chore: release v3.0.0

[dallay-bot]

🤖 I have created a release beep boop

3.0.0 (2026-04-12)

⚠ BREAKING CHANGES

• ci: make all now includes all checks and will fail on any error

Features

• 276 expand dashboard and web operational clients to match runtime admin capabilities (#352) (307a1f1)
• 277 session and memory visibility across Corvus clients (#366) (4db1b16)
• add apply progress, verification, and archive reports for enhance-auto-update system (33f94a7)
• add audio input support for http gateway and cli phase 2 (#437) (faa496f)
• add configuration to ignore platform-specific Corvus binaries (9f5ae23)
• add dependabot configuration for all ecosystems (#189) (926b2d5)
• Add first-run dashboard activation prompt and user guidance (#147) (0768810)
• Add first-run web dashboard activation prompt and guidance (c096805)
• Add first-run web dashboard activation prompt and guidance (b3f6c1d)
• add functions to collect and apply restart fields for various configurations (57b2087)
• Add image ingestion and update staging tests for Slack (#461) (f752038)
• add jules and antigravity agents to agentsync (5aea1e4)
• add McpToolAdapter to implement the Tool trait for MCP tools, including output limiting and configuration validation. (47425cd)
• add provider account pools and rust coverage (#240) (0f350a7)
• Add RustCliBridge for executing Rust CLI commands as an agent core bridge. (9b7e39e)
• Add secure shell command execution and external tool integration via a new Rust-Kotlin native runtime bridge. (32213cd)
• Add ShellTool for secure shell command execution with sandboxing, timeout, and output truncation. (d28df1d)
• add ShellTool for secure, sandboxed shell command execution with output truncation and timeouts. (bea54ef)
• Add tests for public image staging in Discord CDN (#460) (7b07371)
• add Vite configuration for Vue project with testing and build setup (d2ed52b)
• agent-runtime: add agent templates and developer documentation for Phase 5B (#514) (9933713)
• agent-runtime: add CLI composition flows for Phase 4 (#513) (ced2b06)
• agent-runtime: add code_search rollout benchmarks (aff6dc8)
• agent-runtime: add indexed candidate verification for code search (#443) (79080e4)
• agent-runtime: complete gateway webhook dispatcher parity (#283) (b327cfa)
• agent-runtime: keep search index fresh across file writes and workspace changes (#444) (82fa489), closes #358
• agent-runtime: Phase 5A — trait compliance macros and differential tests (#515) (20c0527)
• agent-runtime: support multiple images per turn (#472) (5afd58b)
• agent: add code-specialized bootstrap entrypoint (31c8461)
• capability: Phase 3 - corvus-composer crate with AgentManifest schema (#511) (61312a6)
• cerebro memory enhancement layer (#466) (cd5838f)
• cerebro: add dashboard and gateway memory enhancement layer (e96f68d)
• cerebro: add embedded migration and TUI (#242) (06eeec2)
• chat: show memory recall indicators on agent messages (#470) (d0b28ef)
• ci: add comprehensive check pipeline to make all (8d01a94)
• ci: add PR Size Labeler workflow (#473) (0e24fe3)
• code search tool (#440) (d5dfcbb)
• complete #330 startup staged-image reaper and #365 missing session/memory i18n (#459) (77d96e9)
• conductor: implement conductor task routing and observability features (#157) (a4edf15)
• config: enhance CodeRabbit configuration with improved review instructions and auto-labeling (77db2ef)
• config: enhance CodeRabbit configuration with improved review instructions and auto-labeling (cb459fc)
• config: enhance site URL resolution and server configuration (ee371cb)
• cost: productize budget governance across runtime surfaces (#449) (81c72ad)
• cron: enhance job type validation and schema requirements (6c46e1e)
• dashboard: add local memory explorer (#469) (3fd197a)
• dashboard: add secure web admin configuration surface (#75) (7c17c50)
• dashboard: merge web chat into dashboard app (#476) (60c8de6)
• define cerebro distribution channels and dedicated docs presence (#396) (4f5ec99)
• define trusted skills distribution and installation model for corvus (#311) (47e894c), closes #261
• dev: align local dashboard flow with prod proxy (#244) (ecf4aff)
• enhance configuration and dependencies for code specialist sessions (530c6ca)
• Enhance dashboard with full agent config and mission governance (#139) (438ce2a)
• Enhance model routing specs, documentation, and validation features (#454) (e72ff28)
• Enhance pnpm configuration and implement mobile runtime parity (#372) (76a53ea)
• Enhance quick pair dashboard flow and improve code readability (#245) (556a334)
• enhance setup UX and automate git hook installation (#467) (6c42cf7)
• expand mcp platform support beyond tools only integration (#336) (646ee79)
• finalize code agent specialist delivery (1308150)
• finalize code agent specialist updates (5b68a8a)
• Harden security policy and introduce code_search tool enhancements (#442) (024aa20)
• i18n: add delete action to English and Spanish translations (35d3bdd)
• implement code-specialist session architecture and entry point (873a9d3)
• implement comprehensive auto-update system with centralized management and safety features (#142) (5138701)
• implement Docker runtime adapter with resource limits, network isolation, and workspace mounting. (a5e4d3d)
• Implement MCP support and update dependencies for agent runtime (#129) (6f7f105)
• implement McpClient for listing and calling microservice tools via command execution or HTTP, including mock support. (13f1d64)
• Introduce agent runtime configuration schema and create MCP tool adapter. (d221f8b)
• Introduce McpToolAdapter to integrate MCP tools, providing output limiting and argument validation. (a35b94a)
• introduce mission layer for autonomous objective orchestration (#132) (198353c)
• issue-273: unify onboarding and pairing flow across CLI, web, and mobile clients (#308) (c9efabf)
• issue-275: define canonical client surfaces capability matrix (90358e4), closes #275
• issue-278: cross-client i18n governance and shared UX/UI language (#310) (9538500)
• migrate memory to Cerebro MCP (#235) (ffaa3a0)
• multimodal image input mvp (#324) (b0aeb20)
• onboard: enable live model discovery for Copilot (#69) (ff48634)
• optimize CodeRabbit configuration for Corvus monorepo (#127) (9fca327)
• Phase 2 capability family crates with registries (#510) (c284503)
• plugins edge catalog domain (#73) (3fc8ea2)
• plugins: replace cosign CLI with native Sigstore verification for plugin signatures (#81) (c7eebd6)
• productize model routing with operator docs, config validation, and formal spec (#452) (8eb2b19)
• provider vision gating and Anthropic image adapter (#268) (#335) (d169a5a)
• router: log affected route hints when provider warmup fails (#463) (fa05f57)
• runtime image normalization pipeline with history support (#267) (#333) (fc2e18c)
• runtime: add audio input support with local transcription for Telegram (#413) (258d3c3)
• runtime: wire CostTracker to agent loop with budget enforcement (3854403)
• security: sonar security hardening and gateway refactor (#119) (5567957)
• service: add linger option for service install and restart commands (#71) (7af6bf3)
• simulate failure states in Rust and Kotlin runtime adapters (6c505fb)
• streamline installer updates and script layout (301f7d0)
• update: enhance update confirmation handling and improve state management (949d14e)
• update: implement update notification and confirmation handling (cdd772c)
• web: align visual design between docs and marketing apps (#124) (b9b7539)
• web: configure Codecov and Vitest coverage (#133) (e742b6d)
• web: root docs locale and portless dev flow (#192) (0bba656)
• web: unified visual design, a11y, and perf optimizations across all apps (#155) (f6b717d)

Bug Fixes

• [Snyk] Security upgrade astro from 5.17.2 to 5.17.3 (#152) (d46a273)
• 253 improve sonarqube coverage in the highest impact uncovered files (#286) (6c84864)
• address clippy review findings (d603366)
• address inline review comments from PR (04fa487)
• address runtime safeguards and release blockers (54b12a1)
• agent-runtime: align bootstrap behavior with runtime usage (15872ee)
• agent-runtime: complete rollout benchmark lint fix (8780e52)
• agent-runtime: finish rollout benchmark enum rename (8b786d9)
• agent-runtime: propagate routed provider runtime options (c63c15a)
• agent-runtime: remove duplicate test cfg attribute (b974927)
• agent-runtime: sanitize gateway fallback and extend blocking tests (7c2a770)
• agent-runtime: satisfy rollout benchmark lint (b4afa50)
• agents: correct destination path for skills symlink (0c34c6b)
• apply CodeRabbit auto-fixes (d8ccc59)
• apply CodeRabbit auto-fixes (b9ecd1f)
• apply CodeRabbit auto-fixes (#216) (fcc55b2)
• bootstrap: honor configured agent profile across runtime paths (5cb8150)
• cerebro: format runtime files for push checks (7daf8e7)
• cerebro: harden gateway contracts and dashboard guards (eea1fc5)
• cerebro: restore surreal storage migration checks (f2bb8a6)
• cerebro: satisfy runtime push lint checks (6bf3590)
• ci: add toolchain input to rust-toolchain action (7195d62)
• ci: align release workflow with app ruleset (fb7d107)
• ci: correct Sonar multicriteria configuration (aa2dc6b)
• ci: normalize cosign certificate output before verification (d055872)
• ci: pass --repo to gh release upload in release-assets job (1c08277)
• ci: remove Sonar quality gate mutation step (0af9c30)
• ci: resolve SonarQube workflow secret condition parsing (403befb)
• ci: restore missing scribe agent file (aac9f83)
• ci: restore Sonar coverage reporting and reduce major code smells (#121) (8e02231)
• ci: revert _publish.yml to v0.3.0 to fix release workflow (748d5a7)
• ci: stabilize make all by hardening dependency resolution (7586cdf)
• ci: stabilize release workflows (3919809)
• ci: use ARM64 runners instead of cross-compilation for linux-arm64 (3ca2396)
• clarify Cerebro constants, fix Spanish heading, remove circular spec ref, explicit ceiling, improve shell docs (#509) (37b187d)
• compose: avoid host-specific desktop lock drift (97dcee4)
• config: reorder imports and clean up pnpm-lock.yaml (85dd1c9)
• Consolidate documentation and address security findings (#280) (81728ba)
• contributor-report: correct formatting in pull request types and trusted users list (adf2e51)
• corvus: borrow tmp in rename call (e3c2e46)
• create coverage directory before generating Rust coverage report (7257b7c)
• dashboard: align cost governance tests and locale keys (3500dc7)
• dashboard: resolve all biome lint warnings (a8fb28e)
• dashboard: satisfy cerebro web push checks (6db38c3)
• dependencies: update shared package path and add vite dependency (51bd372)
• docs: avoid starlight id collisions across locales (9847892)
• docs: correct architecture diagram links (053d9ca)
• docs: correct guide links for architecture, release, and getting started (40f7686)
• docs: documentation cleanup and WebSearchTool security hardening (b1baef2)
• docs: remove duplicate sections in architecture.md and use DOCS_MODULE variable (290ea6a)
• docs: repair broken local links (f560f8c)
• docs: repair broken local links (#399) (ee07750)
• docs: resolve 404 issues by correcting relative links and moving diagram assets to public/ (34e0672)
• docs: resolve 404 issues, relocate diagram assets, and refine architecture guides (e7ae38f)
• docs: standardize spacing in YAML and improve readability in spec documents (522f1fe)
• docs: update architecture diagram links (3123fe7)
• docs: update architecture diagram links and overview references (febd998)
• docs: update sidecar isolation documentation and clarify health-check behavior (072d203)
• gateway: keep timeout idempotency keys retryable (2dcf5f5)
• gateway: reject empty origin and allow ipv6 loopback (eef51d8)
• gitignore: correct spelling of skills directory (d4c8164)
• gradle: exclude tooling configs from dependency locks (80b8489)
• gradle: reduce build-logic lockfile drift (1a87468)
• gradle: stabilize dependency lock checks (d88965c)
• gradle: update build-logic junit locks (78c6bf2)
• Harden sandbox isolation and update allowed status handling (#398) (b8d994e)
• health: add health checks for channel and scheduler components (aa89de4)
• health: implement health checks for channel listener and adjust tick intervals (f2d74a1)
• Improve Docker Compose examples and enhance documentation (fabaecf)
• improve formatting and readability in documentation files (57972e8)
• install preflight plugin signature (#77) (6b4c963)
• marketing: remove /en prefix from docs links to fix 404 errors (#281) (7cd314c)
• plugins: add Worker deployment step to publish workflow (c7e40cd)
• plugins: allow smoke checks to pass on 403 when fallback is enabled (6eabcf4)
• plugins: create pnpm store before cache save (8814790)
• plugins: enforce remote R2 and strict edge checks (9fe13ae)
• plugins: harden install preflight and signature verification (#76) (1af691f)
• plugins: harden plugin install verification and fetch security (#88) (7e1fdb8)
• plugins: harden worker smoke checks after deploy (a6b952d)
• plugins: make worker deploy step non-blocking in CI (f44fb15)
• plugins: make Worker deployment non-blocking (fec1908)
• plugins: make workers.dev smoke check authoritative (179c310)
• plugins: parse workers.dev URL from deploy logs (d3bbac7)
• plugins: publish plugin bundles to R2 by default (#74) (c8d964c)
• plugins: remove invalid --yes flag from wrangler deploy (3f4bbb6)
• plugins: set deploy_to_r2 output and make smoke test conditional (5116690)
• plugins: update code signing EKU OID encoding and improve Fulcio intermediate handling (#86) (f22ede4)
• Potential fix for code scanning alert no. 418: Untrusted Checkout TOCTOU (#191) (0f50e45)
• Potential fix for code scanning alert no. 425: Untrusted Checkout TOCTOU (#369) (bf3f1e7)
• prompt: centralize compact context truncation limits (4ea0851)
• quality: reduce cognitive complexity and fix pre-existing bugs (#135) (3fccacd)
• quality: reduce cognitive complexity and fix shell script issues (#136) (9152639)
• reduce concurrency limits and remove post-update options in renovate configuration (88bab39)
• Refactor runtime and scripts; extract common UI components (#143) (7e159fa)
• release: align web package versions with v0.2.3 (0684d60)
• release: harden release-please diagnostics (#451) (668c9b9)
• release: publish stable artifacts from github releases (#462) (d3bfae0)
• release: refresh agent-runtime lockfile for 0.1.13 (5636807)
• release: remove unused cargo patch for locked builds (22eac3f)
• release: stabilize monorepo release automation (6c9ea27)
• release: sync agent-runtime lockfile version (8019362)
• release: sync Cargo.lock files and add auto-sync workflow (2bd57ac)
• release: sync Cargo.lock for v0.3.2 (eac184d)
• release: track Rust src/bin/ sources excluded by gitignore (ee8449c)
• release: update corvus version to 0.1.14 in Cargo.lock (9e43517)
• remove reduced motion !important overrides (bdc651b)
• renovate: migrate to renovate.json5, fix invalid JSON, enable managers, add memory optimizations (#434) (7010efc)
• renovate: update renovate.json5 to use YAML-like syntax for configuration (d237b5f)
• repair http_request and pushover tests (734f372)
• resolve all SonarCloud code smells and improve test coverage (#351) (5e0c8a5)
• resolve PR review blockers (4ce00b6)
• resolve Renovate memory issues and Kotlin compiler OOM (b1fee6a)
• resolve SonarCloud quality gate issues across all surfaces (#309) (7d5336a)
• runtime: refine cost warning and estimation diagnostics (6a19a63)
• security: enforce security policy and rate limits in WebSearchTool (7bf0d1e)
• security: harden ImageInfoTool security and redact internal paths (d591be6)
• security: harden ImageInfoTool with rate limiting and symlink protection (9b3e388)
• security: harden path validation and block shell input redirection (#357) (167dec6)
• security: ignore RUSTSEC-2023-0071 advisory until fix available (202c76d)
• security: moved record_action after provider validation in WebSearchTool (4170d78)
• security: prevent path validation bypass via command flags (#516) (a2e511b)
• security: resolve multiple dependency vulnerabilities (#82) (54e1b81)
• shared: standardize CSS import syntax in app-shell.css (08b964a)
• sonar: reduce false positives and improve analysis signal (faaf003)
• sonar: relax gate threshold and refactor peripheral handlers (172f350)
• sonar: resolve monthly code quality findings (#475) (1099e65)
• standardize spacing in YAML and markdown files for improved readability (86849b0)
• update author name in command line parser (e1aca54)
• use --cobertura instead of --xml for cargo-llvm-cov (d0910d4)
• web: align CSS imports with stylelint (1db2c8d)
• web: remove !important lint violations in docs CSS (#108) (ae2291f)

Performance Improvements

• ⚡ Optimize Chat Workspace Performance (#80) (92fc5ac)
• compose: optimize chat workspace recompositions (#241) (3dfbad3)
• compose: remember PasswordVisualTransformation in passwordTextField (#193) (88db9e5)
• Enhance Docker setup for dashboard with improved config bindings (#151) (0a64bb3)
• web: destructure composable returns for template auto-unwrapping (#456) (fa4d07b)

---

This PR was generated with Release Please. See documentation.

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	ca116d4
Status:	✅  Deploy successful!
Preview URL:	https://f3df2185.corvus-42x.pages.dev
Branch Preview URL:	https://release-please--branches--ma.corvus-42x.pages.dev

View logs

[github-actions]

✅ Contributor Report

User: @dallay-bot[bot]
Status: Trusted contributor (whitelisted)

This user is on the trusted contributors list and was automatically approved.

[dallay-bot]

🤖 Created releases:

• v3.0.0

🌻

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud