0cdbf63660
Merge current master (4f5b732) into the release branch and expand the
CHANGELOG v1.1.0 section to cover every merge since the v1.0.1 tag:
identity/eligibility tooling (#9, #11, #13, #14), gated review/merge
workflows (#15, #16), execution profiles (#12, #19), audit logging (#18),
Retry-After backoff (#27), API pagination + failure handling (#67),
release-tag helper (#50), status:in-progress automation (#56, #58),
LLM-Agent-SHA Phase 0 (#86), provenance helper (#3), manage_labels modes
(#6), and documentation (#8, #70, #72, #77).
PRs #82 (#68 release SOP) and #84 (#69 Linux portability) were closed
without merging and are intentionally NOT listed.
No feature code changed; CHANGELOG.md only. No tag created.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2.5 KiB
2.5 KiB
Changelog
All notable changes to this project will be documented in this file.
[v1.1.0] - 2026-07-02
Added
- Read-only identity and eligibility tooling:
gitea_whoamiauthenticated-user lookup (#11),gitea_get_profileruntime-profile discovery (#13), andgitea_check_pr_eligibilityfail-closed PR eligibility checks (#14). - Identity lookup aliases (
gitea_get_authenticated_userandgitea_get_current_user) for common MCP/LLM tool discovery (#9). - Gated PR review actions (
gitea_submit_pr_review) reusing the eligibility gates (#15). - Gated PR merge workflow (
gitea_merge_pr) with explicitMERGE PR <n>confirmation, head-SHA and changed-file pinning, and self-merge blocking as the only merge path (#16). - Task-scoped Gitea MCP execution profiles: documented profile model (#12) and runtime profiles via environment config with
allowed_operations(#19). - Audit logging for all mutating MCP actions with execution-profile metadata and secret redaction (#18).
- Shared API pagination (
api_get_all) and hardened failure handling ingitea_auth.api_request: request timeouts, clear network/DNS errors, explicit 502/503/504 upstream errors, malformed-JSON handling, and redacted error text (#67). scripts/release-tagSemVer-gated annotated-tag helper (safe-by-default, master-only, tests required) (#50).- Automatic
status:in-progressrelease on issue close and PR close/merge (#56, #58). LLM-Agent-SHAopaque agent attribution convention (Phase 0): documentation, handoff/review templates, and negative tests proving the SHA can never bypass self-review/self-merge gates (#86).- macOS
com.apple.provenancecleanup helper tool and documentation (#3). manage_labels.pyrefactored into reusable modes (--create-labels,--apply-mapping,--add-label) (#6).
Changed
- HTTP 429 responses now honor
Retry-Afterwith jittered exponential backoff (#27). - Read-only list tools (
gitea_list_issues,gitea_list_prs,gitea_list_labels) now paginate across pages with bounded page caps (#67). - Automatic
status:in-progresscleanup on issue/PR close and merge. - Label cleanup now utilizes safe targeted label deletion behavior rather than replacing the entire label set.
Documentation
- MCP security model and trust-boundary documentation (#8).
- Developer testing guidelines (#70).
- Jenkins read-only build-status tools design (#72).
- Jenkins repo/branch/PR → job mapping design (#77).
[v1.0.1]
- Fix Recent Timesheets Remove button text clipping and copy theme/whats_new in build.
[v1.0.0]
- Initial versioned release.