chore: release main

[dallay-bot]

🤖 I have created a release beep boop

corvus-runtime: 3.8.0

3.8.0 (2026-05-05)

Features

• agent-runtime: add dream system consolidation (4820d2b)
• agent-runtime: add dream system consolidation (d0170ab)
• agent-runtime: add session inspect and list commands (bac9596)
• agent-runtime: add session inspect and list commands (768a5df)
• agent-runtime: add task tools and session discoverability (8758858)
• agent-runtime: expose track 4 orchestration lifecycle state (7b2c679)
• agent-runtime: expose track 4 orchestration lifecycle state (1928463)
• agent-runtime: publish tooling parity aliases (c741afc)
• ci: enhance URL validation in HttpGetTool and improve version parsing (41b69f1)
• coordinator: add foundational components for coordinator functionality and update timeout durations (6961e8c)
• coordinator: complete track 4 slice 1 foundations (753cd53)
• Enhance workflow permissions, fix detekt alerts, and add Rook dashboard (e43fc1a)
• implement supervised child lifecycle for Track 4 Slice 2 (92d591c)
• orchestration: add mailbox-backed slice 3 delivery (0f811dc)
• orchestration: add mailbox-backed slice 3 delivery (1a566eb)
• orchestration: supervised child lifecycle tools and coordinator (Slice 2) (5c8e23b)
• Persist Rook provider account health state (930700f)
• rook: add embedded operator dashboard flows (c51c8c1)
• rook: document operational health probes (133d341)
• rook: implement routing engine with strategy dispatch and fallback chains (d634ae1)
• runtime: add dream hooks for generated sessions (d200610)
• runtime: add slash command registry core (d89056c)
• runtime: add slash command registry core (3310f7e)
• runtime: complete orchestration parity contract (2e34682)
• tools: implement alias resolution for search, fetch, and task tools (c2cb49e)

Bug Fixes

• address PR #602 inline review comments (687bb84)
• agent-runtime: address Dream review follow-ups (f1e7c7d)
• agent-runtime: block on Dream completion lock (a1354f5)
• agent-runtime: box handled session command success (4665653)
• agent-runtime: carry escalation state through child lifecycle (06d4dce)
• agent-runtime: enforce slash command caller permissions (d83d3ca)
• agent-runtime: enforce slash command caller permissions (01107fa)
• agent-runtime: import hmac key init in webhook test (89f5448)
• agent-runtime: reduce session command clippy footprint (ce64ee1)
• agent-runtime: restore rust hashing and hmac checks (61d0049)
• agent-runtime: satisfy slash permission lint (280ab35)
• agent-runtime: stabilize blocked coordinator inspection narrative (83a43f5)
• agent-runtime: stabilize blocked coordinator inspection narrative (56ff071)
• agent-runtime: structure blocked child escalation state (460803e)
• agent-runtime: tighten Dream validation and recovery (2dec988)
• agent-runtime: unblock pre-push clippy checks (09d1936)
• apply CodeRabbit auto-fixes (360176f)
• build-logic: avoid config-cache lock check failure (ddc0cdf)
• cerebro: align MCP contract with implemented surface (c8f3f69)
• cerebro: align MCP contract with implemented surface (5eba3c5)
• cerebro: harden production readiness (725b3ea)
• cerebro: update Makefile and Docker paths from modules/cerebro to clients/cerebro (27c4a1b), closes #699
• code-scanning: resolve naming and gradle style alerts (2e206ce)
• correct Duration::from_mins usage, refactor announcement helpers, and fix Vue edge cases (7efc729)
• deps: restore compatibility for consolidated dependency updates (7d406a2)
• firmware: remove vulnerable xmas-elf dependency (9d90878)
• fix TOCTOU in from_path and add security tests (fcbae94)
• reject absolute paths in Telegram attachment resolver to prevent path traversal (fbc8026)
• reject absolute paths in Telegram attachment resolver to prevent path traversal (8907055)
• release: update artifact upload action version and improve release component resolution (a7b3138)
• replace non-existent Duration::from_mins, refactor Vue announcement helpers, and fix edge cases (37d5a96)
• rook 583 apply (721302f)
• rook: clean up merge conflict files, re-apply fixes (192cdb3)
• runtime: address verified review regressions (5d16d9f)
• runtime: allow staged dream re-exports (7732cad)
• runtime: satisfy orchestration clippy gates (a170a86)
• runtime: satisfy orchestration lint gates (4ec0078)
• runtime: satisfy slash registry clippy check (50b471a)
• rust: format observability security alert cleanup (82fbb73)
• security: add CSP headers, harden Vite dev server, and fix weak RNG fallback (a3da395)
• security: block URL-encoded policy bypasses (cdc34be)
• security: block URL-encoded policy bypasses (9efd810)
• security: complete test constant extraction in webhook security tests (28c219e)
• security: format encoded bypass coverage (31226ae)
• security: harden package manager command and argument validation (63bc62b)
• security: harden package manager command and argument validation (9bf7c89)
• security: harden path handling for telegram and skills (e075b2d)
• security: harden SecurityPolicy against quote-based bypasses (46203fb)
• security: harden SecurityPolicy against quote-based bypasses (SONAR:SEC-001) (a70ec1e)
• security: neutralize critical code scanning alerts (0d33552)
• security: reject quoted direct paths (f497653)
• security: remediate semgrep findings for secrets and shell IFS tampering (020db43)
• security: resolve code scanning hard-coded cryptographic value alerts (e6d31cf)
• security: resolve code scanning hard-coded cryptographic value alerts (82c7e0e)
• security: validate raw paths before normalization (f31a3b8)
• tooling: add local sonar review workflow (70fee4e)
• tooling: add local sonar review workflow (929695b)
• tooling: address review follow-ups (cb6da04)
• use unique temp filename in from_path test to avoid parallel collisions (b820b7a)
• verify findings from track-4-slice-1 verify-report (0ef9b53)

rook: 3.8.0

3.8.0 (2026-05-05)

Features

• coordinator: add foundational components for coordinator functionality and update timeout durations (6961e8c)
• Enhance workflow permissions, fix detekt alerts, and add Rook dashboard (e43fc1a)
• implement supervised child lifecycle for Track 4 Slice 2 (92d591c)
• introduce in-process coordinator foundations for Track 4 orchestration (29bf8c3)
• orchestration: add mailbox-backed slice 3 delivery (0f811dc)
• Persist Rook provider account health state (930700f)
• rook: add admin API for operator management (0a281a0)
• rook: add admin audit trail and fix repo build (9f3529e), closes #599
• rook: add config baseline, doctor, and health endpoints (4338801)
• rook: add distribution channels and release wiring (f2121c1)
• rook: add distribution channels and release wiring (8b1dce2)
• rook: add embedded operator dashboard flows (c51c8c1)
• rook: add embedded operator dashboard flows (a98c315)
• rook: add gateway usage accounting (8381b6b)
• rook: add gateway usage accounting (a786870)
• rook: add OpenAI-compatible gateway endpoints (41d7539)
• rook: add pools routes and health dashboard flows (1add3fa)
• rook: add principal-aware rate limiting (038a96e)
• rook: add principal-aware rate limiting with pruning (8bd0024)
• rook: add production observability metrics (ef845e1)
• rook: add production observability metrics (0583815)
• rook: add production readiness operations (2ae73ba)
• rook: add production readiness operations (4ea27bd)
• rook: add Prometheus observability metrics (d21fc8a)
• rook: add Prometheus observability metrics (fe32883)
• rook: add SQLite persistence for ProviderAccount, ProviderPool, ModelRoute, and RoutingPolicy (c6d1b82)
• rook: add SQLite persistence for ProviderAccount, ProviderPool, ModelRoute, and RoutingPolicy (b99530a), closes #583
• rook: add upstream resilience controls (5e11013)
• rook: add upstream resilience controls (5978f5a)
• rook: build registry services for account, pool, route, and settings (ec1ee5f)
• rook: build registry services for account, pool, route, and settings (9bc818e), closes #584
• rook: document operational health probes (133d341)
• rook: document operational health probes (4672c6b)
• rook: embed dashboard assets and coordinate single-binary startup flows (264bfa1)
• rook: embed dashboard assets and coordinate single-binary startup flows (4a7cba2), closes #582
• rook: finalize tui setup and troubleshooting boundary (b930dae), closes #597
• rook: harden gateway transport and chat delivery (93efa55)
• rook: harden security defaults and secret boundaries (dadc02d), closes #598
• rook: implement operator dashboard and tui route inspection slices (6a340d9)
• rook: implement routing engine with strategy dispatch and fallback chains (d634ae1)
• rook: implement routing engine with strategy dispatch and fallback chains (9a96954), closes #586
• rook: implement shared domain services for accounts, pools, routes, and health (08e3bc8)
• rook: implement shared domain services for accounts, pools, routes, and health (7b763f8), closes #581
• rook: persist provider account health state (0932893)
• rook: scaffold package layout with domain types, CLI, and module stubs (a9ee3a7)
• rook: scaffold package layout with domain types, CLI, and module stubs (c723f32), closes #580

Bug Fixes

• address sonar quality findings (ea6dd3a)
• address sonar quality findings (7c73d95)
• apply CodeRabbit auto-fixes (895527c)
• apply CodeRabbit auto-fixes (445a2d0)
• apply CodeRabbit auto-fixes (2fd8667)
• resolve detekt code scanning alerts in ChatComponents, MobileRuntimeCoordinator (1eb6a9e)
• rook 583 apply (721302f)
• rook: add config export and env overrides (e2d1325)
• rook: add config export and env overrides (b166398)
• rook: add ID newtype accessors and ProviderVendor near-miss deserialization (40315f3)
• rook: address code review findings for routing engine (b2d551c), closes #586
• rook: address inline review findings for routing engine (5dad006)
• rook: address observability review findings (cfdeff2)
• rook: address PR #605 review comments (e19f2a5)
• rook: address PR review findings (8aaaf6a)
• rook: address production readiness review (b152a04)
• rook: address review findings (14e1721)
• rook: address usage accounting review feedback (a532f60)
• rook: address workflow and packaging review feedback (5a196d5)
• rook: align admin probes and config export (4cc7a93)
• rook: clean up merge conflict files, re-apply fixes (192cdb3)
• rook: fix ProviderVendor::Other serde and add serialization tests (4eaeac2)
• rook: harden admin API error and integrity handling (fdd13c2)
• rook: harden gateway secret handling and startup wiring (5ddeb41)
• rook: harden observability and diagnostics (24ab684)
• rook: implement operational doctor diagnostics (6e92609)
• rook: implement operational doctor diagnostics (a5184e5)
• security: reject quoted direct paths (f497653)

---

This PR was generated with Release Please. See documentation.

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	9819a91
Status:	✅  Deploy successful!
Preview URL:	https://0c0d0c5a.corvus-42x.pages.dev
Branch Preview URL:	https://release-please--branches--ma.corvus-42x.pages.dev

View logs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dallay-bot]

🤖 Created releases:

• corvus-runtime-v3.8.0
• rook-v3.8.0

🌻