Skip to content

Releases: sageox/ox

v0.11.1

Choose a tag to compare

@rsnodgrass rsnodgrass released this 02 Jul 03:45
959ad69

[0.11.1] - 2026-07-01

Review feedback on plans is sacred — this release makes sure none of it can be lost, no matter what happens to the review server, the browser tab, or the plan itself.

Fixed

  • The review page now tells you the moment feedback stops being saved — if the review server exits (idle timeout, Ctrl-C, a crash), the page immediately shows a clear "offline — feedback is NOT being saved" banner with the exact restart command to copy, instead of looking live while submissions silently fail. Unsent marks stay safely in the browser and are restored on reconnect.
  • Restarting a review picks up exactly where it left offox plan review serves each plan at a stable address, so the tab you already had open reconnects on its own (marks intact) when you restart, and re-running the command against an already-open review reuses the running one instead of starting a stranded twin.
  • Reloading the plan while the server is down still shows the plan — the page keeps a local copy of itself, so a reload lands in clearly-marked disconnected mode instead of a browser error screen.
  • Your marks follow the plan as it changes — when an AI coworker updates a plan, open review notes are re-anchored onto the content they referred to, so a reworded heading no longer detaches your comment. Notes whose content truly disappeared stay visibly open and keep appearing in every digest — nothing is ever dropped.
  • Ask about review feedback later — reviewer notes on plans now appear in local search, so "what did Sam flag on the auth plan?" finds the reviewer's actual words, not just the plan.
  • Two coworkers resolving review items at the same time no longer lose one of the updates.

v0.11.0

Choose a tag to compare

@rsnodgrass rsnodgrass released this 01 Jul 17:08
d057f0f

Added

  • Publish a plan as a Claude Code Artifactox plan render --artifact exports a plan as a single self-contained page that renders right inside Claude Code with no network access: diagrams are inlined and nothing loads from a CDN. Its prior-art links still work, so a shared plan stays a jumping-off point back into your team's history.
  • Live human review on a plan, before any code is writtenox plan review now waits for your reviewers and shows their feedback the moment it lands, so an AI coworker can pause for a real decision instead of guessing. Every note is saved with the plan.
  • Plans render charts, not just tables — line, bar, area, and scatter charts now appear inline in a rendered plan, so a plan full of numbers shows the trend at a glance.
  • Quicker to navigate a plan — prior-art references (related PRs and past sessions) are clickable links back into your Ledger, and code blocks are syntax-highlighted.

Changed

  • Sharper plans from every AI coworker, not just Claude — plan rendering now coaches any agent (Claude, Codex, Gemini) to add a diagram or UI sketch where prose was hiding one, and to fold that in while the plan is being written. It also stops asking for a diagram when a chart already tells the story.
  • HTML plans open the right way on their own — ask for an HTML plan and ox opens the polished, team-context-aware view instead of a hand-rolled one-off (set SAGEOX_PLAN_HTML to opt out).
  • Smarter visual suggestions and cleaner layouts — the renderer points out where a visual would help based on what the plan says, and packs busy sections into tidier layouts.
  • Full dependency license transparency — ox now ships a THIRD_PARTY_NOTICES.md listing every dependency and its license.

Fixed

  • Background sync no longer gets stuck on a broken rebase — if a synced repo's git state wedges (even the rare "zombie" case git can't unwind on its own), the daemon now clears it automatically and ox doctor repairs it, so your team's history keeps flowing instead of silently stalling.
  • ox sync --team shows accurate per-team status — real results and details for each team, instead of one lumped-together summary.
  • --title and --json now work when importing documents and media — set a title on import, and get the new recording's id back in --json output.
  • Clear message when an access token has expired — token checks no longer hang or retry in silence; ox tells you to sign in again.
  • No stray telemetry errors after you log out — ox stops sending background telemetry (and the errors that came with it) once there's no active session.

v0.10.1

Choose a tag to compare

@rsnodgrass rsnodgrass released this 15 Jun 21:32
5a0a7fb

Added

  • ox installs its skills and commands into Codex and Droid, not just Claude Code — capability injection now follows an explicit two-layer model with a cross-agent conformance test, so the portable "floor" (prime, consult-first recall, plan enrichment, session review, cart lifecycle) reaches every supported agent, and the per-agent ergonomic surfaces can no longer silently drift or orphan.
  • ox import --kb <slug> brings media and video-URL import to Knowledge Bubbles — import now reaches bubbles at parity with team contexts (mutually exclusive with --team), streaming large media files through a presigned upload so they never load fully into memory.
  • ox code prs ranks indexed pull requests for triage — a new deterministic view (no LLM, no live API) that surfaces the most-stalled open PRs first, each row carrying age, idle-days, comment/reviewer/discussant counts, and labels (--sort age|activity, --state). Backed by ADR-019 phase-1 resolved symbol_edges, which also make ox code calls / calledby more accurate.
  • Knowledge Bubbles now appear in ox daemon status — the daemon reports every bubble it has synced to disk (slug, type, freshness), plus a badge showing whether this daemon keeps them fresh or a sibling daemon does. Previously the daemon synced bubbles silently with no way to see what was happening.
  • ox doctor gained knowledge-bubble repo health checks at parity with ledgers and team contexts — detects bubbles the cloud lists but that were never cloned, bubbles wedged in a stuck merge/rebase (which silently block sync for every project), and bubbles whose sparse-checkout dropped .sageox. Repairs route through the daemon so they never collide with an in-flight sync.

Changed

  • Knowledge Bubbles are now first-class in daemon status output — the JSON bubbles[] array and a human-readable "Knowledge Bubbles" section make it clear which bubbles are local, fresh, and who is responsible for syncing them.
  • Rendered plans own their SageOx brand surfacesox plan render now emits the OX icon, a single subtle corner wordmark, and deterministic inline reference markers itself, so agents no longer hand-roll look-alike branding that drifts or duplicates. A marker means "SageOx has context on this," never a verdict — whether a plan aligns with or amends a decision stays the agent's call.

Fixed

  • ox daemon no longer holds one open file descriptor per tracked file — the recursive fsnotify/kqueue watcher opened a descriptor for every tracked file and directory, so FD usage scaled with repo size (≈11k on a large repo — enough that a few daemons together approached half the machine's FD table). It's replaced by lightweight git status polling that holds zero watch descriptors, honors .gitignore for free, and feeds the exact same downstream change pipeline. ox doctor also gained an absolute FD-pressure ceiling so a watcher-class regression trips regardless of the shell's raised limit.
  • ox daemon status reports garbage-collection state correctly — GC timestamps now persist to disk, so a daemon restart no longer reads every workspace as "gc due" and needlessly reclones it once per hour. The misleading "gc in 6d ago" / "(last 3d ago ago)" wording is fixed.

v0.10.0

Choose a tag to compare

@rsnodgrass rsnodgrass released this 11 Jun 20:18
1202523

Added

  • Cross-agent HTML plans with a human review loopox plan renders a team-context-enriched plan as a self-contained HTML page for any coding agent, not just Claude Code, backed by a catalog of reusable visualizations (timelines, collision maps, sequence diagrams). A new review loop (ox plan review) serves the plan for inline human feedback, so a reviewer can shape the approach before any code is written — and the feedback is captured back to the ledger.
  • Just-in-time ox plan enrich hint while drafting — during plan mode (Claude Code), ox nudges the agent to fold deterministic team context (collisions, prior art, expert routing) into the plan while it is being drafted, so enrichment lands in the first draft a human sees rather than being bolted on after.

Changed

  • Natively aligned Knowledge Bubbles in ox status — the bubble listing now uses a label-column layout with owner and bubble names aligned in their own column, so the section reads as a clean table rather than ragged, variable-width rows.

Security

  • Adapter integrity, a single redaction chokepoint, and environment + clone hardening (ADR-022) — installed AI adapters are integrity-verified before use, every redaction path now funnels through one chokepoint that is far harder to bypass, and both environment-variable handling and team-context clones were hardened against credential leakage and untrusted-prompt injection.

Fixed

  • ox agent tasks no longer panics when called with no subcommand — invoking tasks bare previously sliced an empty argument list and crashed; it now guards the slice and prints usage.

v0.9.0

Choose a tag to compare

@rsnodgrass rsnodgrass released this 29 May 05:21
6a590a0

[0.9.0] - 2026-05-28

Added

  • Pause and resume sessionsox session pause and ox session resume let you suspend an in-progress recording and pick it back up later without losing context, with a proper session lifecycle (active → paused → resumed → stopped) underneath. Long-running work that spans breaks, meetings, or machine restarts is now captured as one coherent session instead of fragmenting.
  • Ephemeral mode for throwaway environments — set OX_EPHEMERAL=1 to run ox in a capability-based mode tuned for short-lived sandboxes (Codespaces, CI, dev containers): no daemon assumptions, session finalize syncs inline, and Codespaces is now detected reliably. The old per-command --ephemeral flag is deprecated (a flag on a single command silently drifted back to non-ephemeral on the next invocation in the same shell) — set the environment variable instead.
  • Personal access token auth via SAGEOX_TOKEN — non-interactive environments can authenticate by exporting a SageOx PAT in SAGEOX_TOKEN, no browser login required. ox warns on stderr as the token nears expiry so automation doesn't fail silently.
  • Faster clones on large repos — code-search and ledger clones now support shallow, partial (blobless), and shared-alternates fetching, cutting both wall-clock time and disk for big histories.
  • Performance metrics in ox doctor and the daemonox doctor now reports timing for its checks and the daemon exposes per-subsystem performance counters, making slow setups diagnosable instead of mysterious.
  • /security-review pipeline — a diff-scoped, two-tier (deterministic OSS scanners + AI hunter/validator) security review you can run on demand. Never blocks merge; surfaces input-handling bugs, redaction-bypass risks, daemon IPC authz holes, and supply-chain issues. See security/README.md.
  • Durable session commit + PR/issue linkage — sessions commit atomically and maintain a reverse index linking each session to the PRs and issues it touched, with stale-URL repair. Past work is now discoverable from the PR/issue side, not just the session list.
  • Knowledge Bubble as a workspace primitive (ADR-017) — the resolver, config, and file-locking foundation for treating personal/team/repo knowledge ("bubbles") as first-class workspaces.
  • Customer-facing env-var namespace convention — sageox-mono ADR-047 ("Customer-Facing Env Var Namespace") is the canonical home for the rule that customer-facing SageOx env vars use SAGEOX_* (product/auth/network identity) and OX_* is reserved for CLI-local behavior flags. The legacy customer-facing OX_TOKEN / OX_ENDPOINT names are removed; internal/auth/env_naming_test.go guards against re-introduction. The matching sageox-mono ADR-046 ("Credential Classes and Principal Normalization") is now Accepted with companion sections D7-D10 covering the PAT validation contract, principal AuthMethod, customer-facing surface, and cryptographic-separation targets.
  • Local recall on every prompt — the UserPromptSubmit hook prepends ox query --local recall, local-only by default (ADR-018).
  • New hooks.userpromptsubmit.cloud_query config key (default off) opts the UserPromptSubmit hook into a parallel SageOx cloud query. When enabled, prompt content is redacted via the session secrets pipeline before any byte leaves the machine, and the cloud path silently degrades to local-only if ox login has not run. ox doctor reports the effective value and the privacy/recall tradeoff.

Changed

  • AI adapters stop fast on terminal errors — when a host agent hits an unrecoverable condition (e.g. a rate-limit/quota wall), the adapter detects it and stops promptly instead of retrying into the same wall.
  • Daemon team discovery relaxed from every 5 minutes to hourly — less background chatter and CPU for a signal that changes rarely.

ox session audit and ox session redact now require an explicit scope

Bare invocation used to silently hydrate and scan the entire ledger — a multi-minute LFS Batch fetch that could process hundreds of sessions without the operator's consent. The command now refuses to run without one of:

  • --session <name> (repeatable) — limit to specific sessions
  • --since <date> / --until <date> — half-open lexicographic window against the ISO-prefixed session name (e.g. --since 2026-04-01)
  • --all — explicit opt-in to the full-ledger sweep

--all is mutually exclusive with the narrowing flags. Mistyped --session names error before any hydration begins, so a typo no longer triggers minutes of unnecessary LFS fetch followed by an error. The full-ledger sweep that used to fire on bare ox session redact is preserved verbatim under --all.

Fixed

ox doctor redaction-debt guidance now points at a command that exists and works

The 0.8.1 ledger-redaction-debt doctor check told the user to run ox session redact <session> for interactive cleanup of a quarantined session. No such positional surface existed — cobra silently dropped the positional and scanned the entire ledger. The fix is two-part:

  1. The doctor message now emits a copy-pasteable ox session redact --session <name> command for each quarantined session (up to five, with a "+N more" hint above that).
  2. ox session redact --session <name> now also walks .sageox/cache/quarantine/<name>/ for the targeted sessions. For JSONL quarantine, it redacts at the quarantine path via the canonical chokepoint, moves the file back to sessions/<name>/, appends a RedactionPass to meta.json, and removes the debt marker on success. Non-JSONL quarantine is listed as "manual scrub required" — the chokepoint applies the raw-writer redaction stack and expects JSONL.

Before this PR, the doctor warning pointed at a command that couldn't help: the forward path (prepush_autoredact.quarantineUnredactableFindings) had moved the bytes OUT of sessions/<name>/, and the backward path only walked sessions/. Recovery required manually inspecting, scrubbing, and moving files back. Now ox doctor → copy-paste → done.

Daemon and sync reliability

  • The daemon no longer deletes its IPC socket file when a superseded instance shuts down, so a freshly-started daemon stays reachable instead of leaving the CLI unable to connect.
  • Code-search self-heals a corrupt bleve _mapping automatically and falls back to SQL-only insights, instead of failing the query outright.
  • Observability exports now attach a fresh JWT Bearer token per OTLP request, fixing dropped telemetry once the initial token expired on long-running daemons.
  • Ledger pushes that wedged in a "U" (unmerged) state are now surfaced and audited rather than silently stalling, and the summary push no longer writes to a /tmp scratch path.

Security

Redaction-debt markers are now validated against path-traversal

The quarantine integration above reads .sageox/cache/redaction-debt/<session>.json markers to locate quarantined bytes. An attacker with write access to that directory could previously craft a marker whose quarantine_paths[].to pointed outside the ledger (e.g. ../../../tmp/owned.jsonl); when the operator next ran ox session redact, the marker-driven os.Rename(quarantineAbs, inPlaceAbs) would overwrite arbitrary files reachable by the operator's UID. Threat model is narrow — the attacker already needs ledger write — but it escalates "ledger-writer" to "arbitrary-file-writer at operator UID."

The fix rejects any marker whose session_name contains a path separator or .., whose marker filename doesn't match the embedded session_name, or whose quarantine_paths entries aren't direct children of sessions/<sess>/ (source) and .sageox/cache/quarantine/<sess>/ (destination). Defense-in-depth safeRelativeUnder checks at the os.Rename / os.Open call sites block any path that slips past the marker-shape guard.

Closes #608.

.claude/settings.json no longer rewritten on every session

Before this fix, ox could silently rewrite a user's .claude/settings.json on every Claude Code lifecycle event (via the daemon's 30-minute autofix tick, and on session start when the hook set drifted). The rewrite came from running the file through encoding/json's defaults: literal <, >, & inside a permission rule got escaped to <, >, &; hand-written \uXXXX source escapes were decoded to literal runes; trailing newlines were stripped; and indentation inside opaque blocks like permissions was normalized to two-space. Each rewrite produced bytes that drifted from on-disk on the next pass too, so the file churned in a loop even when no content had actually changed.

The fix replaces the encoder with one that has SetEscapeHTML(false) and preserves a trailing newline, and switches the "already canonical?" guard from byte equality (which the previous tests proved was satisfiable in lockstep with the encoder's own output but never against real user content) to a combination of strict-shape detection plus semantic content comparison. Result: doctor and the daemon autofix now leave user-authored files alone if Claude Code can read them, and only rewrite when the on-disk hooks shape is one Claude Code actually rejects.

Regression tests seed adversarial inputs that would have failed the byte-equal guard on every pass — literal HTML characters in permission rules, tab indentation, trailing newlines — and assert the file is byte-identical across two consecutive checks.

v0.8.1 — never-block credential gate

Choose a tag to compare

@rsnodgrass rsnodgrass released this 13 May 00:57
3b9b99a

Pre-push credential gate no longer blocks routine pushes

0.8.0 introduced a pre-push secret scanner that scanned every file in the push range and refused the push from the client any finding that was not redacted. This includes fixes:

  • the gate is now scoped to SageOx generated content
  • secrets found in session recordings are quarantined locally outside of git and thus never-block pushes (and never leave machine)
  • quarantined files are auto-recovered if new redaction rules are applied by future 'ox doctor' versions

v0.8.0

Choose a tag to compare

@rsnodgrass rsnodgrass released this 12 May 19:13
8b68250

Added

Modular team rules with first-class context-budget accounting

  • Team rules now live as one-file-per-concern under <team-context>/agents/rules/<topic>.md (subdirectories supported, walked recursively). Mirrors the muscle memory of Claude Code's .claude/rules/ and Cursor's .cursor/rules/, scaled up to team scope. Frontmatter spec covers name, description, repos, audience, visibility, status, from-discussion. visibility: always rules are inlined in ox agent prime; visibility: indexed rules emit a catalog entry only and the agent reads them on demand. Backward-compat fallback to coworkers/rules/ for any teams that adopted that location early.
  • ox agent prime XML now reports a <context-budget> block split by content source (sageox / team / project). The split lets SageOx be measured on its own tool overhead instead of conflating it with team-authored content. It flows through every layer: per-prime budget, per-heartbeat per-source aggregation, daemon-side cumulative tracking, and ox agent list's per-source footer. The schema is open — adding a new content source takes one new constant in internal/prime/types.go plus tagging emit sites.
  • New <rule-promotion-guidance> block in prime XML proactively coaches AI coworkers to ask before publishing a project-local rule team-wide ("this looks like it could apply to your whole team — want me to also add it under <team-context>/agents/rules/?"). Default to asking; never silently publish.
  • New <team-rules-budget> block reports the running token cost of always-tier rules so teams self-regulate rule-library size.
  • Regression-test guard on minimal-prime SageOx overhead (currently ~600 tokens, ceiling 1500). A future change that quietly adds 5K of <instructions> blocks itself on review.

Bundled topical guides via ox guide

  • New ox guide [topic] reads from //go:embed'd markdown — no internet required, no docs-site dependency. Five starter guides ship: team-rules, agents-md, team-context, murmur-vs-rule, getting-started. --raw flag emits unrendered markdown for AI agents that prefer plain text.
  • ox init, ox import, ox murmur, and ox agent team-ctx --help now cross-reference the relevant guide so users discover them in context.
  • Prime XML's commands table includes a new "learn how to do something in ox" row pointing at ox guide [topic].

Adapter rule installation under .claude/rules/sageox/ namespace

  • cmd/ox-adapter-claude-code now installs a second rule alongside the canonical .claude/rules/ox.md: .claude/rules/sageox/use-team-context.md — a "MORE RULES → here" pointer that teaches the agent to discover team rules in their canonical home rather than syncing every rule into every cloned repo. No mirror semantics, no conflict resolution, no per-adapter sync coverage gap. The sageox/ namespace reserves room for future SageOx-installed rules without polluting .claude/rules/ with ox-feature1.md, ox-feature2.md, ... siblings.
  • cmd/ox-adapter-droid mirrors the same pattern under .factory/rules/sageox/.
  • handleUninstallRules walks sageox/ and removes only ox-stamped files (preserves user-authored content), then cleans up the empty namespace dir. Works around an agentx-v0.1.10 limitation where ExtractCommandHash only inspects the first line and misses files with frontmatter.

Rules-support scaffolding for the remaining adapters

  • New rules.go files for ox-adapter-codex, ox-adapter-amp, ox-adapter-aider, ox-adapter-gemini, ox-adapter-opencode, and ox-adapter-pi — each documenting the May 2026 state of that agent's rules surface. None of these agents has a Claude-Code-style modular behavioral rules directory today (Codex's .codex/rules/ is for Starlark execution policies, not behavioral content). The handlers are stub no-ops, NOT wired into main.go, and the adapters do NOT advertise CapRulesInstaller. When upstream adds modular rules, flipping the wiring on is a 3-line change per adapter.

Changed

Reference docs regenerated

  • docs/reference/ is now in sync with current cobra command definitions. Adds guide.mdx, session/repair-meta-summary.mdx, and session/token-optimize.mdx. Drops a stale distill.mdx that was never registered as a root command.

Adapter ergonomics

  • The Amp adapter now records sessions via a user-global ox-bridge plugin. No per-repo configuration needed — install once and every Amp session in every cloned repo is captured automatically.
  • adapter-pi now detects its host agent's identity from the PI_CODING_AGENT environment variable instead of fragile process-name heuristics.
  • --format=json is now accepted as a hidden alias for --json across the CLI, so scripts written against either flag work everywhere.

Fixed

Daemon CPU & resource hygiene

  • Eliminated four recurring hot-loop CPU patterns that could pin a core under steady-state idle. Affected paths: failed session-upload retry, project-watcher tear-down, IPC reconnect, and friction-event drain.
  • Closed a file-descriptor leak that occurred when the daemon ended up watching a directory that turned out to be gitignored. Long-running daemons no longer accumulate FDs proportional to gitignored-subdir churn.

Doctor accuracy

  • Credential checks now run after the post-EEQI bootstrap so doctor no longer flags freshly-rotated credentials as missing on the very next run; user-facing guidance was also corrected to point at the right remediation command.
  • Doctor scan gained correct session scoping, automatic hydration of LFS-stub recordings, catalog-identity verification, and an append-only redaction trail so previously-redacted content stays redacted across re-scans.
  • ox doctor --force-session-uploads now actually re-uploads past failed sessions instead of being a silent no-op.

Session reliability

  • ox session stop now writes the prompt + pointer commit inline so finalize is atomic. Previously the two writes could interleave with daemon work and leave a session half-committed for up to a minute.

Security & redaction

  • Additional credential-redaction patterns close gaps in friction-event sanitization and team-context git-URL handling. Strengthened path-traversal, auth, and LFS size-bound checks per the latest internal review.

Code search resilience

  • codedb self-heals a corrupt bleve sub-index without forcing a full reindex. On large repos this drops recovery time from "several hours" to "2–5 minutes."

v0.7.2

Choose a tag to compare

@rsnodgrass rsnodgrass released this 04 May 23:48
63024de

Added

Session summarization is now configurable and observable

  • New agent.summarizer setting picks who runs the LLM that summarizes a session at stop. inline (default) runs it in the calling agent's already-warm prompt cache — cheap, but blocks the user for ~30–120s. delegated runs it in the daemon as a background subprocess — non-blocking, but pays the full input-token cost on every stop. off skips LLM summarization. cloud is reserved for future SageOx cloud-side summarization.
  • The legacy SAGEOX_ASYNC_SESSION_UPLOAD and OX_SESSION_INLINE_SUMMARY env vars still work for one release as deprecation aliases, with a warning pointing at ox config set agent.summarizer.
  • ox session stop now finalizes automatically when you exit Claude Code. Previously the SessionEnd hook fired but had no handler, leaving recordings stranded in the cache for up to 24 hours until the daemon's anti-entropy sweep noticed.
  • New summarization telemetry event captures input/output tokens, model, duration, and quality score for every delegated summarization call. When the LLM-as-judge runs, its tokens piggyback on the same event.

Changed

Cheaper session summarization on the delegated path

  • Delegated summarization now defaults to Claude Haiku 4.5 instead of inheriting the user's local default (typically Sonnet). The summarization task is structured JSON extraction over a fixed schema — well within Haiku's capabilities and 5–15× cheaper. OX_SUMMARY_MODEL overrides the default.
  • The summary-input optimizer slims tool entries to {type:"tool_mark", description:"...", count?:N}. Agent-authored description strings (Bash, Agent, Task, WebFetch, ...) are kept because they're already a one-line statement of intent and ideal as key_action candidates; tool name, raw inputs, and outputs are dropped. Tool calls without a description (Edit, Read, Write, Glob, Grep, ...) drop entirely — assistant prose names those actions reliably. Adjacent calls with the same description collapse via count (typical: a polling loop). On a realistic 300-entry session this is roughly an 80% byte/token reduction over the previous shape.

v0.7.1

Choose a tag to compare

@rsnodgrass rsnodgrass released this 03 May 17:57
3904070

Fixed

Daemon reliability

  • File watchers no longer leak a file descriptor per project file under long uptimes — the per-file handles in ProjectWatcher (fsnotify userspace mirror) are now released on directory teardown (#580).
  • ox murmur file-change notifications now respect .gitignore, so build artifacts and editor temp files no longer spam teammates (#581).

Session UX

  • Sessions whose meta entry was missing a title (rendered as "Summary unavailable" in the UI) are now repaired automatically by the daemon (#578).

Full changelog: https://github.com/sageox/ox/blob/main/CHANGELOG.md

v0.7.0

Choose a tag to compare

@rsnodgrass rsnodgrass released this 01 May 22:18
eeb8044

Added

Globally unique session recording IDs

  • Every session recording now carries a stable ses_<UUIDv7> identifier in meta.json, independent of path or name. Renames, moves, and re-imports no longer change identity.
  • Legacy recordings without the field get a deterministic ses_<UUIDv5> derived from (repo_id, session_name) via the EffectiveSessionID() accessor — client and server compute the same value byte-for-byte, so no backfill is required.
  • ox doctor --fix-slug=session-ids opt-in backfill persists the deterministic value into meta.json for cleaner ledgers.
  • Adapter coverage: ses_ IDs are stamped by ox core for sessions captured by every adapter (Claude Code, Aider, Amp, Codex, Droid, Gemini, OpenCode, Pi).

Session summary quality

  • New evaluation harness scores summary richness against a curated 18-session golden corpus, catching distiller regressions before release.
  • LLM judge wired into the daemon for live summary validation; richness checks block stub or empty summaries from reaching the ledger.
  • Tokenstrip is now on by default, reducing recording sizes without losing detail.
  • Streaming compressor and ox session token-optimize shrink recordings for long-running agents.

Ledger resilience epic

  • Multi-writer safety: structural protections against concurrent CLI/daemon writes corrupting meta.json or losing summary fields.
  • Daemon LLM tier and autofix scheduler proactively repair corrupted or missing artifacts.
  • meta.json manifest now carries an explicit Storage tag (lfs vs git) per file (ADR-016), preventing silent demotion of git-stored summaries to LFS pointers.

Session UX

  • ox session list shows session titles by default; agent-context invocations default to JSON output.

Fixed

Session recording

  • Regenerate now hydrates LFS-stub raw.jsonl files instead of producing stub summaries.
  • Regenerate writes to the canonical ledger path for team sessions instead of the local cache.
  • Validator errors no longer leak into user-visible meta.title or meta.summary.
  • meta.json.title is populated alongside summary so list views render correctly (previously 91/155 sessions on the ox team's ledger shipped with empty titles).
  • Session content readers unified behind openSessionContent to enforce the cache-only invariant — hydrated bytes never overwrite the in-place LFS pointer.
  • Closed an autostash race where the LFS pointer rewrite could be lost during commit.

Daemon

  • Whisper SQLite handles are properly closed and child watches recursively unwatched, eliminating a file-descriptor leak under long uptimes.

Init and doctor

  • ox doctor --fix now restores missing ox-* slash commands (the claude-commands check was previously registered but never run).
  • ox init no longer offers Claude Code twice when an external adapter is already installed.

Full changelog: v0.6.4...v0.7.0