escapeboy/agent-fleet-o

What's changed

• feat: Hermes-inspired improvements — tool profiles, smart routing, transcript search, auto-skills, context compression (4ef22f8)
• fix: github_repo default, evolution icon, nginx reverb resolver (45713fe)
• fix: github_repo default, evolution icon, nginx reverb resolver (cd83e1f)
• fix: correct github_repo default and evolution sidebar icon (7d45233)
• fix: correct github_repo default and evolution sidebar icon (4abb3b4)
• fix(telegram): use team owner_id instead of team_id as actorUserId (623d113)
• feat(chatbot): add Telegram channel management UI (d10463d)
• chore: update package-lock.json for FontAwesome dependency (91a831d)
• fix: bundle FontAwesome via npm instead of CDN — no CSP issues (f6222e0)
• fix: add FontAwesome 6 CDN to app layout — required by rail+flyout sidebar icons (79d6041)
• feat(search): add SearXNG service for native web search (d2c56f8)
• fix: add purpose to evolution analyze AiRequestDTO — prevent NOT NULL violation in ai_runs (fc7a441)
• feat: modernize sidebar to rail+flyout layout matching cloud version (4fa13cf)
• docs: add capabilities.md and reference in CLAUDE.md for coding agents (fef45d6)
• feat(skill): metric-gated benchmark improvement loop (972b605)
• chore: reset Monolog handler buffers after each Horizon job (47fde7d)
• fix(security): harden voice session — SSRF guard, narrow token abilities, fix env race condition (655b1d1)
• fix(voice): use SanctumTokenIssuer for worker dispatch token (267b720)
• feat(voice): per-team LiveKit credentials via Integration driver (4f25003)
• fix(security): address QA/security review findings from UI entry points PR (dcb37ff)
• feat(ui): add missing UI entry points for 6 deployed backend features (3775be1)
• fix(ui): move provider badges under name, clean up agent header action buttons (c22014b)
• feat(ui): add Voice Session link button to agent detail header (add5228)
• fix(workflows): escape all remaining {{}} Blade-parsed literals in builder (375ea26)
• fix(workflows): escape {{variable}} placeholders in Blade template (859bdae)
• feat(ui): replace custom SVG icons with FontAwesome Free in sidebar-link (46eaa97)
• fix(workflows): remove current_team() calls in WorkflowBuilderPage (47156f6)
• fix(assistant): replace userRole() with memberRole() in assistant panel (08449d6)
• fix(tests): build Stripe fixture keys at runtime to bypass GitHub push protection (2b5c98d)
• fix: resolve 10 PHPStan errors in 5 new-feature files (344cd68)
• fix(security): truncate broadcast outputPreview, add realpath guard for repo paths, validate Portkey key format (b09cd85)
• fix(security): add experiment broadcast channel auth + SSRF guard for ConfluenceConnector (a222bb8)
• feat(experiments): block-based execution log grouped by pipeline stage (f4ac6a9)
• feat(knowledge): add Notion, Confluence, GitHub Wiki passive ingestion connectors (32e4e7e)
• feat(workflows): real-time node status via Reverb events, reduce polling to 30s fallback (3f6c470)
• feat(agents): inject repo-map context for git-linked experiment executions (65e7911)
• feat(ai-gateway): add PortkeyGateway as optional team-level AI backend (41e672a)
• fix(ci): resolve PHPStan errors and test failures from 5 new features (48e70e3)
• feat(voice): add LiveKit voice session domain with API, Livewire UI, and MCP tools (ca81337)
• feat(credential): add version history and secret scanner (67b3f71)
• feat(skills): add Prompt IDE with model comparison and annotation-based improvement (4571cc4)
• feat(integrations): add Activepieces MCP integration with auto-sync (fcc34e4)
• feat(outbound): add Ntfy push notification connector with MCP tool (abe0492)
• fix(webhook): allow test env to bypass missing-secret guard in SignalWebhookController (e9befc8)
• test(agent): add missing AgentConstraintTemplatesTest (23caaaf)
• fix(security): patch cross-tenant leakage in MCP worklog and uncertainty tools (362cfa6)
• feat(crew): conversational crew creation via Assistant design_crew tool + MCP registration (454a189)
• feat(crew): add process_reviewer/output_reviewer roles and per-member context_scope (c5d76d2)
• feat(evolution): add crew restructuring proposal action via Evolution domain (604c854)
• feat(experiment): add three-layer knowledge enrichment before planning (3802705)
• feat(experiment): add structured worklog entries for agent reasoning audit trail (ebb4ce9)
• feat(assistant): add conversation quality review action and API endpoint (fda7454)
• feat(experiment): add uncertainty signal protocol for agent clarification requests (4696b79)
• feat(agent): add behavioral constraint templates for anti-sycophancy and quality defaults (a46248b)
• fix: use HasMany where() instead of wherePivot() for crew members (012c464)
• fix(security): address security review findings — add team guard, role gate, input allowlist, XSS-safe prompt encoding (6c293bc)
• feat(ux): Accio-inspired UX improvements — prompt gallery, stepper, inline approvals, bento dashboard, NL scheduling, marketplace tabs, evolution badge (ac13fdb)
• docs: expand and fix documentation for 9 undocumented features (493e96c)
• fix: resolve merge conflict in landing hero/cta + update stats to current numbers (4dc56ce)
• fix: ExecutePlaybookStepJob — retry bridge-unavailable failures properly (a5d368e)
• fix: RecoverStuckTasks — escalate experiments with no stage via meta counter (e0b22ec)
• security: fix 7 vulnerabilities from QA/security review (7ce521f)
• fix(memory): guard failure lessons query against missing table in unit tests (c45e423)
• feat(outbound): WhatsApp Business Cloud API connector with webhook receipts (b57eec4)
• feat(crew): per-member permission policy with tool allowlist and step/credit limits (7005cd6)
• feat(agent): heartbeat scheduling — UI, MCP tools, and Livewire integration (f26824e)
• feat(memory): failure lesson extraction on experiment terminal failure (a6ca907)
• feat(memory): tier system with proposed/canonical/facts/decisions/failures UI + MCP tools (bd47734)
• feat(experiment): context health monitoring with checkpoint handoff (f36ee47)
• feat(agent): add avg_steps warning badge on AgentDetailPage (07bd8fa)
• security: fix cross-tenant isolation and nesting depth in workflow saga/fork features (f5511d0)
• feat(workflow): saga/compensation pattern (per-step rollback) (4768af0)
• feat(workflow): stub-based WorkflowSimulator for unit testing (0d09af4)
• feat(workflow): dynamic fork sub_workflow fan-out + fan-in (e6a7b45)
• feat(workflow): extend LlmNode with embed, extract, and search operations (f7c7256)
• feat(workflow): Workflow Gateway — expose workflows as MCP tools (a2a7f24)
• chore: minor code cleanup and dependency ordering (253f674)
• fix(security): 7 security findings from pre-deploy audit (5ea614e)
• fix(integration): add missing interface methods + AuthType::BearerToken (47b47de)
• security: harden context-mode improvements against injection and DoS (6626c78)
• feat: context-mode inspired improvements (5 features) (512492f)
• fix(chatbot): add missing 'error' case to KnowledgeSourceStatus enum (bf1ae3a)
• fix(security): apply withoutGlobalScopes team scoping to all MCP tools (b5cd92e)
• fix(security): tenant scoping and IDOR fixes in federation tools (687b43e)
• fix(security): security review hardening from audit (cfa7020)
• fix(security): QA fixes — 5 issues resolved (73f74d5)
• feat(security): Phase 4 — security review queue for high-risk contacts (e288575)
• feat(security): Phase 3 — entity risk scoring on ContactIdentity (7afee4d)
• feat(security): add IP reputation check on webhook signal ingestion (e98cfc3)
• fix: correct StageType enum-as-string/key bugs and missing error column (2ad405e)
• feat: register integration_execute in CompactMcpServer for LLM discoverability (fe698aa)
• fix: rename IntegrationExecuteTool action param to integration_action (42d5280)
• fix: include transport_config headers in MCP HTTP tool calls (90c0f49)
• fix: use named variadic args in MCP tool closure to fix PHP 8 named parameter error (1c9f9e2)
• fix: BuildArtifactJob now uses experiment agent model and tools (6fce480)
• fix: correct consecutiveFailures() to count truly consecutive failures (badcf9d)
• fix: use project title instead of name in TelegramBotsPage (882d309)
• fix(crew): split self-referential FK into separate ALTER TABLE for PostgreSQL compatibility (db43499)
• feat(crew): Phase 3 & 4 — adversarial debate process type + UI (705b1da)
• feat(crew): Phase 2 — self-claim task pool process type (579b955)
• feat(crew): Phase 1 — inter-agent messaging (fbe3a49)
• fix(security): SQL injection and input validation in ToolSearchTool (0a997d6)
• feat(agent-orientation): improve agent discoverability and efficiency (6fc17fc)
• fix(ragflow): align client and tools with RAGFlow v0.17 API (e854543)
• fix(ragflow): security hardening — sanitize exception messages, restrict file paths, add IsDestructive (f63bc5d)
• feat(workflow,tool): workflow execution live overlay + MCP tool federation layer (8de67f1)
• feat(ragflow): integrate RAGFlow as optional deep document understanding layer (364c945)
• fix(memory): correct StageType::Evaluating and experiment_stages status filter (e08fe4b)
• feat(ui): surface hidden backend features with Livewire UI pages (31418b1)

Upgrade

git fetch --tags origin
git checkout tags/v1.16.0
composer install --no-dev --optimize-autoloader
php artisan migrate --force
php artisan optimize

Docker users: Pull the latest image and restart your containers.