This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
ReleasePort's take
Moderate signalThe release renames Flue-specific runtime configuration keys to runner-oriented names, breaking existing setups.
Why it matters: Breaking change: rename Flue config keys; update all deployment configs before upgrade. Severity high (severity 70).
Summary
AI summaryUpdates ⚠ BREAKING CHANGES, Bug Fixes, and Chores across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Breaking | High |
Replace Flue-specific runtime config names with runner-oriented names. Replace Flue-specific runtime config names with runner-oriented names. Source: llm_adapter@2026-06-01 Confidence: low |
— |
| Feature | Low |
Add Pi runner to control-plane. Add Pi runner to control-plane. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Generalize runner model configuration. Generalize runner model configuration. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Add Deputies favicon. Add Deputies favicon. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Add Astro MDX blog to www. Add Astro MDX blog to www. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Add Deputies launch blog post to www. Add Deputies launch blog post to www. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Feature | Low |
Add Twitter embed component to www. Add Twitter embed component to www. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Bugfix | Medium |
Handle fast new‑session responses in web. Handle fast new‑session responses in web. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Bugfix | Medium |
Harden GitHub CLI tool file access. Harden GitHub CLI tool file access. Source: llm_adapter@2026-06-01 Confidence: low |
— |
| Bugfix | Medium |
Remove raw Codex auth JSON env variable handling. Remove raw Codex auth JSON env variable handling. Source: llm_adapter@2026-06-01 Confidence: low |
— |
| Bugfix | Low |
Render new session stream events before detail refresh in web UI. Render new session stream events before detail refresh in web UI. Source: granite4.1:30b@2026-06-01-audit Confidence: low |
— |
| Bugfix | Low |
Stabilize scrollbar gutter on www site. Stabilize scrollbar gutter on www site. Source: granite4.1:30b@2026-06-01-audit Confidence: low |
— |
Full changelog
0.4.0 (2026-06-01)
⚠ BREAKING CHANGES
- Replace Flue-specific runtime config names with runner-oriented names: RUNNER_MODEL, RUNNER_MODEL_CHOICES, RUNNER_STATE_STORE, OPENAI_CODEX_AUTH_FILE, OPENAI_CODEX_AUTH_BASE64, and the /models modelChoices response field.
Features
- add Deputies favicon (690a0c8)
- control-plane: add Pi runner (#40) (25b25f4)
- generalize runner model configuration (3dfd869)
- www: add Astro MDX blog (aa99716)
- www: add Deputies launch blog post (e7ec362)
- www: add Twitter embed component (0eb6e83)
Bug Fixes
- harden github cli tool file access (d74e0a5)
- remove raw Codex auth JSON env (e3f7769)
- web: handle fast new-session responses (84fc025)
- web: render new session stream events before detail refresh (#39) (1ac9031)
- www: stabilize scrollbar gutter (6e61574)
Chores
- www: remove subdir for template post (7e57ec1)
Breaking Changes
- Replaced Flue-specific config names RUNNER_MODEL, RUNNER_MODEL_CHOICES, RUNNER_STATE_STORE, OPENAI_CODEX_AUTH_FILE, OPENAI_CODEX_AUTH_BASE64 and /models modelChoices response field with runner-oriented equivalents.
Security Fixes
- Harden GitHub CLI tool file access
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About sidpalas/deputies
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]