5a410f2)
• API endpoints, batch orchestration, component-aware pipeline (insights) (17dc6e3)
• add InsightMetaCache model and migration (insights) (ed07da4)
• V3 insight generation engine (insights) (1c6c1f6)
• add "Create Another" button to Add User dialog (admin) (8283109)
• per-IDE model registry with live catalog and builder picker (bf12b26)
• store parent_session_id for Claude Code subagents (attribution) (6ecfd06)
• write .observal/agent marker on pull, read in hooks (attribution) (d246e8d)
• sentinel timestamps, credits, Kiro Auto model, token fix (sessions) (a32ee53)
• rewrite cmd_reconcile as crash recovery module (reconcile) (3171339)
• add session push hooks for Claude Code and Kiro (cli) (e2adcab)
• add session JSONL ingest pipeline with IDE parsers (ingest) (cc9069e)
• add session_events table for JSONL ingest pipeline (clickhouse) (06d1643)
• add rebuild-enterprise and rebuild-local targets (make) (3a3bb63)
• merge observal-insights into ee/ for enterprise distribution (ee) (e2ce0e8)
• terraform module with CI (infra) (63a5b50)
• terraform module for AWS self-hosting (infra) (d2b4b03)
• auto-detect enterprise mode in Makefile and add report progress UI (5b82229)
• enterprise distribution infrastructure (docker) (ccf5af8)
• hide insights nav when package not installed (web) (4b25527)
• gate endpoints and worker behind INSIGHTS_AVAILABLE (insights) (1d7a09b)
• replace inline code with plugin loader for private package (insights) (0d33e5b)
• full session reconciliation, insights v2, and anti-gaming (c37f488)
• enhance insights report viewer and API types (web) (1572edf)
• add reconcile command and update stop hook (cli) (0c377f5)
• extend backend routes, config, and services for v2 (insights) (2f2c542)
• add new insight services, models, and migration (insights) (386f598)
• register insights router, worker jobs, and config (insights) (f16f805)
• add frontend report viewer with cost and error displays (insights) (52c77b9)
• add Agent Insights V2 backend with cost estimation (insights) (7e91734)
• add agent-name attribution for Claude Code sessions (eval) (34fe1a6)
• unify correctness and efficiency eval views per agent (eval) (47aa46b)
• add username display and change UI (account) (3a4d6be)
• wire username auto-generation to all user creation paths (auth) (7617e6f)
• add username auto-generation service (auth) (59d3459)
• unified diff view for agents and components (review) (58912c0)
• harden branding uploads with security validation (api,web) (eb0c442)
• add branding UI with logo, wordmark, and dynamic title (web) (98740de)
• add branding validation and public config fields (api) (8119851)
• add username field to user creation form (web) (876d87d)
• support all component types (feedback+leaderboard) (b6231fc)
• split drafts/archived sections, owners can archive (agents) (77e6f73)
• add unarchive button to drafts section on agents page (web) (18e48c0)
• register mcp/skill/hook/prompt/sandbox as top-level commands (cli) (b23ed8d)
• add my subcommand to all component types (cli) (812ef54)
• add change password form to account page (web) (e69cde0)
• owner edit UI and CLI commands for pending submissions (#663) (web,cli) (2e7fa53)
• allow owners to edit pending registry submissions (#663) (api) (2110bb8)
• component editing with type-specific version publishing (#710) (registry) (4c535f5)
• add per-agent .agent.md with hooks for Copilot/Copilot CLI (hooks) (c0d9207)
• add per-agent hooks for Cursor, VSCode, Copilot, OpenCode (hooks) (f5fea44)
• frontmatter hooks for registered-agents-only mode (telemetry) (b41a43d)
• add registered-agents-only toggle to admin settings (web) (5b91279)
• enforce registered-agents-only in scan and doctor patch (cli) (48ee717)
• filter unregistered agent spans at ingest time (telemetry) (66de033)
• add registered_agents_only org toggle (settings) (0ea4aed)
• add keep-open guard, 2-issue limit, stale auto-unassign, and update CONTRIBUTING.md (ci) (55fc8b3)
• add /drop command to unassign from issues (ci) (b6dc61c)
• add /take command for community issue assignment (ci) (2e7d2f1)
• move review actions to detail page (8607a4f)
• warn when CLI version is older than server requires (cli) (de72f85)
• add agent_version column to traces, spans, scores (#636) (clickhouse) (1945442)
• review diff dialog with GitHub-style split view (#633) (web) (5b170b2)
• agent edit form with version release workflow (#630) (web) (c0e299d)
• agent detail page version dropdown and role-based tabs (#629) (web) (bc80507)
• agent release, versions, and pull commands (#625) (cli) (d07e7f0)
• agent versioning endpoints with IDE config and YAML diff (#622) (api) (7b5e127)
• component versioning endpoints for all 5 types (#621) (api) (cab86c1)
• migration 0022 drop listing columns and inline source fields (db) (4e8fa71)
• listing tables identity-only with compat properties (models) (0a77c2d)
• add versioned config generation and lock file support (services) (1d7e881)
• add AgentVersion table and restructure Agent to identity-only (db) (93b4a70)
• add component version tables for all 5 types (db) (3dab14b)
• implement agent registry RBAC (server) (196a040)

CI

• add deploy-dev workflow for main branch auto-deploy (40f2203)
• add deploy-dev workflow for main branch auto-deploy (4393ce0)
• trigger on release tags only, not push to main (deploy) (83cbf33)
• add stale issue/PR workflow with keep open exemption (b3f8433)

Changed

• derive org columns and NOT NULL defaults from schema, improve warnings (5380a65)
• address review feedback on migrate import (1fa852e)
• redesign HTML report with warm, refined color scheme (insights) (894e327)
• remove triplicated display logic from CLI and frontend (b5ab0be)
• move extra_ingest_rows into kiro.py (ingest) (f0e7540)
• move Kiro credits logic to ingest_classify.py (ingest) (054fbf1)
• ruff format hook_event resolution (kiro) (723ec55)
• replace enrichment-heavy route with clean Harness version (reconcile) (95d34e0)
• remove CLI commands, keep crash recovery library (reconcile) (5103982)
• remove legacy hook pipeline, keep shim and buffer (telemetry) (40a5be4)
• rewrite queries to use session_events table (sessions) (437cf58)
• strip shim/OTEL logic, keep only session push hooks (doctor) (883b95a)
• squash all 28 migrations into single baseline (migrations) (1c5abdd)
• ruff format agent.py (4ef21c3)
• ruff format api route files (b003bbe)
• ruff format component_version_extras and component_versions (af394b6)

Documentation

• fix support bundle docs to match implementation (5ace152)
• add CLI reference for support bundle commands (59c661e)
• move AnkiDroid callout before ToC and expand attribution note (0c890be)
• add CLA and update CONTRIBUTING.md (b9e7ae8)
• update docs link, CLI examples, and fix self-hosting diagram (c9dcb78)
• add CLI reference for observal migrate commands (ad9c1c2)
• overhaul README, SETUP, AGENTS, add screenshots, drop e2e artifacts (ca435f5)
• add Insights V2 roadmap tracking progress across 5 phases (fe037d5)
• update AGENTS.md with new routes, services, and components (dc5f1aa)
• update e2e checklist with versioning, editing, and trace toggle tests (c72c9d3)
• add screenshots for agent edit form PR (7860394)

Fixed

• preserve SPDX headers in generated changelog (compliance) (636a359)
• improve setup.sh post-install output (deploy) (6884923)
• add SPDX copyright headers to support.md (compliance) (6c358bd)
• resolve CircularDependencyError in review approve endpoint (a17b435)
• wrap SPDX string in REUSE-Ignore to fix reuse-lint (ci) (cef600f)
• move coverage config to observal-server/pyproject.toml (ci) (9ef4f1c)
• add version tables to INSERT_ORDER and disable FK checks during import (9943142)
• remove unused import and fix license-policy formatting (ci) (b76831d)
• replace magic values with named constants in deps.py (lint) (f7ff034)
• resolve SimpleAggregateFunction query errors in session_stats_agg (clickhouse) (b6bdd99)
• update postgres volume mount for v18 compatibility (docker) (93c0600)
• trigger EC2 deploy on push to main instead of tags (deploy) (6cda8b1)
• trigger EC2 deploy on push to main instead of tags (deploy) (cb7bae4)
• replace all Apache 2.0 references with AGPL-3.0 (66abe34)
• update redis image assertion to 8-alpine (tests) (7da9551)
• capture post-Stop tail lines via delayed flush subprocess (cli) (357fdee)
• exclude subagent sessions from top-level list (sessions) (ac0052c)
• auto-refresh expired tokens in session_push hook (cli) (6ba62cd)
• resolve ClickHouse ILLEGAL_AGGREGATION in session query (insights) (d9e72aa)
• ruff fixes in ee/observal_insights (lint) (39da878)
• use cursor offset not ctime for pulled_at guard (attribution) (afcfccc)
• remove unused imports, use datetime.UTC alias (lint) (05db9db)
• renumber meta_cache migration to 0003 (migration) (2dd2e2a)
• prevent session leak via pulled_at timestamp (attribution) (77e7ce8)
• update web frontend (minor/patch) (#779) (deps) (a9b3722)
• include per-IDE model overrides in agent snapshot and pull flow (a048910)
• use 2099 sentinel timestamp for kiro_credits row (kiro) (5804c15)
• proper Callable type for _EXTRA_ROWS_HANDLERS (types) (959ca3b)
• store credits even when Stop has no new JSONL lines (kiro) (b9d8284)
• fix credits not being sent on Stop hook (kiro) (75597f0)
• remove stale CLI usage docstring (reconcile) (27bbd66)
• restore --hook/--shim/--all flags and shim helpers (doctor) (fdfc0b8)
• replace --all with --hook in doctor patch calls (auth) (3ba67dd)
• fix ruff unused imports, remove stale telemetry tests (lint+tests) (34e4b16)
• remove Active Hooks section + sentinel-safe stats (traces) (f1341ff)
• sentinel-safe first timestamp in trace title/breadcrumb (ui) (1067087)
• filter kiro_credits events + unify token accumulation (traces) (5f0fc42)
• add session_parser key to CLI ide_registry mirror (ingest) (e07a4ba)
• apply ruff formatting to hook submit (cli) (ebe53f1)
• handle invalid JSON in hook submit handler config prompt (cli) (7b2469e)
• auto-populate Owner field in all submit forms (registry) (1700c63)
• display rate limit error properly on login page (web) (c632ad6)
• remove session ID from all user-facing views (ui) (38ab52b)
• full screen utilization and flex wrap issues (insights) (caae785)
• remove dead metrics endpoints and legacy telemetry tables (dashboard) (27cb6a8)
• pin pnpm@10 to fix ERR_PNPM_IGNORED_BUILDS in CI (docker) (2313e19)
• resolve lint, import-boundary, and docker-build failures (ci) (1850779)
• align session_cache and facets with actual DB schema (insights) (eeef3fa)
• add TTL retention for system logs to prevent OOM (clickhouse) (2224992)
• docs & add bootstrap (5feb50e)
• remove unused locals flagged by tflint (infra) (11239fa)
• resolve lint, format, and test failures (ci) (dc0a89e)
• restore trace_dedup module needed for session detail view (sessions) (28095bc)
• call configure_insights() on worker startup (worker) (8a59c3d)
• strip insights source post-install instead of pre-build (docker) (b47578b)
• sum credits in sessions list instead of picking arbitrary value (8df012d)
• read credits from Kiro session files instead of SQLite (fbd6678)
• use absolute Python path in Kiro hook commands (38ef120)
• show prompt count fallback and rewrite hook python paths (kiro) (e32c48e)
• persist session_id between Kiro hooks and add debug logging (hooks) (f9c1c28)
• allow super_admin to manage agents regardless of org_id (agents) (0be9d76)
• set owner_org_id and public visibility on bulk-create (agents) (29222c9)
• correct setup steps — use doctor patch, remove local server section (docs) (9de5581)
• use short summary in skill file YAML frontmatter (skills) (3819631)
• remove AWS env var overrides that clobber .env credentials (docker) (17f3fbb)
• derive component downloads from agent installs (#736) (leaderboard) (823dd77)
• hide notifications stub from account settings (web) (2a11947)
• flush version changes before updating latest_version_id (review) (0a7253d)
• update web frontend (minor/patch) (#576) (deps) (ce578e4)
• use persistent SSL config so merges stop breaking HTTPS (deploy) (9f50890)
• version-aware component review queue, detail, and actions (review) (a4aef71)
• inject prompt component templates into generated rules files (agent-install) (c5114b8)
• only infer frontend URL behind TLS proxy, not local nginx (api) (e82be65)
• only owners and co-maintainers can edit their agents (agent-edit) (45fbf1a)
• allow admins to release versions, save draft as new version (agent-edit) (78d2878)
• derive device auth verification URL from request headers (api) (2d7373a)
• fix empty component board, TS build, sandbox type (leaderboard+feedback) (1c7a719)
• remove f-string without placeholder, use ternary (lint) (31c5898)
• materialize hook components into Kiro agent configs (hooks) (8d3508e)
• allow regular users to unarchive their own agents (agents) (04adb4e)
• allow unarchive/delete to find non-approved agents (agents) (4915a9c)
• write skill files to disk during agent pull (cli) (f848842)
• grant same-org users view access to all org agents (agents) (0c6e808)
• allow same-org users to see all org agents (agents) (43b5132)
• wire hook components into agent config generation (agents) (a738e39)
• use posix paths for hook scripts on Windows (cli) (13f5228)
• rename "My Submissions" to "Drafts" on agents page (web) (7b69959)
• prevent archiving non-approved agents, show archived in my agents (agents) (6fd60fd)
• allow null git_url in manifest export (agents) (8c97332)
• exclude archived agents from pending review count (web) (228f6ad)
• resolve_listing status filter joins through version table (registry) (8ad9f4d)
• handle Unicode output on Windows cp1252 consoles (cli) (05181f6)
• use explicit SQL update for archive/unarchive status (agents) (198ad36)
• default visibility to public in local deployment mode (agents) (e380f2c)
• resolve duplicate Alembic revision 0023 causing deploy failure (db) (d99ec31)
• remove max-width constraint and add min-w-0 for flex scaling (web) (b7c4ef3)
• set edit-lock fields on agent mock to prevent TypeError (tests) (22a2a93)
• harden edit lock concurrency and review correctness (api,cli,web) (eb9cd6a)
• resolve lint errors and test failures from edit lock feature (api) (f335927)
• harden edit lock, review approve/reject, and error handling (#663) (api,web) (3b80fae)
• harden component version validation (api) (3412812)
• update e2e assertions for new hook_bridge features and agent paths (tests) (e0ff08e)
• cache race condition, unbounded memory, and repeated HTTP calls (4fc41f0)
• update copilot rules_file path assertion (tests) (12a342a)
• resolve hook paths for all IDEs, not a hardcoded subset (cli) (86a75ee)
• raise 401 for expired tokens in optional_current_user (auth) (ed2862c)
• add trim() to /take and /drop to handle trailing whitespace (ci) (7e4b180)
• resolve agent version approve CircularDependencyError (api) (9bc3ce2)
• flush version status before promoting latest_version_id (review) (4471a7d)
• use short model names in frontmatter instead of stripped IDs (config) (5147d33)
• approve/reject agent by pending version, not latest_version (review) (b868453)
• migrate update_draft to version-scoped component columns (agent) (e9875cf)
• pass full model ID instead of short name in frontmatter (config) (bee95bd)
• use agent's stored model_name as fallback in config generator (config) (3ffb739)
• handle cross-version import and include all ClickHouse tables in deep copy (#681) (migrate) (832166a)
• stop traces after logout by revoking tokens server-side (#668) (auth) (e1c6a50)
• resolve agent names via server instead of stale local cache (#684) (228c656)
• resolve agent update 500 error (missing property setters) (api) (a91878a)
• fix agent edit form Playwright tests (e2e) (7d8c2d5)
• resolve component delete 500 errors (#677, #678) (api) (ca33351)
• correct version lookup and sync lockfile (cli) (9c474dc)
• detect and block conflicting observal package (#671) (cli) (d6e6616)
• move pull command from root to observal agent pull (#673) (cli) (f092894)
• add latest_approved_version to response and fix agent pull (#667) (api) (9f1256a)
• resolve agent deletion 500 errors (api) (e19c67c)
• review queue queries pending versions directly (api) (2c989b3)
• address 5 correctness bugs in agent edit form (web) (c3429c9)
• use canonical IDE list from ide_registry.py in edit form (web) (48330d1)
• resolve entrypoint migration incompatibility on fresh DB (docker) (59fddfd)
• wire version dropdown to fetch and display version-specific data (web) (9aec74d)
• address 3 bugs in agent release/pull commands (cli) (610c5fc)
• complete agent versioning spec compliance (#622) (api) (9a2c78c)
• address RBAC review feedback (server) (b705660)
• apply ruff format to RBAC files (server) (3af617a)
• fix import sorting in alembic migration (server) (99a7b81)
• fixed the linting issues (server) (b5eb5a0)

Other

• add SPDX license headers for REUSE compliance (df9b065)
• add SPDX headers and fix pre-commit hook for new files (4653ffa)
• add Codecov for test coverage reporting (ci) (016d312)
• add SPDX headers to all source files (REUSE 3.3 compliant) (193d7c9)
• remove DCO, CLA-assistant is the sole contributor agreement (90635ca)
• update terraform-linters/setup-tflint action to v6 (deps) (47e7736)
• update pnpm/action-setup action to v6 (deps) (cb1c7e1)
• update redis docker tag to v8 (deps) (c8a7592)
• update postgres docker tag to v18 (deps) (0905772)
• update hashicorp/setup-terraform action to v4 (deps) (bd36feb)
• update github/codeql-action action to v4 (deps) (1089756)
• update actions/checkout action to v6 (deps) (8be0707)
• update tflint plugin terraform-linters/tflint-ruleset-aws to v0.47.0 (#778) (deps) (574d28f)
• remove ops sync tombstone (ops) (2917e1c)
• update docker images (minor/patch) (#777) (deps) (4d29e1f)
• update dependency python-multipart to v0.0.27 [security] (#767) (deps) (66db454)
• update dependency mako to v1.3.12 [security] (#766) (deps) (f1c6fd4)
• add pyrightconfig.json to observal-server (4a02084)
• update github artifact actions (deps) (af5e2db)
• update actions/stale action to v10 (deps) (a11966a)
• update actions/github-script action to v9 (deps) (3a2b92c)
• update astral-sh/setup-uv action to v8 (deps) (b7d0896)
• update actions/setup-python action to v6 (deps) (0002d7f)
• update actions/checkout action to v6 (deps) (04db00c)
• update actions/attest-build-provenance action to v4 (deps) (2e23a47)
• update dependency python to 3.14 (#577) (deps) (5420a10)
• update docker images (minor/patch) (#578) (deps) (9a86d40)
• automerge minor+patch Renovate PRs (deps) (66cb1ba)
• cleanup anti-patterns in registered-agents-only files (3e0ee48)
• ruff format agent_config_generator (742e0d7)
• ruff format agent routes (89c869f)
• ruff format agent routes (a82308e)
• cleanup anti-patterns in review and api modules (7bc87b4)
• cleanup anti-patterns in CLI agent commands (dd0a5aa)
• cleanup mechanical anti-patterns in routes (6e9732e)
• cleanup anti-patterns in agent RBAC implementation (98e72db)

Performance

• migrate _ev_session_details to session_stats_agg (insights) (d3463ea)
• migrate _ev_per_session_tokens to session_stats_agg (insights) (b6f6053)
• migrate _ev_subagent_stats to session_stats_agg (insights) (5844f3b)
• migrate _ev_duration_stats to session_stats_agg (insights) (70006ad)
• migrate _ev_credit_aggregates to session_stats_agg (insights) (6626780)
• migrate _ev_token_aggregates to session_stats_agg (insights) (3aaa7c2)
• migrate _ev_session_overview to session_stats_agg (insights) (ea867b4)
• migrate _count_sessions_in_events to session_stats_agg (insights) (53db78e)
• add proj_session_view projection on session_events (clickhouse) (0100bb9)
• replace parent_session_id bloom_filter with set(0) (clickhouse) (4d38c70)
• replace event_type bloom_filter with set(20) skip index (clickhouse) (b0f595a)
• drop FINAL from session existence check (reconcile) (ce7733b)
• parallel FINAL scans + partition-scoped dedup in get_session (sessions) (1152bc2)
• migrate stats endpoint to session_stats_agg (sessions) (99db552)
• migrate summary endpoint to session_stats_agg (sessions) (11d7474)
• rank top-50 sessions via session_stats_agg, drop FINAL scan (insights) (b6e84b1)
• replace JSONExtract with materialized columns in metrics (insights) (5a2e1bb)
• add session_stats_agg AggregatingMergeTree MV (clickhouse) (5d54f30)

Testing

• cover IDE feature inference (server) (49d341e)
• add component edit form screenshot spec (e2e) (6fd363b)
• add full edit → release → review Playwright flow (e2e) (8672d9a)