Mistle

v0.1.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Summary

AI summary

Routine maintenance release for Mistle.

Full changelog

[0.1.0] - 2026-04-30

.github/workflows

Migrate workflows to Blacksmith runners (#129)

Features

Port @mistle/time package
Port @mistle/emails package
(config) Add app-scoped loader API and config docs
(config) Add simple development config initializer
(time) Add testing subpath with deterministic time fakes
(emails) Add typed send API and SMTP sender
(test-harness) Add mailpit service and integration coverage
(db) Scaffold package with control-plane schema and migrator
(config) Nest control-plane-api config by domain
(control-plane-api) Add shared runtime lifecycle and auth OTP integration
(workflows) Scaffold openworkflow package with plane namespaces
(workflows) Add data-plane module and shared openworkflow scaffolding
(workflows) Add otp workflow and simplify worker wiring
(config) Add control-plane-worker config module scaffold
(control-plane-worker) Add runtime lifecycle scaffolding
(control-plane-api) Dispatch otp via openworkflow
(db) Add control-plane sandbox profiles table
(http) Add shared keyset pagination module
(http) Add shared page-size parsing for keyset pagination
(control-plane) Add sandbox profile CRUD and delete workflow wiring
(sandbox) Scaffold unified sandbox interface package
(sandbox-runtime) Scaffold go runtime with health endpoint
Load stable tunnel config from local env
Port ui package and scaffold dashboard
Add control-plane openapi and dashboard client generation
Add dashboard auth scaffold and local mailpit infra
(data-plane-api) Add config-driven runtime resources (#8)
(data-plane-worker) Add config-driven runtime resources (#9)
(sandbox) Scaffold modal provider adapter and docs (#11)
Add modal integration tests and provider-scoped gating (#12)
(config) Add env-to-toml conversion helpers and CLI (#13)
(dashboard) Add navigation route contracts (#20)
(dashboard) Add session core primitives (#22)
(dashboard) Add sidebar navigation model primitives (#23)
(dashboard) Add organization state core (#25)
(dashboard) Add app breadcrumb rendering and routing tests (#26)
(dashboard) Add shell ui frame components (#27)
(dashboard) Integrate shell routes into app router (#29)
(dashboard) Add slice 2A route skeleton (#30)
(db) Add sandbox profile versions schema (#31)
(control-plane-api) Create initial sandbox profile version (#32)
(dashboard) Migrate slice 2C/2D and 2E UI surface (#33)
(dashboard) Add slice 3 ui scaffold and profile alignment (#35)
(db) Scaffold data-plane sandbox instance persistence (#36)
(dashboard) Add settings model primitives (#37)
(dashboard) Add settings shell and action framework (#38)
(dashboard) Wire settings destination pages to shared core (#39)
(dashboard) Add members model and service core (#40)
(dashboard) Add members settings ui and state flows (#41)
(config) Add data-plane-gateway config module (#49)
(data-plane-gateway) Scaffold service runtime (#50)
(data-plane-api) Scaffold trpc server runtime (#52)
(control-plane-api) Add organization membership capabilities route (#54)
(dashboard) Align providers scaffold page with reference layout (#55)
(dashboard) Persist profile display name updates (#58)
(config) Add data-plane worker sandbox config namespace (#57)
(logging) Enforce backend pino logging via shared package (#60)
(data-plane) Add durable sandbox start workflow with rollback (#53)
(control-plane-api) Send organization invitation emails (#56)
(dashboard) Restore organization settings parity with reference (#67)
(config) Add docker sandbox runtime config shape (#62)
(dev) Add local registry service to compose stack (#63)
(sandbox) Add docker provider adapter (#64)
(data-plane-api) Add sandboxInstances.start trpc mutation (#69)
(onboarding) Require organization creation after first sign-in (#85)
(config) Add control-plane worker data-plane API config (#82)
(data-plane-api) Enforce internal auth token on sandbox start (#84)
(data-plane-api) Wait for sandbox start completion and deduplicate runs (#89)
(workflows) Add control-plane start sandbox profile workflow (#90)
(dev) Add local reset command for volume cleanup (#96)
(dashboard) Wire sandbox profiles UI to control-plane API (#98)
(control-plane-worker) Wire sandbox start workflow to data-plane api (#92)
Add control-plane default sandbox base image config (#107)
(control-plane-api) Add sandbox profile version start instance endpoint (#93)
(sandbox) Expose stdin lifecycle on sandbox handles (#116)
(sandbox-runtime) Load bootstrap token from stdin (#118)
(db) Add sandbox tunnel connect ack table (#119)
(data-plane-gateway) Wire data-plane db config and resources (#120)
(data-plane) Add sandbox tunnel endpoint with shared bootstrap auth (#122)
(data-plane) Pass sandbox tunnel startup input via stdin (#123)
(data-plane-worker) Wait for sandbox tunnel ack before running (#124)
(config) Add rotation-ready integrations keyring config (#126)
(db) Add organization credential keys table (#127)
(control-plane-api) Initialize org credential key on create (#128)
(db) Add integration credentials table (#130)
Scaffold integrations-core foundation (#131)
Parse integration configs in runtime compiler (#133)
(db) Add integration connection tables (#135)
(db) Add profile version bindings and trigger rules tables (#136)
(db) Add remaining integration state tables (#137)
(integrations) Add integration targets table and paginated list endpoint (#139)
(control-plane-api) Add paginated integration connections endpoint (#140)
(control-plane-api) Add API key integration connection endpoint (#141)
(control-plane-api) Add sandbox profile runtime plan compile service (#143)
(integrations) Add openai definition and user config slot scaffold (#144)
(control-plane-api) Compile integrations before starting profile instances (#147)
Scaffold github cloud and enterprise integration definitions (#146)
(control-plane-api) Add integration bindings put contract (#157)
(control-plane-api) Add integration bindings replace service (#158)
(control-plane-api) Wire put integration bindings route (#159)
(start-instance) Persist compiled runtime plans in data-plane (#160)
(data-plane) Pass runtime plan into sandbox startup input (#162)
(sandbox-runtime) Parse runtime plan in startup input (#163)
(sandbox-runtime) Add egress route forwarding handler (#164)
Inject tokenizer proxy egress env into sandbox startups (#165)
(sandbox-runtime) Apply runtime plan files at startup (#166)
(db) Add encrypted target secrets field (#167)
(control-plane-api) Add target secrets crypto helpers (#168)
(sandbox-runtime) Execute artifact lifecycle commands (#170)
(integrations-core) Compile artifact removals from previous profile version (#173)
(integrations-definitions) Add github app oauth auth path (#172)
(sandbox-runtime) Apply artifact removals for snapshot plans (#174)
(control-plane-api) Define sandbox connection token contracts (#176)
(integrations) Add definition-owned oauth auth handlers (#175)
(control-plane-api) Add oauth start/complete integration connection flows (#177)
(integrations-core) Add credential resolver contracts (#181)
(control-plane-api) Add sandbox connection token services (#178)
(config) Add tokenizer-proxy app configuration module (#185)
(runtime) Plumb credential resolver purpose and key (#186)
(dashboard) Add integration logo assets and resolver (#191)
(tokenizer-proxy) Scaffold runtime application (#187)
(control-plane-api) Add internal integration credential resolver (#188)
(tokenizer-proxy) Resolve credentials for egress forwarding (#189)
(control-plane-api) Add sandbox instance token mint endpoint (#192)
Add data-plane-gateway support for connection tokens (#201)
(integrations-core) Add webhook handler contract types (#202)
(integrations-core) Add webhook helper utilities (#203)
Add runtime client processes to compiled runtime plans (#205)
Add sandboxd runtime client process manager (#206)
(integrations) Add target secret schema support (#207)
Add openai codex app server runtime process (#208)
(integrations) Add user-managed connection secret slots (#209)
(integrations) Rename providers and refactor integrations directory (#210)
Add MCP agent capability contracts (#211)
(integrations) Unify runtime clients with processes and endpoints (#212)
(integrations-definitions) Add GitHub webhook handler definitions (#204)
(sandbox-runtime) Generate dashboard session protocol types from sandboxd schema (#214)
(control-plane-api) Add integration webhook ingress endpoint (#213)
Add sandboxInstanceId claim to gateway tokens (#216)
Route sandbox tunnels by sandbox instance id (#223)
Relay frames between sandbox tunnel websocket peers (#224)
(data-plane-gateway) Modularize sandbox tunnel relay adapters (#226)
Add agent connect handling in sandbox runtime tunnel (#229)
(sandbox-runtime) Add pty tunnel channel support (#231)
(db) Add automation schema foundation (#235)
(automations) Modularize webhook filter and add helper constructors (#237)
Add webhook automation target resolver (#240)
Persist webhook routing identity on ingest (#241)
(control-plane-worker) Process integration webhook events into automation runs (#242)
Implement OpenAI binding capability projection and validation (#238)
Wire automation run workflow execution (#243)
(tests) Port dashboard members invitations to system tests (#255)
Add shared sandbox runtime plan compiler (#256)
Centralize automation run bootstrap via internal control-plane runtime (#260)
(control-plane-worker) Deliver webhook automation payload over agent channel (#266)
(dashboard) Refine sandbox profile bindings editor flow (#272)
Bootstrap opentelemetry across apps (#275)
Add integration connection update flow and validation (#277)
Add MCP integration definitions (#276)
(db) Add conversations and conversation routes schema (#285)
(worker) Add conversation persistence services (#286)
(worker) Add codex conversation provider adapter (#287)
(dashboard) Add sessions launcher page (#292)
(dashboard) Add session detail route (#293)
(dashboard) Surface codex transcript events (#297)
(dashboard) Add codex server request ui (#298)
Introduce monorepo storybook (#302)
Improve storybook dashboard boundaries (#303)
Extract dashboard storybook views (#304)
Add auth storybook views (#308)
Add conversation delivery schema foundation (#306)
Add settings storybook views (#309)
Add members settings storybook view (#310)
Add storybook interaction flows (#311)
Add settings storybook interactions (#312)
Declare compiled agent runtimes (#318)
Add integration connection resource summaries (#320)
Scaffold conversation delivery workflow (#327)
Add integration connection resources read api (#326)
Persist automation run conversation claims (#328)
Cut over automation runs to conversation delivery (#335)
Add integration connection resource sync workflow (#334)
Enforce conversation delivery ordering (#336)
Add github integration resource discovery (#337)
Cut over conversation delivery to provider routes (#338)
Add resource-backed github binding selection (#339)
Add webhook automation CRUD api (#344)
Clone selected repositories into sandbox workspaces (#345)
Expand ui storybook coverage (#346)
Support additional instructions in openai bindings (#353)
Add sandbox runtime trust bootstrap (#370)
Make credential resolution binding-aware (#373)
Add sandboxd outbound proxy foundation (#374)
Intercept https proxy requests in sandboxd (#375)
Mediate matching proxy traffic (#378)
Migrate send organization invitation workflow (#380)
Migrate request delete sandbox profile workflow (#383)
Add artifact env to runtime plans (#385)
Migrate data-plane start sandbox workflow (#386)
Deliver runtime artifact env to sandbox processes (#387)
Add local sandbox ownership to data-plane gateway (#388)
Migrate start sandbox profile instance workflow (#389)
Add github cli artifact support (#391)
Migrate handle integration webhook event workflow (#392)
Migrate sync integration connection resources workflow (#393)
Migrate handle automation run workflow (#400)
Migrate handle automation conversation delivery workflow (#401)
Add egress tracing spans (#404)
Refine sandbox profile binding ux (#410)
Add workflow registry package (#416)
Add control-plane worker openworkflow skeleton (#424)
Add data-plane worker openworkflow skeleton (#434)
Add integrations settings connection detail route (#417)
Add codex semantic chat timeline (#415)
Wire dashboard webhook automations (#418)
Add sandbox tunnel liveliness columns (#442)
Persist sandbox tunnel liveliness (#443)
Add sandbox tunnel lifecycle telemetry (#444)
Add sandbox tunnel exchange token (#448)
Add sandbox tunnel token exchange endpoint (#449)
Proactively renew sandbox tunnel tokens (#451)
Reconnect sandbox tunnels in sandboxd (#452)
Add shared stream protocol primitives (#461)
Add gateway tunnel session abstractions (#466)
Add local gateway forwarding seam (#473)
Route pty streams through gateway bindings (#467)
Route agent streams through gateway bindings (#468)
Bound gateway interactive stream bindings (#469)
Add sandbox runtime tunnel data frame codec (#490)
Multiplex sandbox runtime tunnel streams (#495)
Allow concurrent gateway tunnel stream bindings (#496)
Implement stream window flow control (#503)
Add sandbox execution lease protocol types (#528)
Persist sandbox execution leases (#529)
Add sandbox execution lease engine (#530)
Add codex execution lease adapter (#531)
Add stop-only sandbox idle reaper (#537)
Run idle reaper in local dev stack (#543)
Add sandbox pty client transport (#544)
Add dashboard pty state hook (#550)
Add agent contracts to integrations core (#553)
Port runtime plan application to sandbox runtime node (#562)
Port sandbox runtime bootstrap and health surface (#563)
Port runtime client process manager (#565)
Port sandbox runtime proxy surface (#568)
Port sandbox runtime tunnel core (#571)
Add atlassian mcp connector integration (#578)
Support immediate integration webhook responses (#583)
Add openai agent execution observer (#584)
Add sandbox runtime sea packaging (#591)
Add dashboard terminal workbench (#585)
Webhook automation trigger builder with structured event definitions (#610)
Add sandbox instance list endpoints (#611)
Add select-all checkbox to integration resource picker (#615)
Add sandbox volume mounts (#623)
Provision instance volumes on sandbox start (#625)
Add native instance volume startup semantics (#628)
Add sandbox resume workflow (#631)
Resume sandbox connect flow (#632)
Relax dashboard sandbox connect gating (#633)
Surface sandbox instances in dashboard sessions (#636)
Expose sandbox starter display names (#641)
Improve dashboard session terminal ui (#644)
Add worktree manager skill (#655)
Enable react compiler for dashboard (#659)
Add runtime state config wiring (#670)
Add gateway runtime state read boundary (#671)
Add sandbox stop request route (#672)
Add gateway owner and attachment stores (#673)
Add sandbox presence store and idle controller (#674)
Add interactive client presence heartbeats (#675)
Move execution keepalive to runtime state (#676)
Wire idle stop through gateway runtime state (#677)
Add gateway runtime state lifecycle logs (#681)
Scaffold helm chart (#697)
Recover sandbox status from runtime state (#698)
Add sandbox runtime startup logs (#705)
Polish session terminal ui (#703)
Add local helm smoke test support (#712)
Add sandbox instance resume endpoint (#713)
Simplify automation instructions authoring (#714)
Unify dashboard form page layout (#725)
Separate integration target sync from migrations (#728)
Add e2b sandbox provider (#735)
Add codex image attachments and stabilize system flow (#753)
Add initial release process and oss guardrails (#754)
Expose automation input templates in editor (#761)
Add sandbox egress grant auth package (#776)
Mint sandbox egress grants at startup (#777)
Require egress grants for tokenizer proxy auth (#778)
Improve email template previews and branding (#786)
Add sandbox inspect API (#785)
Add conventional data plane sandbox routes (#792)
Add pending sandbox instance status (#798)
Add sandbox disconnect reconciliation command (#801)
Reconcile disconnected sandboxes from gateway (#802)
Handle sandbox session stream resets (#817)
Fail fast on sandbox session stream resets (#818)
Add terminal recovery after stream reset (#819)
Reconnect codex sessions after stream reset (#820)
Add explicit mention automation trigger option (#784)
Improve attachment validation and composer gating (#758)
Reopen codex streams on existing transports (#827)
Harden upload observability and validation (#834)
Add stream complete for upload lifecycle (#844)
Add cli mode to session workbench (#833)
Add oauth2 client credentials capability (#851)
Add atlassian token connection methods (#852)
Add atlassian client credentials support (#853)
Add optional google login (#856)
Add tagged github release artifact installs (#891)
Add optional github cli selection (#892)
Add optional jira cli selection (#893)
Add sandbox CLI discovery command (#911)
Add published target auth package (#908)
Add sandbox publishing foundations (#918)
Clean up dashboard storybook surfaces and dialogs (#912)
Export sandbox runtime logs to otlp via gateway tunnel (#920)
Add logger to sandbox start workflow context (#934)
Add method-owned redirect connection copy (#928)
Add E2B template prebuild helper (#936)
Add object store and seaweedfs harness (#909)
Add sandbox runtime startup progress logs (#937)
Add Helm env overrides (#941)
Add agent instructions editor autocomplete (#945)
Add auto-save text field story (#935)
Add sandbox runtime contract package skeleton (#964)
Add runtime-state keepalive summaries (#967)
Add keepalive tunnel control message (#969)
Add gateway sandbox keepalive repository (#970)
Scaffold sandboxd rust crate (#971)
Add sandboxd protocol decode tests (#972)
Persist sandboxd startup manifests (#973)
Add sandboxd control socket reload flow (#975)
Apply sandboxd runtime plans (#976)
Supervise sandboxd runtime clients (#977)
Harden sandboxd process security (#978)
Move sandboxd proxy ca bootstrap helpers (#979)
Add sandboxd bootstrap tunnel skeleton (#980)
Add sandboxd pty runtime, cgroups, and keepalive stack (#987)
Add sandboxd codex proxy adapter (#994)
Add sandboxd runtime adapter registry (#995)
Add source-aware inbound webhook support (#949)
Switch the sandbox runtime stack to sandboxd (#996)
Add avatar and organization logo uploads (#1024)
Expose sandbox instance conversation titles (#1004)
Refine sandbox profile binding ui (#1046)
Add redirect-backed singleton image endpoints (#1041)
Add batched member avatar loading (#1058)
Add Slack connector with webhook and CLI support (#1062)
Add sessions sidebar navigation (#1065)
Make GitHub Apps org-owned and simplify webhook sources (#1075)
Add session diff panel to the workbench (#1081)
Move integrations into primary nav (#1083)
Unify members directory api (#1067)
Support organization switching in dashboard (#1079)
Add OpenAI ChatGPT device authorization support (#1099)
Wire session branch diff panel (#1098)
Add onboarding-driven home summary (#1087)
Add primary repository selection to session start (#1103)
Expose launchable profile repository options (#1106)
Add aws cli assume-role integration (#1116)
Honor primary repository when starting sessions (#1111)
Add aws integration observability (#1119)
Add distributed tracing foundation (#1130)
Add processes stream gateway plumbing (#1129)
Add sandboxd processes stream (#1132)
Add sandbox port access backend (#1137)
Add dashboard sandbox port access (#1138)
Add PlanetScale MCP integration with DCR-backed OAuth (#1136)
Add signoz hosted mcp integration (#1141)
Enable tool_search in rendered codex config (#1143)
Add datadog mcp integration support (#1145)
Forward sandbox traces through gateway tunnel (#1146)
Move integration creation to a page (#1147)
Add session header primary repository selector (#1142)
Harden sandbox tunnel recovery across gateway restarts (#1167)
Compile runtime artifact installs as typed sandbox ops (#1165)
Refresh repositories from session selector (#1169)
Improve session header titles (#1166)
Refine session working indicators (#1174)
Add dense integration scenarios and server auth labels (#1171)
Refine session workbench process access (#1175)
Allow editing sandbox session titles (#1179)
Append public session links to integration replies (#1180)
Harden sandboxd supervision and recovery (#1186)
(automations) Add webhook automation instructions (#1195)
Add persistent sandbox config foundation (#1194)
Add slack channel trigger resources (#1191)
(ui) Standardize inline dashboard editors (#1197)
Add sandbox storage data model foundation (#1196)
Resolve sandbox persistence mode before start (#1200)
Add archil storage provisioning plumbing (#1202)
Resolve sandbox storage credentials in worker (#1203)
Add e2b archil storage lifecycle (#1208)
Add docker volume sandbox storage backend (#1213)
Add docker volume persistent start flow (#1214)
Add sandbox storage telemetry (#1217)
(ui) Add screen action button (#1220)
Support custom webhook invocation tokens (#1225)
Add organization sandbox storage settings page (#1223)
Add identity linking schema foundation (#1229)
Add identity linking definition metadata (#1233)
Add org identity linking provider api (#1237)
Add local compose deployment artifact (#1227)
Add identity linking org settings (#1243)
Add linked accounts backend (#1247)
Implement github linked account authorization (#1251)
Add github linked accounts profile ui (#1252)
Apply linked github git identity at sandbox startup (#1253)
Refine sandbox profile connector bindings (#1238)
Add linked principal credential resolution (#1256)
Add github user-attributed egress (#1257)
Add slack identity linking and webhook user attribution (#1260)
Add github preferred email selection (#1264)
Add inline session diff comments (#1266)
Add admin visibility for linked providers (#1269)
Add backend stream observability (#1272)
Instrument tunnel latency telemetry (#1273)
Add dockview terminal workspace (#1268)
Add sandbox signing grant contract (#1274)
Add tunnel signing message path (#1293)
Add commit-sign helper (#1294)
Add session startup loading screen (#1297)
Add control-plane commit signing backend (#1298)
Wire sandbox git signing through sandboxd (#1303)
Streamline sandbox profile integration editors (#1261)
Add github commit signing key management (#1304)
Add steer and queued composer interactions (#1300)
Persist automation primary repository selection (#1327)
Show pull request status beside composer branch (#1355)
Simplify identity linking settings ui (#1356)
Expand sandbox base image tooling (#1361)
Prototype github app setup storybook flow (#1362)
Add sandbox profile setup prototype stories (#1363)
Refresh sandbox base runtime tooling (#1367)
Add sandbox profile setup script startup (#1370)
Add sandbox profile version setup script api (#1375)
Add sandbox profile configurations section (#1377)
Improve GitHub private key setup flow (#1376)
Migrate sandbox profile editor setup flow (#1382)
Add staged github app setup flow (#1383)
Add sandbox profile version draft read model (#1385)
Add sandbox profile version draft endpoints (#1388)
Restrict sandbox profile version writes to drafts (#1391)
Support sandbox profile draft lifecycle (#1409)
Add GitHub App manifest setup (#1408)
Add sandbox profile draft and published routes (#1420)
Add sandbox profile snapshot materialization (#1421)
Add Slack app manifest setup (#1433)
Add integration resource refresh all route (#1434)
Add dismissible notice lifecycle (#1432)
Add end-to-end webhook delivery observability (#1436)
Auto-sync integration resources after connection (#1438)
Generate sandbox session titles (#1442)
Add Slack existing app completion action (#1448)
Generate automation sandbox titles (#1451)
Auto-create Jira managed webhooks (#1452)
(config) Add next toml shape opt-in (#1467)
Add sandbox profile snapshot tab (#1465)
Add port access transport telemetry (#1474)
(data-plane-worker) Report deadline action outcomes (#1478)
Refine OpenAI device authorization flow (#1491)
Add webhook worker tracing spans (#1497)
Export runtime env projection (#1542)
Add schedule database schema (#1567)
Add schedule recurrence helper (#1569)
Add setup script environment guidance (#1548)
Add schedule dispatch claim workflow (#1583)
Add schedule dispatch child batches (#1591)
Add internal schedule dispatch endpoint (#1594)
Add scheduled snapshot refresh (#1599)
Add schedule dispatch dev runner (#1601)
Add central config env inputs (#1604)
Add control plane maintenance commands (#1605)
Add resource env export surface (#1607)
Validate webhook trigger capabilities (#1560)
Show Codex context usage (#1618)
Add generic session upload client (#1620)
Support setup-check sandbox instances (#1614)
Add mixed session attachment presentation (#1624)
Wire session composer file uploads (#1633)
Expose snapshot refresh schedules on profile versions (#1637)
Add snapshot refresh schedule dashboard services (#1643)
Add snapshot refresh schedule editor (#1646)
Add Slack file scopes (#1647)
Preview snapshot refresh schedule (#1649)
Refine snapshot refresh schedule controls (#1652)
Expose runtime auth methods (#1662)
Add port access tcp relay (#1665)
Add single-container Docker image (#1667)
Add gateway tcp port access transport (#1669)
Route port access through node tcp entrypoint (#1671)
Remove semantic port access transports (#1673)
Reorganize sandbox profile editor tabs (#1683)

Bug Fixes

Run local cloudflared tunnel with generated config
(dev) Pass config env and harden local auth secret generation
Align dashboard auth host and handle session fetch failures
Build db dependencies before dev migrations (#14)
(ui) Prevent sidebar inset overflow on narrow screens (#17)
(dashboard) Gate route error diagnostics to development (#18)
(dashboard) Fail fast on route metadata resolver errors (#24)
(dashboard) Restore route error boundary parity (#47)
(dashboard) Align require-auth with session query source (#48)
(dashboard) Remove auth screen session bootstrap flicker (#61)
Align backend runtime lifecycle semantics (#72)
(dashboard) Route session query errors to route boundary (#73)
(data-plane-api) Await runtime start in integration fixture (#74)
(dashboard) Skip session splash on login page (#87)
(dashboard) Stabilize members table layout (#88)
(dashboard) Reduce font flicker on refresh (#86)
(config) Default dev sandbox to docker and always overwrite (#109)
(sandbox-runtime) Include go.sum in docker builder (#125)
Run data-plane-api migrations in dev startup (#150)
(db) Avoid data-plane schema recreation during migrations (#155)
Increase timeout for sandbox tunnel integration tests (#171)
(dashboard) Prefer development config when config path is unset (#199)
Make docker config path selectable via build arg (#200)
Harden integration test harness cleanup (#217)
Enforce auth_scheme for API-key integration compile paths (#225)
Normalize integration route path prefixes (#227)
Enforce api-key auth scheme support on connection create (#228)
Resolve github oauth credentials with installation token resolver (#230)
(dashboard) Show create org validation only on submit (#233)
Build @mistle/logging before dev migrations (#236)
Persist dev data across restarts and document reset semantics (#239)
Disable 1Password autofill for integration API key input (#244)
Apply runtime client setup env to sandboxd process launch (#245)
Use sandboxd loopback egress url for started instances (#252)
Replace Reflect type-escape patterns with explicit narrowing (#254)
Enforce controlled Select values with oxlint js plugin (#258)
(config) Align dev control-plane gateway websocket url (#263)
(dashboard) Ignore stale session websocket close events (#264)
Standardize sandbox artifact bin path for codex (#265)
(config) Unify gateway ws config and align development URLs (#267)
Split sandbox gateway urls for internal tunnel bootstrap (#268)
(workflows) Upgrade openworkflow to 0.8.1 (#269)
Send rendered automation input to sandbox agent (#271)
Refine binding dialog form layout (#284)
(ui) Add icon-fill button size (#296)
Persist automation run render snapshots (#316)
Recover late steer delivery races (#340)
Enforce conversation route continuity (#341)
Share runtime plan schema with data-plane contract (#347)
Add data-plane-api dependency on integrations-core (#348)
Order dashboard stories before ui in storybook (#351)
Accept agent runtimes in sandbox startup (#352)
Tighten additional instructions follow-ups (#354)
Pass mistle envs through turbo test tasks (#368)
Reject duplicate git family bindings (#369)
Harden sandbox trust bootstrap (#372)
Renew gateway sandbox ownership leases (#402)
Default codex binding to full access config (#405)
Stabilize sandbox runtime pty env test (#413)
Route local sandbox tokenizer egress through relay (#420)
Allow public integration oauth completion (#419)
Use get query params for oauth completion (#428)
Redirect oauth completion to dashboard (#430)
Use request idempotency keys for sandbox starts (#437)
Preserve sandbox tool path for codex shells (#438)
Harden integrations detail route state (#446)
Harden codex semantic group rendering (#447)
Mark sandboxd non-dumpable unconditionally (#450)
Show selected automation option labels (#459)
Align vite react plugin with vite 7 (#475)
Lock dialog dismissal during pending workflows (#477)
Remap binary tunnel data frame stream ids (#478)
Close agent streams on connection detach (#479)
Reset agent streams on bootstrap replacement (#480)
Add missing data-plane worker tunnel exchange ttl config (#482)
Fail closed on unbound interactive streams (#481)
Stop sending legacy disconnect control (#486)
Reset streams on bootstrap disconnect (#487)
Make ownerless stream cleanup a no-op (#488)
Allow multiple connection peers per sandbox (#489)
Scope tunnel liveliness to bootstrap lease identity (#497)
Release agent bindings on stream close (#498)
Enforce hybrid tunnel protocol at gateway edge (#500)
Return stream open errors when bootstrap disconnects (#501)
Enforce framed payload kinds by channel (#502)
Release pty bindings on stream close (#504)
Release invalid interactive streams after local reset (#505)
Bound stream window credit (#506)
Cap active gateway tunnel bindings (#507)
Gate sandbox readiness on connected tunnel state (#508)
Harden sandbox tunnel readiness and exchange redemption (#511)
Preserve concurrent dashboard resource refresh state (#514)
Update gateway websocket integration tests (#516)
Improve sandbox integration defaults and tunnel logging (#523)
Send registry auth for docker integration pushes (#569)
Stabilize daily integration workflow (#570)
Harden sandbox rust helper test (#579)
Run turbo dev workspace in loose env mode (#581)
Mute cancelled ci slack notification (#592)
Pass through MISTLE env in lint and typecheck (#600)
Move codex openai base url into config (#595)
Add macOS toolchain env vars to turbo build cache (#608)
Pin modal integration base image (#629)
Align sandbox runtime dev image handling (#634)
Reuse loaded codex threads on reconnect (#635)
Defer better auth ids to db defaults (#637)
Stabilize daily integration tests (#638)
Remove persisted sandboxes on dev reset (#639)
Show current user name for optimistic sessions (#651)
Reap sandboxes across all sources (#652)
Compact session failure details in badge (#656)
Run worktree bootstrap from target cwd (#658)
Restore codex reconnect streaming (#660)
Preserve codex reconnect thread selection (#662)
Route codex through authless proxy provider (#663)
Accept null ws ping callbacks (#688)
Start valkey in local dev stack (#690)
Restore automation codex thread binding (#679)
Use host gateway url for worker dev config (#691)
Default openai integration to gpt-5.4 (#695)
Proxy websocket responses through tokenizer proxy (#692)
Export websocket proxy env in sandbox runtime (#702)
Recover codex session reconnect without rollout (#701)
Disable codex websockets for proxied openai (#706)
Exclude integration callbacks from auth middleware (#707)
Guard integration deletes with binding and automation usage (#709)
Keep dashboard result summaries visible (#710)
Split api migration database config (#724)
Bootstrap optional local files in worktree skill (#727)
Filter non-startable sandbox profiles from session picker (#726)
Load minimal config for integration target sync (#729)
Add local migration urls to dev config presets (#738)
Align control plane sandbox instance tests with runtime state (#739)
Wire dashboard resume flow to upstream sandbox API (#715)
Simplify automations list event display (#740)
Restore packaged sandbox runtime startup apply (#750)
Align e2b sandbox startup with supervisor runtime (#752)
Copy .env.test into new worktrees (#756)
Persist automation target sandbox profile version (#760)
Preserve invalid automation triggers across profile changes (#751)
Avoid AbortSignal.any leaks in sandbox runtime (#763)
Address codeql javascript findings (#769)
Guard mcp object writes at the sink (#770)
Enforce knip failures in ci (#771)
Tighten sandbox egress path prefix matching (#781)
Repair daily integration follow-up tests (#793)
Repair integration harness startup (#795)
Align integration target example manifest with registry (#800)
Add provider-specific integration runtime config (#804)
Use bigint for migration counters (#806)
Require tunnel readiness before surfacing running (#809)
Reapply startup configuration when resuming sandboxes (#821)
Make apply-startup resume aware (#822)
Refetch sandbox status after session recovery events (#826)
Prepend managed sandbox context to codex instructions (#829)
Cancel interrupted upload relays (#830)
Keep sandbox mcp streams alive through relay (#832)
Harden upload thread path handling (#835)
Pin transitive axios below 1.14.0 (#859)
Repair integration suite fixtures (#880)
Align dashboard status boxes and markdown stories (#881)
Remove sandbox binding save status copy (#902)
Harden atlassian site url live validation (#906)
Wire jira cli base url into atlassian bindings (#907)
Move sandbox ca verification into bootstrap (#939)
Consolidate rjsf dashboard theming (#942)
Separate dashboard session header connection state (#927)
Set explicit e2b sandbox ttl (#946)
Align payload tokens with webhook payload references (#958)
Repair daily integration coverage (#966)
Align daily integration test contracts (#974)
Improve dashboard mobile friendliness (#1001)
Restore browser-safe integration definitions (#1005)
Inline sandboxd telemetry stream id formatting (#1009)
Restore otp input interaction (#1010)
Require webhook events to reference sources (#1011)
Expose explicit webhook source capability metadata (#1012)
Tear down managed webhook sources on connection delete (#1013)
Autofocus auth onboarding forms (#1022)
Add local object store dev infra (#1023)
Stretch settings image field errors (#1026)
Add local object store defaults to dev preset (#1027)
Sync organization logo across shell (#1028)
Sync avatar fallback initials (#1029)
Clear stale image operation errors (#1031)
Hide unsupported webhook creation actions (#1030)
Remove optimistic sessions list launch label (#1035)
Stabilize sandbox runtime lifecycle and webhook routing (#1034)
Hide hidden-only binding object fields (#1033)
Suppress session polling top loading bar (#1036)
Untangle sandbox connection lifecycle (#1037)
Update scheduled integration workflow contracts (#1038)
Stabilize cli mode integration wait (#1039)
Avoid restoring stale loaded-only chat threads (#1040)
Preserve sandbox bootstrap tunnels after terminal exit (#1044)
Inline sandboxd format args for clippy (#1043)
Unblock sandboxd agent stream refreshes (#1047)
Split browser-safe integrations definitions exports (#1049)
Emit structured sandboxd telemetry logs (#1056)
Accept slot-keyed integration target payloads (#1059)
Clean up runtime follow-up behavior (#1061)
Refine integration selection defaults (#1060)
Separate sandbox runtime resume from init (#1063)
Tighten Slack webhook event handling (#1064)
Separate webhook source verification secrets (#1066)
Short-circuit skipped webhook verification (#1068)
Relax agent stream backpressure (#1069)
Streamline automation editor copy (#1071)
Update jira and linear integration descriptions (#1073)
Scope webhook payload filters by event type (#1070)
Enrich Slack reaction webhooks with thread context (#1074)
Polish GitHub App connection setup flows (#1077)
Add configurable e2b template resources (#1078)
Improve sessions sidebar routing and tooltip resilience (#1076)
Inject slack base url for cli artifact (#1089)
Show sessions toggle in app shell storybook (#1088)
(data-plane-gateway) Retry idle cleanup and ignore inactive keepalives (#1095)
Align agent stream window flow control (#1093)
Support explicit Liquid fallback in webhook templates (#1094)
Restore slack webhook details in integrations view (#1096)
Restrict invitation listing access (#1097)
Shorten device auth migration index names (#1100)
Soften email dark mode styling (#1102)
Stabilize invitation expiry assertions (#1105)
Preserve integration resource results during search refetch (#1107)
Simplify session workbench status indicator (#1108)
Complete chatgpt device auth codex runtime support (#1101)
Move control-plane webhook routes under /p (#1113)
Extend sandbox session connection timeout (#1115)
Debounce dashboard search refetches (#1112)
Simplify integrations navigation flow (#1125)
Resume stopped webhook automation sandboxes (#1131)
Decouple linear mcp from auth (#1133)
Constrain oauth2 start response payload (#1139)
Show idly paused sandboxes as stopped in sessions list (#1140)
Use pat-shaped github cli placeholder token (#1144)
Pin codex app server to 0.119.0 (#1148)
Reduce default e2b sandbox resources (#1153)
Allow follow-up delivery on codex systemError threads (#1154)
Surface sandbox init causes and retry github fetches (#1155)
Extend docker sandbox init timeout (#1164)
Refine sessions list interaction model (#1162)
Hide accepted invitations from invitations list (#1168)
Retain codex automation threads across worker disconnects (#1163)
Refine pinned chat scroll behavior (#1170)
Auto-submit OTP entry (#1173)
Keep sandboxes alive for detached PTY children (#1178)
Return runtime plan in sandbox inspection status (#1172)
Improve integration connection detail flows (#1183)
Simplify automation message template UI (#1185)
Extend sandboxd live retain retries (#1192)
Restore previous route when toggling session sidebar (#1193)
Retain dashboard codex turns across reconnects (#1188)
Restore input group defaults and simplify edit breadcrumbs (#1198)
Scope migration config loading (#1199)
Resume unloaded codex automation threads (#1204)
Use provider startup modes during resume (#1215)
Polish dashboard conversation and integration previews (#1210)
Allow E2B prebuild resource overrides (#1222)
Keep usr local bin off persistent storage (#1228)
Seed codex config only when absent (#1230)
Run format check in pre-push hook (#1231)
Format staged non-code files with oxfmt (#1232)
Restore github installation management surface (#1239)
Narrow affected frontend validation tests (#1240)
Scope automation sandbox resume idempotency to run (#1244)
Restore oxlint config compatibility (#1245)
Allow direnv during codex worktree setup (#1254)
Resolve identity linking and sandbox runtime regressions (#1259)
Include users:read in slack linked-account oauth (#1263)
Align stream caps with tungstenite max (#1270)
Instrument tokenizer proxy stream failures (#1271)
Add content-length to sandbox tunnel exchange (#1280)
Treat live stopped sandboxes as active (#1281)
Restore local compose smoke flow (#1267)
Preserve sandboxd egress streaming semantics (#1283)
Use remote compaction for proxy-backed codex runtime (#1285)
Restore Storybook typecheck for identity linking (#1286)
Add sandbox startup diagnostics logs (#1288)
Instrument codex session manager session exits (#1289)
Improve sandbox startup failure diagnostics (#1292)
Stabilize scheduled integration regressions (#1296)
Extend codex app server readiness timeout (#1301)
Soften sandboxd codex post-start readiness probes (#1305)
Repair integration regression followups (#1302)
Use release sandboxd binary in Dockerfile (#1306)
Pass control plane url to disposable gateway (#1307)
Address final scheduled integration failures (#1309)
Inline sandboxd format args (#1311)
Preserve terminal workspace and align terminal sizing (#1299)
Stabilize scheduled integration regressions (#1312)
Extend dashboard TUI integration timeout (#1313)
Stop session status refetch on tab focus (#1317)
Move session overflow tooltip to the right (#1318)
Lazy load integration resource items (#1321)
Add failed setup workbench story (#1320)
Suppress unsynced resource loading state (#1324)
Improve sandboxd proxy compatibility and websocket relays (#1316)
Scope sessions sidebar mode to sessions routes (#1322)
Keep session git branch label in sync (#1319)
Polish sessions list table and stories (#1335)
Allow empty relayed header values (#1337)
Catch ts build regressions in ci (#1338)
Pin github release installs (#1314)
Scope linked account pending state per provider (#1336)
Align sessions sidebar with sessions list (#1340)
Add control plane API config for local gateway (#1343)
Refresh session workbench git branch label (#1346)
Use cloudflared credentials for system tunnels (#1350)
Preserve git signing on internal sandbox resume (#1352)
Preserve signing on automation sandbox resume (#1354)
Repair docker system test coverage (#1357)
Increase control-plane worker internal API timeout (#1358)
Handle idle control-plane pool teardown errors (#1360)
Stabilize docker system test followups (#1368)
Harden sandboxd pty relay shutdown ordering (#1369)
Show vitest logs in CI turbo runs (#1371)
Tighten integration test targeting guidance (#1374)
Stabilize docker gateway restart system tests (#1378)
Stabilize remaining docker system tests (#1381)
(data-plane-gateway) Tolerate transient bootstrap pong misses (#1384)
Use bundled node in port access system tests (#1386)
Share github webhook endpoint across system tests (#1390)
Harden race-prone sandbox lifecycle flows (#1392)
Persist github webhook harness across system files (#1393)
Adopt active sandbox profile versions for launch defaults (#1395)
Keep github app install pending (#1399)
Harden gateway runtime-state valkey coherence (#1412)
Align github system test session signals (#1413)
Unblock e2b system tunnels (#1415)
Align aws xml parser dependency (#1416)
Activate gateway bootstrap authority on attach (#1423)
Renew gateway owner lease with active attachment (#1424)
Let scheduled e2b run after docker failures (#1425)
Harden gateway port access cleanup and authorize routing (#1426)
Add sandbox profile snapshot refresh action (#1427)
Gate bootstrap control messages on attachment activation (#1428)
Share cloudflared ingress across e2b services (#1429)
Make sandbox list use persisted status (#1430)
Stabilize dashboard integration selectors (#1431)
Clear port authorization on connection close (#1440)
Make integration success notice dismissible (#1439)
Stabilize sandbox profile draft saving UI (#1443)
Drain gateway tunnel cleanup on shutdown (#1447)
Add startup diagnostics for test harness apps (#1449)
Fence gateway stream routing to bootstrap session (#1453)
Capture live startup logs for test harness apps (#1454)
Promote control-plane worker otel api dependency (#1456)
Fence port publishing to bootstrap session (#1457)
Sort organization switcher options (#1459)
Serialize sandbox deadline lifecycle mutations (#1462)
Request github app contents write permission (#1463)
Align e2b system test expectations (#1464)
Fence sandbox deadline clears by owner (#1469)
Make sandbox profile save failures dismissible (#1470)
Hide integration target keys from headers (#1468)
Show GitHub app install success message (#1475)
Improve notice dismiss action (#1479)
Use configured secret fields in integration editor (#1472)
Stack automation trigger filters (#1482)
Improve integration connection success messages (#1481)
Center get started page (#1494)
(control-plane-worker) Resume sandboxes before webhook delivery (#1493)
Keep sessions sidebar toggle page scoped (#1489)
Route sandbox connector setup to add flow (#1501)
(test-harness) Run system migrations before services (#1503)
Surface automation title seed failures (#1506)
Open sandbox profile snapshot tab after publish (#1496)
Mint fresh title seed sandbox token (#1507)
Add GitHub client IDs to sandbox profile stories (#1515)
Simplify OTP email copy (#1529)
Stop sandboxd from owning runtime PATH (#1536)
Execute setup scripts from temp files (#1555)
Resolve session diff default branch (#1563)
Pass auth base url to dev infra (#1572)
Initialize session repository selection from runtime context (#1571)
Remove sandboxd health port race (#1573)
Isolate sandboxd git config writes (#1581)
Project scheduled system config env (#1593)
Stabilize scheduled system env wiring (#1597)
Pass sandbox runtime env to e2b daemon (#1600)
(sandboxd) Use metadata-only thread resume for retained Codex threads (#1602)
Support websocket egress proxy upgrades (#1603)
Attach replacement sandbox storage as resume (#1606)
Narrow maintenance command config (#1608)
Initialize maintenance telemetry from subset config (#1609)
Move codex profile instructions to AGENTS (#1611)
Load service config directly from env (#1616)
Align integration connection delete guards (#1617)
Allow generic session file uploads (#1619)
Show session user message after turn starts (#1621)
Use codex default composer settings (#1629)
Remove duplicate sandbox profile saving indicator (#1630)
Skip unchanged sandbox profile integration saves (#1634)
Show accurate app manifest callbacks (#1628)
Sync integration targets during dev startup (#1636)
Skip unchanged integration binding updates (#1640)
Preserve manifest callback base paths (#1639)
Keep generic files pending in session composer (#1635)
Preserve integration URL base paths (#1644)
Preserve integration row identity after saves (#1645)
Require webhook trigger capabilities when needed (#1648)
Show latest published setup script (#1653)
Allow dashboard build origin env override (#1664)
Resolve codex default model for automation delivery (#1666)
Send complete codex collaboration settings (#1670)
Preserve system roots in sandbox egress ca bundle (#1672)
Handle port access request close acknowledgements (#1674)
Restore semantic port access http transport (#1679)
Narrow ci path filters (#1680)
Resolve Slack setup credentials without full hydration (#1681)
Preserve websocket origin for port access (#1686)
Run integration target sync from symlinked entrypoint (#1694)

Refactors

(emails) Migrate rendering to jsx-email
(time) Remove unsafe timer handle cast in manual scheduler
(db) Rename control-plane schema export and type member roles
(emails) Normalize OTP template symbol naming
(control-plane-api) Compose app from config with auth context
(config) Simplify loadConfig typing by app id
(config) Switch control-plane-api to workflow namespace
(control-plane-api) Split runtime modules and service wiring
(control-plane-worker) Split runtime into modules
Remove tunnel-gateway app
Port sandbox-runtime from go to rust
Simplify sandbox runtime to health endpoint only
(sandbox-runtime) Move base image into runtime app
(dashboard) Extract settings route factory (#34)
(workflows) Rename control-plane worker input to ctx (#59)
(dashboard) Share invitation auth UI and state flows (#71)
(dashboard) Simplify no-organization access flow (#78)
(sandbox-runtime) Port sandboxd runtime to go (#77)
(dashboard) Remove slug form handling and split settings services (#79)
(runtime) Thread internal auth token through worker and data-plane api runtimes (#83)
(dashboard) Add shared API request and error utilities (#103)
(dashboard) Centralize API error message mapping (#104)
(dashboard) Migrate sandbox and members services to typed openapi client (#105)
(dashboard) Remove unused sandbox profile parser (#106)
Split test harness into test-core and test-environments (#108)
Rename integrations-core deployment terms to target (#134)
(db) Use string mode timestamps in non-auth control-plane tables (#142)
(integrations) Rename openai variant to openai-default (#145)
(integrations-core) Compile lifecycle-driven runtime artifacts (#148)
Remove sandbox manifest from runtime start flow (#149)
(integrations-core) Remove legacy manifest parser (#151)
Extract shared github integration definition module (#152)
(config) Move sandbox provider to global config (#153)
(sandbox) Keep provider ownership in data-plane worker (#156)
(runtime-plan) Rename resolved image source enums (#169)
(db) Remove profile-version trigger rules schema (#179)
(data-plane-api) Centralize tRPC internal auth middleware (#180)
(data-plane-trpc) Remove untyped sandbox client call (#182)
(workflows) Align plane worker APIs around services (#190)
(test-harness) Replace test environments with app containers (#198)
Remove includeGhCli from github binding config (#232)
(control-plane-api) Decouple integration target sync and provisioning (#261)
Remove userSecretSlots and move GitHub webhook secret to target secrets (#273)
Replace integration UI projections with schema-backed forms (#274)
Make sandbox instance start asynchronous (#283)
(dashboard) Split codex transcript approval ui (#299)
(dashboard) Wrap chat diff rendering (#300)
Use integration family identity for conversations (#325)
Extract dashboard settings story fixtures (#323)
Rename automation conversation persistence (#342)
Extract dashboard story fixtures (#343)
Promote shared dashboard components to ui (#349)
Tighten workflow package and worker boundaries (#350)
Move control-plane automation run runtime into workflows (#355)
Move control-plane conversation delivery runtime into workflows (#356)
Remove worker workflow compatibility wrappers (#357)
Move conversation delivery provider envelope into workflows (#358)
Name control-plane workflow service ports (#364)
Separate dev and test env conventions (#366)
Move generated test context into repo-local files (#367)
Inject data-plane gateway tunnel components (#381)
Remove route-authored integration egress URLs (#382)
Formalize data plane gateway tunnel interfaces (#384)
Define relay envelope transport contract (#390)
Add header-addressed tokenizer proxy egress (#406)
Switch sandboxd egress to header-addressed forwarding (#407)
Remove legacy tokenizer proxy egress routes (#408)
Remove legacy sandbox egress routes (#409)
Localize control-plane automation workflows (#411)
Rename egress route ids to egress rule ids (#412)
Switch producer workflow imports to registry (#421)
Switch control-plane worker startup to openworkflow cli (#429)
Move control-plane auth and sandbox workflows into worker app (#431)
Move control-plane integration workflows into worker app (#432)
Move control-plane automation workflows into worker app (#433)
Move data-plane sandbox workflow into worker app (#435)
Remove workflows package (#436)
Remove automations package (#439)
Remove sandbox runtime plan compiler package (#440)
Migrate data plane internal api to openapi (#441)
Move sandbox runtime state out of workspace (#453)
Remove remaining workspace path conventions (#460)
Streamline dashboard integration settings detail ui (#471)
Move interactive clients to stream open control (#462)
Switch sandbox runtime opens to stream handshake (#463)
Move pty control onto stream messages (#464)
Close agent sessions with stream controls (#465)
Retire legacy sandbox session protocol surface (#470)
Extract sandbox session client transport (#485)
Centralize sandbox tunnel websocket reads (#492)
Frame pty tunnel payloads (#493)
Frame agent tunnel payloads (#494)
Frame direct agent websocket clients (#499)
Clarify sandbox tunnel token redemption semantics (#509)
Extract tunnel protocol translation (#513)
Extract tunnel session lifecycle service (#517)
Extract sandbox tunnel admission (#518)
Simplify forwarding and relay wiring (#520)
Trim sandbox tunnel route helpers (#522)
Simplify control-plane-worker workflow composition (#524)
Remove control-plane worker wrapper helpers (#525)
Move codex app server generated artifacts (#526)
Restructure control plane worker workflow helpers (#527)
Localize integration resource sync workflow (#533)
Localize sandbox profile start workflow (#534)
Share sandbox session client across consumers (#491)
Localize sandbox profile deletion workflow (#535)
Localize integration webhook workflow (#536)
Split dashboard session workbench boundary (#538)
Localize automation run workflow (#539)
Remove dashboard session view wrapper (#540)
Move control-plane worker runtime files (#541)
Flatten control-plane worker workflow runtime (#545)
Flatten data-plane worker workflow runtime (#547)
Remove sandbox snapshot support (#549)
Move openai conversation provider into definitions (#559)
Move dashboard codex logic under openai definitions (#560)
Add adapter key to compiled agent runtimes (#561)
Move bootstrap security primitives into rust (#577)
Rework runtime client process manager boundary (#580)
Move proxy ca fd handoff into rust (#582)
Model integration connection methods (#593)
Rename github app installation redirect flow (#594)
Add oauth2 control-plane connection flow (#596)
Replace sandbox runtime with node implementation (#602)
Refresh oauth2 access tokens during credential resolution (#597)
Cut over codex app client consumers (#604)
Remove legacy oauth redirect naming (#599)
Rename sandbox runtime provider metadata (#621)
Standardize dashboard formatting helpers (#642)
Reorganize dashboard session workbench (#654)
Clean up dashboard editor state flow (#661)
Add sandbox runtime state interfaces (#669)
Simplify dashboard hook and derived state (#678)
Simplify sandbox runtime lifecycle state (#680)
Centralize websocket helpers (#683)
Extract organization membership capabilities service (#685)
Simplify control plane api structure (#686)
Simplify session presence leases (#687)
Restructure control plane integration routes (#693)
Move control plane crypto helpers into lib (#694)
Isolate dashboard storybook boundaries (#696)
Clean up control plane api boundaries (#699)
Restructure control plane route modules (#704)
Restructure control plane internal routes (#708)
Inject control plane auth directly (#711)
Normalize organization membership capabilities route (#716)
Remove stale worker server config (#722)
Restructure data plane api (#723)
Introduce sandbox runtime supervisor (#730)
Rename sandbox runtime ids (#731)
Rename provider sandbox ids (#732)
Cut over worker startup configuration (#733)
Remove sandbox volume model (#741)
Remove modal sandbox provider (#734)
Remove sandbox handle stdin methods (#747)
Align e2b provider client boundary (#748)
Extract e2b template registry (#749)
Centralize monorepo oxlint enforcement (#773)
Bind sandbox runtime proxy to loopback by default (#774)
Make sandbox egress routing decisions explicit (#775)
Migrate sandbox clients to conventional routes (#796)
Remove legacy data-plane sandbox routes (#797)
Remove disconnected stop command (#803)
Collapse gateway idle data plane client (#807)
Simplify sandbox runtime bootstrap (#811)
Move sandbox paths under root (#812)
Replace codespell with typos (#810)
Remove unused artifact lifecycle hooks (#823)
Share filter evaluator semantics (#824)
Tighten session page phase boundaries (#828)
Align auth onboarding screens and stories (#843)
Dedupe upload test scaffolding (#845)
Use form and redirect connection methods (#848)
Add generic form connection routes (#849)
Add definition-driven form connection dialogs (#850)
Add agent runtime registries and definition bundles (#860)
Split openai provider from codex runtime (#861)
Move agent mcp materialization into runtimes (#862)
Resolve agent consumers by runtime id (#863)
Add agent runtime pty launch specs (#864)
Remove stale openai agent shims (#865)
Clean up remaining phase 1 runtime seams (#867)
Isolate session workbench cli handoff (#857)
Dedupe runtime artifacts in compiled plans (#890)
Simplify dashboard shell layout contracts (#910)
Unify dashboard sandbox status presentation (#926)
Inject sandbox runtime logger (#931)
Rename atlassian integration to jira (#940)
Align dashboard rjsf layout with shared field styling (#944)
Autosave dashboard general settings fields (#959)
Simplify dashboard storybook organization (#963)
Switch runtime consumers to sandbox runtime contract (#965)
Generalize gateway keepalive store types (#968)
Remove automation conversation title and preview (#1025)
Clarify dashboard chat restore thread selection (#1048)
Share one sandbox websocket transport per dashboard session (#1050)
(dev) Bootstrap SeaweedFS bucket directly (#1051)
Remove dead singleton avatar session sync (#1053)
Move integration connection secrets to credential slots (#1057)
Centralize organization authorization (#1104)
Remove unused binding form context (#1109)
Make organization settings active-org relative (#1118)
Consolidate session workbench status state (#1110)
Redesign integration connection detail layout (#1177)
Harden sandboxd cold init (#1205)
Add sandbox storage lifecycle hooks (#1207)
Make sandbox storage config provider-aware (#1211)
Introduce Archil sandbox storage backend abstraction (#1212)
Decouple sandbox compute from durable storage (#1216)
Reuse single-select combobox field (#1255)
Remove dashboard page loading ui (#1258)
Unify chat external link handling (#1265)
Share post-worktree setup script (#1282)
Project steer render ordering (#1310)
Move copyable value into ui (#1315)
Improve linked account settings UI (#1323)
Track integration target manifest in repo (#1348)
Add sandbox base image manifest readers (#1387)
Resolve published sandbox base image refs (#1389)
Centralize local sandbox base image refs (#1394)
Clean up remaining ts sandbox base refs (#1398)
Clean up shared dashboard components (#1396)
Centralize sandboxd test image refs (#1400)
Share control-plane url builder (#1418)
Share manifest json editor (#1435)
Tighten manifest editor cleanup (#1437)
Extract github manifest builder (#1441)
Share manifest webhook callback state (#1445)
Remove gateway owner store (#1450)
Componentize sandbox profile save indicator (#1446)
Clean up shell loading indicator metadata (#1455)
Move title generation behind provider capability (#1458)
Clean up legacy config drift (#1460)
Use definition list for invitation details (#1461)
Extract braille spinner component (#1471)
Split workflow migration database url (#1476)
Remove api startup migrations (#1477)
Move dashboard config to build time (#1490)
Align next config shape with plan (#1500)
Remove legacy toml config shape (#1520)
Select runtime config from toml root (#1534)
Apply env overrides to config root (#1538)
Compose tokenizer proxy config (#1547)
Compose data plane gateway config (#1550)
Compose data plane api config (#1551)
Compose control plane worker config (#1553)
Split webhook automation form presentation tests (#1554)
Compose control plane api config (#1557)
Compose data plane worker config (#1565)
Centralize integration setup flows (#1545)
Remove apps config root (#1570)
Simplify primary repository selection state (#1580)
Load env config through central root (#1587)
Move config root internals out of toml (#1592)
Clarify runtime env export ownership (#1595)
Remove legacy app env loaders (#1596)
Remove config env projection alias (#1598)
Remove legacy runtime env export (#1610)
Remove legacy config env input (#1612)
Remove legacy config env references (#1613)
Route provider app setup through definitions (#1579)
Add generic provider app callback route (#1615)
Move provider app setup redirect selection (#1622)
Move github app detail metadata (#1626)
Move jira webhook setup metadata (#1631)
Share integration metadata schemas (#1638)
Share setup manifest editor section (#1642)
Share app setup pane primitives (#1651)
Share setup pane autosave state (#1650)
Remove OpenAI target model capabilities (#1675)
Extract sandbox profile snapshot panel (#1685)

Performance

Cache SEA build in dev script to skip redundant Rust compilation (#614)

Documentation

(config) Add config maintenance workflow guide
(time) Document runtime and testing usage
(workflows) Add per-plane workflow library references
(repo) Add license and contribution/security policies (#6)
Replace nix doctor with nix config check (#10)
Clarify cloudflare tunnel setup in readme (#15)
Update AGENTS.md guidance (#80)
(config) Add control-plane worker data-plane api key to sample (#94)
Add integrations api README for providers architecture (#234)
Add storybook ci policy (#313)
Migrate public docs to Mintlify workspace (#377)
Move public docs workspace to packages (#379)
Update github setup url guidance (#445)
Add github pr authoring skill (#472)
Clarify PR skill bug symptom guidance (#483)
Move dashboard agent guidance to nested file (#484)
Extract db migration skill (#542)
Add dashboard react effects guidance (#653)
Simplify worktree manager skill (#657)
Update sandbox provider documentation (#736)
Minor cleanup in AGENTS.md (#799)
Update root sandbox contract references (#814)
Align root sandbox follow-up references (#815)
Clarify root sandbox runtime contract (#816)
Clarify upload concurrency contract (#841)
Add dashboard text assertion guidance (#903)
Tighten dashboard text assertion review guidance (#905)
Add abstraction discipline guide (#925)
Expand integration setup guides (#1161)
Refine github integration setup guide (#1181)
Update docs site navigation and positioning (#1182)
Fix integration guide icons on Mintlify (#1184)
Rewrite README with setup and architecture guidance (#1187)
Expose e2b sandbox sizing examples (#1219)
Clarify deployment options (#1242)
Remove Restate references from AGENTS guide (#1295)
Tighten PR checks guidance (#1344)
Make local ci guidance conditional (#1345)
Update managed migration guidance (#1480)
Publish next config sample (#1508)
Update README snapshot overview (#1524)
Add identity linking to readme (#1562)
Document component test guidance (#1586)
Clarify optional config fields (#1590)
Add rust agent guidance (#1668)
Reorganize development guidance (#1678)
Update README and local installer (#1691)
(readme) Update docs around running Mistle locally (#1695)
Move cla to repo root (#1697)

Tests

(emails) Add smtp integration suite with mailpit
(emails) Add otp template snapshot coverage
Add postgres 18 and pgbouncer service to test-harness
(config) Simplify fixtures and isolate integration env
(control-plane-api) Cover OTP failure integration paths
(control-plane-api) Cover OTP policy and DB-driven expiry paths
(control-plane-api) Verify bootstrap idempotency on repeated OTP sign-ins
(test-harness) Add reusable available-port helper coverage
(control-plane-api) Add runtime lifecycle integration coverage
(control-plane-api) Add CORS integration coverage
(test-harness) Align mailpit coverage and docs
(workflows) Add schema isolation integration coverage
(workflows) Add control-plane otp workflow integration test
(config) Add worker integration coverage for loadConfig
(control-plane-worker) Add runtime integration harness
(control-plane-api) Add sandbox profile integration coverage
(workflows) Add shared control-plane integration fixture
Derive modal integration base image and harden cleanup (#21)
(dashboard) Add integration coverage for members and loading bar (#44)
(sandbox) Add docker adapter integration coverage (#66)
(data-plane-api) Cover sandbox start enqueue integration (#70)
(workflows) Add docker integration coverage for start sandbox workflow (#76)
(dashboard) Split integration tests into dedicated vitest config (#117)
Change OpenAI test variantId to openai-api-key (#138)
Standardize openai target keys to kebab-case (#161)
Stabilize shared integration infra and decouple cross-app control-plane tests (#251)
Add otp auth system tests (#259)
Add openai codex app-server system tunnel coverage (#270)
Fix control-plane-api integration regressions (#301)
Add github webhook automation system coverage (#365)
Add github cli sandbox system coverage (#403)
Split test harness integration scripts (#414)
Seed sandbox rows for bootstrap tunnel integration cases (#474)
Replace integration runner with root vitest orchestration (#510)
Restore data-plane worker config integration fixture (#512)
Add gateway memory runtime state integration coverage (#682)
Fix gateway config fixture expectation (#684)
Convert auth OTP coverage to integration (#759)
Harden egress grant coverage (#779)
Rename sandbox instance integration files (#805)
Update downstream sandbox path assertions (#813)
Cover upload interruption and recovery flows (#831)
Update sandbox runtime plan expectation (#855)
Move sandbox title seeding coverage to system tests (#1042)
Cover rendered composer pane attachment retries (#1126)
Log otp delivery workflow failures (#1156)
Add codex disconnect survival system test (#1176)
Add persistent sandbox system coverage (#1218)
Speed up dashboard test hotspots (#1224)
Reduce dashboard unit test overhead (#1226)
Fix scheduled integration stale expectations (#1308)
Add vite port access system coverage (#1339)
Add scheduled system workflow (#1341)
Stabilize sandbox presence integration cleanup assertion (#1351)
Fix remaining scheduled system docker assertions (#1401)
Fix thread resume system assertion (#1414)
Fix thread resume system assertion (#1417)
Fix thread resume initial snapshot assertion (#1422)
Fix runtime-state tracing system assertion (#1444)
Fix scheduled integration drift pass 1 (#1466)
Clean up e2b system sandboxes (#1492)
Clean up stricter oxlint jest warnings (#1495)
Fix webhook span assertions (#1499)
Align idle deadline wait with harness timeout (#1498)
Isolate sandboxd git config writes (#1512)
Move sessions service test to integration (#1556)
Move integrations page route tests to integration (#1559)
Move integration editor state tests to integration (#1561)
Add dashboard component test lane (#1566)
Move rendered dashboard tests to component lane (#1568)
Move dashboard component tests to component lane (#1582)
Split dashboard vitest setup by lane (#1585)
Stabilize system sandbox runs (#1589)
Remove legacy openai model binding config (#1623)

Build

(sandbox) Add base image docker scaffolding
(sandbox) Install mise in base image
Prepare sandbox base image for archil (#1206)

CI

Add nix-first GitHub Actions CI workflow (#7)
Reduce PR runtime with caching and conditional prebuild (#81)
Add daily integration workflow (#564)
Generate config for daily integration (#566)
Save caches earlier in ci workflow (#567)
Update Infisical daily integration path (#572)
Send workflow Slack notifications from ci-shared (#574)
Include PR links in Slack notifications (#575)
Simplify Slack notification copy (#576)
Cache rust dependencies in workflow (#622)
Publish service images to ghcr (#700)
Add codecov monorepo coverage upload (#772)
Upload rust coverage to codecov (#780)
Split ts and rust workflow lanes (#930)
Add repo-owned codeql workflow (#1234)
Enable dependabot updates for github actions (#1235)
Serialize scheduled system providers (#1411)
Reuse scheduled system runtime (#1473)
Scope blacksmith runner usage (#1511)
Revert pnpm sticky disk cache (#1513)
Optimize PR caching and lane scoping (#1625)
Remove rust test runner image publisher (#1654)
Scope changed-file lane filters (#1656)
Publish multi-arch container images (#1676)
Revert multi-arch image publishing (#1682)
Include single-container images in releases (#1699)

Chores

Bootstrap mistle-scratch monorepo scaffold
Enforce no-mocking lint restrictions
(docs) Add instructions regarding identifier registries and constants maps
(lint) Enforce type-aware deprecated usage checks
(config) Rename integrations -> integration and update vitest.integration.config.ts
Add .pkgrep to .gitignore
(config) Include integration files in typecheck
Add root integration test pipeline task
(time) Include integration files in typecheck
(apps) Include integration files in tsconfig typecheck
(repo) Update workspace manifests and lockfile
Formatting
(lint) Restrict timer globals and scope time package override
(control-plane-api) Split unit and property vitest configs
Add .gitkeep to tests/{e2e,system}
Apply remaining cleanup changes
(provider-runtime) Remove provider-runtime
(sandbox-manager) Delete sandbox-manager
(infra) Scaffold deployment directories
(dev) Add local caddy scaffold and move sandboxd default port
(dev) Assign unique default ports for data plane services
(data-plane) Remove tokenizer-proxy scaffold
Scaffold local dev infra orchestration
Add cloudflared to mise toolchain
Pivot local development to nix-first
Enforce conventional commits with commitlint
Migrate commitlint config to json
Enforce kebab-case naming in dashboard
(repo) Rename project and configure dependency bots
(renovate) Disable dependency dashboard preset
Add python and pip to nix dev shell (#16)
Scope pipx state to repository in nix shell (#19)
Convert root scripts to typescript (#28)
(dev) Exclude sandbox-runtime from default workspace dev (#42)
(dev) Unify local dev postgres and remove auto config init (#43)
(dev) Proxy full data-plane api via edge (#45)
(dev) Remove local caddy edge proxy (#46)
Scaffold data-plane trpc shared package (#51)
(deps) Bump jsdom from 26.1.0 to 28.1.0 (#4)
(deps) Bump better-auth from 1.4.18 to 1.4.19 (#1)
(config) Default control and data planes to shared database (#65)
(data-plane) Scaffold trpc contracts and router modules (#68)
(ci) Split static checks and tests into parallel jobs (#91)
(deps) Bump hono from 4.12.2 to 4.12.3 (#97)
(deps) Bump oxlint-tsgolint from 0.11.5 to 0.15.0 (#101)
(deps) Bump pg from 8.18.0 to 8.19.0 (#100)
(config) Add shared tunnel bootstrap token config (#110)
(deps) Bump oxfmt from 0.26.0 to 0.35.0 (#99)
Ignore @types/node major bumps in dependabot (#111)
(deps) Bump turbo from 2.8.10 to 2.8.11 (#112)
(deps) Bump react-day-picker from 9.13.2 to 9.14.0 (#113)
(deps) Bump @types/node from 24.10.13 to 24.10.15 (#114)
(deps) Bump modal from 0.7.1 to 0.7.2 (#115)
(ci) Enable turbo remote cache auth in CI (#121)
Switch ci blacksmith runners from 4 vcpu to 2 vcpu (#132)
(deps) Bump @types/pg from 8.16.0 to 8.18.0 (#197)
(deps) Bump @trpc/client from 11.10.0 to 11.11.0 (#193)
(deps) Bump react-resizable-panels from 4.6.5 to 4.7.0 (#194)
(deps) Bump openworkflow from 0.7.3 to 0.8.0 (#195)
(deps) Bump lint-staged from 16.2.7 to 16.3.1 (#196)
(deps) Bump @trpc/server from 11.10.0 to 11.11.0 (#218)
(deps) Bump lefthook from 2.1.1 to 2.1.2 (#219)
(deps) Bump oxlint from 1.50.0 to 1.51.0 (#220)
(deps) Bump squawk-cli from 2.41.0 to 2.43.0 (#221)
(deps) Bump better-auth from 1.4.19 to 1.5.2 (#222)
Run workspace dev with turbo watch (#253)
Remove unused user config slots (#257)
(dashboard) Centralize and typecheck lint plugins (#262)
(deps) Bump lint-staged from 16.3.1 to 16.3.2 (#250)
(deps) Bump oxfmt from 0.35.0 to 0.36.0 (#248)
(deps) Bump better-auth from 1.5.2 to 1.5.3 (#246)
(deps) Bump @hono/node-server from 1.19.9 to 1.19.10 (#247)
(deps) Bump hono from 4.12.3 to 4.12.5 (#249)
(deps) Bump @commitlint/cli from 20.4.2 to 20.4.3 (#278)
(deps) Bump react-resizable-panels from 4.7.0 to 4.7.1 (#279)
(deps) Bump @trpc/server from 11.11.0 to 11.12.0 (#280)
(deps) Bump oxlint-tsgolint from 0.15.0 to 0.16.0 (#281)
Remove legacy SSE MCP transport (#319)
Tighten storybook host boundaries (#317)
(deps) Bump liquidjs from 10.24.0 to 10.25.0 (#329)
(deps) Bump @types/node from 24.10.15 to 24.12.0 (#333)
(deps) Bump @commitlint/config-conventional from 20.4.2 to 20.4.3 (#330)
(deps) Bump mailpit-api from 1.7.1 to 1.7.2 (#331)
(deps) Bump turbo from 2.8.11 to 2.8.14 (#332)
(deps) Bump oxlint from 1.51.0 to 1.52.0 (#359)
(deps) Bump storybook from 10.2.16 to 10.2.17 (#360)
(deps) Bump @fast-check/vitest from 0.2.4 to 0.3.0 (#362)
(deps) Bump jose from 6.1.3 to 6.2.1 (#363)
Scaffold openworkflow in control-plane-api (#376)
(deps) Bump better-auth from 1.5.3 to 1.5.4 (#395)
(deps) Bump @typescript/native-preview from 7.0.0-dev.20260310.1 to 7.0.0-dev.20260311.1 (#396)
(deps) Bump @rjsf/utils from 6.3.1 to 6.4.1 (#399)
(deps) Bump pg from 8.19.0 to 8.20.0 (#398)
(deps) Bump @trpc/client from 11.11.0 to 11.12.0 (#397)
(deps) Bump turbo from 2.8.14 to 2.8.16 (#422)
(deps) Bump @storybook/react-vite from 10.2.16 to 10.2.17 (#426)
(deps) Bump @rjsf/core from 6.3.1 to 6.4.1 (#427)
(deps) Bump lefthook from 2.1.2 to 2.1.4 (#425)
(deps) Bump @base-ui/react from 1.2.0 to 1.3.0 (#458)
(deps) Bump @storybook/addon-a11y from 10.2.16 to 10.2.17 (#457)
(deps) Bump hono from 4.12.5 to 4.12.7 (#455)
(deps) Bump nodemailer from 8.0.1 to 8.0.2 (#454)
(deps) Bump @vitejs/plugin-react from 5.1.4 to 6.0.0 (#456)
(ci) Upgrade GitHub Actions versions (#548)
Upgrade repo runtime to node 25 (#551)
Scaffold sandbox runtime node and rust addon (#552)
(deps) Bump jsdom from 28.1.0 to 29.0.0 (#554)
(deps) Bump @storybook/addon-docs from 10.2.16 to 10.2.19 (#557)
(deps) Bump @types/node from 25.3.5 to 25.5.0 (#558)
(deps) Bump mint from 4.2.423 to 4.2.434 (#555)
(deps) Bump @rjsf/validator-ajv8 from 6.3.1 to 6.4.1 (#556)
(deps) Bump knip from 5.85.0 to 5.87.0 (#586)
(deps) Bump lint-staged from 16.3.2 to 16.4.0 (#589)
(deps) Bump @storybook/addon-vitest from 10.2.16 to 10.2.19 (#590)
(deps) Bump oxlint from 1.52.0 to 1.56.0 (#588)
(deps) Bump @commitlint/cli from 20.4.3 to 20.5.0 (#587)
Remove codex app server client package (#603)
Finalize sandbox runtime port cleanup (#605)
Upgrade vite to 8 and vitest to 4.1 (#606)
(docs) Remove notion from integrations-core README.md (#607)
Suppress turbo output to errors-only and trim build cache key (#609)
Replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (#612)
Replace vite-tsconfig-paths plugin with native option in storybook (#613)
(deps) Bump modal from 0.7.2 to 0.7.3 (#617)
(deps) Bump fast-check from 4.5.3 to 4.6.0 (#618)
(deps) Bump @commitlint/config-conventional from 20.4.3 to 20.5.0 (#619)
(deps) Bump knip from 5.87.0 to 5.88.0 (#620)
Publish sandbox base image to ghcr (#624)
(deps) Bump @testcontainers/postgresql from 11.12.0 to 11.13.0 (#616)
Tag sandbox base image as latest (#626)
Notify sandbox image publishes in slack (#627)
Remove sandbox-base-dev stage (#630)
(deps) Bump oxlint-tsgolint from 0.16.0 to 0.17.0 (#646)
(deps) Bump @storybook/react-vite from 10.2.19 to 10.3.0 (#647)
(deps) Bump testcontainers from 11.12.0 to 11.13.0 (#648)
(deps) Bump @better-auth/drizzle-adapter from 1.5.3 to 1.5.5 (#650)
(deps) Bump @storybook/addon-vitest from 10.2.19 to 10.3.0 (#649)
(deps) Bump vite from 8.0.0 to 8.0.1 (#664)
(deps) Bump nodemailer from 8.0.2 to 8.0.3 (#668)
(deps) Bump @storybook/react-vite from 10.3.0 to 10.3.1 (#667)
(deps) Bump hono from 4.12.7 to 4.12.8 (#666)
(deps) Bump mint from 4.2.434 to 4.2.442 (#665)
Clean up knip baseline (#689)
(deps) Bump @typescript/native-preview from 7.0.0-dev.20260320.1 to 7.0.0-dev.20260323.1 (#721)
(deps) Bump @streamdown/code from 1.1.0 to 1.1.1 (#717)
(deps) Bump @storybook/react-vite from 10.3.1 to 10.3.2 (#718)
(deps) Bump @pierre/diffs from 1.0.11 to 1.1.3 (#720)
(deps) Bump recharts from 2.15.4 to 3.8.0 (#719)
(deps) Bump undici from 7.24.4 to 7.24.5 (#742)
(deps) Bump mint from 4.2.442 to 4.2.452 (#744)
(deps) Bump liquidjs from 10.25.0 to 10.25.1 (#746)
(deps) Bump jsdom from 29.0.0 to 29.0.1 (#745)
Remove unused flake toolchains (#755)
Add codespell checks (#757)
(deps) Bump ws from 8.19.0 to 8.20.0 (#743)
Clean up settings shell storybook stories (#762)
(deps) Bump oxfmt from 0.36.0 to 0.42.0 (#768)
(deps) Bump vitest from 4.1.0 to 4.1.1 (#767)
(deps) Bump e2b from 2.16.0 to 2.18.0 (#766)
(deps) Bump @opentelemetry/instrumentation-pg from 0.65.0 to 0.66.0 (#765)
(deps) Bump @opentelemetry/sdk-logs from 0.213.0 to 0.214.0 (#764)
Show full codecov PR comment (#782)
Upgrade better-auth to 1.5.6 (#783)
(deps) Bump @opentelemetry/exporter-trace-otlp-http from 0.213.0 to 0.214.0 (#787)
(deps) Bump undici from 7.24.5 to 7.24.6 (#791)
(deps) Bump tailwindcss from 4.2.1 to 4.2.2 (#788)
Trigger merge queue workflows (#794)
(deps) Bump react-router from 7.13.1 to 7.13.2 (#789)
(deps) Bump @opentelemetry/exporter-logs-otlp-http from 0.213.0 to 0.214.0 (#790)
Run sql lint in ci (#808)
Enable Atlassian and Linear integration defaults (#825)
Remove atlassian mcp integration (#846)
Remove codecov integration (#854)
(deps) Bump oxlint-tsgolint from 0.17.0 to 0.18.1 (#836)
(deps) Bump @storybook/react-vite from 10.3.2 to 10.3.3 (#837)
(deps) Bump @opentelemetry/sdk-node from 0.213.0 to 0.214.0 (#839)
(deps) Bump squawk-cli from 2.43.0 to 2.44.0 (#840)
(deps) Bump drizzle-kit from 0.31.9 to 0.31.10 (#838)
Upgrade storybook to 10.3.3 (#858)
(deps) Bump liquidjs from 10.25.1 to 10.25.2 (#868)
(deps) Bump @rjsf/utils from 6.4.1 to 6.4.2 (#869)
(deps) Bump jose from 6.2.1 to 6.2.2 (#870)
(deps) Bump smol-toml from 1.6.0 to 1.6.1 (#871)
(deps) Bump react-resizable-panels from 4.7.1 to 4.8.0 (#872)
(deps) Bump vite from 8.0.1 to 8.0.3 (#875)
(deps) Bump @types/pg from 8.18.0 to 8.20.0 (#873)
(deps) Bump @rjsf/core from 6.4.1 to 6.4.2 (#874)
(deps) Bump @napi-rs/cli from 3.5.1 to 3.6.0 (#876)
(deps) Bump streamdown from 2.4.0 to 2.5.0 (#877)
(deps) Bump vitest from 4.1.1 to 4.1.2 (#878)
(deps) Bump @opentelemetry/api-logs from 0.213.0 to 0.214.0 (#879)
Enforce pnpm minimum release age (#919)
(deps) Bump drizzle-orm from 0.45.1 to 0.45.2 (#917)
(deps) Bump recharts from 3.8.0 to 3.8.1 (#914)
(deps) Bump @rjsf/validator-ajv8 from 6.4.1 to 6.4.2 (#915)
(deps) Bump hono from 4.12.8 to 4.12.9 (#916)
Move form stories under forms (#929)
Remove unused sandbox traces endpoint config (#932)
Remove config generator drift (#933)
Reorganize dev and docker directories (#947)
Update .gitignore (#948)
Switch ci jobs to github-hosted linux runners (#983)
(deps) Bump e2b from 2.18.0 to 2.19.0 (#1017)
(deps) Bump dockerode from 4.0.9 to 4.0.10 (#1014)
(deps) Align storybook packages to 10.3.4 (#1052)
Remove unused published target auth package (#1054)
(deps) Bump squawk-cli from 2.44.0 to 2.46.0 (#1086)
(deps) Bump @hono/zod-openapi from 1.2.2 to 1.2.4 (#1080)
(deps) Bump mailpit-api from 1.7.2 to 1.8.1 (#1084)
(deps) Bump react-router from 7.13.2 to 7.14.0 (#1082)
(deps) Bump @codemirror/view from 6.40.0 to 6.41.0 (#1085)
(deps) Bump @hono/node-server from 1.19.11 to 1.19.13 (#1120)
(deps) Bump react-resizable-panels from 4.8.0 to 4.9.0 (#1123)
(deps) Bump @opentelemetry/api from 1.9.0 to 1.9.1 (#1121)
(deps) Bump @fast-check/vitest from 0.3.0 to 0.4.0 (#1122)
Remove stale sandbox publishing scaffolding (#1128)
(deps) Bump @storybook/addon-docs from 10.3.4 to 10.3.5 (#1159)
(deps) Bump @storybook/addon-links from 10.3.4 to 10.3.5 (#1189)
Add validate changed workflow (#1221)
(deps) Bump postgres from 3.4.8 to 3.4.9 (#1209)
Remove jscpd tooling (#1236)
(deps) Bump oxlint from 1.56.0 to 1.59.0 (#1246)
(deps) Bump oxlint-tsgolint from 0.18.1 to 0.20.0 (#1248)
(deps) Bump @opentelemetry/auto-instrumentations-node to 0.72.0 (#1249)
(deps) Bump testcontainers to 11.14.0 (#1250)
Bump codex version in flake (#1262)
(deps) Bump @storybook/addon-a11y from 10.3.4 to 10.3.5 (#1275)
(deps) Bump @opentelemetry/sdk-logs from 0.214.0 to 0.215.0 (#1276)
(deps) Bump mailpit-api from 1.8.1 to 1.9.0 (#1278)
(deps) Bump @smithy/hash-node from 4.2.13 to 4.2.14 (#1279)
(deps) Bump openworkflow from 0.8.1 to 0.9.0 (#1277)
Bump codex to 0.122.0 (#1287)
Run cargo fmt for sandboxd rust files (#1290)
Split rust test containers in ci (#1326)
(deps) Bump @tanstack/react-pacer from 0.21.1 to 0.22.0 (#1331)
(deps) Bump @opentelemetry/exporter-logs-otlp-http from 0.214.0 to 0.215.0 (#1329)
(deps) Bump @opentelemetry/sdk-metrics from 2.6.1 to 2.7.0 (#1330)
(deps) Bump @codemirror/view from 6.41.0 to 6.41.1 (#1365)
(deps) Bump @hono/zod-openapi from 1.2.4 to 1.3.0 (#1366)
(deps) Bump turbo from 2.8.16 to 2.9.6 (#1364)
(deps) Update react and react-dom to 19.2.5 (#1372)
(deps) Update rjsf packages to 6.5.1 (#1373)
Remediate runtime dependency alerts (#1402)
Update codex to 0.125.0 (#1410)
Remove aws xml-builder release-age exclusion after 2026-04-27 03:01 SGT (#1419)
(deps) Bump @smithy/protocol-http from 5.3.13 to 5.3.14 (#1406)
(deps) Bump @storybook/addon-vitest from 10.3.4 to 10.3.5 (#1407)
(deps) Bump oxlint-tsgolint from 0.20.0 to 0.21.1 (#1405)
(deps) Bump @rolldown/plugin-babel from 0.2.2 to 0.2.3 (#1485)
(deps) Bump @tailwindcss/vite from 4.2.1 to 4.2.4 (#1487)
(deps) Bump dockerode from 4.0.10 to 5.0.0 (#1484)
(deps) Bump @storybook/react-vite from 10.3.4 to 10.3.5 (#1488)
(deps) Bump oxlint from 1.59.0 to 1.61.0 (#1486)
Clean up pre-phase4 config drift (#1502)
Add next config format env opt-in (#1504)
Generate next local configs (#1505)
(ci) Migrate workflows to Blacksmith runners (#1510)
Use 4vcpu runner for ts tests (#1552)
Update jira cli release tag (#1564)
Clean up config migration drift (#1584)
(deps) Bump lefthook from 2.1.4 to 2.1.6 (#1575)
(deps) Bump vite from 8.0.3 to 8.0.10 (#1576)
(deps) Bump tailwindcss from 4.2.2 to 4.2.4 (#1578)
(deps) Bump @opentelemetry/core from 2.6.1 to 2.7.0 (#1577)
(deps) Bump @opentelemetry/api-logs from 0.214.0 to 0.215.0 (#1574)
Run rust tests with nextest (#1627)
Target changed rust test files (#1632)
Bump slack cli release pin (#1655)
(deps) Bump @pierre/diffs from 1.1.3 to 1.1.19 (#1657)
(deps) Bump @opentelemetry/context-async-hooks from 2.6.1 to 2.7.0 (#1658)
(deps) Bump redis from 5.11.0 to 5.12.1 (#1659)
(deps) Bump @commitlint/cli from 20.5.0 to 20.5.2 (#1660)
(deps) Bump @hono/node-server from 1.19.13 to 2.0.0 (#1661)
Remove public helm chart (#1677)
Simplify local compose single-container flow (#1689)
Change image tags to :latest (#1692)
Add OCI labels to published images (#1698)

revert

Undo MISTLE env pass-through changes in lint/typecheck (#601)
Undo scoped migration config loading (#1201)

sandboxd

Keep nix and cmddir on PATH for login shells (#1483)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mistle

Get notified when new releases ship.

About Mistle

All releases →