chernistry/bernstein

What's Changed

• fix(ci): gate release-please + Scorecard until operator one-time setup by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1290
• chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 8.1.1 by @dependabot[bot] in https://github.com/sipyourdrink-ltd/bernstein/pull/1288
• chore(deps): bump ossf/scorecard-action from 99c09fe975337306107572b4fdf4db224cf8e2f2 to 4eaacf0543bb3f2c246792bd56e8cdeffafb205a by @dependabot[bot] in https://github.com/sipyourdrink-ltd/bernstein/pull/1289
• docs(maintainers): document Homebrew tap + COPR follow-ups by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1297
• fix(ci): scope attest-build-provenance test to publish.yml after publisher consolidation by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1294
• feat(ci): restore Docker / GHCR publish workflow by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1298
• feat(ci): adapter contract drift detection — capability-only assertions by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1293
• chore(ci): pin remaining GHA references by SHA (zizmor unpinned-uses) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1296
• fix(ci): resolve zizmor template-injection, bot-conditions, dangerous-triggers by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1300
• chore(ci): set persist-credentials: false on read-only checkouts (zizmor artipacked) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1299
• fix(ci): homebrew tap push — bake PAT into clone URL by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1302
• chore(ci): retire COPR / RPM channel by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1309
• chore(ci): resolve remaining zizmor findings (ref-mismatch / cache / permissions / cooldown) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1308
• fix(ci): dedup auto-release-skipped alerts — skip stale commits by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1307
• feat(tasks): add atomic shared backlog claim by @puneetdixit200 in https://github.com/sipyourdrink-ltd/bernstein/pull/1292
• feat(communication): directed 1:1 channels with @mention wakeups (closes #1221) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1310
• feat(autofix): auto-route PR review comments back to spawning agent (closes #1219) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1313
• feat(orchestration): agent-side watchdog for stuck prompts + pre-approved confirmations (closes #1224) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1312
• feat(sessions): fork a running session into sibling worktree (closes #1222) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1314
• feat(review): per-adapter perspective + sequential chain (closes #1223) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1311
• feat(dashboard): live terminal peek + send-bar + 4-tile session view (closes #1217) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1315
• feat(observability): OTLP exporter with GenAI semantic conventions by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1324
• feat(audit): one-command compliance evidence pack export by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1325
• tests: stress + resource-leak detection (TC-C) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1332
• feat(hooks): standardised lifecycle hook pipeline by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1333
• test(ci): fix stale base_ref assertion on main by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1340
• tests: expand property-based coverage (TC-A) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1336
• feat(security): per-tool allowlist + fail-closed policy + read-only profile by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1326
• feat(planner): enforce vertical slicing — reject horizontally-phased plans by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1327
• feat: bernstein compare subcommand for side-by-side adapter A/B by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1337
• feat(cost): per-task spend attribution + soft/hard circuit breakers by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1330
• feat(debug): deterministic replay gateway + diff (#1319) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1329
• feat: bernstein resume — pick up tasks from last checkpoint by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1343
• fix: frontend smoke-test bug sweep (10 bugs, P0-P4) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1344
• ci: contract-drift bot — comment instead of PR-create (org policy) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1345
• feat: bernstein recipes — first-class workflow library by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1342
• security(agent_ipc): sanitize session_id in log records (CodeQL py/log-injection) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1341
• feat: calibrated p50/p90 cost preflight band by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1335
• feat: bernstein worktrees — inspect & reap orphans by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1339
• feat(cost): criterion-aware retry budget (closes #1352) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1355
• feat(eval): calibration log + Brier score (closes #1353) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1359
• feat(observability): structured decision log (closes #1351) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1360
• fix(ci): repair main after #1360 merge (lint + hygiene) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1362
• feat(routing): per-task criterion profile (closes #1346) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1363
• feat(orchestration): TOPSIS multi-criteria candidate ranking (closes #1347) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1361
• feat(evolution): predicted-delta gate + oscillation guard (closes #1348) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1354
• feat(ui): fleet mode — multi-project supervisor view by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1338
• tests: integration coverage for spawn lifecycle (TC-B) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1331
• ci: mutation testing on fixed critical-path modules (TC-D) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1334
• feat(eval): forward-looking synthetic scenario generator (closes #1349) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1357
• feat(tasks): abandon primitive with reason ledger (closes #1350) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1358
• feat(quality): blast-radius scorer + reversibility gate (closes #1322) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1328
• ci: harden 'Determine changes' against shallow-clone race by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1366
• ci(contract-drift): prefer PR over comment now that org setting allows it by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1364
• chore: reap parent-level worktree debris (closes spec dated 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1375
• bot(contract-drift): regenerate src/bernstein/cli/main.py
  tests/unit/test_readme_api_coverage.py by @github-actions[bot] in https://github.com/sipyourdrink-ltd/bernstein/pull/1376
• feat(lineage): v2 two-layer storage with detached children (closes #1249) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1377
• feat(observability): bernstein simulate - digital-twin orchestration (closes #1374) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1378
• feat(gitlab_app): GitLab integration parity with github_app (closes spec 2026-05-17-feat-gitlab-app-integration) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1379
• feat(sdd): bernstein ticket validate - JSON Schema validator (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1383
• feat(adapters): bernstein adapters check - conformance + capability report (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1385
• feat(errors): structured first-run categorization with actionable hints (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1384
• feat(telemetry): opt-in first-run telemetry with DO_NOT_TRACK precedence (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1387
• docs: mandate docs-update step in PRs (CLAUDE.md + CONTRIBUTING + PR template) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1382
• feat(doctor): adapter-binary + network-reachability + CI-context checks (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1381
• docs: fill drift across today's merged features (lineage v2, simulate, criterion-profile, calibration, etc.) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1386
• feat(ci): self-healing workflow for safe + heuristic autofix classes by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1389
• fix(qwen): forward Tavily API key via env, never argv by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1390
• fix(iac): forward task prompt via env, eliminate shell-injection surface by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1392
• fix(preflight): pick most-expensive role for cost estimate, not first by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1395
• fix(replay): hold lock across seq + file write in ReplayGateway by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1391
• fix(agent_ipc): serialise concurrent stdin writes per session by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1394
• fix(handoff): close FD in StreamTailBuffer trim + scope tmp by PID by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1397
• fix(worker): translate signal-killed child to 128+N exit code by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1398
• feat(ci): auto-heal v2 - 26-parameter self-healing with Bernstein-native integrations by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1393
• fix(lineage): CI gate accepts production recorder output by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1396
• fix(security): constant-time HMAC compare in audit chain verifiers by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1399
• docs(readme): add missing CLI commands (telemetry, doctor extended, adapters check) + tighten weak entries by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1400
• fix(autoheal): future-proof v2 wiring (decision + calibration + lineage extension) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1401
• feat(orchestration): iterative self-refinement loop with critique gates (closes #1403) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1410
• feat(mcp): schema-validated tool-call inputs with deny-by-default (closes #1406) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1411
• feat(eval): ProgramBench harness (closes #1404) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1407
• feat(quality): citation+reference existence verifier (closes #1402) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1408
• fix(ci): repair main 98f531a04 — agents-md drift + vulture false positive by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1412
• feat(cost): per-quota-envelope attribution + budget hooks (closes #1405) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1413
• test: kill mutmut survivors on audit_log + audit_integrity + seed_parser by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1416
• feat(security): strip invisible Unicode Tag codepoints from injected skills (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1417
• feat(security): detect promptware cross-agent C2 in tool output (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1421
• feat(eval): security-pentest scenario (closes spec 2026-05-17) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1419
• fix(tests): repair 4 post-merge regressions on main (#1390/#1387/#1344/#1350 fallouts) by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1423
• fix(ci): repair main 30fa275a4 by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1426
• fix(tests): patch _init_http_telemetry at observability import path by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1428
• fix(tests): NewRelic OTLP patch path by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1427
• fix(tests): patch observability.telemetry path for NewRelic OTLP tests by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1429
• chore: bump version to 2.1.0 by @chernistry in https://github.com/sipyourdrink-ltd/bernstein/pull/1430

New Contributors

• @puneetdixit200 made their first contribution in https://github.com/sipyourdrink-ltd/bernstein/pull/1292

Full Changelog: https://github.com/sipyourdrink-ltd/bernstein/compare/v2.0.1...v2.1.0