chore(main): release 0.3.7

[Aureliolo]

🤖 I have created a release beep boop

0.3.7 (2026-03-19)

Features

• engine: implement Hybrid Plan + ReAct execution loop (#582) (008147c)
• implement first-run setup wizard (#584) (dfed931)

Bug Fixes

• api: address ZAP DAST scan findings (#579) (ce9a3e0)
• ci: reset failed v0.3.7 release and fix syft SBOM scan (#593) (d1508c2)
• cli: auto-delete binary on Windows, prune images, fix GoReleaser (#590) (eb7c691)
• cli: regenerate compose and re-exec binary on update (#576) (3f226eb)

CI/CD

• add SBOM generation to Docker and CLI releases (#580) (db459cf)

Maintenance

• main: release 0.3.7 (#583) (bf58779)
• main: release 0.3.7 (#592) (2e8e633)
• reset failed v0.3.7 release (#591) (b69000d)

---

This PR was generated with Release Please. See documentation.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• autorelease: pending

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: c21b6ae1-f2f5-4c61-94b6-f213d0aa172b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the release of version 0.3.7, incorporating significant new features, critical bug fixes, and improvements to the CI/CD pipeline. Key updates include an advanced execution loop for the engine, a new setup wizard, various CLI and API stability enhancements, and the addition of SBOM generation for better supply chain security.

Highlights

• New Features: Introduced a Hybrid Plan + ReAct execution loop for the engine, enhancing its operational capabilities.
• New Features: Implemented a first-run setup wizard to improve initial user experience.
• Bug Fixes: Addressed security findings from ZAP DAST scans in the API.
• Bug Fixes: Resolved issues with the v0.3.7 release process and fixed the syft SBOM scan.
• Bug Fixes: Improved CLI functionality by enabling auto-deletion of binaries on Windows, pruning images, and fixing GoReleaser integration.
• Bug Fixes: Ensured the CLI regenerates compose files and re-executes the binary during updates.
• CI/CD Enhancements: Added Software Bill of Materials (SBOM) generation to both Docker and CLI releases.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[Aureliolo]

🤖 Created releases:

• v0.3.7

🌻

[gemini-code-assist]

Code Review

This pull request automates the release of version 0.3.7. The version bumps appear correct. I have provided feedback on the generated CHANGELOG.md to improve its clarity by excluding entries related to the release process itself, making it more valuable for end-users.

[gemini-code-assist]

This changelog entry under 'Bug Fixes' describes a fix to the CI process for the release. To keep the changelog focused on user-facing changes, it's recommended to exclude internal CI/CD process commits. This can often be configured in the release-please settings.

[gemini-code-assist]

These maintenance entries are related to the release process itself. Including these meta-commits in the changelog can be confusing for users. For a cleaner and more user-friendly changelog, consider configuring release-please to filter out commits related to previous release attempts.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.46%. Comparing base (d1508c2) to head (05f28af).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #594   +/-   ##
=======================================
  Coverage   92.46%   92.46%           
=======================================
  Files         551      551           
  Lines       27681    27681           
  Branches     2678     2678           
=======================================
  Hits        25595    25595           
  Misses       1634     1634           
  Partials      452      452           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.