Release v0.2.3

Release v0.2.3

Changes since v0.2.2

Mark Turansky (2)

• fix(ci,api-server): fix control-plane build context and migration parameter mismatch (#1428) (341747a)
• fix(ci,api-server): add control-plane + mcp to build pipelines, fix migration parameter mismatch (#1426) (0eaa121)

github-actions[bot] (1)

• deps(runner): bump claude-agent-sdk 0.1.65 (#1422) (36dc70a)

dependabot[bot] (1)

• chore(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in /components/ambient-mcp in the go_modules group across 1 directory (#1427) (ab3d790)

Full Changelog: v0.2.2...v0.2.3

---

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.3

Metric	Value	Δ vs Previous
PRs analyzed	8	-22 ↓
Critical issues	18	-5 ↓
Major issues	58	-62 ↓
Issues per PR	9.5	+4.7 ↑
Coverage gaps	67	-58 ↓

Trend

Release	Date	PRs	Critical	Major	Per PR	Gaps
v0.2.0	2026-04-10	30	23	120	4.8	125
v0.2.3	2026-04-22	8	18	58	9.5	67

Top Uncovered Patterns

1. Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths. (3 occurrences, impact: 12) — sdk
2. Add resource limits and pin DB image to immutable digest. (3 occurrences, impact: 10) — manifests
3. Paginate both project and per-project session fetches. (2 occurrences, impact: 7) — cli, other
4. Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent. (2 occurrences, impact: 6) — backend
5. Thread the request-scoped K8s client into these Secret helpers. (2 occurrences, impact: 6) — backend
6. Add NOT NULL constraint to owner_user_id column in migration. (1 occurrences, impact: 4) — api-server
7. Add explicit timeout to all Gerrit proxy fetch calls (1 occurrences, impact: 4) — frontend
8. Fix Gerrit response-shape parsing (currently breaks instance extraction) (1 occurrences, impact: 4) — runner
9. Do not keep stale Gerrit config after fetch failures (1 occurrences, impact: 4) — runner
10. Serialize credential refresh/cleanup across concurrent runs. (1 occurrences, impact: 4) — runner

Recommended Guardrails

CLAUDE.md Conventions

• Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths.: Enforce via convention (needs specific rule)
• Add resource limits and pin DB image to immutable digest.: Enforce via convention (needs specific rule)
• Paginate both project and per-project session fetches.: Enforce via convention (needs specific rule)
• Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent.: Enforce via convention (needs specific rule)
• Thread the request-scoped K8s client into these Secret helpers.: Enforce via convention (needs specific rule)
• Add NOT NULL constraint to owner_user_id column in migration.: Enforce via convention (needs specific rule)
• Add explicit timeout to all Gerrit proxy fetch calls: Enforce via convention (needs specific rule)
• Fix Gerrit response-shape parsing (currently breaks instance extraction): Enforce via convention (needs specific rule)
• Do not keep stale Gerrit config after fetch failures: Enforce via convention (needs specific rule)
• Serialize credential refresh/cleanup across concurrent runs.: Enforce via convention (needs specific rule)

Hookify Rules

• PreToolUse hook for critical: inboxmessageapi endpoints use /projects routes instead of inbox-message-specific paths. enforcement in TypeScript code
• PreToolUse hook for add resource limits and pin db image to immutable digest. enforcement in TypeScript code
• PreToolUse hook for paginate both project and per-project session fetches. enforcement in TypeScript code
• PreToolUse hook for reject all mixed auth-field combinations, not just httptoken + gitcookiescontent. enforcement in Go code
• PreToolUse hook for thread the request-scoped k8s client into these secret helpers. enforcement in Go code
• PreToolUse hook for add not null constraint to owner_user_id column in migration. enforcement in TypeScript code
• PreToolUse hook for add explicit timeout to all gerrit proxy fetch calls enforcement in TypeScript code
• PreToolUse hook for fix gerrit response-shape parsing (currently breaks instance extraction) enforcement in Python code
• PreToolUse hook for do not keep stale gerrit config after fetch failures enforcement in Python code
• PreToolUse hook for serialize credential refresh/cleanup across concurrent runs. enforcement in Python code

Release v0.2.2

Release v0.2.2

Changes since v0.2.1

Jeremy Eder (2)

• fix(security): authenticate AG-UI runner endpoints to prevent cross-session attacks (#1378) (256d97d)
• feat: add Gerrit integration connector for code review workflows (#1387) (b993135)

dependabot[bot] (1)

• chore(deps): bump lxml from 6.0.2 to 6.1.0 in /components/runners/ambient-runner in the uv group across 1 directory (#1400) (d39cb88)

Mark Turansky (1)

• feat(runner,manifests): alpha migration PR 6+7 — runners and Kustomize overlays (#1379) (1aa8b42)

Full Changelog: v0.2.1...v0.2.2

---

CodeRabbit Triage Summary

CodeRabbit Triage: v0.2.2

Metric	Value	Δ vs Previous
PRs analyzed	7	-23 ↓
Critical issues	17	-6 ↓
Major issues	57	-63 ↓
Issues per PR	10.6	+5.8 ↑
Coverage gaps	65	-60 ↓

Trend

Release	Date	PRs	Critical	Major	Per PR	Gaps
v0.2.0	2026-04-10	30	23	120	4.8	125
v0.2.2	2026-04-21	7	17	57	10.6	65

Top Uncovered Patterns

1. Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths. (3 occurrences, impact: 12) — sdk
2. Add resource limits and pin DB image to immutable digest. (3 occurrences, impact: 10) — manifests
3. Paginate both project and per-project session fetches. (2 occurrences, impact: 7) — cli, other
4. Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent. (2 occurrences, impact: 6) — backend
5. Thread the request-scoped K8s client into these Secret helpers. (2 occurrences, impact: 6) — backend
6. Add explicit timeout to all Gerrit proxy fetch calls (1 occurrences, impact: 4) — frontend
7. Fix Gerrit response-shape parsing (currently breaks instance extraction) (1 occurrences, impact: 4) — runner
8. Do not keep stale Gerrit config after fetch failures (1 occurrences, impact: 4) — runner
9. Serialize credential refresh/cleanup across concurrent runs. (1 occurrences, impact: 4) — runner
10. Fix namespace mismatch in CP_TOKEN_URL (1 occurrences, impact: 4) — manifests

Recommended Guardrails

CLAUDE.md Conventions

• Critical: InboxMessageAPI endpoints use /projects routes instead of inbox-message-specific paths.: Enforce via convention (needs specific rule)
• Add resource limits and pin DB image to immutable digest.: Enforce via convention (needs specific rule)
• Paginate both project and per-project session fetches.: Enforce via convention (needs specific rule)
• Reject all mixed auth-field combinations, not just httpToken + gitcookiesContent.: Enforce via convention (needs specific rule)
• Thread the request-scoped K8s client into these Secret helpers.: Enforce via convention (needs specific rule)
• Add explicit timeout to all Gerrit proxy fetch calls: Enforce via convention (needs specific rule)
• Fix Gerrit response-shape parsing (currently breaks instance extraction): Enforce via convention (needs specific rule)
• Do not keep stale Gerrit config after fetch failures: Enforce via convention (needs specific rule)
• Serialize credential refresh/cleanup across concurrent runs.: Enforce via convention (needs specific rule)
• Fix namespace mismatch in CP_TOKEN_URL: Enforce via convention (needs specific rule)

Hookify Rules

• PreToolUse hook for critical: inboxmessageapi endpoints use /projects routes instead of inbox-message-specific paths. enforcement in TypeScript code
• PreToolUse hook for add resource limits and pin db image to immutable digest. enforcement in TypeScript code
• PreToolUse hook for paginate both project and per-project session fetches. enforcement in TypeScript code
• PreToolUse hook for reject all mixed auth-field combinations, not just httptoken + gitcookiescontent. enforcement in Go code
• PreToolUse hook for thread the request-scoped k8s client into these secret helpers. enforcement in Go code
• PreToolUse hook for add explicit timeout to all gerrit proxy fetch calls enforcement in TypeScript code
• PreToolUse hook for fix gerrit response-shape parsing (currently breaks instance extraction) enforcement in Python code
• PreToolUse hook for do not keep stale gerrit config after fetch failures enforcement in Python code
• PreToolUse hook for serialize credential refresh/cleanup across concurrent runs. enforcement in Python code
• PreToolUse hook for fix namespace mismatch in cp_token_url enforcement in TypeScript code

Release v0.2.0

Release v0.2.0

Changes since v0.1.4

🎉 First-Time Contributors

• Matt Knop
• Vishali Kamenani
• ambient-code[bot]
• angaduom

ambient-code[bot] (15)

• feat: add org.opencontainers.image.revision OCI label to all container images (#1270) (4137eed)
• fix: resolve stale Amber Session check runs stuck in_progress (#1255) (2da4ada)
• fix: update public-api Dockerfile Go version from 1.24 to 1.25 (#1279) (0c5a8e2)
• fix: improve amber-issue-handler UX (eyes reaction, comments, session links) (#1268) (0f68aa9)
• fix: remove --insecure-skip-tls-verify from CI oc login commands (#1272) (45ff21f)
• fix: change default model for new sessions to sonnet-4.6 (#1265) (c2fb97a)
• fix: align ambient-runner Dockerfile build context with other components (#1260) (d5555f7)
• feat: custom MCP server configuration per session and project (#1251) (09cf5f1)
• fix(docs): update GitHub Action docs to match ambient-action v0.0.5 (#1233) (1f254b2)
• fix: return error when ValidateJiraToken receives malformed URL (#1186) (68d8306)
• fix(runner): update GITHUB_TOKEN for gh CLI after credential refresh (#1185) (865dd9d)
• docs: update local-* target references to kind-* equivalents (#1184) (85ef723)
• fix: enable CodeRabbit auto-review on alpha branch (#1235) (0c95b38)
• fix(docs): pin zod to v3 to fix docs build (#1223) (f2ca496)
• fix: display UTC and local timezone in Scheduled Sessions UI (#1195) (f7efeef)

Gage Krumbach (11)

• feat: improve Slack notification formatting + read issue comments (#1238) (e341b83)
• feat: live model switching for running sessions (#1239) (07d6126)
• feat: review queue as readiness gate with Slack notifications (#1240) (c994ec5)
• fix: read issue comments for full context (#1237) (1d94340)
• fix: RHOAI MLflow deploy - channel mismatch and auto-create DB secret (#1228) (33be9af)
• feat: Slack notification on PR creation (#1227) (bcd258c)
• feat: post check runs on PRs with Amber session link (#1201) (70171b4)
• feat: add Gmail scopes and bump workspace-mcp to 1.17.1 (#1202) (005806f)
• Reduce Google Workspace MCP OAuth scopes using granular permissions (#1198) (7270194)
• chore: bump ambient-action to v0.0.5 (#1197) (cc9ad31)
• feat: amber GHA — stop-on-run-finished, prompt split, security fixes (#1193) (013f33f)

Jeremy Eder (4)

• fix(operator): add mlflow.kubeflow.org RBAC to operator ClusterRole (#1286) (5e5f584)
• fix(deps): resolve 13 Dependabot security alerts (#1284) (2389565)
• feat(ci): auto-generate loading tips from release metadata (#1044) (5768e12)
• fix: improve frontend mobile responsiveness (30666a6)

Sidney Glinton (3)

• CI: Support for pull-reviews video (#949) (0b84775)
• Deployment for Observability Dashboard (#1261) (519f9e4)
• perf: add SSAR cache, event log tail reads, and agent status cache (#1026) (ffe4a21)

dependabot[bot] (3)

• chore(deps): bump the go_modules group across 2 directories with 2 updates (#1256) (02d3d96)
• chore(deps): bump vite from 6.4.1 to 6.4.2 in /docs in the npm_and_yarn group across 1 directory (#1230) (ab7307a)
• chore(deps): bump vite from 7.3.1 to 7.3.2 in /components/frontend in the npm_and_yarn group across 1 directory (#1229) (97ab8c0)

Edson Tirelli (2)

• fix(runner): framework-agnostic observability naming + MLflow trace IDs (#1283) (3dd8436)
• feat(runner): optional MLflow tracing parallel to Langfuse (#1263) (81c601f)

Ken Dreyer (2)

• mount trusted CA bundle in runner pods (#1258) (a1ebe4a)
• document how to mount a custom CA bundle (#1250) (dc1f42e)

angaduom (1)

• Fix hover card covering delete button in sessions sidebar (#1246) (9c0bbeb)

Matt Knop (1)

• removing label vendor value (#1241) (4c8486e)

Martin Prpič (1)

• Migrate LDAP integration from legacy to IPA (#973) (b130dc8)

Michael Skarbek (1)

• chore(deps): bump google.golang.org/grpc to v1.79.3 (#1074) (17161ac)

Patrick Martin (1)

• feat(frontend): show workspace name in sidebar (#1150) (95c1703)

Vishali Kamenani (1)

• Preserve scroll position when switching between chat and file tabs (#1125) (32faa39)

Full Changelog: v0.1.4...v0.2.0

Release v0.1.4

Release v0.1.4

Changes since v0.1.3

Gage Krumbach (1)

• fix: increase minio PVC to 2Ti to match UAT (#1196) (440f5b9)

Full Changelog: v0.1.3...v0.1.4

Release v0.1.3

Release v0.1.3

Changes since v0.1.2

🎉 First-Time Contributors

• Edson Tirelli
• Patrick Martin
• Timothy S. Williams

Gage Krumbach (20)

• feat: add stopOnRunFinished CRD field + improve activity tracking (#1192) (5c54225)
• feat: consolidate Amber Handler — single workflow for all AI automation (#1180) (f56fb3c)
• fix: wait for DSC v2 API and add DB migration for MLflow deploy (#1188) (7d9f8c7)
• fix: wait for DataScienceCluster CRD before applying DSC (#1187) (2118509)
• feat: split triage and pr-fixer into separate GHA workflows (#1177) (54b5803)
• fix: route scheduled follow-up prompts through backend AG-UI proxy (#1161) (703a6f5)
• fix: restore OPERATOR_IMAGE valueFrom in backend manifest (#1160) (30c45e9)
• fix: remove OPERATOR_IMAGE from manifest to avoid deploy failure (#1159) (7fc332f)
• fix: use root path for runner AG-UI endpoint in trigger (#1158) (1421371)
• fix: correct backend deployment name in CI workflows (#1156) (b6bffdb)
• fix: inject BOT_TOKEN into runner container for INITIAL_PROMPT auth (#1153) (8a73621)
• fix: use SHA tags everywhere in CI, remove detect-changes (#1147) (05baf7c)
• feat: add jira-write feature flag for per-workspace Jira write access (#1138) (4b12c81)
• feat: add reuse last session option for scheduled sessions (#1136) (497f938)
• fix: scheduled sessions fail due to Service name exceeding 63-char K8s limit (#1129) (3ac925a)
• Revert "spec: skills and workflows — discovery, installation, and usage" (#1119) (65e454c)
• spec: skills and workflows — discovery, installation, and usage (#1117) (06993c5)
• fix: disable MinIO bucket versioning to prevent unbounded storage growth (#1099) (595d790)
• ci: push PR images to Quay and tag full stack for deployment (#1077) (c18c02c)
• ci: push PR images to Quay for pre-merge testing (#1076) (208e4e2)

Jeremy Eder (14)

• feat(runner): upgrade to UBI 10, add glab CLI, pin versions, add freshness workflow (#1091) (8188e53)
• feat: add unleash-flag skill for feature flag workflow (#1176) (86c8957)
• feat: add stale issue workflow (#1170) (4b928a0)
• fix(runner): restore tool error reporting on ToolCallEndEvent (#1100) (0af8f62)
• chore(ci): consolidate GHA workflows and reserve SDK bumps for dedica… (#1142) (095990c)
• fix(deps): address Dependabot security alerts (#1165) (159fdb8)
• feat: add /pr-fixer skill for triggering PR fixer workflow (#1144) (b28fb27)
• feat: automated SDK version bump workflow with feature analysis (#987) (9c11bc8)
• fix: cap access key token lifetime at 1 year, remove never-expire (#1141) (f50505a)
• Rename sdk-drift-check.yml to ambient-sdk-drift-check.yml (#1140) (e4021d2)
• chore: add CodeRabbit configuration for automated PR reviews (#1066) (f9dc970)
• fix: add Token Lifetime selector to Access Keys page (#1084) (77ace72)
• docs: improve dev-cluster skill with Vertex AI, Unleash, and troubleshooting (#1108) (d1117d8)
• fix: resolve Docker image prefix mismatch for kind-local deploys (#1105) (3722575)

dependabot[bot] (5)

• chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates (#1155) (2c4b10d)
• chore(deps-dev): bump dompurify from 3.3.1 to 3.3.3 in /docs in the npm_and_yarn group across 1 directory (#1087) (8ac0f85)
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 in /components/runners/ambient-runner in the uv group across 1 directory (#1086) (2ac0cf4)
• chore(deps): bump the npm_and_yarn group across 4 directories with 3 updates (#1069) (0b81397)
• ci(deps): bump actions/checkout from 4 to 6 (#993) (9ceb4ca)

github-actions[bot] (2)

• [Amber] Fix: [Amber Refactor] (#1112) (d9106f3)
• [Amber] Fix: [Amber] upgrade cypress dependency (#1164) (473dfda)

Bob Gregor (2)

• fix: eliminate broken pipe warnings in benchmark harness (#1148) (1a98e43)
• feat: Local DevEx: Component Hot Reloading, component benchmarks for warm/cold builds (#1095) (40a1e6c)

Ken Dreyer (2)

• remove minikube from Makefile (#1036) (2bc8e00)
• surface network errors from integration token validation (#1062) (48b7f09)

Edson Tirelli (1)

• Adding RHOAI MLflow component into the cluster (#1166) (bb23a92)

Patrick Martin (1)

• fix: add OC_USER and OC_EMAIL to dev-env .env.local (#1151) (26687af)

Christian Vogt (1)

• fix(frontend): thread branch and autoPush through new session repo flow (#1169) (c0270d8)

Timothy S. Williams (1)

• feat(frontend): add scheduled session editing UI (#1106) (072f1a1)

Rahul Shetty (1)

• fix(grafana): Resolve issue with add-grafana make command & add new K8s dashboard (#1018) (28cd90b)

Mark Turansky (1)

• chore(ci): sync alpha branch from main on every push (#1089) (f81b269)

Full Changelog: v0.1.2...v0.1.3

Release v0.1.2

Release v0.1.2

Changes since v0.1.1

github-actions[bot] (3)

• [Amber] Fix: Bug: File upload rejects WinZip archives due to strict Content-Type MIME validation (#1053) (f1f5bb1)
• [Amber] Fix: Bug: Custom workflows default to workflows/default as the path when no path is specified breaking user expectations (#1048) (2b5b2aa)
• [Amber] Fix: fix(runner): mid-run GITHUB_TOKEN refresh via MCP tool does not reach CLI subprocess (#1068) (a126200)

dependabot[bot] (2)

• ci(deps): bump docker/build-push-action from 6 to 7 (#995) (2bf8d2f)
• ci(deps): bump dorny/paths-filter from 3 to 4 (#994) (60f96a0)

Jeremy Eder (1)

• feat(backend): filter disabled workflows from OOTB listing (#1054) (f73f1d2)

Bob Gregor (1)

• fix(frontend): New Session Context: Keyup/KeyDown event listeners, fix repo "badge X" does not work (#1072) (eedc650)

Full Changelog: v0.1.1...v0.1.2

Release v0.1.1

Release v0.1.1

Changes since v0.1.0

Gage Krumbach (6)

• feat(runner): add secret redaction middleware for AG-UI events (#1041) (adc3403)
• chore: increase MinIO PVC storage to 500Gi (#1064) (b378c05)
• feat: surface background task visibility across full stack (#1029) (03f9f1f)
• feat(frontend): sidebar session sorting, links, and action menu (#1063) (fdcf9d1)
• fix(runner,operator): improve session backup and resume reliability (#1057) (896aaa1)
• feat(runner): enable Gmail tools in Google Workspace MCP (#1060) (7158005)

github-actions[bot] (3)

• [Amber] Fix: Bug: BOT_TOKEN is failing to update inside session pod because it is injected via env var instead of file mount (#1050) (f62b4ca)
• [Amber] Fix: Refresh token MCP tool silently swallows auth failures and reports success (#1049) (52bcd7e)
• [Amber] Fix: Bug: Loading custom workflow from private GitHub repo downloads no files (#1015) (02b2a7d)

Jeremy Eder (2)

• fix(frontend): remove incorrect email pre-fill in Jira connection card (#1055) (6c85c7c)
• feat(frontend): add folder upload support (#1042) (9ca8168)

Dana Gutride (2)

• fix: Firefox session layout was clipping content (#1061) (ea31419)
• feat: Add gmail send scope (#1031) (ee88acc)

Sidney Glinton (1)

• feat(frontend): HPA for Frontend (#1059) (3028dc9)

Chris Hambridge (1)

• feat(operator): add LimitRange defaults for Cluster Autoscaler bin-packing (#1040) (bccd8c7)

Full Changelog: v0.1.0...v0.1.1

Release v0.1.0

Release v0.1.0

Changes since v0.0.35

🎉 First-Time Contributors

• Aidan Reilly

Gage Krumbach (5)

• fix(runner): git credential helper for proper repo authentication (#1025) (797d7bf)
• fix(manifests): add minio resource limits for e2e and kind overlays (#1023) (05c33d3)
• fix(runner): use export endpoint for get_session_events to prevent freeze (#1019) (93b0fe4)
• fix(frontend): fix new session textarea overflow in Firefox (#1021) (913e415)
• fix(frontend): allow spaces in AskUserQuestion Other input (#1020) (9d3daa6)

Jeremy Eder (3)

• feat(ci): enhance release changelog with author grouping and first-time contributors (#1039) (b017c2d)
• deps(runner): bump anthropic 0.86.0, claude-agent-sdk 0.1.50 (#985) (c69a397)
• fix(runner): propagate userId to all Langfuse traces across async requests (#997) (9971336)

Aidan Reilly (1)

• docs: fix technical inaccuracies and add undocumented feature coverage (#932) (f715e39)

Ken Dreyer (1)

• fix(manifests): use Always imagePullPolicy for ambient-api-server (#1033) (fdb74cb)

Full Changelog: v0.0.35...v0.1.0

Release v0.0.35

Release v0.0.35

Changes since v0.0.34

• fix(manifests): match minio PVC storage to cluster value (#1017) (0467664)

Full Changelog: v0.0.34...v0.0.35

Release v0.0.34

Release v0.0.34

Changes since v0.0.33

• fix(frontend): resolve agent response buffering due to stale EventSou… (#991) (de50276)
• fix(frontend): export chat handles compacted MESSAGES_SNAPSHOT events (#1010) (b204abd)
• fix(frontend): binary file download corruption and incorrect file size display (#996) (5b584f8)
• fix(operator): increase runner pod memory limit from 4Gi to 8Gi (#1013) (2dd9b83)
• chore(ci): clarify SDK drift check is for Ambient SDK (#999) (6ef9f98)
• serve version from backend instead of frontend env var (#998) (7b6f4eb)
• fix(runner): improve ACP MCP tools (#1006) (26be0f9)
• chore(manifests): scale up frontend replicas and backend/minio resource limits (#1008) (b331da1)
• fix(operator): remove per-session monitorPod goroutines to fix memory leak (#1004) (76558b4)
• fix: use per-message credentials in shared sessions (#989) (0d78e86)
• Claude/daily sdk update action (#661) (86f82e6)
• fix(backend): resolve issue with concurrent agent-session creation (#986) (de009dc)
• Enhance Bugfix Workflow tutorial with detailed phases (#977) (64f168f)
• Add changelog feature to ACP menu (#978) (8475f53)
• fix(backend): inherit parent userContext in child sessions (#988) (6b21778)

Full Changelog: v0.0.33...v0.0.34