chore(main): release 0.3.7

[Aureliolo]

🤖 I have created a release beep boop

0.3.7 (2026-03-19)

Features

• engine: implement Hybrid Plan + ReAct execution loop (#582) (008147c)
• implement first-run setup wizard (#584) (dfed931)

Bug Fixes

• api: address ZAP DAST scan findings (#579) (ce9a3e0)
• cli: regenerate compose and re-exec binary on update (#576) (3f226eb)

CI/CD

• add SBOM generation to Docker and CLI releases (#580) (db459cf)

---

This PR was generated with Release Please. See documentation.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• autorelease: pending

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4c08a87c-0cb6-4031-937d-aa1ff4692571

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch release-please--branches--main--components--synthorg

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the release of version 0.3.7 of the project. It primarily involves updating version numbers in various project files and documenting the new release in the changelog, which highlights the addition of SBOM generation for Docker and CLI releases.

Highlights

• Version Update: The project version has been updated from 0.3.6 to 0.3.7 across relevant configuration and source files.
• Changelog Entry: The CHANGELOG.md file has been updated to include details for version 0.3.7, specifically noting the addition of SBOM generation to Docker and CLI releases.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is an automated release for version 0.3.7, generated by release-please. The changes include updating the version number in pyproject.toml, src/synthorg/__init__.py, and .github/.release-please-manifest.json, and adding a new entry to CHANGELOG.md. These changes are consistent with an automated release workflow. No issues were found in the code changes presented in this pull request.

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
9651	1	9650	6

View the top 1 failed test(s) by shortest run time

tests.unit.security.rules.test_utils.TestWalkStringValuesDepthLimit::test_stops_at_max_depth

Stack Traces | 0.002s run time

.../security/rules/test_utils.py:93: in test_stops_at_max_depth
    assert "depth" in captured.out.lower()
E   AssertionError: assert 'depth' in ''
E    +  where '' = <built-in method lower of str object at 0x159a2f0>()
E    +    where <built-in method lower of str object at 0x159a2f0> = ''.lower
E    +      where '' = CaptureResult(out='', err='').out

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[Aureliolo]

🤖 Created releases:

• v0.3.7

🌻