Release Notes
Jul 5, 2026
Section titled βJul 5, 2026βThe largest single commit in recent history landed: Phase 5 HA (Mode 3) support β a complete high-availability architecture for chat integrations with gRPC broker protocol, advisory lock failover, standalone Discord deployment, and an integration runtime library. Platform skills also became embedded in the binary.
π Features
Section titled βπ Featuresβ- [HA]: Phase 5 HA (Mode 3) support β a sweeping ~26,600-line change across 92 files delivering:
- gRPC broker protocol (
proto/broker/v1/) for cross-process integration communication with adapter, factory, and server - Integration runtime library (
pkg/integration/runtime/) with config resolution (DB > env > YAML layering), admin signal listener, update signal handling with status write-back, and schema retry with backoff - Standalone Discord entry point with
--standaloneflag, Postgres-backeddiscord_pending_links, advisory lock loop with takeover delay and lock-loss detection, gRPC health service, and graceful shutdown ordering - Transactional NOTIFY for admin signals, cross-integration ID leakage guards,
updated_bytracking - PostgresConfigProvider for HA config persistence replacing YAML-only storage
- Multi-stage Dockerfile and comprehensive standalone deployment documentation (#608)
- gRPC broker protocol (
- [Agent]: Platform skills embedded in binary via
go:embedand injected into all agents at provisioning time βscion,scion-cli-operations,scion-messaging,agent-status-signals,team-creation, andgit-sandbox(conditional onisGit=true). Runs after template skills but before workspace skills (#610).
π Fixes
Section titled βπ Fixesβ- [Hub]: Check hub-scoped env vars in
hasAnyKeycredential check β child agents whose owner is a parent agent (not a human user) can now find credentials at hub scope (#611). - [Claude]: Fixed env overlay variable resolution in
provision.pyβ values now read fromauth_candidates.jsonor staged secrets instead ofos.environ, with_resolve()fallback to shell references (#607). - [Claude]: Expanded env var references in Vertex AI env overlay β replaced literal
'${VAR_NAME}'strings with actualos.environ.get()calls across all auth branches (#606).
Jul 4, 2026
Section titled βJul 4, 2026βA quieter holiday day focused on auth correctness: the hubβs credential detection was fixed to evaluate all config-driven auth types, GCP service account assignments are now honored for file-based credential skipping, and several regressions from the builtin harness removal were patched.
π Fixes
Section titled βπ Fixesβ- [Hub]: Fixed
hasRequiredAuthCredentialsto auto-detect auth type before checking requirements β whenHarnessAuthis empty (auto mode), the hub now iterates all auth types fromauthMeta.Typesinstead of short-circuiting on the compiled api-key default. Correctly detects file-based credentials likeCODEX_AUTHandgcloud-adc(#605). - [Hub]: Honor
skipped_when_gcp_service_account_assignedβ when a project has a verified GCP service account, file requirements marked with this flag are treated as satisfied, preventing false no-auth fallback (#604). - [Hub]: Accept
projectPath/projectSlugkeys in brokerstartAgenthandler for backwards compatibility. - [Harness]: Restored missing
StageCaptureAuthAssetscall inprovision.goβ the builtin harness removal (#600) accidentally deleted this line, causing a build error. - [Shell]: Improved bash shebang lines to use
#!/usr/bin/env bashconsistently, avoiding stale bash versions.
Jul 3, 2026
Section titled βJul 3, 2026βA milestone cleanup and expansion day: the entire builtin harness system was deleted (-3486 lines), Slack landed as a full chat integration, the hub gained graceful SSE reconnect for Cloud Run, and Claudeβs provisioner received OAuth capture and Vertex AI fixes.
π Features
Section titled βπ Featuresβ- [Slack]: Full Slack chat integration as a standalone plugin module β Events API and Socket Mode support, Block Kit formatting, slash command tree (
/scion setup, register, msg, agents, status), ask-user modal flow, SQLite state store with WAL, hub API client with HMAC signing, per-user registration with code flow (#591). - [Slack]: Slack integration management added to the chat admin UI (#599).
- [Hub]: Auto no-auth fallback in pre-dispatch validation β when auth is
autoand the harness supportsdrop-to-shell, the hub now accepts the agent without credentials instead of rejecting it for missing env vars (#595). - [Hub]:
SCION_IMAGE_REGISTRYenv var takes precedence oversettings.yamlfor image registry resolution (#594).
π Fixes
Section titled βπ Fixesβ- [Hub]: Graceful SSE reconnect before Cloud Runβs 3600s hard timeout β server sends a
reconnectevent at 3500s and closes cleanly so the client auto-reconnects per the SSE spec (#590). - [Hub]: Fixed
BootstrapBundledResourcesto update existing configs when content changes β split skip logic intoSkipCreate(respects user deletions) and an always-run update path with content hash comparison (#592, #596). - [Claude]: Fixed Vertex AI auth detection in
provision.py(#598). - [Claude]: Capture OAuth token (
sk-ant) fromsetup-tokenasCLAUDE_CODE_OAUTH_TOKEN, restricted tooatprefix and most-recent token (#587). - [Claude]: Added
fableas XL model alias and updated no-auth login command. - [Agent]: Fixed no-auth auto-resolve UI β
HarnessAuth="none"now propagated back through broker response so the web UI shows the Capture Auth button correctly. Auth method display shows resolved method instead of βcontainer-scriptβ (#586). - [Message]: Closed remaining silent-drop gaps for
--plain/--notify/--channelflag combinations with--in/--atand local mode (#584). - [Harness]: Image status follow-up fixes β error propagation, nil checks, file permissions, atomic write, and
ValidateStoragehash error handling (#585, #593). - [Gemini]: Set Gemini CLI default model to 3.5 Flash.
- [Hub]: Address review comments on
handlers_integrations.go(#588). - [CI]: Fixed
gofmtstruct field alignment intypes.goandmodels.go(#589).
ποΈ Removals
Section titled βποΈ Removalsβ- [Harness]: Removed the entire dead builtin harness system β -3486 lines. All harnesses now use container-script provisioning (#600).
π§ Chores
Section titled βπ§ Choresβ- [Deps]: Bumped
golang.org/x/netin scion-broker-log (#597).
Jul 2, 2026
Section titled βJul 2, 2026βA day of polish and depth: harness-config images gained build status tracking with registry probing, the plugin system got hub-mediated install/update flows, skills and templates were factored across repos, and no-auth provisioning learned to auto-fallback gracefully.
π Features
Section titled βπ Featuresβ- [Harness]: Track and display container image status per harness-config β new
image_statuscolumn with local and remote registry checks (including anonymous Docker Hub auth), async refresh on detail page, startup recheck with errgroup concurrency, and list/filter/badge UI (#583). - [Harness]: No-auth auto-fallback and auto-run suggested command β when no credentials are available, provisioning falls back to no-auth mode automatically and surfaces the suggested auth command (#582).
- [Harness]: Auto-inject workspace skills during provisioning β skills in the workspace
skills/directory are automatically made available to agents at provision time (#573). - [Chat Admin]: Hub-mediated plugin updates and first-time install (Phase 4) β
UpdatePluginrebuilds from source and restarts,InstallPluginhandles first-time build+load,GET /integrations/availablelists installable plugins, andFanOutEventBusgains mutex-protected spoke management for thread-safe dynamic plugin lifecycle (#570). - [Web]: Labels card on agent detail Configuration tab β displays agent labels as
sl-tagpills, hidden when no labels are set (#581).
π Fixes
Section titled βπ Fixesβ- [Capture Auth]: Propagate exec exit codes and standardize conflict handling β broker now unwraps
exec.ExitErrorfor real exit codes instead of hardcoding 0. Allcapture_auth.pyscripts detect βalready existsβ and exit with code 3 (EXIT_CONFLICT), parsed by a frontend dialog offering Force Update or Cancel (#577). - [Build]: Slimmed Cloud Build source upload from ~2365 files / 38.5 MiB to ~942 files / 12.5 MiB via
.gcloudignore, with anchored patterns to preserveimage-build/scripts/and template embeds (#579). - [Build]: Included Dockerfiles in cloud-build context and refocused build pipeline on harness catalog with gemini-cli build step (#576).
- [Build]: Run
go mod tidybeforego buildin plugin install/update to prevent stale module errors (#574). - [Hermes]: Added
--break-system-packagesto pip install for PEP 668 compatibility (#580). - [Hermes]: Installed
python3-pipin Hermes harness Dockerfile (#578). - [Antigravity]: Bumped AGY_VERSION to 1.0.16 in Dockerfile.
- [Base]: Added Playwright CLI to base image.
π Refactor
Section titled βπ Refactorβ- [Skills/Templates]: Factored skills and templates across scion, teamv1, and contrib repos β created
scion-cli-operationsandgit-sandboxworkspace skills, promotedscion-messagingandagent-status-signalsfrom teamv1, moved fork templates to correct destinations, retired status boilerplate from defaultagents.md(#575).
π Docs
Section titled βπ Docsβ- [Glossary]: Reworked Modes section with availability tiers (single-node hosted vs HA hosted) and tenancy as an orthogonal dimension (#571, #572).
Jul 1, 2026
Section titled βJul 1, 2026βA massive infrastructure day: the harness system was refactored from compiled builtins to a bundled resource catalog with directory-based provisioning, a Gemini CLI harness shipped, chat integration admin landed across API and UI phases, the A2A bridge adopted the official SDK, and HA reliability received targeted fixes.
π Features
Section titled βπ Featuresβ- [Harness]: Normalized Claude to directory-based provisioning β moves Claudeβs harness config from compiled Go code to a standalone
harnesses/claude/directory, completing the pattern established by PR #279βsprovision.pymigration (#548). - [Resources]: Introduced bundled resource catalog for Templates and Harness-configs β embedded resources are now declared in a catalog and promoted through a
ResourceSourceinterface withBootstrapSourcefor the hosted startup path andMaterializeBundledResourcesfor workstation local seeding (#549, #550, #551, #552). - [Harness]: Gemini CLI container-script harness bundle β full provisioning model with API key/OAuth/Vertex AI auth detection, model aliases,
capture_auth.py, Dockerfile, and Cloud Build config. Migrates Gemini from the builtin harness to the same pattern as Claude (#563). - [Build]: Refocused image builds on base image and harness catalog β build pipeline now produces a single
scion-baseimage plus per-harness images from the catalog (#561). - [Chat Admin]: Chat integration admin API endpoints (Phase 2) β CRUD operations for managing integration plugins via the Hub API (#543).
- [Chat Admin]: Chat integration admin UI (Phase 3) β new
/admin/integrationspage with list/detail views, config forms, secrets management, and restart controls (#556). - [A2A Bridge]: Adopted the official
a2a-goSDK for protocol handling β replaces hand-rolled JSON-RPC with spec-compliant server,ScionExecutorbridges SDK events to Scion Hub routing. Preserves auth, metrics, and multi-project routing (#362). - [Hub]: HA robustness improvements β added scheduler jitter (0-30s) and increased non-critical task intervals from 1 to 5 minutes to prevent DB connection thundering herd. Idempotent broker secret for co-located mode survives Cloud Run restarts (#555).
- [Hub]: Storage validation, repair, and CLI
validatecommands for diagnosing and fixing storage inconsistencies (#553).
π Fixes
Section titled βπ Fixesβ- [Agent]: Exclude soft-deleted agents from slug lookup and clean stale directories (#547).
- [Message]: Reject
--attachin local (no-Hub) mode instead of silently dropping attachments β also rejects--attachcombined with--in/--atsince scheduled sends donβt carry attachments. - [Build]: Skip image registry rewrite for fully qualified references β prevents double-prefixing when images already include a registry hostname (#566).
- [Web]: Dir-browser UX improvements and safety fixes (#559).
- [Server]: Improved server lifecycle reliability (#558).
- [Config]: Updated
allow_container_script_harnessesdefault totruein schema (#557). - [Config]: Misc correctness fixes β Makefile,
InitProject, GitHub URL import (#560). - [Web]: Added plug icon to bundle and hidden
bot_idfrom config UI (#562). - [Harness]: Removed legacy seeding dead code and fixed logger subsystem (#554).
π Docs
Section titled βπ Docsβ- [Build]: Warned that
go installproduces a blank web UI and fixed build-from-clone steps (#565).
π§ Chores
Section titled βπ§ Choresβ- [Deps]: Bumped
golang.org/x/netin A2A bridge (#569).
Jun 30, 2026
Section titled βJun 30, 2026βA landmark feature landed: the managed agent backend, enabling Scion to orchestrate cloud-hosted agents (starting with Googleβs Gemini API) alongside its existing container-based runtime. The glossary was also ported to the repo root.
π Features
Section titled βπ Featuresβ- [Managed Agent]: Added the
ManagedAgentBackendinterface and Google API client β introduces a new execution path whereManagedAgentManagerimplements the existingManagerinterface but delegates to a cloud API instead of a local Runtime+Harness pair. The first backend targetsgenerativelanguage.googleapis.com(Gemini API). Includes SSE stream parser, hub handlers for managed agent CRUD, design document, and ~2800 lines of new code across 21 files (#541).
π Docs
Section titled βπ Docsβ- [Glossary]: Ported runtime broker taxonomy to root
GLOSSARY.mdβ updated Runtime Broker definition and added Node-Bound Broker, Proxy Broker, Embedded Broker, Hosted Broker, and Managed Agent entries from the docs-site glossary (#546).
Jun 29, 2026
Section titled βJun 29, 2026βThe biggest day in weeks: the Claude harness was migrated from builtin to container-script provisioning, a full Cloud Run HA deployment stack landed (Dockerfile, IAP auth, stateless broker routing, Postgres locking), agent labels shipped as a core feature, and chat integrations began a config refactor with secrets migration.
π Features
Section titled βπ Featuresβ- [Harness]: Migrated Claude harness from builtin to container-script provisioning β
provision.pyhandles Claudeβs 4-way auth precedence (API key β OAuth β auth-file β Vertex AI), API key pre-approval, MCP server translation, and env var overlay. Includes parity tests verifying identical output to the compiled harness. Compiled fallback preserved for existing installations (#279). - [Hub]: Chat integration config refactor + secrets migration (Phase 1) β added
IntegrationConfigProviderwith YAML-based per-integration config files, well-known secret key constants for Telegram/Discord/Google Chat, and aLoadPluginConfigFilehelper that merges file-based config with inline config while filtering secrets (#537). - [Agent]: Agent-specific key-value labels added to the core data model β labels can be set at creation time, displayed on agent detail pages, and filtered/sorted in the agent list view (#531).
- [Hub]: Multi-stage
Dockerfile.hubfor Scion Hub β builds frontend assets, embeds them in the Go binary, usesCGO_ENABLED=0for a static binary compatible with Debian runtime. Iteratively refined through several commits to fix npm scripts, web asset embedding, and root Dockerfile sync. - [Hub]: IAP proxy auth middleware for Cloud Run β creates hub sessions from IAP identity headers, re-evaluates admin role on every request (not just login), and reduces DB connection pool size for hosted deployments (#530 follow-up).
- [Deployment]: Reworked Cloud Run HA deployment config β overhauled
deploy.shandhub-settings-template.yamlwith fail-closed HA preflight checks, stateless broker lifecycle routing, IAP audience normalization, and Postgres advisory locking for safe concurrent migrations.
π Fixes
Section titled βπ Fixesβ- [Hub]: Expire stuck pending messages in broker-message-sweep β messages that remain in
pendingstatus beyond a threshold are now cleaned up automatically (#545). - [Hub]: Narrowed hosted HA preflight to actual HA deployments β previously the preflight blocked single-instance startups that happened to have Postgres configured (#544).
- [Runtime]: Made
SCION_FORCE_HOST_NETWORKescape hatch runtime-agnostic β works correctly with Docker, Podman, and Apple Container instead of assuming Docker-only semantics. - [Hub]: Stateless Cloud Run broker routing β
deriveCloudRunLogicalBrokerIDnow returns errors when project/region is unavailable instead of proceeding with empty values. - [Hub]: IAP audience trailing-slash trimming and
render_settingsescaping fix for deploy scripts. - [Hub]: Postgres migration advisory lock with proper error handling on deferred unlock, preventing concurrent migration races.
- [CI]: Resolved
gofmtandgolangci-lintfailures on main (#538).
π Docs
Section titled βπ Docsβ- [Glossary]: Revised runtime broker glossary with broker taxonomy β node-bound vs proxy, standalone vs embedded β with entries for Hosted Broker, Managed Agent, and cross-references (#539, #540).
π§ Chores
Section titled βπ§ Choresβ- [Changelog]: Merged June 28 entry (#529 follow-up).
Jun 28, 2026
Section titled βJun 28, 2026βA large batch of platform improvements landed: Apple Container gained build support and DNS connectivity, a new Hermes Agent harness shipped, Cloud Build became an alternative image builder, and the auth pipeline was decoupled from harness-specific Go code. Chat integrations received several reliability fixes.
π Features
Section titled βπ Featuresβ- [Runtime]: Apple Container added as a build-capable runtime on macOS β
DetectContainerRuntime()now discovers thecontainerbinary (Apple Virtualization framework), and tag/push commands use the cross-runtimeimagesubcommand form (#509). - [Runtime]: Apple Container DNS support for Hub connectivity β when using the
containerruntime,EnsureAppleDNScreates a DNS rule so agent containers can resolve the Hub API endpoint. Onboarding UI triggers setup automatically when Apple Container is selected (#528). - [Harness]: Hermes Agent harness bundle β complete scaffold with API key auth (Anthropic > OpenAI > Google AI Studio precedence), instruction projection into
AGENTS.md, MCP server config, model alias resolution, capture-auth for no-auth flow, and 16 provision tests (#519). - [Build]: Google Cloud Build support for harness-config image builds β new
CloudBuildHarnessConfigExecutoruploads build context to GCS, submits multi-arch builds (linux/amd64,linux/arm64), and streams logs. CLI gains--builder cloud-buildflag. System status API exposes Cloud Build availability for the frontend (#521). - [Auth]: Decoupled auth pipeline from harness-specific Go code (Phases 1-2) β harness-config hydration now runs during the env-gather pre-check so config-driven auth metadata is available before the broker requests env vars. Generic
EnvVarsmap onAuthConfigreplaces hardcoded paths; the Copilot harnessβs GitHub tokens now flow through config alone (#516). - [Agent]: Retry with exponential backoff and two-layer TTL cache for the GitHub skill resolver (#525).
- [Web]: Moved Capture Auth button to the terminal page for easier access (#520).
π Fixes
Section titled βπ Fixesβ- [Hub]: Admin role re-evaluated on every login and token refresh β previously only set at user creation, so config changes to admin emails had no effect on existing users (#530).
- [Discord]: Require thread ID for forum channels to prevent broadcast β messages to forum-type channels without a thread ID are now rejected with an actionable error instead of broadcasting to all threads (#522).
- [Telegram]: Restore backtick code spans stripped by Telegramβs entity parser β the broker now reconstructs inline code and code blocks from
code/preentities, andstripMentionspreserves whitespace and indentation (#518). - [Chat]: Propagate hub errors (403, 404, 500) back to chat channels with user-facing messages instead of swallowing them silently. Discord broker pre-validates target agents against the cached agent list to catch deleted-agent routing immediately (#517).
- [Runtime]: Replace bind-mount secret staging with env-var pipeline for stateless brokers, fixing credential delivery when the filesystem is read-only (#523).
- [Message]: Enforce 2000-character limit on messages with an actionable error for oversized payloads (#524).
- [Web]: Detect incomplete embedded assets and serve a helpful error page instead of a blank screen (#526).
π§ Chores
Section titled βπ§ Choresβ- [CI]: Added
handlers_projects_core.goandhandlers_runtime_brokers.goto the compat-literals allowlist for legitimate legacy grove literals (#527).
Jun 27, 2026
Section titled βJun 27, 2026βA single targeted fix: GitHub URL parsing now correctly handles branch names containing slashes when resolving remote template references.
π Fixes
Section titled βπ Fixesβ- [Config]: Handle branch names with slashes in GitHub URL parsing β
resolveGitHubRefnow usesgit ls-remote --headsto disambiguate branch vs path segments, picking the longest matching ref. Previously, branches likefeature/foowere incorrectly split at the first slash, misidentifying part of the branch name as a file path (#503).
Jun 26, 2026
Section titled βJun 26, 2026βA harness-heavy day: the Codex harness received critical auth fixes for file-based credentials, a new GitHub Copilot CLI harness shipped end-to-end tested, OpenCode gained Vertex AI auth support, and several provisioning issues were resolved.
π Features
Section titled βπ Featuresβ- [Harness]: GitHub Copilot CLI harness bundle β complete harness with build integration, provisioner with resilient auth fallback to no-auth mode when hub-registered configs havenβt staged auth keys yet, and env var fallback for tokens in container environment (#506).
- [OpenCode]: Vertex AI auth support β autodetects GCP project + location env vars and writes
VERTEXAI_PROJECT/VERTEX_LOCATIONtooutputs/env.json. Lowest priority fallback after api-key and auth-file. - [Harness]: Stage
required_filesas secrets instead of bind-mounting β reads file content on host and stages as 0600 secret files underagent_home/.scion/harness/secrets/, fixing read-only filesystem crashes when harnesses try to write to credential files (#498).
π Fixes
Section titled βπ Fixesβ- [Codex]: Write fresh writable
auth.jsonfrom staged secret in auth-file mode, fixinglchown: read-only file systemcrash at Codex startup (#501). - [Codex]: Validate
CODEX_AUTHsecret is valid JSON before writing to~/.codex/auth.json, surfacing clear errors at provisioning time instead of opaque startup failures (#499). - [Codex]: Updated no-auth hint to suggest
codex login --device-authinstead of generic message (#504). - [Hub]: Registered missing
/api/v1/message-channelsroute that was causing 404s for--channelflag in the CLI (#502). - [Sciontool]: Prevent
__pycache__creation during harness provision by settingPYTHONDONTWRITEBYTECODE=1, fixingscion deletepermission errors from root-owned bytecache on bind-mounted agent home (#505). - [Web]: Move Name field above Workspace Type in new project form (#507).
- [Web]: Clean
distdirectory before build to prevent stale chunk accumulation (#508).
π§ Chores
Section titled βπ§ Choresβ- [CI]: Fixed TypeScript errors in metrics-dashboard causing CI failure (#500).
Jun 25, 2026
Section titled βJun 25, 2026βA major push on harness development β the Codex harness gained notification hooks, dialect YAML configuration, OTEL telemetry support, and template instructions. Antigravity was pinned to a specific release, briefly switched to ADC auth, then reverted. The Hub handlers were split by resource for maintainability.
π Features
Section titled βπ Featuresβ- [Codex Harness]: Notification hooks enabled β harness now fires lifecycle events and OTEL-escaped telemetry configuration for agent observability (#482, #488).
- [Codex Harness]: Dialect YAML configuration β maps model aliases and API conventions for the Codex harness (#484, #486).
- [Codex Harness]: Project template instructions β added instruction projection with hardened output and dropped unused system prompt file (#483).
- [Codex Harness]: Extended OTEL config support for richer telemetry integration (#494).
- [Codex Harness]: Updated model aliases (#481).
- [Antigravity]: Pinned CLI binary to v1.0.11 from GitHub Releases for build reproducibility, with
TARGETARCHmapping for multi-platform support (#487). - [Sciontool]: Hook support for bundled dialect overrides, allowing harness-specific model mapping to be shipped with the harness config (#485, #489).
π Fixes
Section titled βπ Fixesβ- [Antigravity]: Added missing field extractions (
session_idfrom.conversationId,tool_inputfrom.toolCall.args) and removed falsetool_nameextraction fromPostToolUse. Declaredmax_model_callsas supported capability (#490). - [Antigravity]: Disabled ADC auth for vertex-ai (USE_ADC not yet functional in AGY CLI) and reverted to requiring
AGY_TOKENwith keyring injection. GCP location fallback and v1.0.11 pin preserved (#497). - [Codex Harness]: Write instructions under container home directory (#491).
- [Codex Harness]: Make notify hook executable (#492).
π§ Chores
Section titled βπ§ Choresβ- [Hub]: Split monolithic handlers.go by resource type for maintainability (#480).
- [Docs]: Changelog updates merged (#changelog).
Jun 23, 2026
Section titled βJun 23, 2026βA light day with fixes to metrics reporting and capture-auth error handling.
π Fixes
Section titled βπ Fixesβ- [Metrics]: Fixed 7 review findings β handle all
KeyValuetypes inattrSetKey(bool, double, zero int, empty string), simplify duration alignment to useTruncate, remove raw error messages fromX-Metrics-WarningHTTP headers, and move chart rendering side-effects fromrender()toupdated()lifecycle. - [Capture Auth]: Treat βalready existsβ as successful capture β previously returned
(False, None)causing the main loop to trigger a keyring fallback that also failed on the same condition (#479).
Jun 22, 2026
Section titled βJun 22, 2026βSkill publishing was simplified with a new multipart upload path replacing the 3-step signed-URL flow, and Antigravity auth received several fixes for token format handling and keyring capture.
π Features
Section titled βπ Featuresβ- [Skill Bank]: Replaced signed-URL upload with multipart POST for skill version publishing β server now handles hash computation, storage upload, and publishing atomically in a single request. Added
DeleteSkillVersionstore method for cleaning up failed draft uploads. Web UI simplified by removing client-side SHA-256, concurrent upload semaphore, per-file retry logic, and finalize step. Skill create page gained a βPublish first versionβ toggle for combined create+publish flow (#474).
π Fixes
Section titled βπ Fixesβ- [Antigravity]: Accept nested AGY token format with
auth_methodenvelope β validation now handles both flat and nested{"token": {...}, "auth_method": "..."}layouts (#471). - [Antigravity]: Capture token from gnome-keyring when AGY doesnβt persist the file β
capture_auth.pyfalls back tosecret-tool lookupvia saved DBUS session address (#477). - [Antigravity]: Deduplicate capture-auth entries when the same secret key appears in multiple auth types, and treat βalready existsβ errors as silent skips (#478).
- [Skill Bank β M5]: Code review fixes β
cmd.Context()for Ctrl+C support, case-insensitive URI scheme detection (RFC 3986), pointer fields for partial updates, store constants instead of hardcoded strings, fix for clearing pinned hashes (#470).
Jun 21, 2026
Section titled βJun 21, 2026βAntigravity auth was iterated on significantly β gnome-keyring was restored after the previous removal broke flows, token paths were fixed for bind-mounted secrets, and GCP settings detection was patched. A lifecycle hooks integration with Google Cloud Agent Registry was demonstrated, and the build system learned to use config.yaml image names.
π Features
Section titled βπ Featuresβ- [Antigravity]: Restored gnome-keyring to the provision flow β AGY requires keyring initialization before writing the OAuth token file, so keyring packages, DBUS initialization, and
secret-toolinjection were added back while keeping theAGY_TOKENrename (#461). - [Lifecycle Hooks]: Added
PROJECT_SLUGas a trusted lifecycle hook variable and demonstrated Google Cloud Agent Registry integration β hooks POST an A2A agent card on agent start and DELETE the registration on stop. Includes integration test and docs example. Also fixedVerificationStatusderivation in the ent adapter (#demo). - [Skills]: Hand-tuned team-builder skill content.
π Fixes
Section titled βπ Fixesβ- [Antigravity]: Read
AGY_TOKENfrom bind-mounted target path (~/.gemini/antigravity-cli/antigravity-oauth-token) instead of the env secret staging directory, fixing token detection in_select_auth_method,_provision, andagy-wrapper.sh(#465, #469). - [Antigravity]: Patch GCP settings block for oauth-token agents when
GOOGLE_CLOUD_PROJECTis present in the container environment, fixing the gate that only triggered on the enterprise marker file orAGY_USE_GCPenv var (#462). - [Build]: Use
config.yamlimage field to determine output image name instead of always using the harness-config CLI argument, ensuring the built image matches the intended name from the config (#463, #464, #468).
Jun 20, 2026
Section titled βJun 20, 2026βThe Antigravity harness was simplified by dropping gnome-keyring in favor of file-based OAuth, the skill creation UX was overhauled with a combined create+publish flow, and the metrics pipeline gained critical fixes for GCP project resolution and hook metric routing.
π Features
Section titled βπ Featuresβ- [Antigravity]: Removed gnome-keyring dependency and switched to file-based OAuth token placement β the token is written directly to
~/.gemini/antigravity-cli/antigravity-oauth-token, eliminating DBUS/keyring daemon complexity. Dockerfile drops 4 packages (#460). - [Antigravity]: Use official install script for CLI installation (#453).
- [Skills β Create UX P1]: Combined create+publish flow on the skill creation page β SKILL.md textarea with auto-populated fields from YAML frontmatter (debounced parsing, manual edit tracking), drag-and-drop file upload with signed-URL pattern and SHA-256 hashing, inline multi-step progress view, per-file status indicators with retry support, and file validation (50 files max, 10MB/file, 50MB total) (#455).
- [Config]: Added
namefield to harness-configconfig.yamlso config authors can declare the intended name independently of the directory name. Resolution priority: CLI flag > config.yaml > harness field > URL-derived. Includes path traversal validation and JSON schema pattern constraint (#456). - [Web]: βCapture Authβ button on agent detail page for no-auth running agents β calls
capture_auth.pyinside the container with exit code handling (#459). - [Metrics]: Diagnostic logging when the telemetry pipeline receives data without a cloud exporter (sync.Once warning on first invocation). GCP project ID resolution from metadata server as fallback, fixing the pipeline on instances with working metadata but no explicit credentials. Hook metrics now route through the pipeline OTLP receiver instead of creating per-invocation exporters, preventing Cloud Monitoring sampling rate violations (#458).
- [Metrics]: Registered
ModelResponsehook to enable token metrics from Claude Code (#458).
π Fixes
Section titled βπ Fixesβ- [Antigravity]: Use
TARGETARCHDocker build arg instead ofuname -mfor correct multi-platform support under cross-compilation (#457).
Jun 19, 2026
Section titled βJun 19, 2026βHarness config management gained delete and image status UI, agent logs got a broker-based fallback, and skill version publishing became idempotent for interrupted drafts.
π Features
Section titled βπ Featuresβ- [Web]: Harness-config detail page improvements β delete button with confirmation dialog, image status section showing image path (local vs remote) and last update time, and
HarnessConfigDatatype to surfaceconfig.imagefrom the API. Agent detail logs tab now always visible, falling back to broker-based/api/v1/agents/{id}/logswhen Cloud Logging is not configured (#452).
π Fixes
Section titled βπ Fixesβ- [Hub]: Made skill version publish idempotent for draft versions β retrying after an interrupted upload/finalize now returns the existing draft with fresh upload URLs instead of a 409 Conflict. Published/deprecated/archived versions still reject duplicates (#451).
- [Hub]: Added missing user-scope authorization check in
deleteHarnessConfigand defaulteddeleteFilescheckbox to unchecked so users must opt in to file deletion (#452).
Jun 18, 2026
Section titled βJun 18, 2026βA productive day spanning the harness config lifecycle, template import UX, agent visualization, and build infrastructure. The harness journey P1 landed with source URL tracking and reimport flows, while template imports gained a discovery/selection dialog.
π Features
Section titled βπ Featuresβ- [Harness Config β Journey P1]: Added
source_urlfield to track import origin for harness configs and templates. New reimport endpoint (POST /reimport) re-imports from stored or overridden source URL. CLIscion harness-config updatecommand with--urland--allflags. Web UI shows source URL as clickable link with a βRefresh from Sourceβ button (#447). - [Templates]: Template discovery and selection dialog for bulk imports β discover endpoints scan for available resources without importing, and when multiple templates are found, a checkbox dialog lets users choose which to import. Single-template sources import directly (#437).
- [Agent Viz]: Customizable agent colors via color picker (persisted in localStorage), replay button for seek-to-start, sender-colored comms cards with smarter collapsed summaries that understand structured JSON payloads (#436).
- [Build]: Sync built image reference back to Hub after
scion buildβ auto-syncs the updatedconfig.yamlto Hub with recalculated file manifest and content hash, so the locally-built image is actually used at agent start (#444). - [Server]: Startup warning when the server binary is built without embedded web assets, with a self-contained HTML page served from the static asset handler (#445).
π Fixes
Section titled βπ Fixesβ- [Harness]: Pass Hub-hydrated harness-config path to
harness.Resolvein both run and provisioning paths β previously Hub-managed configs hydrated into temp directories were invisible, causing fallback toGeneric{}harness with an empty shell command (#450). - [Templates]: Import progress streaming now works on per-project endpoints (NDJSON support), and single-template imports are correctly scoped to the discovered resource (#443).
- [Messaging]: Tightened web channel default to actual web clients only (not CLI or API callers) (#448).
- [Build]: Use default Docker builder for local builds instead of custom container builder, fixing intermediate image resolution; use
BUILDX_BUILDERenv var to avoid mutating global Docker config (#442).
π§ Chores
Section titled βπ§ Choresβ- [Deps]: Bumped dompurify (β3.4.9, β3.4.11), js-yaml (β4.2.0), vite (β6.4.3), rclone (β1.74.3), astro (β6.4.8) (#430, #431, #432, #438, #439, #440, #441).
Jun 17, 2026
Section titled βJun 17, 2026βA targeted fix for message display in the agent detail view, improving both data completeness and access control.
π Fixes
Section titled βπ Fixesβ- [Messaging]: Fixed message display in agent detail view β web UI messages now default to
channel: "web"and persistchannel/threadIDfields on message records. Agent managers (owners, project admins, global admins) can now see all messages including those from chat integrations, while other users only see messages where they are a participant (#435).
Jun 15, 2026
Section titled βJun 15, 2026βA settings loading fix resolved a split-brain bug for git projects, the Skill Bank web UI received QA polish, and agent-viz gained Markdown rendering for inter-agent messages.
π Features
Section titled βπ Featuresβ- [Agent Viz]: Render inter-agent comms transcript as Markdown with per-message collapse β messages expand from a one-line plain-text summary to full formatted Markdown on click. Includes security hardening (HTML escaping before
marked.parse()), lazy parsing for performance, and 1,000-char summary truncation (#427).
π Fixes
Section titled βπ Fixesβ- [Config]: Fixed split-brain settings loading for git projects with
project-idβ in-repo.scion/settings.yamlwas silently skipped when split storage was configured, causing global settings to override project-level settings. The merge chain is now: defaults β global β in-repo β external β env. Also fixedscion config dirto show the effective config directory and added warnings for profiles/runtimes in in-repo settings. - [Web β Skill Bank]: QA fixes β added
storage.googleapis.comto CSPconnect-srcfor GCS uploads, fixed upload retry to use/uploadendpoint, changed registry create default trust level fromtrustedtopinned, fixed case-sensitiveSKILL.mdvalidation, hidscopeIdfor user-scoped skills, and defaulted version to1.0.0(#429). - [Runtime]: Fixed Apple container list JSON parsing for new status format.
- [Build]: Split
make allandmake installtargets sosudodoesnβt needgo/npmin PATH β workflow is nowmake all && sudo make install.
π§ Chores
Section titled βπ§ Choresβ- [Docs]: Changelog entries for June 10-14 merged to main (#433).
Jun 14, 2026
Section titled βJun 14, 2026βThe Skill Bank gained a full web UI, the Discord bot received significant fixes, and harness provisioning was hardened for no-auth mode.
π Features
Section titled βπ Featuresβ- [Web β Skill Bank UI]: Complete web interface for skill management β list page with search/scope filtering, detail page with version history and metadata, create page with scaffolding, and a publish dialog for uploading skills to the Hub. Admin pages for skill registry management (list, detail, CRUD). Added 4,200+ lines of Lit components across 7 new pages (#423).
- [Web]: Auto-link chat accounts when registration link includes
?code=parameter β shows a clean βLinkingβ¦ β Success!β flow instead of the manual code-entry form (#426).
π Fixes
Section titled βπ Fixesβ- [Discord]: Multiple fixes to the Discord bot β improved broker message handling, command routing, send queue reliability, and webhook delivery (422 lines changed across broker, commands, sendqueue, and webhooks) (#428).
- [Harness]: Handle no-auth mode in container-script provisioners, preventing auth-related failures when agents are configured without authentication (#424).
- [Build]: Added missing
!no_sqlitebuild tags to test files depending onmessagebroker_test.go, fixinggo vet -tags no_sqlitefailures (#264).
π§ Chores
Section titled βπ§ Choresβ- [Style]: Minor
gofmtformatting fixes (#264).
Jun 13, 2026
Section titled βJun 13, 2026βA2A multi-turn conversations shipped as a series of commits, transforming the bridge from single-turn MVP to full multi-turn lifecycle support. Alongside that, secrets handling was fixed for double-encoding, the project detail agent list gained filtering, and several CI/build issues were resolved.
π Features
Section titled βπ Featuresβ- [A2A Bridge β Multi-Turn Lifecycle]: Tasks no longer auto-close on the first content message. Content messages are now broadcast with
state=workingandFinal=false, keeping the task alive. Task lifecycle is driven solely by agent state-change messages:working/thinking/executingβ working,waiting_for_inputβ input-required,completed/error/stalledβ terminal states. This enables agents to ask clarifying questions, send progress updates, and emit interim artifacts before completing. - [A2A Bridge β Follow-Up Messages]:
message/sendwith ataskIDroutes to the existing agent, continuing the conversation. Verifies task ownership, rejects terminal-state tasks, and works with both blocking and non-blocking modes. - [A2A Bridge β Capability Advertisement]: Agent cards now advertise
streaming=trueandpushNotifications=true, reflecting the implemented multi-turn support. - [Hub]: Restored harness-config build UI and executor that was accidentally removed by PR #412 β includes the build image button, dialog, log streaming, and seeded operation (#420).
- [UI]: Added filter and sort controls to the project detail agent list (#414).
π Fixes
Section titled βπ Fixesβ- [Secrets]: Fixed secret API base64 handling β store decoded plaintext instead of base64-encoded values, preventing double-encoding when secrets are injected as environment variables. Added 128KB
MaxBytesReaderlimits and frontend-side base64 encoding viaTextEncoder(#418). - [A2A Bridge]: Preserve
input-requiredstate on content messages instead of unconditionally resetting toworking. Useprojectcompattopic helpers instead of hardcoded patterns. AddedTouchTaskstore method for timestamp refresh (#421). - [Ent]: Regenerated ent client to remove stale
discordpendinglinkimport (#419). - [Auth]: Stricter email validation using
net/mail.ParseAddress(#411). - [Hub]: Fixed duplicate
no_authkeys and missing field schema attribute (#412). - [Skill Bank]: Fixed SQLite pin compatibility and skill name validation (#415).
π Security
Section titled βπ Securityβ- [Runtime]: Protected metadata server shutdown endpoint from unauthorized access (#422).
π§ Chores
Section titled βπ§ Choresβ- [CI]: Added esbuild as explicit dev dependency for Vite 7 compatibility (#416).
- [Build]: Bumped esbuild and vite (β v8.0.16) in web frontend (#413).
- [Style]: Applied
gofmtto all unformatted Go source files (#417).
Jun 12, 2026
Section titled βJun 12, 2026βTwo major feature PRs landed: Skill Bank M5 adds federated skill resolution across GitHub, GCP Vertex AI, and external registries, while the messaging overhaul hardens error contracts, delivery feedback, and agent wake semantics across all channels.
π Features
Section titled βπ Featuresβ- [Skill Bank β M5a: Routing Resolver]:
RoutingSkillResolverdispatches skill references by URI scheme to registered resolvers (skill://,gh://,gcp-skill://, full GitHub URLs), with the hub resolver as fallback. Wired at CLI and broker call sites, wrapped by the caching resolver (#408). - [Skill Bank β M5b: GitHub Resolver]:
GitHubSkillResolverresolvesgh://URIs and full GitHub URLs via the GitHub Contents API, with input sanitization and response size limits (#408). - [Skill Bank β M5c: Federation & Registries]: External skill registry management with CRUD admin API, federation proxy for cross-registry resolution, and trust enforcement (trusted pass-through or pinned hash verification). CLI commands under
scion skills registries. Security hardening: 10MB body size limit, redirect-following disabled to prevent credential leakage, reusable HTTP client (#408). - [Skill Bank β M5d: GCP Vertex AI Resolver]:
gcp-skill://URI resolution via Vertex AI Skills API using Application Default Credentials. Version validation, SSRF defense (HTTPS-only, same-host download URLs, no link-local/RFC1918 targets), and 1MB metadata response limit (#408). - [Messaging β Error Contracts]: Non-existent agent targets now return proper errors instead of creating orphan message rows. Scheduled events targeting deleted agents are marked as failed. Hub API 404 responses include agent slug and project context (#409).
- [Messaging β Delivery Feedback]: Persistence failures return 500 (was silent 200), missing recipients return 400 (removed silent creator fallback), broker dispatch failures return 502. Successful sends include
message_id,status,recipient, andrecipient_idin the response (#409). - [Messaging β Agent Phase Pre-Check]:
handleAgentMessagenow returns 409 Conflict for non-running agents with actionable guidance (suspended: use--wake, stopped/error: usescion start) (#409). - [Messaging β Wake Improvements]: Wake timeout bumped from 15s to 30s matching broker retry deadline. Distinct error for wake-success-delivery-failure. Messages to suspended agents without
--wakenow rejected with clear error (#409). - [Messaging β Integration Feedback]: Telegram plugin validates default agents before routing, reports Hub delivery errors back to originating chat with error cooldown (max 1 per 5min per chat+thread+error-type) and remediation suggestions (#409).
π Fixes
Section titled βπ Fixesβ- [Build]: Corrected
runIdJSON key mismatch in build polling that caused polling to silently fail (#410).
π§ Chores
Section titled βπ§ Choresβ- [Docs]: Added Observability section to glossary clarifying infrastructure metrics (
scion.hub.*,scion.db.*) vs agent metrics (gen_ai.*,agent.*) and the telemetry pipeline (#407).
Jun 11, 2026
Section titled βJun 11, 2026βThe skill bank feature landed in a single massive PR β a complete registry, provisioning, and caching system for reusable agent skills. This is the largest single change in the projectβs history at 18,000+ lines spanning milestones M1 through M6.
π Features
Section titled βπ Featuresβ- [Skill Bank β M1: Agent-Side Provisioning]: Added
SkillReferencetype with URI parser supporting full, shorthand, alias, and bare name forms. Integrated skill resolution into the agent provisioning pipeline with fail-closed safety (S1): required skills without a resolver cause provisioning failure. Skills are installed via staging with per-file SHA-256 hash verification (S2), path safety validation (S3), and atomic rename (#399). - [Skill Bank β M2: Hub API & Storage]: Full CRUD API for skills and versions β create, list, get, update, delete, publish with signed URL upload workflow. Batch resolve endpoint with scope search order (user > project > global > core) and semver constraint matching (exact,
^,~,>=,latest,sha256:content-addressed). Ent schemas forSkillandSkillVersionentities with comprehensive store tests (#399). - [Skill Bank β M2: CLI]:
scion skillscommand group withlist,show,create(scaffold),publish(upload + finalize),delete,versions, andresolvesubcommands. Includesscion skillsingular alias and--format jsonsupport (#399). - [Skill Bank β M3: Hub Resolver Wiring]:
HubSkillResolveradapter bridginghubclient.SkillServiceto the agentSkillResolverinterface, injected at both CLI and broker call sites with identity propagation (#399). - [Skill Bank β M4: Broker-Side Caching]: Content-hash-keyed caching for resolved skills using the existing
templatecache.Cacheinfrastructure (500MB default,~/.scion/cache/skills/). Cache hits verified with SHA-256 on read; mismatches evict and re-download. Latest/range constraints always re-resolve against Hub but skip download on cache hit (#399). - [Skill Bank β M6: Discovery & Lifecycle]: Tag filtering with AND semantics and case-insensitive matching. Deprecation workflow with version-level deprecation messages, optional replacement URIs, and warnings surfaced during resolution. Download counter with atomic per-version increment. Published versions preferred over deprecated in latest/constraint resolution (#399).
π Security
Section titled βπ Securityβ- [Skill Bank]: ActionRead authorization checks added to all read/download/resolve endpoints. User scope authorization gap fixed in
createSkill. Batch resolve item cap (max 50) to prevent abuse. Cache hit hash verification to detect corruption. HTTPS-only downloads (S5) with cross-host redirect rejection (#399).
Jun 10, 2026
Section titled βJun 10, 2026βA sweeping day of project compatibility refactoring, security hardening, and a major new Discord integration. The codebase-wide rename from βgroveβ to βprojectβ landed across endpoints, config, runtime labels, and CI guardrails. The test-login endpoint was secured with challenge tokens, harness config hydration was fixed end-to-end, and a standalone Discord bot with gRPC support shipped.
π Features
Section titled βπ Featuresβ- [Discord]: Standalone Discord bot with gRPC for HA deployment β the Discord plugin can now run as an independent process communicating with the hub via gRPC, enabling horizontal scaling and high-availability setups. Includes a new
DiscordPendingLinkentity, gRPC broker adapter, and a dedicated Dockerfile (#395). - [Scheduler]: Enabled scheduler write commands (
create-recurring,pause,resume,delete) in agent mode, removing thedispatch_prefix gate that previously blocked agents from managing schedules (#378). - [Auth]: Added challenge token authentication to the test-login endpoint β callers must present a short-lived JWT (5min TTL) signed with the hubβs user signing key and scoped to the
scion-test-loginaudience. Includes case-insensitive Bearer parsing and explicitexpclaim enforcement (#382, #392). - [Compatibility]: Project/grove compatibility boundary β added a comprehensive migration layer with legacy
/grovesroute wrappers, request body field adapters, and centralized compatibility key mapping to support clients using the old naming while the codebase transitions (#380, #387, #388).
π Fixes
Section titled βπ Fixesβ- [Hub]: Fixed harness config hydration pipeline β
populateAgentConfig()now stampsHarnessConfigID/Hashon agent records,RemoteAgentConfigthreads these fields to the broker, and database errors during slug lookup are now logged instead of silently discarded (#389). - [UI]: Fixed file badge size inconsistency (computed from filtered list instead of unfiltered total) and added missing settings page titles for harness-configs and templates detail routes (#390).
- [UI]: Applied agent list UI improvements to the project detail view (#383).
- [Runtime]: Fixed recursive glob in sparse checkout to include
home/subdirectory by switching from/*to/**pattern (#381). - [Compatibility]: Used canonical project endpoints across integrations, test fixtures, and mocks β replacing remaining
/grovesreferences (#384, #385). - [Compatibility]: Centralized runtime project label compatibility, replacing scattered literal strings (#386).
- [CI]: Fixed compat-literals CI step failing due to missing ripgrep β installs
rgin the runner and degrades gracefully when unavailable (#397).
π§ Chores
Section titled βπ§ Choresβ- [CI]: Enforced project compatibility literal guardrail in GitHub Actions with a documented contributor rule (#391, #393).
- [Docs]: Changelog backfill for June 8-9 entries merged to main (#396).
Jun 9, 2026
Section titled βJun 9, 2026βA lighter day focused on messaging improvements and fixing a hub import routing gap. Broker messages now support an interrupt prefix, Telegram formatting was fixed, and missing harness-config import routes were wired up.
π Features
Section titled βπ Featuresβ- [Messaging]: Support
!prefix in broker messages as inline interrupt β messages from Telegram, webhooks, or direct channels that start with!are now delivered with urgent/interrupt semantics, equivalent to--interrupton the CLI. Handles whitespace edge cases and defaults to βinterruptβ for bare!messages (#375).
π Fixes
Section titled βπ Fixesβ- [Messaging]: Fixed literal
\nsequences appearing in Telegram message formatting instead of actual newlines (#377). - [Hub]: Registered missing harness-config import routes β the unified
/api/v1/resources/importendpoint and the per-project/api/v1/projects/{id}/import-harness-configsendpoint were never wired up, causing 404 errors on the hub import screen. Added handlers, URL normalization, and proper error code constants (#376).
Jun 8, 2026
Section titled βJun 8, 2026βThis release strengthens the agent state and container lifecycle: agents can now be suspended and resumed with their harness session intact, crashes are surfaced as a restartable error state, and stalled agents are auto-suspended to reclaim resources.
π Features
Section titled βπ Featuresβ- Suspend & Resume with Session Continuation:
scion suspend <agent>(and--all) now tears down an agentβs container while preserving the intent to resume. Resuming β or simply runningscion starton a suspended agent β continues the prior harness conversation (Claude Code via--continue, Gemini CLI via--resume) instead of starting fresh. Suspend is available for harnesses that support session resume and is also exposed in the Web Dashboardβs lifecycle controls. See Agent Lifecycle. - Auto-Suspend of Stalled Agents: The Hub now automatically suspends agents that remain
stalledpast a grace period (~10 minutes of inactivity), reclaiming their containers. Such agents resume automatically on the next message, as long as their harness supports resume and the container is still alive.
π Fixes
Section titled βπ Fixesβ- Crash β Restartable
errorState: Agents that exit non-zero (a genuine crash, OOM, orSIGKILL) now transition to theerrorphase with a descriptive message likeAgent crashed with exit code N, distinct from a cleanstoppedexit or alimits_exceededstop. Theerrorphase is restartable βscion startclears it and launches a fresh session. (A gracefulstopsendsSIGTERM, which harnesses handle cleanly, so stopping never leaves an agent inerror.)
Mar 17, 2026
Section titled βMar 17, 2026βThis release introduces a major new GCP Identity implementation allowing agents to authenticate via metadata server emulation, alongside comprehensive new Project Settings and Agent Limits configurations in the UI.
π Features
Section titled βπ Featuresβ- GCP Identity & Metadata Emulation: Implemented end-to-end GCP identity assignment for agents using metadata server emulation and token brokering. This includes a new Web UI for Service Account management, iptables interception, per-agent rate limiting, audit logging, and telemetry metrics (consolidated from commits 2ac33bb, 961653a, d37a79c, d11318f, a5f457a, d187838, 8df2a04, 34c7056, 401a178, 52f6838).
- Project Settings & Agent Limits: Introduced a comprehensive Project Settings UI organized into General, Limits, and Resources tabs. Administrators can now configure default agent limits at both the hub and project levels, which automatically pre-populate when creating new agents (consolidated from commits c7d9585, aa5c2ff, 2ffdff8, 8f0263f, 0d87a17, 07714a1, 906a88d).
- Workspace Content Previews: Added content preview capabilities for workspace files directly within the UI (commit 53cea7c).
- CLI Enhancements: Added a
-r/--runningflag to thescion listcommand to easily filter for active agents (commit 7001035).
π Fixes
Section titled βπ Fixesβ- Project & Membership Synchronization: Resolved multiple issues with project linking and membership backfills, including fixing unique constraints on project IDs, ensuring proper legacy owner role assignments, and correctly including auto-provide brokers (consolidated from commits 4af2662, 307fb85, cb22a18, 79cc591, 1f6f16f, e14ec95).
- Storage & ID Consistency: Fixed global project ID bleed-through issues and unified agent split storage paths under
.scion/for deterministic behavior across hub-managed and external projects. Ensured cascading cleanups of templates and configs when a project is deleted (consolidated from commits fea4588, 6bb2348, a97ebd7, 023a089, 6eaf8dc, 221c736, 75bfcc0, c9d8ddf). - GCP Validation & Logging: Improved debug logging for 4xx errors and enhanced GCP Service Account validation messages, including returning capabilities in the list API response (consolidated from commits e060664, d65dc09).
- Container Lifecycle Management: Ensured agent containers are gracefully stopped before removal to prevent shared-directory mount errors (commit 8a0fabc).
- Template Synchronization: Fixed an issue where template synchronization was blocked by setting a default image for the generic harness config (commit 816c960).
- Web UI Consistency: Fixed layout issues such as status column widths in agent tables and exposed Scion version information on the admin config page (consolidated from commits 53f55b5, 7536c59).
Mar 16, 2026
Section titled βMar 16, 2026βThis release focuses on a major overhaul of user group and membership management with new authorization rules and UI enhancements, alongside significant improvements to the OpenTelemetry metrics pipeline.
π Features
Section titled βπ Featuresβ- Group & Membership Management: Overhauled the group management system by introducing human-friendly member editing, user search autocomplete in the add dialog, and strict enforcement of group ownership and authorization rules (consolidated from commits 1ae6d03, 454c80e, 5e32c9e, c2fa624).
- Telemetry & Metrics Pipeline: Enhanced the observability pipeline by exporting OTLP metrics through GCP, restoring Gemini token metric hooks, and covering Gemini native OTEL metrics (consolidated from commits 721da2b, 5e752f8, 28a9877, 4321775).
π Fixes
Section titled βπ Fixesβ- Group Constraint Fixes: Resolved multiple backend issues related to group creation and loading, including fixing dev-user UUID mapping for workstation mode, backfilling project member groups, and ensuring SQLite constraint compatibility (consolidated from commits 1993892, 4628e5f, e5c1eba, 6a4f843, 1a779c8, cb7c932).
- Agent Lifecycle: Implemented proper agent resume and restart dispatch logic on the hub (commit 30a1b74).
- Project Synchronization: Fixed an issue with re-linking stale hub projects by ensuring the project ID is regenerated from the marker file, and updated the UI to conditionally show the branch field only for git-based projects (consolidated from commits 39e0025, 2bab781).
- Container Prune Operations: Fixed the container runtime image pruning by removing the unsupported
-fflag (commit ad9f486). - Environment & Security: Improved GCE certificate checks (commit 8904e76).
Mar 15, 2026
Section titled βMar 15, 2026βThis release significantly hardens the agent workspace provisioning process for Hub-linked environments, introduces interactive terminal toolbar toggles for the web UI, and improves overall deterministic Project ID generation and management.
π Features
Section titled βπ Featuresβ- Hub-Linked Workspace Provisioning: Transitioned hub-linked projects to strictly use a robust
git init+git fetchstrategy instead of standard cloning or local worktrees. This allows provisioning into workspaces that already contain.scionmetadata or.scion-volumesdirectories while properly clearing out stale artifacts before initialization (consolidated from commits 3852e6a, 51be1e6, 118b518, 2f6b877, 2f59410, 4497a86, 6cc4487). - Terminal Toolbar Enhancements: Added web toolbar toggles for managing tmux windows (seamlessly switching between agent and shell) and controlling mouse/clipboard behavior. Also fixed mouse-drag text selection and improved the robustness of the window controls using direct tmux key bindings (consolidated from commits 8c07a48, b83ba8c, 8027407, 6140111).
- Deterministic Project ID & Synchronization: Enhanced deterministic Project ID generation during hub-link sync. Git URL user info is now cleanly normalized to ensure UUID v5 project IDs match regardless of the protocol (e.g.,
https://vsgit@), and stale project links are automatically detected and synchronized (consolidated from commits 6a52952, 1bfa95d, ed2b2c5). - Template Sync Improvements: Enabled the template sync command to update existing templates without requiring the
--forceflag. Local templates now automatically sync on hub startup and intelligently bypass cache when running in co-located (hub-broker combo) mode (consolidated from commits ff14bd9, e0cf52d). - Web UI Flow & Performance: Introduced route-based code splitting to significantly reduce the web bundle size. Additionally, refined the project settings page by adding a βDoneβ button, hiding unnecessary registration options for git-backed projects, and introducing a confirmation dialog when creating a project for an existing git repository (consolidated from commits 62e3e36, bd9f40e, b6d2afe, f715bf0).
π Fixes
Section titled βπ Fixesβ- Project Deletion Cleanup: Fixed an issue where environment variables, secrets, and harness configs were left orphaned; the system now performs a proper cascade delete when a project is removed (commit 834bae9).
- Agent Path & Directory Routing: Corrected the routing of agent directories for git-backed projects to correctly use the project-specific path instead of the global directory. Also properly resolved shared directory mount paths for git-based workspaces (consolidated from commits e38cf92, fbb9056).
- Hub Unlinking & Local State: Fixed a bug where the hub status erroneously showed βlinkedβ after unlinking by verifying the local enabled state instead of mutating the global
project_id. The providerβslocalPathis also now properly preserved when re-registering an existing project (consolidated from commits 0857553, 54fe4b8, 4db9253, d4828f1). - Agent Container Lifecycle: Ensured that the agent container stops correctly and cleanly when the underlying agent process exits within the tmux session (commit 535ebbd).
- Configuration & Path Resolution: Fixed resolution logic for split-storage paths when writing project settings, and ensured
git check-ignoreruns from the repository root so that broker.gitignorechecks function correctly (consolidated from commits 7a4cd3c, f934b9a). - Web Assets & UI Styling: Restored dark mode logic for Shoelace form components after implementing code splitting, and fixed the serving of root-level public assets (like the notification icon) from the Go backend (consolidated from commits ca1343f, b3d9484).
- Network & Harness Config: Preserved the hub port when applying container bridge endpoint overrides, and returned a synthetic harness config for βgenericβ agents to unblock template synchronization (consolidated from commits ff1635d, 713c3ab).
Mar 14, 2026
Section titled βMar 14, 2026βThis release introduces the foundational infrastructure for the Scion plugin system, adds comprehensive support for syncing project-level templates, and unifies all Project IDs to a standard UUID format.
π Features
Section titled βπ Featuresβ- Plugin System Infrastructure: Introduced the core architecture for a new Scion plugin system using
hashicorp/go-plugin, complete with reference implementations for message broker and agent harness plugins (consolidated from commits 6c543d0, b1a5ae1, 22991ec). - Project Template Sync & Management: Implemented capabilities for syncing project-level templates with the Hub. This includes new API endpoints (
POST /api/v1/projects/{projectId}/sync-templates), CLI commands (scion templates sync --all,scion templates status), and a dedicated Web UI for managing synced templates. Additionally, machine-specific settings for git-backed projects are now externalized, while templates remain in-repo to support version control (consolidated from commits d0507b1, 3c9cb4b, 0cf62d7, ef4f208, 56df5b4). - CLI Navigation Commands: Added
config dir,cd-config, andcd-projectcommands to simplify locating and navigating to configuration and workspace directories (commit 596295d).
π Fixes
Section titled βπ Fixesβ- Agent Git Cloning: Resolved an issue where git clones would hang indefinitely when authentication was required but no token was present. Added proper error state reporting upon clone failures, and corrected the
agent-info.jsonpath to correctly use thescionuserβs home directory (consolidated from commits 93dfdcd, 7ec5eb2). - Image Builds: Fixed the Google Cloud SDK installation in the build environment by explicitly using
apt-get(commit d76197c).
Mar 13, 2026
Section titled βMar 13, 2026βThis release focuses on improving agent specialization with harness skills, resolving critical routing and identification issues in multi-hub and linked git environments, and adding a new satellite service for documentation agents.
π Features
Section titled βπ Featuresβ- Harness Skills for Templates: Implemented robust support for harness skills within agent templates. Skills defined in
harness-configsand templates are now automatically merged and mounted into the appropriate harness-specific directory (e.g.,.claude/skills,.gemini/skills) during agent provisioning (consolidated from commits efefc44, 2a086ac, 5b54c66). - Docs-Agent Satellite Service: Introduced a new
docs-agentsatellite service to provide dedicated documentation capabilities alongside agent workflows (consolidated from commits 092ffde, 58f21c2, fd1b1e2). - Shared Directory Management UI: Added web UI support for managing and viewing project shared directories (commit 7d7acfb).
- Terminal & UX Enhancements: Enabled tmux mouse mode by default for better terminal interactivity and introduced a custom Scion bell icon for browser notifications (commits c915da9, 343382e).
π Fixes
Section titled βπ Fixesβ- Multi-Hub Routing & Dispatch:
- Resolved an issue where brokers connected to multiple hubs would route agents to the wrong local hub endpoint by correctly resolving the endpoint from the control channel connection header.
- Enabled control-channel-only brokers to successfully dispatch agent operations (consolidated from commits dd5581f, 1bdc31d).
- Agent Creation Context:
- Ensured project shared directories are properly passed from the hub to the broker during agent creation.
- Fixed an issue where
agentDirwas omitted during harness provisioning and setting overlays (consolidated from commits a5cac3b, c550865).
- Documentation & Web Hosting: Corrected site base URLs, configured Astro for GitHub Pages deployment, fixed markdown links to use relative paths, and updated the README to point to the rendered site (consolidated from commits 35eee03, 8ca4a96, a7dc580, e133647, 2467d89).
- Maintenance: Internal refactoring analysis for
server.goand documentation updates for recent feature releases (commits d3484d4, 33ee10e).
Mar 12, 2026
Section titled βMar 12, 2026βThis release focuses on enhancing persistent storage and system observability. It introduces Project Shared Directories, enabling agents within a project to share and persist mutable state via the filesystem (with native Kubernetes support). Additionally, the metrics pipeline has been significantly enriched with labels for harness type, model, and project ID, providing deeper insights into agent performance and costs.
π Features
Section titled βπ Featuresβ- Project Shared Directories (Phase 1 & 2): Introduced a persistent, mutable storage layer shared between agents within a single project.
- Added support for both local filesystem storage and Kubernetes PersistentVolumeClaims (PVCs) with project-scoped lifecycle management.
- New CLI commands added:
scion shared-dir list,create,remove, andinfofor managing shared volumes. - Shared volumes can be mounted at standard paths (
/scion-volumes/<name>) or within the workspace (/workspace/.scion-volumes/<name>) (consolidated from commits 838b1b9, a8d50f8, 8b860c0).
- Enhanced Telemetry & Metrics Pipeline: Major overhaul of the metrics pipeline for improved observability and aggregation.
- Enriched OTel resource attributes with
scion.harness,scion.model,scion.broker, andproject_id. - Expanded Codex-specific telemetry to capture tool usage, tool input/output, and detailed token counts (input, output, cached).
- Injected
SCION_HARNESSandSCION_MODELenvironment variables into agent containers to enable harness-aware telemetry (consolidated from commit 8246a76).
- Enriched OTel resource attributes with
π Fixes
Section titled βπ Fixesβ- Metrics & Telemetry Reliability:
- Resolved an issue where tool and API metrics were not recorded from unpaired end events.
- Corrected the wiring of token and model metrics in the hook-to-OTel pipeline (consolidated from commits 2a64f02, 43f1bf0).
- Agent Lifecycle & Configuration:
- Corrected an issue where custom branch names were not properly passed during the final environment setup path of agent creation (commit 46eee6d).
- Updated the default model configuration for the Codex harness to
gpt-5.4(commit fbfc950).
- Maintenance: Fixed broken documentation links in the repository README (commit 0f55876).
Mar 11, 2026
Section titled βMar 11, 2026βThis release focuses on improving agent lifecycle flexibility and enhancing the web-based terminal experience. It introduces support for targeting specific git branches during agent creation and provides better visibility into template versions, alongside critical fixes for runtime stability and authentication.
π Features
Section titled βπ Featuresβ- Custom Branch Targeting: Added a branch name field to the agent creation flow and enabled cloning of agent branches from origin. This allows users to direct agents to specific branches immediately upon creation, improving workflow flexibility (consolidated from commits 182c323, 2d50def, 11c36a8).
- Web Terminal & Tmux Interactivity: Introduced a tmux mouse toggle (via
C-b m) and a toolbar button in the web terminal. This release also resolves persistent copy-paste issues in the web interface and adds comprehensive documentation for terminal options (consolidated from commits 9a41138, 9371859, 616250a). - Enhanced Template Traceability: Updated the CLI and Web UI to display template IDs and hashes, providing clear visibility into the exact configuration version associated with each agent.
π Fixes
Section titled βπ Fixesβ- Runtime & Broker Stability:
- Podman Reliability: Resolved an issue where Podman containers would fail to restart correctly from the Hub or Broker.
- Double-Daemonization: Prevented the broker from double-daemonizing during start or restart operations.
- Agent Attachment Reliability: Added a readiness check for tmux sessions before attachment, ensuring more reliable connections when attaching to running agents.
- Authentication & Secret Injection: Corrected a bug where environment-type secrets were not properly injected into the execution environment during authentication resolution.
- Project & Workspace Management:
- Multi-Hub Compatibility: Fixed a regression where git-based projects were incorrectly rejected in multi-hub environments.
- Cleanup & Resolution: Improved hub-managed project path resolution during agent deletion and enhanced detection of orphaned project configurations.
- Configuration & Compatibility:
- Legacy Key Support: Updated
config getto support legacy v1 settings keys likeimage_registry. - Fallback Logic: Improved
env-gatherand harness configuration to correctly fall back to global settings when local context is missing.
- Legacy Key Support: Updated
- Documentation & Polish: Performed final pre-launch polish on philosophical documentation and refined the agent creation UX by defaulting runtime profiles to βUse broker default.β
Mar 10, 2026
Section titled βMar 10, 2026βThis release focuses on streamlining system administration and enhancing visibility into agent operations. It introduces a comprehensive Web-based server configuration editor and a native runtime profile selector for agent creation, alongside critical improvements to telemetry reliability and Hub connectivity.
π Features
Section titled βπ Featuresβ- Web Admin Server Configuration Editor: Launched a full-featured settings editor at
/admin/server-config(admin-only). This allows administrators to view and modify the globalsettings.yamlthrough the Web UI with support for tabbed navigation, sensitive field masking, and hot-reloading of key settings like log levels, telemetry defaults, and admin emails. - Runtime Profile Selector: Added a dynamic profile selector to the agent creation form. After selecting a broker, users can now choose from the available runtime profiles defined on that broker, simplifying execution environment selection.
- Standardized Issue & Feedback Templates: Introduced official bug report and feature request templates to the repository to improve the quality and consistency of community contributions.
π Fixes
Section titled βπ Fixesβ- Telemetry Configuration Reliability: Corrected an issue where the telemetry opt-in checkbox on the agent configuration page wouldnβt correctly reflect the global settings defaults.
- Hub Connectivity Precision: Enhanced agent startup logic to prioritize Hub-dispatched endpoints over local broker configuration, ensuring correct Hub communication in distributed and multi-hub environments.
- Logging Observability & Traceability:
- Agent Lifecycle Traceability: Added
agent_idto all broker-side agent lifecycle log events to improve cross-traceability and audit capabilities. - Connectivity Debugging: Stopped redacting
SCION_HUB_ENDPOINTandSCION_HUB_URLin agent environment logs to facilitate easier debugging of connectivity issues.
- Agent Lifecycle Traceability: Added
- Documentation & Licensing: Restructured internal documentation for improved clarity, updated the installation guide, and completed the application of standard license headers across all source files.
Mar 9, 2026
Section titled βMar 9, 2026βThis release marks a significant milestone with the official transition of the project to the Google Cloud Platform organization, including a full module rename. It also introduces critical enhancements for agent autonomy with the enablement of the Scion CLI inside agent containers, alongside major improvements to administrative observability and real-time event reliability.
π Features
Section titled βπ Featuresβ- Autonomous In-Container CLI: Enabled the Scion CLI within agent containers, providing agents with the ability to interact with the Hub API natively using their provisioned authenticated service context.
- Admin User Activity Tracking: Introduced βLast Seenβ timestamps and sortable columns to the Admin Users dashboard to improve system administration and audit capabilities.
- Enhanced Event Integrity: Refined the Server-Sent Event (SSE) pipeline to ensure full agent snapshots are sent in
createdevents, preventing incomplete UI states during high-concurrency creation.
π Fixes
Section titled βπ Fixesβ- Log Query Precision: Optimized agent log retrieval by filtering out internal HTTP request logs from the primary agent cloud logging view.
- Infrastructure & Connectivity:
- Prioritized public Hub endpoints for production dispatches, reducing reliance on local network bridges.
- Implemented defensive fallbacks for Hub environment variables within agent containers.
- Resolved IAM role assignment issues for Hub service accounts.
- UI/UX Consistency:
- Enforced name slugification across all CLI and Web input boundaries to prevent routing collisions.
- Eliminated βwhite-flashβ artifacts during OAuth redirects for users in dark mode.
- Implemented automatic scrolling to error banners on form submissions.
- Switched to SPA-native navigation for terminal back-links, improving navigation responsiveness.
- System Stability:
- Resolved directory creation and path resolution bugs in split-storage (git-project) configurations.
- Fixed
lstaterrors for non-existent project configuration files in containerized environments. - Corrected image registry resolution logic to prevent redundant prompts when already configured.
- Resolved test failures across four critical categories on the main branch.
- Harness Improvements: Refined the Codex harness with improved configuration formatting and support for sandbox/bypass-approval flags.
Mar 8, 2026
Section titled βMar 8, 2026βThis release delivers a complete maturation of the Kubernetes runtime, introduces significant architectural enhancements for agent isolation and security, and drastically improves Web UI performance with optimistic updates and connection pooling.
π Features
Section titled βπ Featuresβ- Kubernetes Runtime Maturation (Stages 1-3): Successfully implemented Parity, Production Hardening, and Launch Readiness for the Kubernetes runtime, establishing it as a fully-supported, robust platform for agent execution.
- Agent Isolation & Project Security: Enhanced agent security by externalizing non-git project data and agent home directories. Introduced tmpfs shadow mounts to definitively prevent agents from cross-accessing
.scionconfiguration data or other agentsβ workspaces within the same project. - Web UI Performance & Responsiveness: Drastically improved the frontend experience by implementing optimistic UI updates and background data refreshes. Re-architected the application shell to reuse components on navigation and consolidated Server-Sent Event (SSE) connections to prevent browser connection pool exhaustion.
- Contextual Agent Instructions: Added support for conditional instruction extensions (
agents-git.mdandagents-hub.md), allowing agents to receive tailored operational context based on their specific workspace type. - Hub API & Infrastructure: Completed Phase 5 of the Hub API consolidation with full mode awareness and isolation. Enabled HTTP/2 cleartext (h2c) support on the web server, and introduced new project management CLI commands (
list,prune,reconnect). - Agent Configuration & Execution: Enabled
max_durationlimits universally across all harnesses, added a--notifyflag to the CLI message command, and introduced a requiredimage_registryprompt during workstation initialization. - Codex Harness Enhancements: Stabilized the Codex integration with telemetry reconciliation, proper
auth.jsongeneration for API key workflows, and unified flag formatting. - UI Quality of Life: Added a card/list view toggle to the project detail agent list and introduced a power-user shortcut (Alt/Option-click) to bypass delete confirmation dialogs globally.
π Fixes
Section titled βπ Fixesβ- Hub/Broker Synchronization: Resolved critical sync issues by tracking synced agents to correctly detect hub-side deletions, preventing deleted agents from being incorrectly re-proposed for registration.
- Agent Lifecycle Cleanup: Fixed cleanup routines to correctly stop agent containers before removing orphaned configs, and ensured broker-side files are meticulously cleaned if a hub dispatch fails.
- Configuration & Auth Propagation: Corrected the application order of
--harness-authbefore provisioning to prevent stale environment warnings, and ensured template telemetry configs are properly merged into the applied agent config. - Messaging Integrity: Fixed a bug in
handleAgentMessageto ensure structured messages are correctly constructed from plain text, and updated the messages tab query to include agent-sent communications. - Health & Security: Exempted health check endpoints from broker auth middleware during strict mode enforcement to prevent false-positive failures in distributed deployments.
Mar 7, 2026
Section titled βMar 7, 2026βThis release marks a major leap in agent observability with the launch of the Cloud Log Viewer and structured messaging pipeline. It also introduces significant UI overhauls for agent management, enhanced GCP integration, and a new workstation-class daemon mode for the Scion server.
π Features
Section titled βπ Featuresβ- Cloud Log Viewer & Structured Messaging (Phases 1-5): Completed the end-to-end implementation of the Cloud Log Viewer and structured message pipeline. This includes a new Hub API for log retrieval, a dedicated βMessagesβ tab in the Web UI, and a multi-stage message broker adapter for reliable delivery and external notifications.
- Agent Detail UI Overhaul: Re-architected the agent detail page into a high-density tabbed layout featuring dedicated βStatusβ, βConfigurationβ, and βMessagesβ tabs. Added a new telemetry configuration card, breadcrumb navigation improvements, and a back button for the configuration flow.
- Workstation & Daemon Management: Introduced a workstation-optimized βdaemonβ mode for
scion server. This allows the server to run as a persistent background process with integrated lifecycle management, simplified configuration, and automated combined-server detection for local brokers. - GCP & Metrics Integration: Enhanced Google Cloud visibility with a native Cloud Monitoring exporter, trace-log correlation across logging pipelines, and automated injection of
SCION_PROJECT_IDand GCP labels (agent/project) into all log streams. - Image Management & Build Automation: Consolidated image build scripts and introduced support for custom
image_registrysettings. Added GitHub Actions workflows for automated building and delivery of Scion harness images. - Security & Authorization Hardening: Strengthened the security posture by enforcing per-agent authorization for workspace routes, mandatory read authorization for all resource endpoints, and nonce-based HMAC validation for broker communication.
- First-Run Experience: Added a new
scion installcommand and a streamlined first-run experience to simplify initial project setup and dependency verification. - Bulk Operations: Added a βStop Allβ button to the Web UI for efficient bulk shutdown of all agents within a project.
- Harness Capability Gating: Introduced capability-based gating for advanced agent configuration, ensuring only supported features are exposed based on the selected harness.
π Fixes
Section titled βπ Fixesβ- UI Performance & Reliability: Optimized the agent detail page by parallelizing API fetches and eliminating redundant data loads. Resolved rendering issues in the messages tab and added handling for null entries in message logs.
- Auth & Environment Injection: Fixed multiple issues with environment variable and profile injection, specifically resolving signing errors in combined-server mode and ensuring profile variables are applied before auth overlays.
- Runtime & Broker Stability: Improved Podman error handling and force-deletion reliability. Fixed a bug where
agent-limits.jsonlacked correct permissions after creation and ensuredInlineConfigis correctly propagated during agent restarts. - Logging Precision: Established a dedicated HTTP request log stream using the standard
HttpRequestformat and removed misleading debug logs when running in GCP-native mode. - Build System: Fixed a race condition in
make allby ensuring web assets are fully built before the Go binary compilation begins.
Mar 6, 2026
Section titled βMar 6, 2026βThis release introduces Just-In-Time (JIT) agent configuration, an advanced agent creation interface, and native GCP telemetry integration, while centralizing profile management at the global level.
π Features
Section titled βπ Featuresβ- Just-In-Time (JIT) Agent Configuration: Completed Phases 1 & 2 of the inline agent configuration refactor. Agents now support dynamic, late-bound configuration overrides at runtime, enabling more flexible and adaptive agent behavior.
- Advanced Agent Creation Form: Launched a comprehensive advanced configuration interface in the Web UI. This allows for granular control over agent parameters, including model selection, resource limits, and specific harness settings during creation.
- GCP-Native Telemetry Integration: Introduced native support for Google Cloud Trace and Cloud Logging telemetry exporters. The system now automatically detects GCP credentials and configures the appropriate exporter mode, facilitating seamless observability in Google Cloud environments.
- Enhanced Developer Workflow: Improved the developer experience with automated mounting of the
sciontoolbinary and a dedicatedSCION_DEV_BINARIESdirectory, enabling rapid iteration and testing of local changes within agent containers. - Branding & UI Refresh: Updated the application branding with a new seedling logo and favicon, and added detailed visibility of the resolved harness authentication method in the agent detail view.
- Local Networking Automation: Automated the computation of the
ContainerHubEndpointfor Podman and Docker when running in combined hub-broker mode, simplifying local setup and networking.
π Fixes
Section titled βπ Fixesβ- Telemetry & Auth Propagation: Resolved several issues where telemetry settings, harness authentication, and configuration overrides were not consistently propagated through all broker and agent startup paths.
- Agent Lifecycle Stability: Fixed a bug where provisioning agents were not correctly cleaned up after an aborted environment-gathering session.
- Claude Harness Authentication: Corrected Vertex AI authentication detection for the Claude harness when using file-based secrets.
- Data Integrity: Fixed a bug in the advanced agent creation form where the applied configuration was not correctly populated with resolved values.
Mar 5, 2026
Section titled βMar 5, 2026βThis release introduces a major overhaul of the agent authentication pipeline, automated token refresh, and critical stability fixes for container removal and terminal reliability.
π Features
Section titled βπ Featuresβ- Unified Harness Authentication: Completed a multi-phase refactor of the agent authentication pipeline. Agents now support a variety of resolved auth types (API Key, Vertex AI, ADC, OAuth) with late-binding overrides available via the CLI (
--harness-auth) and the agent creation form. - Agent Token Refresh: Implemented an automated token refresh mechanism to ensure long-running agents maintain valid authorization throughout extended tasks.
π Fixes
Section titled βπ Fixesβ- Apple-Container Stability: Resolved critical hangs during container removal on macOS by implementing automated cleanup and blocking of problematic debug symlinks (e.g.,
.claude_debug). - Terminal UX & Reliability: Improved error visibility by skipping terminal reset sequences on attachment failures.
- Workspace & Git Integrity: Hardened workspace file collection by skipping symlinks and ensured
git cloneoperations correctly use thescionuser when the broker runs as root. - Auth Precision & Validation: Fixed several authentication regressions, including incorrect Vertex AI region projections, false API key requirements during environment gathering, and improper leakage of host settings into agent containers.
Mar 4, 2026
Section titled βMar 4, 2026βThis period focuses on the foundational implementation of the unified harness authentication pipeline and enhances infrastructure visibility within the Web UI.
π Features
Section titled βπ Featuresβ- Unified Harness Authentication: Completed a multi-phase refactor (Phases 1-7) of the agent authentication pipeline. Introduced centralized
AuthConfiggathering, per-harnessResolveAuthlogic, and a unifiedValidateAuthphase, enabling more robust credential resolution across all harnesses. - Broker Visibility & Infrastructure Metadata: Enhanced the Web UI to display runtime broker information on agent cards, project detail pages, and agent detail headers, providing clearer insight into distributed execution.
- Default Notification Triggers: Expanded the notification system to include
stalledanderroras default trigger states, improving proactive monitoring of agent health.
π Fixes
Section titled βπ Fixesβ- Workspace Permissions: Hardened the workspace provisioning flow by ensuring
git cloneoperations run as thescionuser when the broker is executing as root. - UI Navigation & UX: Fixed back-link routing for agent creation and detail pages to consistently return users to the parent project. Improved terminal accessibility by disabling the terminal button for offline agents.
- Config & Environment Propagation: Resolved issues with
harnessConfigpropagation during the environment-gathering finalization flow and refined Hub endpoint bridging to only targetlocalhostendpoints. - Server Reliability: Applied default
StalledThresholdvalues for agent health monitoring and improved status badge readability.
Mar 3, 2026
Section titled βMar 3, 2026βThis release introduces hierarchical subsystem logging, an integrated browser push notification system, and native support for GKE runtimes and OTLP telemetry.
π Features
Section titled βπ Featuresβ- Structured Subsystem Logging: Introduced a hierarchical, subsystem-based structured logging framework across the Hub and Runtime Broker. This enables more granular observability and easier troubleshooting by isolating logs for specific components like the scheduler, dispatcher, and runtimes.
- Agent Notifications & Browser Push: Launched an integrated notification system with real-time SSE delivery and agent-scoped filtering. Features include a new notification tray in the Web UI, opt-in checkboxes for agent creation, and native browser push notification support.
- Telemetry & OTLP Pipeline: Added native support for OTLP log receiving and forwarding. The system now supports automated telemetry export with GCP credential injection, manageable via new CLI flags (
--enable-telemetry) and UI toggles. - Stalled Agent Detection: Implemented a new monitoring system to detect agents that have stopped responding (heartbeat timeout). Stalled agents are now flagged in the UI and can trigger automated notification events.
- GKE Runtime Support: Added native support for Google Kubernetes Engine (GKE) runtimes, including cluster provisioning scripts and Workload Identity integration for secure, distributed agent execution.
- Layout & View Toggles: Enhanced the Web UI with card/list view toggles for Projects, Agents, and Brokers pages, improving resource visibility for both small and large deployments.
- Broker Access Control: Strengthened security by enforcing dispatch authorization checks and resolving creator identities for all registered runtime brokers.
π Fixes
Section titled βπ Fixesβ- Terminal UX: Fixed double-paste and selection-copy bugs in the web terminal.
- UI Responsiveness: Resolved an issue where the agent list could incorrectly clear during real-time SSE updates and improved status badge readability.
- Agent Provisioning: Prevented root-owned directories in agent home by pre-creating secret and gcloud mount-point directories.
- Administrative Security: Hardened the Hub by restricting access to global settings and sensitive resource management (env/secrets) to administrative users.
- Server Stability: Fixed scheduler startup in combined mode and resolved heartbeats from defeating stalled agent detection.
- CLI UX: Standardized CLI scope flags and corrected secret set syntax for hub-scoped resources.
Mar 2, 2026
Section titled βMar 2, 2026βThis release focuses on refining the agent lifecycle experience with an overhauled status and activity tracking system, enhanced project-level configuration, and improved CLI flexibility for remote operations.
π Features
Section titled βπ Featuresβ- Status & Activity Tracking Overhaul: Replaced the generic
STATUSwith a more precisePHASEcolumn across the CLI and Web UI. Introduced βstickyβ activity logic to ensure significant agent actions remain visible during transitions, and enabled real-time status broadcasting via SSE for broker heartbeats. - Project Environment & Secret Management: Launched a dedicated configuration interface for managing project-scoped environment variables and secrets. Includes a new βInjection Modeβ selector (Always vs. As-Needed) for granular control over agent environment population.
- Remote Project Targeting: Enhanced the
--projectflag to natively accept project slugs and git URLs in Hub mode, streamlining operations on remote workspaces without requiring local configuration. - Unified Configuration UX: Consolidated project-specific configuration into a centralized settings page in the Web UI, utilizing shared components for environment and secret management.
π Fixes
Section titled βπ Fixesβ- Container Runtime Compliance: Fixed an issue where secret volume mounts were incorrectly ordered in container run commands, ensuring reliable mounting across different runtimes.
- Agent Identity Reliability: Resolved bugs preventing the consistent propagation of
SCION_AGENT_IDduring restarts and specific dispatch paths, fixing broken notification subscriptions. - Linked-Project Pathing: Corrected workspace resolution for linked projects without git remotes by ensuring fallback to the providerβs local filesystem path.
- UI State Resolution: Fixed a bug where hub agents would occasionally show an βunknownβ phase by ensuring the UI correctly reads the unified Phase and Activity fields.
- UX Refinements: Improved the
scion listoutput to use human-friendly template names and fixed dynamic label mapping in secret configuration forms. - Stability: Suppressed spurious errors during graceful server shutdown and resolved potential issues with higher-priority environment variable leakage in tests.
Mar 1, 2026
Section titled βMar 1, 2026βThis release introduces strict runtime enforcement for agent resource limits and includes several critical stability and performance improvements across the server and build pipeline.
π Features
Section titled βπ Featuresβ- Agent Resource Limits Enforcement: Implemented strict runtime enforcement for agent constraints, including
max_turns,max_model_calls, andmax_duration. Agents exceeding these limits are now automatically transitioned to aLIMITS_EXCEEDEDstate and terminated.
π Fixes
Section titled βπ Fixesβ- Bundle Size Optimization: Implemented vendor chunk splitting in the Vite build process to resolve bundle size warnings and improve frontend load performance.
- Server Stability: Resolved a critical panic that occurred during double-close operations in the combined Hub+Web server shutdown sequence.
- Secret Mapping: Corrected the mapping of secret type fields and standardized dynamic key/name labels to ensure consistency with backend providers.
Feb 28, 2026
Section titled βFeb 28, 2026βThis release marks a major milestone with the completion of the canonical agent state refactor and the launch of the Hub scheduler system, alongside significant enhancements to real-time observability and broker security.
π Features
Section titled βπ Featuresβ- Canonical Agent State Refactor: Completed a comprehensive, multi-phase overhaul of the agent state system across the Hub, Store, Runtime Broker, CLI, and Web UI. This ensures a consistent, high-fidelity representation of agent activity throughout the entire lifecycle.
- Hub Scheduler & Timer Infrastructure: Launched a unified scheduling system for recurring Hub tasks and one-shot timers. This includes automated heartbeat timeout detection for βzombieβ agents and a new CLI/API for managing scheduled maintenance and lifecycle events.
- Real-time Debug Observability: Introduced a full-height debug panel in the Web UI, providing a real-time stream of SSE events and internal state transitions for advanced troubleshooting and observability.
- Enhanced Web UI Feedback: Added emoji-based status badges to agent cards and list views, providing more intuitive visual indicators of agent health and activity.
- Broker Authorization & Identity: Strengthened security by enforcing dispatch authorization checks and resolving creator identities for all registered runtime brokers.
- Automated Project Cleanup: Hardened the hub-managed project lifecycle by implementing cascaded directory cleanup on remote brokers whenever a project is deleted via the Hub.
- CLI Enhancements: Added a new
-n/--num-linesflag to thescion lookcommand, enabling tailored views of agent terminal output.
π Fixes
Section titled βπ Fixesβ- Notification Dispatcher: Fixed a bug where the notification dispatcher failed to start when the Hub was running in combined mode with the Web server.
- Environment Variable Standardization: Renamed
SCION_SERVER_AUTH_DEV_TOKENtoSCION_AUTH_TOKENand introducedSCION_BROKER_IDandSCION_TEMPLATEvariables for better debugging and interoperability. - Local Secret Storage: Resolved issues with local secret storage and added diagnostics for environment-gathering resolution.
Feb 27, 2026
Section titled βFeb 27, 2026βThis release focuses on refining the hub-managed project experience, enhancing the web terminalβs usability, and introducing new workspace management capabilities via the Hub API.
π Features
Section titled βπ Featuresβ- Workspace Management: Added new Hub API endpoints for downloading individual workspace files and generating ZIP archives of entire projects, facilitating easier data export and backup.
- Broker Detail View: Launched a comprehensive broker detail page in the Web UI, providing a grouped view of all active agents by their respective projects for improved operational visibility.
- Deployment Automation: Enhanced GCE deployment scripts with new
fastandfullmodes, streamlining the process of updating Hub and Broker instances in production environments. - Iconography Standardization: Established a centralized icon reference system and updated the web interface to use consistent iconography for resources like projects, templates, and brokers.
π Fixes
Section titled βπ Fixesβ- Hub-Managed Path Resolution: Resolved several critical issues where hub-managed projects incorrectly inherited local filesystem paths from the Hub server. Broker-side initialization of
.sciondirectories and explicit path mapping now ensure consistent workspace behavior across distributed brokers. - Terminal & Clipboard UX: Enabled native clipboard copy/paste support in the web terminal and relaxed availability checks to allow terminal access during agent startup and transition states.
- Real-time Data Integrity: Fixed a bug in the frontend state manager where SSE delta updates could merge incorrectly; the manager is now reliably seeded with full REST data upon page load.
- Slug & Case Sensitivity: Normalized agent slug lookups to lowercase and implemented stricter name validation to prevent routing collisions and inconsistent dispatcher behavior.
- Environment & Harness Config: Improved the reliable propagation of harness configurations and environment variables from Hub storage to the runtime broker during both initial agent start and subsequent restarts.
- UI Refinement: Replaced text-based labels with intuitive iconography on agent cards to optimize space and improved contrast for neutral status badges.
Feb 26, 2026
Section titled βFeb 26, 2026βThis release introduces a robust capability-based access control system, a dedicated administrative management suite, and critical session management upgrades to support larger authentication payloads.
π Features
Section titled βπ Featuresβ- Capability-Based Access Control: Implemented a comprehensive capability gating system across the Hub API and Web UI. Resource responses now include
_capabilitiesannotations, enabling granular UI controls and API-level enforcement for resource operations. - Administrative Management Suite: Launched a new Admin section in the Web UI, providing centralized views for managing users, groups, and brokers. Includes a maintenance mode toggle for Hub and Web servers to facilitate safe infrastructure updates.
- Advanced Environment & Secret Management: Introduced a profile-based settings section for managing user-scoped environment variables and secrets. Secrets are now automatically promoted to the configured backend (e.g., GCP Secret Manager) with standardized metadata labels.
- SSR Data Prefetching: Improved initial page load performance and eliminated βflash of unauthenticated contentβ by prefetching critical user and configuration data into the HTML payload via
__SCION_DATA__. - Hub Scheduler Design: Completed the technical specification for a new Hub scheduler and timer system to manage long-running background tasks and lifecycle events.
- Enhanced Real-time Monitoring: Expanded Server-Sent Events (SSE) support to the Brokers list view, ensuring infrastructure status is reflected in real-time without manual refreshes.
π Fixes
Section titled βπ Fixesβ- Filesystem Session Store: Replaced cookie-based session storage with a filesystem-backed store to resolve β400 Bad Requestβ errors caused by cookie size limits (4096 bytes) during large JWT/OAuth exchanges.
- Hub-Managed Project Reliability: Fixed critical 503 errors and path resolution issues during agent creation in hub-managed projects by correctly propagating project slugs to runtime brokers.
- Agent Deletion Cleanup: Hardened the agent deletion flow to ensure that stopping and removing an agent in the Hub correctly dispatches cleanup commands to the associated runtime broker and removes local workspace files.
- Environment Validation: Improved agent startup safety by treating missing required environment variables as fatal errors (422), preventing agents from starting in incomplete states.
- Terminal Responsiveness: Resolved several layout bugs in the web terminal, ensuring it correctly resizes with the viewport and fits within the application shell.
- Group Persistence: Fixed synchronization issues between the Hubβs primary database and the Ent-backed authorization store, ensuring project-scoped groups and policies are preserved during recreation.
Feb 25, 2026
Section titled βFeb 25, 2026βThis release focuses on hardening the agent provisioning pipeline, streamlining template management through automatic bootstrapping, and enhancing the web authentication experience.
π Features
Section titled βπ Featuresβ- Template Bootstrapping: Local agent templates are now automatically bootstrapped into the Hub database during server startup, ensuring all defined templates are consistently available across the system.
- Custom ADK Runner Entrypoint: Introduced a specialized runner entrypoint for Agent Development Kit (ADK) agents with native support for the
--inputflag, facilitating more robust automated execution. - Wildcard Subdomain Authorization: Expanded security configuration to support wildcard subdomain matching in
authorized-domains, allowing for more flexible deployment architectures.
π Fixes
Section titled βπ Fixesβ- Agent Provisioning & Creation: Resolved multiple issues in the Hub-dispatched agent creation flow, including a 403 authorization fix, rejection of duplicate agent names, and a critical fix for container image resolution.
- Instruction Injection Logic: Improved the reliability of agent instructions by implementing auto-detection for
agents.mdand ensuring stale instruction files (e.g., lowercaseclaude.md) are removed during provisioning. - Web UI & Auth Persistence: Fixed a bug where the authenticated user wasnβt correctly fetched on page load, ensuring the profile and sign-out options are always visible in the header.
- Pathing & Scoping: Corrected path resolution logic to prevent local-path projects from incorrectly using hub-managed paths, and refined the
scion delete --stoppedcommand to strictly scope to the active project. - Environment Gathering: Fixed a regression in the
env-gatherfinalize-env flow to ensure the template slug is correctly preserved throughout the entire provisioning pipeline. - Configuration Schema: Added
task_flagsupport to the settings schema and Hub configuration, improving the tracking and validation of agent task states.
Feb 24, 2026
Section titled βFeb 24, 2026βThis release introduces a robust policy-based authorization system, a comprehensive agent notification framework, and significant enhancements to hub-managed projects and schema validation.
π Features
Section titled βπ Featuresβ- Agent Notifications System: Launched a multi-phase notification framework enabling real-time subscriptions to agent status events. This includes a new notification dispatcher, Hub API endpoints, and a
--notifyflag in the CLI for status tracking. - Harness-Agnostic Templates: Introduced support for role-based, harness-agnostic agent templates. New fields for
agent_instructions,system_prompt, anddefault_harness_configallow templates to be defined by their role rather than specific LLM implementations. - GKE Security Enhancements: Added a dedicated
gkeruntime configuration option to enable GKE-specific features like Workload Identity, streamlining secure deployments on Google Kubernetes Engine. - Hub-Managed Workspace Management: Advanced hub-managed project capabilities (Phase 3) with new support for direct workspace file management via the Hub API, reducing reliance on external Git repositories.
- ADK Agent Integration: Added a specialized example and Docker template for Agent Development Kit (ADK) agents, facilitating the development of custom autonomous agents within the Scion ecosystem.
- Infrastructure & Models: Upgraded the default agent model to
gemini-3-flash-previewand introduced Cloud Build configurations for automated image delivery.
π Fixes
Section titled βπ Fixesβ- Schema & Config Synchronization: Conducted a comprehensive audit and sync between Go configuration structs and JSON schemas. This fixes field naming inconsistencies (e.g., camelCase for
runtimeClassName) and improves cross-platform validation. - Environment Variable Passthrough: Corrected environment handling to treat empty variable values as implicit host environment passthroughs.
- Per-Agent Hub Overrides: Enabled agents to specify custom Hub endpoints directly in their configuration, providing flexibility for agents to report to different Hubs than their parent project.
- Soft-Delete Configuration: Added explicit server-side settings for soft-delete retention periods and workspace file preservation.
Feb 23, 2026
Section titled βFeb 23, 2026βThis period focused on major architectural expansions, introducing multi-hub connectivity for runtime brokers and βhub-managedβ projects that decouple workspace management from external Git repositories.
π Features
Section titled βπ Featuresβ- Multi-Hub Broker Architecture: Completed a major refactor of the Runtime Broker to support simultaneous connections to multiple Hubs. This includes a new multi-credential store, per-connection heartbeat management, and a βcombo modeβ that allows a broker to be co-located with one Hub while serving others remotely.
- Hub-Managed Projects: Launched βHub-Managedβ projects, enabling the creation of project workspaces directly through the Hub API and Web UI without an external Git repository. These projects are automatically initialized with a seeded
.scionstructure and managed locally by the Hub. - Streamlined Workspace Creation: Introduced a new project creation interface in the Web UI that supports both Git-based repositories and Hub-managed workspaces, including direct Git URL support for quick onboarding.
- Improved Agent Configuration: Enhanced the agent creation form with optimized dropdowns and more intuitive labeling, including renaming βHarnessβ to βTypeβ for better clarity.
π Fixes
Section titled βπ Fixesβ- Web UI Asset Reliability: Resolved several issues with Shoelace icon rendering by correctly synchronizing the icon manifest, fixing asset serving paths in the Go server, and updating CSP headers to allow data-URI system icons.
- Template Flexibility: Updated the template push logic to make the harness type optional, facilitating the use of more generic or agnostic agent templates.
- Codex Harness Refinement: Improved the Codex integration by isolating harness documentation into a dedicated
.codex/subdirectory and removing unnecessary system prompt prepending.
Feb 22, 2026
Section titled βFeb 22, 2026βThis period introduced significant data management features, including agent soft-delete and centralized harness configuration storage, while advancing the secrets management and execution limits infrastructure.
π Features
Section titled βπ Featuresβ- Agent Soft-Delete & Restore: Implemented a complete soft-delete lifecycle for agents. This includes Hub-side archiving, a new
scion restorecommand, list filtering for deleted agents, and an automated background purge loop for expired records. - Secrets-Gather & Interactive Input: Enhanced the environment gathering pipeline to support βsecrets-gather.β Templates can now define required secrets, and the CLI provides interactive prompts to collect missing values, which are then securely backed by the configured secret provider.
- K8s Native Secret Mounting: Completed Phase 4 of the secrets strategy, enabling native secret mounting for agents running in Kubernetes. This includes support for GKE CSI drivers and robust fallback paths.
- Harness Config Hub Storage: Added Hub-resident storage for harness configurations. This enables centralized management (CRUD), CLI synchronization, and ensures configurations are consistently propagated to brokers during agent creation.
- Agent Execution Limits: Introduced Phase 1 of the agent limits infrastructure, including support for
max_turnsandmax_durationconstraints and a newLIMITS_EXCEEDEDagent state. - CLI UX Improvements: Added a
--allflag toscion stopfor bulk agent termination, introduced Hub auth verification with version reporting, and enhancedscion lookwith better visual padding and borders. - Web UI & Real-time Updates: Launched a new βCreate Agentβ UI, optimized frontend performance by moving to explicit component imports, and enabled real-time project list updates via Server-Sent Events (SSE).
π Fixes
Section titled βπ Fixesβ- Provisioning Robustness: Improved cleanup of provisioning agents during failed or cancelled environment gathering sessions to prevent stale container accumulation.
- Sync & State Consistency: Fixed a race condition where Hub synchronization could remove freshly created agents and ensured harness types are correctly propagated during agent sync.
- Deployment Pipeline: Corrected the build sequence in GCE deployment scripts to ensure web assets are fully compiled before the Go binary is built.
- Config Resolution: Fixed several configuration issues, including profile runtime application, project flag resolution in subdirectories, and Hub environment variable suppression when the Hub is disabled.
Feb 21, 2026
Section titled βFeb 21, 2026βThis period heavily focused on implementing the end-to-end βenv-gatherβ flow to manage environment variables safely, alongside several CLI improvements and runtime fixes.
π Features
Section titled βπ Featuresβ- Env-Gather Flow Pipeline: Implemented a comprehensive environment variable gathering system across the CLI, Hub, and Broker. This includes harness-aware env key extraction, Hub 202 handling with submission endpoints, and broker-side evaluation to finalize the environment prior to agent creation.
- Agent Context Threading: Threaded the CLI hub endpoint directly to agent containers and added support for environment variable overrides.
- Agent Dashboard Enhancements: The agent details page now displays the
lastSeenheartbeat as a relative time format. - Template Pathing: Added support for
SCION_EXTRA_PATHto optionally include template bin directories in the systemPATH. - Build System Upgrades: Overhauled the Makefile with new standard targets for build, install, test, lint, and web compilation.
π Fixes
Section titled βπ Fixesβ- Env-Gather Safety & UX: Added strict rejection of env-gather in non-interactive modes to prevent unsanctioned variable forwarding. Improved confirmation messaging and added dispatch support for project-scoped agent creation.
- CLI Output Formatting: Redirected informational CLI output to
stderrto ensurestdoutcan be piped cleanly as JSON. - Podman Performance: Fixed slow container provisioning on Podman by directly editing
/etc/passwdinstead of usingusermod. - Profile Parameter Routing: Corrected the threading of the profile parameter from the CLI through the Hub to the runtime broker.
- Hub API Accuracy: The Hub API now correctly surfaces the
harnesstype in responses for agent listings. - Docker Build Context: Fixed an issue where the
scion-baseDocker image build was missing the web package context.
Feb 20, 2026
Section titled βFeb 20, 2026βThis period focused heavily on unifying the Hub API and Web Server architectures, refactoring the agent status model, and enhancing the web frontend experience with new routing and pages.
π Features
Section titled βπ Featuresβ- Web Frontend Enhancements: Added a new Brokers list page, implemented full client-side routing for the Vite dev server, and unified OAuth provider detection via a new
/auth/providersendpoint. - Agent Environment: Added support for injecting harness-specific telemetry and hub environment variables directly into agent containers based on project settings.
- Git Operations: Added cloning status indicators and improved git clone config parity during project-scoped agent creation.
π Fixes
Section titled βπ Fixesβ- Real-time UI Updates: Fixed the Server-Sent Events (SSE) format to ensure real-time UI updates correctly broadcast agent state changes.
- Routing & Port Prioritization: Fixed port prioritization to use the web port for broker hub endpoints in combined mode, and ensured unhandled
/api/routes return proper JSON 404 responses. - OAuth & Login: Fixed conditional rendering for the
/loginroute and correctly populated OAuth provider attributes during client-side navigation. - Container Configuration: Fixed container image resolution from on-disk harness configurations and normalized YAML key parsing.
- Status Reporting: Ensured Hub status reporting correctly respects and preserves the newly unified, sticky statuses.
Feb 19, 2026
Section titled βFeb 19, 2026βThis period represented a major architectural shift, consolidating the web server into a single Go binary, removing dependencies like NATS and Koa, and introducing hub-first remote workspaces via Git.
π Features
Section titled βπ Featuresβ- Hub-First Git Workspaces: Implemented end-to-end support for creating remote workspaces directly from Git URLs. This integration enables git clone mode across
sciontool initand the runtime broker pipeline. - Web Server & Auth Integration: Introduced native session management and OAuth routing within the Go web server, alongside a new EventPublisher for real-time SSE streaming.
- Telemetry & Settings: Added telemetry injection to the
v1settings schema. Telemetry configuration now supports hierarchical merging and is automatically bridged into the agent containerβs environment variables. - CLI Additions: Introduced the
scion lookcommand for non-interactive terminal viewing. Project initialization now automatically sets up template directories and requires a global project.
π Fixes
Section titled βπ Fixesβ- Lifecycle Hooks: Relocated the cleanup handler to container lifecycle hooks to guarantee reliable execution upon container termination.
- Settings Overrides: Fixed configuration parsing to ensure environment variable overrides are correctly applied when loaded from
settings.yaml. - CLI Defaults: Ensured the
update-defaultcommand consistently targets the global project, and introduced a new--forceflag. - Frontend Assets: Resolved static asset serving issues by removing an erroneous
StripPrefixin the router, and fixed client entry point imports.