chore(main): release 0.2.5

[Aureliolo]

🤖 I have created a release beep boop

0.2.5 (2026-03-15)

Features

• default sandbox to enabled, polish CLI output, add sandbox CI build (#455) (a4869b6)

Bug Fixes

• export .intoto.jsonl provenance for OpenSSF Scorecard (#456) (2feed09)

Maintenance

• add pyrightconfig.json and fix all pyright errors (#448) (f60746a)

---

This PR was generated with Release Please. See documentation.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (2)

• chore(main): release ai-company
• chore(main): release

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8877d66b-0c00-46aa-a44d-4f29a3738c00

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release-please--branches--main--components--synthorg

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch release-please--branches--main--components--synthorg

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[greptile-apps]

Greptile Summary

This is an automated Release Please PR that attempts to re-release version 0.2.0, rolling back all four versioned files (release-please-manifest.json, CHANGELOG.md, pyproject.toml, and src/synthorg/__init__.py) from 0.2.4 to 0.2.0. The context from PRs #444 and #446 suggests this is an intentional re-release after a problematic original 0.2.0 publish, but the PR has several issues that need to be resolved before merging:

• Version manifest regression — setting the Release Please manifest to 0.2.0 while v0.2.1–v0.2.4 git tags already exist will cause the tool to attempt to re-create an already-existing v0.2.1 tag on the next qualifying commit, likely breaking the release pipeline.
• Backwards changelog comparison URL — the generated compare/v0.2.4...v0.2.0 link points from a newer tag to an older one; the correct range should be v0.1.4...v0.2.0.
• Self-referential maintenance entries — the new 0.2.0 changelog section lists the releases of 0.2.1–0.2.4 (including a duplicate 0.2.4 entry) as changes within 0.2.0, which is misleading.

Confidence Score: 2/5

• Not safe to merge as-is — the manifest rollback will break the Release Please pipeline since v0.2.1–v0.2.4 tags already exist.
• The version downgrade in the Release Please manifest is a structural problem: the tool uses this value to calculate the next release tag, and rolling it back past already-published tags will either produce a duplicate-tag error or silently skip versions. The changelog URL is also factually wrong. These are not cosmetic issues — they affect the integrity of every future automated release.
• .github/.release-please-manifest.json is the highest-risk file; the version rollback here will break future automated releases. .github/CHANGELOG.md also needs the comparison URL corrected.

Important Files Changed

Filename	Overview
.github/.release-please-manifest.json	Version downgraded from 0.2.4 → 0.2.0, despite 0.2.1–0.2.4 already having been published. This directs Release Please to treat 0.2.0 as the current version, which will cause the next automated release to re-use or skip version numbers that already exist in the tag history.
.github/CHANGELOG.md	A new 0.2.0 section is prepended on top of the existing 0.2.4 (and earlier) sections. The comparison URL in the header is backwards (v0.2.4...v0.2.0). The 0.2.0 entry also contains self-referential maintenance entries listing the releases of 0.2.1–0.2.4 as if they were changes included in 0.2.0.
pyproject.toml	commitizen version rolled back from 0.2.4 to 0.2.0. If this package is or will be published to PyPI, this creates a version-ordering problem since 0.2.1–0.2.4 already exist.
src/synthorg/init.py	version rolled back from 0.2.4 to 0.2.0. Hatchling reads this file as the authoritative version source, so any built wheel will carry the 0.2.0 version string even though higher versions have already been released.

Comments Outside Diff (1)

1. .github/CHANGELOG.md, line 238-243 (link)

   Self-referential release entries inside the 0.2.0 section

   The 0.2.0 changelog section includes maintenance entries for the releases of 0.2.1, 0.2.2, 0.2.3, and 0.2.4 (including a duplicate 0.2.4 entry from both chore(main): release 0.2.4 #431 and chore(main): release 0.2.4 #445). These are releases that chronologically came after 0.2.0, so listing them as changes within 0.2.0 is circular and will confuse readers trying to understand what was in each release.

   Consider either:

   • Removing these self-referential release-chore entries from the 0.2.0 section, or
   • Acknowledging in the PR description that this is an intentional cumulative/omnibus changelog entry for the entire 0.2.x line.
   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: .github/CHANGELOG.md
   Line: 238-243
   
   Comment:
   **Self-referential release entries inside the 0.2.0 section**
   
   The 0.2.0 changelog section includes maintenance entries for the releases of `0.2.1`, `0.2.2`, `0.2.3`, and `0.2.4` (including a duplicate `0.2.4` entry from both #431 and #445). These are releases that chronologically came *after* 0.2.0, so listing them as changes *within* 0.2.0 is circular and will confuse readers trying to understand what was in each release.
   
   Consider either:
   - Removing these self-referential release-chore entries from the 0.2.0 section, or
   - Acknowledging in the PR description that this is an intentional cumulative/omnibus changelog entry for the entire 0.2.x line.
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: .github/CHANGELOG.md
Line: 17

Comment:
**Changelog comparison URL is backwards**

The generated compare link is `v0.2.4...v0.2.0`, which points *from* a newer tag *to* an older one. Changelog comparison URLs are conventionally `<previous-version>...<current-version>` (ascending order), so readers can click through to see what was added. Given the project's prior release history (`0.1.4` → `0.2.0`), the correct range should be `v0.1.4...v0.2.0`:

```suggestion
## [0.2.0](https://github.com/Aureliolo/synthorg/compare/v0.1.4...v0.2.0) (2026-03-15)
```

As written, the GitHub diff linked from the changelog header will show changes moving *backwards* in version history, which is misleading for users reading the release notes.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: .github/.release-please-manifest.json
Line: 2

Comment:
**Version manifest rolled back past already-published tags**

The manifest is being set to `0.2.0` while git tags `v0.2.1`, `v0.2.2`, `v0.2.3`, and `v0.2.4` already exist in the repository (all listed as released in the maintenance section of this very changelog entry). Release Please reads this manifest to determine the *current* version and derives the next release from it, so after this PR merges the tool will attempt to release `0.2.1` — a tag that already exists — on the next qualifying commit, which will fail or silently produce a duplicate release.

If the intent is a full re-release of the `0.2.0` milestone (as suggested by PRs #444 and #446), the existing `v0.2.1`–`v0.2.4` tags need to be deleted from the repository first, or the manifest should be set to the last cleanly released version (`0.2.4`) so Release Please can proceed correctly from there.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: .github/CHANGELOG.md
Line: 238-243

Comment:
**Self-referential release entries inside the 0.2.0 section**

The 0.2.0 changelog section includes maintenance entries for the releases of `0.2.1`, `0.2.2`, `0.2.3`, and `0.2.4` (including a duplicate `0.2.4` entry from both #431 and #445). These are releases that chronologically came *after* 0.2.0, so listing them as changes *within* 0.2.0 is circular and will confuse readers trying to understand what was in each release.

Consider either:
- Removing these self-referential release-chore entries from the 0.2.0 section, or
- Acknowledging in the PR description that this is an intentional cumulative/omnibus changelog entry for the entire 0.2.x line.

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: d459574}

[greptile-apps]

Changelog comparison URL is backwards

The generated compare link is v0.2.4...v0.2.0, which points from a newer tag to an older one. Changelog comparison URLs are conventionally <previous-version>...<current-version> (ascending order), so readers can click through to see what was added. Given the project's prior release history (0.1.4 → 0.2.0), the correct range should be v0.1.4...v0.2.0:

Suggested change

	* add cost-optimized, hierarchical, and auction assignment strategies ([#175](https://github.com/Aureliolo/synthorg/issues/175)) ([ce924fa](https://github.com/Aureliolo/synthorg/commit/ce924faba2fdb10ab430c35f530a750cfd709b30)), closes [#173](https://github.com/Aureliolo/synthorg/issues/173)
	## [0.2.0](https://github.com/Aureliolo/synthorg/compare/v0.1.4...v0.2.0) (2026-03-15)

As written, the GitHub diff linked from the changelog header will show changes moving backwards in version history, which is misleading for users reading the release notes.

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/CHANGELOG.md
Line: 17

Comment:
**Changelog comparison URL is backwards**

The generated compare link is `v0.2.4...v0.2.0`, which points *from* a newer tag *to* an older one. Changelog comparison URLs are conventionally `<previous-version>...<current-version>` (ascending order), so readers can click through to see what was added. Given the project's prior release history (`0.1.4` → `0.2.0`), the correct range should be `v0.1.4...v0.2.0`:

```suggestion
## [0.2.0](https://github.com/Aureliolo/synthorg/compare/v0.1.4...v0.2.0) (2026-03-15)
```

As written, the GitHub diff linked from the changelog header will show changes moving *backwards* in version history, which is misleading for users reading the release notes.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Version manifest rolled back past already-published tags

The manifest is being set to 0.2.0 while git tags v0.2.1, v0.2.2, v0.2.3, and v0.2.4 already exist in the repository (all listed as released in the maintenance section of this very changelog entry). Release Please reads this manifest to determine the current version and derives the next release from it, so after this PR merges the tool will attempt to release 0.2.1 — a tag that already exists — on the next qualifying commit, which will fail or silently produce a duplicate release.

If the intent is a full re-release of the 0.2.0 milestone (as suggested by PRs #444 and #446), the existing v0.2.1–v0.2.4 tags need to be deleted from the repository first, or the manifest should be set to the last cleanly released version (0.2.4) so Release Please can proceed correctly from there.

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/.release-please-manifest.json
Line: 2

Comment:
**Version manifest rolled back past already-published tags**

The manifest is being set to `0.2.0` while git tags `v0.2.1`, `v0.2.2`, `v0.2.3`, and `v0.2.4` already exist in the repository (all listed as released in the maintenance section of this very changelog entry). Release Please reads this manifest to determine the *current* version and derives the next release from it, so after this PR merges the tool will attempt to release `0.2.1` — a tag that already exists — on the next qualifying commit, which will fail or silently produce a duplicate release.

If the intent is a full re-release of the `0.2.0` milestone (as suggested by PRs #444 and #446), the existing `v0.2.1`–`v0.2.4` tags need to be deleted from the repository first, or the manifest should be set to the last cleanly released version (`0.2.4`) so Release Please can proceed correctly from there.

How can I resolve this? If you propose a fix, please make it concise.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request officially releases version 0.2.0 for the synthorg project. It integrates a substantial collection of new features, critical bug fixes, and system enhancements developed over a period of active development. The release focuses on expanding core functionalities, improving system robustness, and strengthening security, while also addressing and correcting previous versioning inconsistencies to ensure a stable and well-documented release.

Highlights

• Release 0.2.0: This pull request formally releases version 0.2.0 of the synthorg project, consolidating a vast array of new features, bug fixes, and system improvements.
• Comprehensive Feature Set: Version 0.2.0 introduces significant new capabilities, including a cross-platform Go CLI, a web dashboard built with Vue 3, advanced agent orchestration via TaskEngine and AgentEngine, various memory and persistence backends, and sophisticated cost optimization services.
• Enhanced Security and Stability: The release incorporates extensive security hardening measures, such as API key hashing, security headers, and repo-wide audits. It also features robust CI/CD pipelines with SLSA L3 provenance and improved error handling and recovery strategies for greater system stability.
• Versioning Correction: This release addresses previous versioning inconsistencies by removing a stale v0.2.4 changelog section and resetting the project version for a clean 0.2.0 rollout, ensuring accurate release tracking.

Changelog

• Bug Fixes
  • address Greptile post-merge review findings from PRs #170-#175 (#176) (c5ca929)
  • address post-merge review feedback from PRs #164-#167 (#170) (3bf897a), closes #169
  • attach cosign signatures and provenance bundle to release assets (#438) (f191a4d)
  • CLA signatures branch + declutter repo root (#409) (cabe953)
  • correct API reference link path in rest-api.md (#320) (3d08f92)
  • correct deploy-pages SHA and improve preview cleanup reliability (#304) (584d64a)
  • correct Release Please branch name in release workflow (#410) (515d816)
  • create git tag explicitly for draft releases (#432) (1f5120e)
  • docker healthcheck, CI optimization, and container hardening (#436) (4d32bca)
  • enforce strict mypy on test files (#89) (aeeff8c)
  • ensure security headers on all HTTP responses (#437) (837f2fc)
  • harden API key hashing with HMAC-SHA256 and clean up legacy changelog (#292) (5e85353)
  • harden coordination pipeline with validators, logging, and fail-fast (#333) (2f10d49), closes #205
  • harden Docker sandbox, MCP bridge, and code runner (#50, #53) (d5e1b6e)
  • harden git tools security + code quality improvements (#150) (000a325)
  • harden subprocess cleanup, env filtering, and shutdown resilience (#155) (d1fe1fb)
  • incorporate post-merge feedback + pre-PR review fixes (#164) (c02832a)
  • make install scripts usable immediately without terminal restart (#433) (b45533c)
  • migrate pids_limit to deploy.resources.limits.pids (#439) (66b94fd)
  • pre-PR review fixes for post-merge findings (#183) (26b3108)
  • replace slsa-github-generator with attest-build-provenance, fix DAST (#424) (eeaadff)
  • repo-wide security hardening from ZAP, Scorecard, and CodeQL audit (#357) (27eb288)
  • resolve circular imports, bump litellm, fix release tag format (#286) (a6659b5)
  • resolve CodeQL path-injection alerts in Go CLI (#412) (f41bf16)
  • restore golangci-lint to v2.11.3 (broken by replace_all in #425) (#427)
  • strengthen immutability for BaseTool schema and ToolInvoker boundaries (#117) (7e5e861)
  • upgrade goreleaser to v2.14.3 (v2.11.3 never existed) (#425) (df6650d)
  • upgrade upload-pages-artifact to v4 and add zizmor workflow linting (#299) (2eac571)
  • use Cloudflare Pages API default per_page for pagination (#305) (9fec245)
  • use cosign --bundle flag for checksums signing (#443) (19735b9)
  • use draft releases to support immutable release policy (#429) (a6c7444)
• CI/CD
  • add npm and pre-commit ecosystems to Dependabot (#369) (54e5fe7)
  • add pip-audit, hadolint, OSSF Scorecard, ZAP DAST, and pre-push hooks (#350) (2802d20)
  • add Release Please for automated versioning and GitHub Releases (#278) (a488758)
  • add SLSA L3 provenance for CLI binaries and container images (#423) (d3dc75d)
  • add workflow_dispatch trigger to PR Preview for Dependabot PRs (#326) (4c7b6d9)
  • bump actions/checkout from 4 to 6 (#95) (1897247)
  • bump actions/setup-node from 4.4.0 to 6.3.0 (#311) (3c99d6f)
  • bump actions/setup-node from 4.4.0 to 6.3.0 (#360) (2db5105)
  • bump actions/setup-python from 5.6.0 to 6.2.0 (#312) (3273553)
  • bump actions/upload-artifact from 4 to 7 (#94) (27b1517)
  • bump anchore/scan-action from 6.5.1 to 7.3.2 (#271) (80a1c15)
  • bump astral-sh/setup-uv from 6.0.1 to 7.4.0 (#310) (b63cee7)
  • bump astral-sh/setup-uv from 7.4.0 to 7.5.0 in the minor-and-patch group (#335) (98dd8ca)
  • bump docker/build-push-action from 6.19.2 to 7.0.0 (#273) (dd0219e)
  • bump docker/login-action from 3.7.0 to 4.0.0 (#272) (33d6238)
  • bump docker/metadata-action from 5.10.0 to 6.0.0 (#270) (baee04e)
  • bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#274) (5fc06f7)
  • bump github/codeql-action from 3.32.6 to 4.32.6 (#361) (ce766e8)
  • bump sigstore/cosign-installer from 3.9.1 to 4.1.0 (#275) (29dd16c)
  • bump the major group with 4 updates (#405) (20c7a04)
  • group major dependabot bumps per ecosystem (#388) (3c43aef)
  • harden CI/CD pipeline (#92) (ce4693c)
  • split vulnerability scans into critical-fail and high-warn tiers (#277) (aba48af)
• Documentation
  • add ADR-001 memory layer evaluation and selection (#178) (db3026f), closes #39
  • add agent scaling research findings to DESIGN_SPEC (#145) (57e487b)
  • add CLAUDE.md, contributing guide, and dev documentation (#65) (55c1025), closes #54
  • add crash recovery, sandboxing, analytics, and testing decisions (#127) (5c11595)
  • address external review feedback with MVP scope and new protocols (#128) (3b30b9a)
  • expand design spec with pluggable strategy protocols (#121) (6832db6)
  • finalize 23 design decisions (ADR-002) (#190) (8c39742)
  • remove milestone references and rebrand to SynthOrg (#289) (57a03e0)
  • set up documentation site, release CI, and sandbox hardening (#298) (0dec9da)
  • split DESIGN_SPEC.md into 7 focused design pages (#308) (9ea0788)
  • update project docs for M2.5 conventions and add docs-consistency review agent (#114) (99766ee)
• Features
  • add /get/ installation page for CLI installer (#413) (6a47e4a)
  • add /review-dep-pr skill for dependency update PR review (#315) (56f6565)
  • add approval workflow gates to TaskEngine (#387) (2db968a)
  • add autonomy levels and approval timeout policies (#42, #126) (#197) (eecc25a)
  • add CFO cost optimization service with anomaly detection, reports, and approval decisions (#186) (a7fa00b)
  • add code quality toolchain (ruff, mypy, pre-commit, dependabot) (#63) (36681a8)
  • add configurable cost tiers and subscription/quota-aware tracking (#67) (#185) (9baedfa)
  • add container packaging, Docker Compose, and CI pipeline (#269) (435bdfe), closes #267
  • add coordination error taxonomy classification pipeline (#146) (#181) (70c7480)
  • add cost-optimized, hierarchical, and auction assignment strategies (#175) (ce924fa), closes #173
  • add cross-platform Go CLI for container lifecycle management (#401) (0353d9e), closes #392
  • add design specification, license, and project setup (8669a09)
  • add env var substitution and config file auto-discovery (#77) (7f53832)
  • add explicit ScanOutcome signal to OutputScanResult (#394) (be33414), closes #284
  • add FastestStrategy routing + vendor-agnostic cleanup (#140) (09619cb), closes #139
  • add HR engine and performance tracking (#45, #47) (#193) (2d091ea)
  • add issue auto-search and resolution verification to PR review skill (#119) (deecc39)
  • add mandatory JWT + API key authentication (#256) (c279cfe)
  • add meeting scheduler, event-triggered meetings, and Go CLI lint fixes (#407) (5550fa1)
  • add Mem0 memory backend adapter (#345) (2788db8), closes #206
  • add memory retrieval, ranking, and context injection pipeline (#41) (873b0aa)
  • add pluggable MemoryBackend protocol with models, config, and events (#180) (46cfdd4)
  • add pluggable MemoryBackend protocol with models, config, and events (#32) (46cfdd4)
  • add pluggable output scan response policies (#263) (b9907e8)
  • add pluggable PersistenceBackend protocol with SQLite implementation (#36) (f753779)
  • add PR preview deployments via Cloudflare Pages (#302) (b73c45a)
  • add progressive trust and promotion/demotion subsystems (#43, #49) (3a87c08)
  • add retry handler, rate limiter, and provider resilience (#100) (b890545)
  • add SecOps security agent with rule engine, audit log, and ToolInvoker integration (#40) (83b7b6c)
  • add shared org memory and memory consolidation/archival (#125, #48) (4a0832b)
  • add static OpenAPI reference page with Scalar UI (#319) (77cdbcc)
  • centralized single-writer TaskEngine with full CRUD API (#328) (9c1a3e1)
  • design unified provider interface (#86) (3e23d64)
  • expand template presets, rosters, and add inheritance (#80, #81, #84) (15a9134)
  • implement agent runtime state vs immutable config split (#115) (4cb1ca5)
  • implement AgentEngine core orchestrator (#11) (#143) (f2eb73a)
  • implement AuditRepository for security audit log persistence (#279) (94bc29f)
  • implement basic tool system (registry, invocation, results) (#15) (c51068b)
  • implement built-in file system tools (#18) (325ef98)
  • implement checkpoint recovery strategy (#367) (f886838)
  • implement communication foundation — message bus, dispatcher, and messenger (#157) (8e71bfd)
  • implement company template system with 7 built-in presets (#85) (cbf1496)
  • implement conflict resolution protocol (#122) (#166) (e03f9f2)
  • implement core entity and role system models (#69) (acf9801)
  • implement crash recovery with fail-and-reassign strategy (#149) (e6e91ed)
  • implement engine extensions — Plan-and-Execute loop and call categorization (#134, #135) (#159) (9b2699f)
  • implement enterprise logging system with structlog (#73) (2f787e5)
  • implement graceful shutdown with cooperative timeout strategy (#130) (6592515)
  • implement hierarchical delegation and loop prevention (#12, #17) (6be60b6)
  • implement LiteLLM driver and provider registry (#88) (ae3f18b), closes #4
  • implement LLM decomposition strategy and workspace isolation (#174) (aa0eefe)
  • implement meeting protocol system (#123) (ee7caca)
  • implement message and communication domain models (#74) (560a5d2)
  • implement model routing engine (#99) (d3c250b)
  • implement parallel agent execution (#22) (#161) (65940b3)
  • implement per-call cost tracking service (#7) (#102) (c4f1f1c)
  • implement personality injection and system prompt construction (#105) (934dd85)
  • implement single-task execution lifecycle (#21) (#144) (c7e64e4)
  • implement subprocess sandbox for tool execution isolation (#131) (#153) (3c8394e)
  • implement task assignment subsystem with pluggable strategies (#172) (c7f1b26), closes #26 #30
  • implement task decomposition and routing engine (#14) (9c7fb52)
  • implement Task, Project, Artifact, Budget, and Cost domain models (#71) (81eabf1)
  • implement tool permission checking (#16) (833c190)
  • implement YAML config loader with Pydantic validation (#59) (ff3a2ba)
  • implement YAML config loader with Pydantic validation (#75) (ff3a2ba)
  • incremental AgentEngine → TaskEngine status sync (#331) (7a68d34), closes #323
  • initialize project with uv, hatchling, and src layout (39005f9)
  • initialize project with uv, hatchling, and src layout (#62) (39005f9)
  • Litestar REST API, WebSocket feed, and approval queue (M6) (#189) (29fcd08)
  • make TokenUsage.total_tokens a computed field (#118) (c0bab18), closes #109
  • parallel tool execution in ToolInvoker.invoke_all (#137) (58517ee)
  • testing framework, CI pipeline, and M0 gap fixes (#64) (f581749)
  • web dashboard pages — views, components, tests, and review fixes (#354) (b165ec4)
  • web dashboard with Vue 3 + PrimeVue + Tailwind CSS (#347) (06416b1)
  • wire all modules into observability system (#97) (f7a0617)
  • wire MultiAgentCoordinator into runtime (#396) (7a9e516)
• Maintenance
  • add /worktree skill for parallel worktree management (#171) (951e337)
  • add design spec context loading to research-link skill (8ef9685)
  • add post-merge-cleanup skill (#70) (f913705)
  • add pre-pr-review skill and update CLAUDE.md (#103) (92e9023)
  • add research-link skill and rename skill files to SKILL.md (#101) (651c577)
  • bump @vitejs/plugin-vue from 5.2.4 to 6.0.5 in /web (#382) (d7054ee)
  • bump @vue/tsconfig from 0.7.0 to 0.9.0 in /web in the minor-and-patch group across 1 directory (#371) (64fa08b)
  • bump aiosqlite from 0.21.0 to 0.22.1 (#191) (3274a86)
  • bump astro from 5.18.1 to 6.0.4 in /site (#376) (d349317)
  • bump github.com/spf13/cobra from 1.9.1 to 1.10.2 in /cli in the minor-and-patch group (#402) (e31edbb)
  • bump https://github.com/astral-sh/ruff-pre-commit from v0.15.5 to 0.15.6 (#372) (dcacb2e)
  • bump https://github.com/gitleaks/gitleaks from v8.24.3 to 8.30.1 (#375) (a18e6ed)
  • bump https://github.com/hadolint/hadolint from v2.12.0 to 2.14.0 (#373) (47b906b)
  • bump https://github.com/pre-commit/pre-commit-hooks from v5.0.0 to 6.0.0 (#374) (1926555)
  • bump litellm from 1.82.1 to 1.82.2 in the minor-and-patch group (#385) (fa4f7b7)
  • bump mkdocstrings[python] from 0.29.1 to 1.0.3 (#314) (d46ccad)
  • bump node from 22-alpine to 25-alpine in /docker/web (#359) (8d56cd3)
  • bump node from 22-slim to 25-slim in /docker/sandbox (#358) (3de8748)
  • bump pinia from 2.3.1 to 3.0.4 in /web (#381) (c78dcc2)
  • bump pyyaml from 6.0.2 to 6.0.3 in the minor-and-patch group (#96) (0338d0c)
  • bump ruff from 0.15.4 to 0.15.5 (a49ee46)
  • bump the major group across 1 directory with 9 updates (#389) (9fa621b)
  • bump the minor-and-patch group across 1 directory with 3 updates (#352) (031b1c9)
  • bump the minor-and-patch group with 2 updates (#313) (6337ae4)
  • bump the minor-and-patch group with 2 updates (#362) (6ede2ce)
  • bump vue-router from 4.6.4 to 5.0.3 in /web (#378) (6c60f6c)
  • deps: bump devalue from 5.6.3 to 5.6.4 in /site in the npm_and_yarn group across 1 directory (#324) (9a9c600)
  • expand review skills to 18 smart conditional agents (#364) (494013f)
  • fix M0 audit items (#66) (c7724b5)
  • improve review-dep-pr skill and add Codecov Test Analytics (#317) (eb5782e)
  • main: release 0.1.0 (#283) (0857288)
  • main: release 0.1.1 (#290) (67a3fe6)
  • main: release 0.1.2 (#316) (d1203e5)
  • main: release 0.1.3 (#327) (97ff660)
  • main: release 0.1.4 (#363) (27a55d2)
  • main: release 0.2.0 (#400) (4cfc38a)
  • main: release 0.2.1 (#426) (e4dfbea)
  • main: release 0.2.2 (#428) (e69263a)
  • main: release 0.2.3 (#430) (440c540)
  • main: release 0.2.4 (#431) (63b03c4)
  • main: release 0.2.4 (#445) (fad9353)
  • main: release ai-company 0.1.1 (#282) (2f4703d)
  • migrate docs build from MkDocs to Zensical (#330) (fa8bf1d), closes #329
  • narrow BSL Additional Use Grant and add CLA (#408) (5ab15bd), closes #406
  • pin setup-uv action to full SHA (#281) (4448002)
  • post-audit cleanup — PEP 758, loggers, bug fixes, refactoring, tests, hookify rules (#148) (c57a6a9)
  • remove stale v0.2.4 changelog section from failed release (#446) (769de10)
  • reset version to 0.2.3 for re-release (#444) (8579993)
  • site: replace hero CTA with license link and scroll arrow (#440) (56af41c)
  • web: adopt @vue/tsconfig preset (#435) (7d4b214)
• Performance
  • harden non-inferable principle implementation (#195) (02b5f4e), closes #188
• Refactoring
  • adopt NotBlankStr across all models (#108) (#120) (ef89b90)
  • extract _SpendingTotals base class from spending summary models (#111) (2f39c1b)
  • harden BudgetEnforcer with error handling, validation extraction, and review fixes (#182) (c107bf9)
  • harden personality profiles, department validation, and template rendering (#158) (10b2299)
  • pre-PR review improvements for ExecutionLoop + ReAct loop (#124) (8dfb3c0)
  • redesign release notes layout (#434) (239aaf7)
  • rename package from ai_company to synthorg (#422) (df27c6e), closes #398
  • split events.py into per-domain event modules (#136) (e9cba89)
• Tests
  • add e2e single agent integration tests (#24) (#156)
  • add fuzz and property-based testing across all layers (#421) (115a742)
  • add provider adapter integration tests (#90) (40a61f4)

Activity

• Aureliolo created this pull request to release version 0.2.0 of the synthorg project.
• The pull request was automatically generated by Release Please, indicating an automated release process.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request downgrades the project version from 0.2.4 to 0.2.0, which is a critical issue. Downgrading a version violates semantic versioning principles and can cause significant problems for package managers, dependency resolution, and users. The correct approach for faulty releases is to publish a new, higher version and yank the problematic ones. I have added critical comments on all files where the version is being downgraded, with suggestions to use a higher version like 0.3.0 instead. I also noted that the generated changelog contains an invalid comparison URL and is non-chronological.

[gemini-code-assist]

The version is being downgraded from 0.2.4 to 0.2.0. This is a critical issue that violates semantic versioning principles and can cause significant problems for users and dependency management tools. Instead of downgrading, it's recommended to release a new, higher version.

Suggested change

	".": "0.2.0"
	".": "0.3.0"

References

1. Semantic Versioning (SemVer) dictates that version numbers must always increase. Downgrading a version (e.g., from 0.2.4 to 0.2.0) is a violation of this principle and can cause significant issues with dependency management tools and user expectations.

[gemini-code-assist]

The project version is being downgraded from 0.2.4 to 0.2.0. This is a critical violation of semantic versioning that will likely cause issues for package managers and users. Please release a new, higher version instead of downgrading.

Suggested change

	version = "0.2.0" # x-release-please-version
	version = "0.3.0" # x-release-please-version

References

1. Semantic Versioning (SemVer) dictates that version numbers must always increase. Downgrading a version (e.g., from 0.2.4 to 0.2.0) is a violation of this principle and can cause significant issues with dependency management tools and user expectations.

[gemini-code-assist]

The package's __version__ is being downgraded from 0.2.4 to 0.2.0. This is a critical issue that violates semantic versioning and can lead to unpredictable behavior with dependency management tools. A new release should always have a higher version number.

Suggested change

	__version__ = "0.2.0" # x-release-please-version
	__version__ = "0.3.0" # x-release-please-version

References

1. Semantic Versioning (SemVer) dictates that version numbers must always increase. Downgrading a version (e.g., from 0.2.4 to 0.2.0) is a violation of this principle and can cause significant issues with dependency management tools and user expectations.

[gemini-code-assist]

The compare URL .../compare/v0.2.4...v0.2.0 is incorrect. A release's compare URL should link from the previous version to the current one, but this URL does the opposite.

More importantly, this change is part of a version downgrade for the project. Adding a 0.2.0 release when a 0.2.4 release already exists makes the changelog non-chronological and confusing. A new release should have a higher version number.

Suggested change

	## [0.2.0](https://github.com/Aureliolo/synthorg/compare/v0.2.4...v0.2.0) (2026-03-15)
	## [0.3.0](https://github.com/Aureliolo/synthorg/compare/v0.2.4...v0.3.0) (2026-03-15)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.67%. Comparing base (f60746a) to head (77ebee0).
⚠️ Report is 6 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #447   +/-   ##
=======================================
  Coverage   93.67%   93.67%           
=======================================
  Files         469      469           
  Lines       22219    22219           
  Branches     2143     2143           
=======================================
  Hits        20814    20814           
  Misses       1095     1095           
  Partials      310      310           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[Aureliolo]

🤖 Created releases:

• v0.2.5

🌻