Releases: sageox/ox
Release list
v0.11.1
[0.11.1] - 2026-07-01
Review feedback on plans is sacred — this release makes sure none of it can be lost, no matter what happens to the review server, the browser tab, or the plan itself.
Fixed
- The review page now tells you the moment feedback stops being saved — if the review server exits (idle timeout, Ctrl-C, a crash), the page immediately shows a clear "offline — feedback is NOT being saved" banner with the exact restart command to copy, instead of looking live while submissions silently fail. Unsent marks stay safely in the browser and are restored on reconnect.
- Restarting a review picks up exactly where it left off —
ox plan reviewserves each plan at a stable address, so the tab you already had open reconnects on its own (marks intact) when you restart, and re-running the command against an already-open review reuses the running one instead of starting a stranded twin. - Reloading the plan while the server is down still shows the plan — the page keeps a local copy of itself, so a reload lands in clearly-marked disconnected mode instead of a browser error screen.
- Your marks follow the plan as it changes — when an AI coworker updates a plan, open review notes are re-anchored onto the content they referred to, so a reworded heading no longer detaches your comment. Notes whose content truly disappeared stay visibly open and keep appearing in every digest — nothing is ever dropped.
- Ask about review feedback later — reviewer notes on plans now appear in local search, so "what did Sam flag on the auth plan?" finds the reviewer's actual words, not just the plan.
- Two coworkers resolving review items at the same time no longer lose one of the updates.
v0.11.0
Added
- Publish a plan as a Claude Code Artifact —
ox plan render --artifactexports a plan as a single self-contained page that renders right inside Claude Code with no network access: diagrams are inlined and nothing loads from a CDN. Its prior-art links still work, so a shared plan stays a jumping-off point back into your team's history. - Live human review on a plan, before any code is written —
ox plan reviewnow waits for your reviewers and shows their feedback the moment it lands, so an AI coworker can pause for a real decision instead of guessing. Every note is saved with the plan. - Plans render charts, not just tables — line, bar, area, and scatter charts now appear inline in a rendered plan, so a plan full of numbers shows the trend at a glance.
- Quicker to navigate a plan — prior-art references (related PRs and past sessions) are clickable links back into your Ledger, and code blocks are syntax-highlighted.
Changed
- Sharper plans from every AI coworker, not just Claude — plan rendering now coaches any agent (Claude, Codex, Gemini) to add a diagram or UI sketch where prose was hiding one, and to fold that in while the plan is being written. It also stops asking for a diagram when a chart already tells the story.
- HTML plans open the right way on their own — ask for an HTML plan and ox opens the polished, team-context-aware view instead of a hand-rolled one-off (set
SAGEOX_PLAN_HTMLto opt out). - Smarter visual suggestions and cleaner layouts — the renderer points out where a visual would help based on what the plan says, and packs busy sections into tidier layouts.
- Full dependency license transparency — ox now ships a
THIRD_PARTY_NOTICES.mdlisting every dependency and its license.
Fixed
- Background sync no longer gets stuck on a broken rebase — if a synced repo's git state wedges (even the rare "zombie" case git can't unwind on its own), the daemon now clears it automatically and
ox doctorrepairs it, so your team's history keeps flowing instead of silently stalling. ox sync --teamshows accurate per-team status — real results and details for each team, instead of one lumped-together summary.--titleand--jsonnow work when importing documents and media — set a title on import, and get the new recording's id back in--jsonoutput.- Clear message when an access token has expired — token checks no longer hang or retry in silence; ox tells you to sign in again.
- No stray telemetry errors after you log out — ox stops sending background telemetry (and the errors that came with it) once there's no active session.
v0.10.1
Added
- ox installs its skills and commands into Codex and Droid, not just Claude Code — capability injection now follows an explicit two-layer model with a cross-agent conformance test, so the portable "floor" (prime, consult-first recall, plan enrichment, session review, cart lifecycle) reaches every supported agent, and the per-agent ergonomic surfaces can no longer silently drift or orphan.
ox import --kb <slug>brings media and video-URL import to Knowledge Bubbles — import now reaches bubbles at parity with team contexts (mutually exclusive with--team), streaming large media files through a presigned upload so they never load fully into memory.ox code prsranks indexed pull requests for triage — a new deterministic view (no LLM, no live API) that surfaces the most-stalled open PRs first, each row carrying age, idle-days, comment/reviewer/discussant counts, and labels (--sort age|activity,--state). Backed by ADR-019 phase-1 resolvedsymbol_edges, which also makeox code calls/calledbymore accurate.- Knowledge Bubbles now appear in
ox daemon status— the daemon reports every bubble it has synced to disk (slug, type, freshness), plus a badge showing whether this daemon keeps them fresh or a sibling daemon does. Previously the daemon synced bubbles silently with no way to see what was happening. ox doctorgained knowledge-bubble repo health checks at parity with ledgers and team contexts — detects bubbles the cloud lists but that were never cloned, bubbles wedged in a stuck merge/rebase (which silently block sync for every project), and bubbles whose sparse-checkout dropped.sageox. Repairs route through the daemon so they never collide with an in-flight sync.
Changed
- Knowledge Bubbles are now first-class in daemon status output — the JSON
bubbles[]array and a human-readable "Knowledge Bubbles" section make it clear which bubbles are local, fresh, and who is responsible for syncing them. - Rendered plans own their SageOx brand surfaces —
ox plan rendernow emits the OX icon, a single subtle corner wordmark, and deterministic inline reference markers itself, so agents no longer hand-roll look-alike branding that drifts or duplicates. A marker means "SageOx has context on this," never a verdict — whether a plan aligns with or amends a decision stays the agent's call.
Fixed
ox daemonno longer holds one open file descriptor per tracked file — the recursive fsnotify/kqueue watcher opened a descriptor for every tracked file and directory, so FD usage scaled with repo size (≈11k on a large repo — enough that a few daemons together approached half the machine's FD table). It's replaced by lightweightgit statuspolling that holds zero watch descriptors, honors.gitignorefor free, and feeds the exact same downstream change pipeline.ox doctoralso gained an absolute FD-pressure ceiling so a watcher-class regression trips regardless of the shell's raised limit.ox daemon statusreports garbage-collection state correctly — GC timestamps now persist to disk, so a daemon restart no longer reads every workspace as "gc due" and needlessly reclones it once per hour. The misleading "gc in 6d ago" / "(last 3d ago ago)" wording is fixed.
v0.10.0
Added
- Cross-agent HTML plans with a human review loop —
ox planrenders a team-context-enriched plan as a self-contained HTML page for any coding agent, not just Claude Code, backed by a catalog of reusable visualizations (timelines, collision maps, sequence diagrams). A new review loop (ox plan review) serves the plan for inline human feedback, so a reviewer can shape the approach before any code is written — and the feedback is captured back to the ledger. - Just-in-time
ox plan enrichhint while drafting — during plan mode (Claude Code),oxnudges the agent to fold deterministic team context (collisions, prior art, expert routing) into the plan while it is being drafted, so enrichment lands in the first draft a human sees rather than being bolted on after.
Changed
- Natively aligned Knowledge Bubbles in
ox status— the bubble listing now uses a label-column layout with owner and bubble names aligned in their own column, so the section reads as a clean table rather than ragged, variable-width rows.
Security
- Adapter integrity, a single redaction chokepoint, and environment + clone hardening (ADR-022) — installed AI adapters are integrity-verified before use, every redaction path now funnels through one chokepoint that is far harder to bypass, and both environment-variable handling and team-context clones were hardened against credential leakage and untrusted-prompt injection.
Fixed
ox agent tasksno longer panics when called with no subcommand — invokingtasksbare previously sliced an empty argument list and crashed; it now guards the slice and prints usage.
v0.9.0
[0.9.0] - 2026-05-28
Added
- Pause and resume sessions —
ox session pauseandox session resumelet you suspend an in-progress recording and pick it back up later without losing context, with a proper session lifecycle (active → paused → resumed → stopped) underneath. Long-running work that spans breaks, meetings, or machine restarts is now captured as one coherent session instead of fragmenting. - Ephemeral mode for throwaway environments — set
OX_EPHEMERAL=1to run ox in a capability-based mode tuned for short-lived sandboxes (Codespaces, CI, dev containers): no daemon assumptions, session finalize syncs inline, and Codespaces is now detected reliably. The old per-command--ephemeralflag is deprecated (a flag on a single command silently drifted back to non-ephemeral on the next invocation in the same shell) — set the environment variable instead. - Personal access token auth via
SAGEOX_TOKEN— non-interactive environments can authenticate by exporting a SageOx PAT inSAGEOX_TOKEN, no browser login required. ox warns on stderr as the token nears expiry so automation doesn't fail silently. - Faster clones on large repos — code-search and ledger clones now support shallow, partial (blobless), and shared-alternates fetching, cutting both wall-clock time and disk for big histories.
- Performance metrics in
ox doctorand the daemon —ox doctornow reports timing for its checks and the daemon exposes per-subsystem performance counters, making slow setups diagnosable instead of mysterious. /security-reviewpipeline — a diff-scoped, two-tier (deterministic OSS scanners + AI hunter/validator) security review you can run on demand. Never blocks merge; surfaces input-handling bugs, redaction-bypass risks, daemon IPC authz holes, and supply-chain issues. Seesecurity/README.md.- Durable session commit + PR/issue linkage — sessions commit atomically and maintain a reverse index linking each session to the PRs and issues it touched, with stale-URL repair. Past work is now discoverable from the PR/issue side, not just the session list.
- Knowledge Bubble as a workspace primitive (ADR-017) — the resolver, config, and file-locking foundation for treating personal/team/repo knowledge ("bubbles") as first-class workspaces.
- Customer-facing env-var namespace convention — sageox-mono ADR-047 ("Customer-Facing Env Var Namespace") is the canonical home for the rule that customer-facing SageOx env vars use
SAGEOX_*(product/auth/network identity) andOX_*is reserved for CLI-local behavior flags. The legacy customer-facingOX_TOKEN/OX_ENDPOINTnames are removed;internal/auth/env_naming_test.goguards against re-introduction. The matching sageox-mono ADR-046 ("Credential Classes and Principal Normalization") is now Accepted with companion sections D7-D10 covering the PAT validation contract, principalAuthMethod, customer-facing surface, and cryptographic-separation targets. - Local recall on every prompt — the UserPromptSubmit hook prepends
ox query --localrecall, local-only by default (ADR-018). - New
hooks.userpromptsubmit.cloud_queryconfig key (defaultoff) opts the UserPromptSubmit hook into a parallel SageOx cloud query. When enabled, prompt content is redacted via the session secrets pipeline before any byte leaves the machine, and the cloud path silently degrades to local-only ifox loginhas not run.ox doctorreports the effective value and the privacy/recall tradeoff.
Changed
- AI adapters stop fast on terminal errors — when a host agent hits an unrecoverable condition (e.g. a rate-limit/quota wall), the adapter detects it and stops promptly instead of retrying into the same wall.
- Daemon team discovery relaxed from every 5 minutes to hourly — less background chatter and CPU for a signal that changes rarely.
ox session audit and ox session redact now require an explicit scope
Bare invocation used to silently hydrate and scan the entire ledger — a multi-minute LFS Batch fetch that could process hundreds of sessions without the operator's consent. The command now refuses to run without one of:
--session <name>(repeatable) — limit to specific sessions--since <date>/--until <date>— half-open lexicographic window against the ISO-prefixed session name (e.g.--since 2026-04-01)--all— explicit opt-in to the full-ledger sweep
--all is mutually exclusive with the narrowing flags. Mistyped --session names error before any hydration begins, so a typo no longer triggers minutes of unnecessary LFS fetch followed by an error. The full-ledger sweep that used to fire on bare ox session redact is preserved verbatim under --all.
Fixed
ox doctor redaction-debt guidance now points at a command that exists and works
The 0.8.1 ledger-redaction-debt doctor check told the user to run ox session redact <session> for interactive cleanup of a quarantined session. No such positional surface existed — cobra silently dropped the positional and scanned the entire ledger. The fix is two-part:
- The doctor message now emits a copy-pasteable
ox session redact --session <name>command for each quarantined session (up to five, with a "+N more" hint above that). ox session redact --session <name>now also walks.sageox/cache/quarantine/<name>/for the targeted sessions. For JSONL quarantine, it redacts at the quarantine path via the canonical chokepoint, moves the file back tosessions/<name>/, appends aRedactionPasstometa.json, and removes the debt marker on success. Non-JSONL quarantine is listed as "manual scrub required" — the chokepoint applies the raw-writer redaction stack and expects JSONL.
Before this PR, the doctor warning pointed at a command that couldn't help: the forward path (prepush_autoredact.quarantineUnredactableFindings) had moved the bytes OUT of sessions/<name>/, and the backward path only walked sessions/. Recovery required manually inspecting, scrubbing, and moving files back. Now ox doctor → copy-paste → done.
Daemon and sync reliability
- The daemon no longer deletes its IPC socket file when a superseded instance shuts down, so a freshly-started daemon stays reachable instead of leaving the CLI unable to connect.
- Code-search self-heals a corrupt bleve
_mappingautomatically and falls back to SQL-only insights, instead of failing the query outright. - Observability exports now attach a fresh JWT Bearer token per OTLP request, fixing dropped telemetry once the initial token expired on long-running daemons.
- Ledger pushes that wedged in a "U" (unmerged) state are now surfaced and audited rather than silently stalling, and the summary push no longer writes to a
/tmpscratch path.
Security
Redaction-debt markers are now validated against path-traversal
The quarantine integration above reads .sageox/cache/redaction-debt/<session>.json markers to locate quarantined bytes. An attacker with write access to that directory could previously craft a marker whose quarantine_paths[].to pointed outside the ledger (e.g. ../../../tmp/owned.jsonl); when the operator next ran ox session redact, the marker-driven os.Rename(quarantineAbs, inPlaceAbs) would overwrite arbitrary files reachable by the operator's UID. Threat model is narrow — the attacker already needs ledger write — but it escalates "ledger-writer" to "arbitrary-file-writer at operator UID."
The fix rejects any marker whose session_name contains a path separator or .., whose marker filename doesn't match the embedded session_name, or whose quarantine_paths entries aren't direct children of sessions/<sess>/ (source) and .sageox/cache/quarantine/<sess>/ (destination). Defense-in-depth safeRelativeUnder checks at the os.Rename / os.Open call sites block any path that slips past the marker-shape guard.
Closes #608.
.claude/settings.json no longer rewritten on every session
Before this fix, ox could silently rewrite a user's .claude/settings.json on every Claude Code lifecycle event (via the daemon's 30-minute autofix tick, and on session start when the hook set drifted). The rewrite came from running the file through encoding/json's defaults: literal <, >, & inside a permission rule got escaped to <, >, &; hand-written \uXXXX source escapes were decoded to literal runes; trailing newlines were stripped; and indentation inside opaque blocks like permissions was normalized to two-space. Each rewrite produced bytes that drifted from on-disk on the next pass too, so the file churned in a loop even when no content had actually changed.
The fix replaces the encoder with one that has SetEscapeHTML(false) and preserves a trailing newline, and switches the "already canonical?" guard from byte equality (which the previous tests proved was satisfiable in lockstep with the encoder's own output but never against real user content) to a combination of strict-shape detection plus semantic content comparison. Result: doctor and the daemon autofix now leave user-authored files alone if Claude Code can read them, and only rewrite when the on-disk hooks shape is one Claude Code actually rejects.
Regression tests seed adversarial inputs that would have failed the byte-equal guard on every pass — literal HTML characters in permission rules, tab indentation, trailing newlines — and assert the file is byte-identical across two consecutive checks.
v0.8.1 — never-block credential gate
Pre-push credential gate no longer blocks routine pushes
0.8.0 introduced a pre-push secret scanner that scanned every file in the push range and refused the push from the client any finding that was not redacted. This includes fixes:
- the gate is now scoped to SageOx generated content
- secrets found in session recordings are quarantined locally outside of git and thus never-block pushes (and never leave machine)
- quarantined files are auto-recovered if new redaction rules are applied by future 'ox doctor' versions
v0.8.0
Added
Modular team rules with first-class context-budget accounting
- Team rules now live as one-file-per-concern under
<team-context>/agents/rules/<topic>.md(subdirectories supported, walked recursively). Mirrors the muscle memory of Claude Code's.claude/rules/and Cursor's.cursor/rules/, scaled up to team scope. Frontmatter spec coversname,description,repos,audience,visibility,status,from-discussion.visibility: alwaysrules are inlined inox agent prime;visibility: indexedrules emit a catalog entry only and the agent reads them on demand. Backward-compat fallback tocoworkers/rules/for any teams that adopted that location early. ox agent primeXML now reports a<context-budget>block split by content source (sageox / team / project). The split lets SageOx be measured on its own tool overhead instead of conflating it with team-authored content. It flows through every layer: per-prime budget, per-heartbeat per-source aggregation, daemon-side cumulative tracking, andox agent list's per-source footer. The schema is open — adding a new content source takes one new constant ininternal/prime/types.goplus tagging emit sites.- New
<rule-promotion-guidance>block in prime XML proactively coaches AI coworkers to ask before publishing a project-local rule team-wide ("this looks like it could apply to your whole team — want me to also add it under<team-context>/agents/rules/?"). Default to asking; never silently publish. - New
<team-rules-budget>block reports the running token cost ofalways-tier rules so teams self-regulate rule-library size. - Regression-test guard on minimal-prime SageOx overhead (currently ~600 tokens, ceiling 1500). A future change that quietly adds 5K of
<instructions>blocks itself on review.
Bundled topical guides via ox guide
- New
ox guide [topic]reads from//go:embed'd markdown — no internet required, no docs-site dependency. Five starter guides ship:team-rules,agents-md,team-context,murmur-vs-rule,getting-started.--rawflag emits unrendered markdown for AI agents that prefer plain text. ox init,ox import,ox murmur, andox agent team-ctx--help now cross-reference the relevant guide so users discover them in context.- Prime XML's commands table includes a new "learn how to do something in ox" row pointing at
ox guide [topic].
Adapter rule installation under .claude/rules/sageox/ namespace
cmd/ox-adapter-claude-codenow installs a second rule alongside the canonical.claude/rules/ox.md:.claude/rules/sageox/use-team-context.md— a "MORE RULES → here" pointer that teaches the agent to discover team rules in their canonical home rather than syncing every rule into every cloned repo. No mirror semantics, no conflict resolution, no per-adapter sync coverage gap. Thesageox/namespace reserves room for future SageOx-installed rules without polluting.claude/rules/withox-feature1.md,ox-feature2.md, ... siblings.cmd/ox-adapter-droidmirrors the same pattern under.factory/rules/sageox/.handleUninstallRuleswalkssageox/and removes only ox-stamped files (preserves user-authored content), then cleans up the empty namespace dir. Works around an agentx-v0.1.10 limitation whereExtractCommandHashonly inspects the first line and misses files with frontmatter.
Rules-support scaffolding for the remaining adapters
- New
rules.gofiles forox-adapter-codex,ox-adapter-amp,ox-adapter-aider,ox-adapter-gemini,ox-adapter-opencode, andox-adapter-pi— each documenting the May 2026 state of that agent's rules surface. None of these agents has a Claude-Code-style modular behavioral rules directory today (Codex's.codex/rules/is for Starlark execution policies, not behavioral content). The handlers are stub no-ops, NOT wired intomain.go, and the adapters do NOT advertiseCapRulesInstaller. When upstream adds modular rules, flipping the wiring on is a 3-line change per adapter.
Changed
Reference docs regenerated
docs/reference/is now in sync with current cobra command definitions. Addsguide.mdx,session/repair-meta-summary.mdx, andsession/token-optimize.mdx. Drops a staledistill.mdxthat was never registered as a root command.
Adapter ergonomics
- The Amp adapter now records sessions via a user-global
ox-bridgeplugin. No per-repo configuration needed — install once and every Amp session in every cloned repo is captured automatically. adapter-pinow detects its host agent's identity from thePI_CODING_AGENTenvironment variable instead of fragile process-name heuristics.--format=jsonis now accepted as a hidden alias for--jsonacross the CLI, so scripts written against either flag work everywhere.
Fixed
Daemon CPU & resource hygiene
- Eliminated four recurring hot-loop CPU patterns that could pin a core under steady-state idle. Affected paths: failed session-upload retry, project-watcher tear-down, IPC reconnect, and friction-event drain.
- Closed a file-descriptor leak that occurred when the daemon ended up watching a directory that turned out to be gitignored. Long-running daemons no longer accumulate FDs proportional to gitignored-subdir churn.
Doctor accuracy
- Credential checks now run after the post-EEQI bootstrap so doctor no longer flags freshly-rotated credentials as missing on the very next run; user-facing guidance was also corrected to point at the right remediation command.
- Doctor scan gained correct session scoping, automatic hydration of LFS-stub recordings, catalog-identity verification, and an append-only redaction trail so previously-redacted content stays redacted across re-scans.
ox doctor --force-session-uploadsnow actually re-uploads past failed sessions instead of being a silent no-op.
Session reliability
ox session stopnow writes the prompt + pointer commit inline so finalize is atomic. Previously the two writes could interleave with daemon work and leave a session half-committed for up to a minute.
Security & redaction
- Additional credential-redaction patterns close gaps in friction-event sanitization and team-context git-URL handling. Strengthened path-traversal, auth, and LFS size-bound checks per the latest internal review.
Code search resilience
codedbself-heals a corrupt bleve sub-index without forcing a full reindex. On large repos this drops recovery time from "several hours" to "2–5 minutes."
v0.7.2
Added
Session summarization is now configurable and observable
- New
agent.summarizersetting picks who runs the LLM that summarizes a session at stop.inline(default) runs it in the calling agent's already-warm prompt cache — cheap, but blocks the user for ~30–120s.delegatedruns it in the daemon as a background subprocess — non-blocking, but pays the full input-token cost on every stop.offskips LLM summarization.cloudis reserved for future SageOx cloud-side summarization. - The legacy
SAGEOX_ASYNC_SESSION_UPLOADandOX_SESSION_INLINE_SUMMARYenv vars still work for one release as deprecation aliases, with a warning pointing atox config set agent.summarizer. ox session stopnow finalizes automatically when you exit Claude Code. Previously the SessionEnd hook fired but had no handler, leaving recordings stranded in the cache for up to 24 hours until the daemon's anti-entropy sweep noticed.- New
summarizationtelemetry event captures input/output tokens, model, duration, and quality score for every delegated summarization call. When the LLM-as-judge runs, its tokens piggyback on the same event.
Changed
Cheaper session summarization on the delegated path
- Delegated summarization now defaults to Claude Haiku 4.5 instead of inheriting the user's local default (typically Sonnet). The summarization task is structured JSON extraction over a fixed schema — well within Haiku's capabilities and 5–15× cheaper.
OX_SUMMARY_MODELoverrides the default. - The summary-input optimizer slims tool entries to
{type:"tool_mark", description:"...", count?:N}. Agent-authoreddescriptionstrings (Bash, Agent, Task, WebFetch, ...) are kept because they're already a one-line statement of intent and ideal askey_actioncandidates; tool name, raw inputs, and outputs are dropped. Tool calls without a description (Edit, Read, Write, Glob, Grep, ...) drop entirely — assistant prose names those actions reliably. Adjacent calls with the same description collapse viacount(typical: a polling loop). On a realistic 300-entry session this is roughly an 80% byte/token reduction over the previous shape.
v0.7.1
Fixed
Daemon reliability
- File watchers no longer leak a file descriptor per project file under long uptimes — the per-file handles in
ProjectWatcher(fsnotify userspace mirror) are now released on directory teardown (#580). ox murmurfile-change notifications now respect.gitignore, so build artifacts and editor temp files no longer spam teammates (#581).
Session UX
- Sessions whose meta entry was missing a title (rendered as "Summary unavailable" in the UI) are now repaired automatically by the daemon (#578).
Full changelog: https://github.com/sageox/ox/blob/main/CHANGELOG.md
v0.7.0
Added
Globally unique session recording IDs
- Every session recording now carries a stable
ses_<UUIDv7>identifier inmeta.json, independent of path or name. Renames, moves, and re-imports no longer change identity. - Legacy recordings without the field get a deterministic
ses_<UUIDv5>derived from(repo_id, session_name)via theEffectiveSessionID()accessor — client and server compute the same value byte-for-byte, so no backfill is required. ox doctor --fix-slug=session-idsopt-in backfill persists the deterministic value intometa.jsonfor cleaner ledgers.- Adapter coverage:
ses_IDs are stamped by ox core for sessions captured by every adapter (Claude Code, Aider, Amp, Codex, Droid, Gemini, OpenCode, Pi).
Session summary quality
- New evaluation harness scores summary richness against a curated 18-session golden corpus, catching distiller regressions before release.
- LLM judge wired into the daemon for live summary validation; richness checks block stub or empty summaries from reaching the ledger.
- Tokenstrip is now on by default, reducing recording sizes without losing detail.
- Streaming compressor and
ox session token-optimizeshrink recordings for long-running agents.
Ledger resilience epic
- Multi-writer safety: structural protections against concurrent CLI/daemon writes corrupting
meta.jsonor losing summary fields. - Daemon LLM tier and autofix scheduler proactively repair corrupted or missing artifacts.
meta.jsonmanifest now carries an explicitStoragetag (lfsvsgit) per file (ADR-016), preventing silent demotion of git-stored summaries to LFS pointers.
Session UX
ox session listshows session titles by default; agent-context invocations default to JSON output.
Fixed
Session recording
- Regenerate now hydrates LFS-stub
raw.jsonlfiles instead of producing stub summaries. - Regenerate writes to the canonical ledger path for team sessions instead of the local cache.
- Validator errors no longer leak into user-visible
meta.titleormeta.summary. meta.json.titleis populated alongsidesummaryso list views render correctly (previously 91/155 sessions on the ox team's ledger shipped with empty titles).- Session content readers unified behind
openSessionContentto enforce the cache-only invariant — hydrated bytes never overwrite the in-place LFS pointer. - Closed an autostash race where the LFS pointer rewrite could be lost during commit.
Daemon
- Whisper SQLite handles are properly closed and child watches recursively unwatched, eliminating a file-descriptor leak under long uptimes.
Init and doctor
ox doctor --fixnow restores missingox-*slash commands (theclaude-commandscheck was previously registered but never run).ox initno longer offers Claude Code twice when an external adapter is already installed.
Full changelog: v0.6.4...v0.7.0