chore(main): release 0.3.7

[Aureliolo]

🤖 I have created a release beep boop

0.3.7 (2026-03-19)

Features

• engine: implement Hybrid Plan + ReAct execution loop (#582) (008147c)
• implement first-run setup wizard (#584) (dfed931)

Bug Fixes

• api: address ZAP DAST scan findings (#579) (ce9a3e0)
• ci: remove CLI SBOM generation, reset failed v0.3.7 (#595) (d0f4992)
• ci: reset failed v0.3.7 release and fix syft SBOM scan (#593) (d1508c2)
• cli: auto-delete binary on Windows, prune images, fix GoReleaser (#590) (eb7c691)
• cli: regenerate compose and re-exec binary on update (#576) (3f226eb)

CI/CD

• add SBOM generation to Docker and CLI releases (#580) (db459cf)

Maintenance

• main: release 0.3.7 (#583) (bf58779)
• main: release 0.3.7 (#592) (2e8e633)
• main: release 0.3.7 (#594) (139dfc1)
• reset failed v0.3.7 release (#591) (b69000d)

---

This PR was generated with Release Please. See documentation.

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Excluded labels (none allowed) (1)

• autorelease: pending

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 41bc2aca-d288-4d90-bc06-bb6d46d2c527

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request represents the automated release of version 0.3.7, incorporating a series of significant updates across the project. It includes new features such as an advanced execution loop and a setup wizard, alongside crucial bug fixes addressing security vulnerabilities, CI/CD pipeline stability, and CLI functionality. The release also enhances build processes with improved SBOM generation.

Highlights

• Features: Implemented a Hybrid Plan + ReAct execution loop within the engine, enhancing its operational capabilities. Additionally, a first-run setup wizard was introduced to streamline initial user configuration.
• Bug Fixes: Addressed ZAP DAST scan findings in the API, improving security. Resolved issues with CLI SBOM generation and syft SBOM scans in CI, and fixed GoReleaser issues, including auto-deletion of binaries on Windows and image pruning. The CLI was also updated to regenerate compose files and re-execute the binary upon update.
• CI/CD Improvements: Added Software Bill of Materials (SBOM) generation to both Docker and CLI release processes, enhancing supply chain security and transparency.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[Aureliolo]

🤖 Created releases:

• v0.3.7

🌻

[gemini-code-assist]

Code Review

This pull request, generated by Release Please, automates the release of version 0.3.7. The changes correctly update the version number across the project files and add a new entry to the changelog. I've included one suggestion to improve the formatting of the changelog for better consistency and readability. Beyond that, the release changes appear to be in order.

[gemini-code-assist]

The new changelog entry contains multiple extra blank lines, which makes the formatting inconsistent. For better readability, it's good practice to use consistent spacing, such as a single blank line to separate block-level elements like headings and lists.

## [0.3.7](https://github.com/Aureliolo/synthorg/compare/v0.3.6...v0.3.7) (2026-03-19)

### Features

* **engine:** implement Hybrid Plan + ReAct execution loop ([#582](https://github.com/Aureliolo/synthorg/issues/582)) ([008147c](https://github.com/Aureliolo/synthorg/commit/008147c698d3443c95618be4d783a5d3d3813005))
* implement first-run setup wizard ([#584](https://github.com/Aureliolo/synthorg/issues/584)) ([dfed931](https://github.com/Aureliolo/synthorg/commit/dfed93123bfd24fabc50bc52d46211343835efea))

### Bug Fixes

* **api:** address ZAP DAST scan findings ([#579](https://github.com/Aureliolo/synthorg/issues/579)) ([ce9a3e0](https://github.com/Aureliolo/synthorg/commit/ce9a3e077ab6af5743a8150333d225d0de9ab0d3))
* **ci:** remove CLI SBOM generation, reset failed v0.3.7 ([#595](https://github.com/Aureliolo/synthorg/issues/595)) ([d0f4992](https://github.com/Aureliolo/synthorg/commit/d0f4992e3a495e70ffeb43d1e1af6cdf6ba78130))
* **ci:** reset failed v0.3.7 release and fix syft SBOM scan ([#593](https://github.com/Aureliolo/synthorg/issues/593)) ([d1508c2](https://github.com/Aureliolo/synthorg/commit/d1508c2f1414d5e9a7dd07753581038584febee0))
* **cli:** auto-delete binary on Windows, prune images, fix GoReleaser ([#590](https://github.com/Aureliolo/synthorg/issues/590)) ([eb7c691](https://github.com/Aureliolo/synthorg/commit/eb7c691c333f36f2123fea68a8a4d9637111442d))
* **cli:** regenerate compose and re-exec binary on update ([#576](https://github.com/Aureliolo/synthorg/issues/576)) ([3f226eb](https://github.com/Aureliolo/synthorg/commit/3f226eb79b46de59c1e94319a046765353392de4))

### CI/CD

* add SBOM generation to Docker and CLI releases ([#580](https://github.com/Aureliolo/synthorg/issues/580)) ([db459cf](https://github.com/Aureliolo/synthorg/commit/db459cf0892c46f9a887126edd70aeaafe6b70d8))

### Maintenance

* **main:** release 0.3.7 ([#583](https://github.com/Aureliolo/synthorg/issues/583)) ([bf58779](https://github.com/Aureliolo/synthorg/commit/bf587792d8a5fb5508fb373d45e01648dc732dec))
* **main:** release 0.3.7 ([#592](https://github.com/Aureliolo/synthorg/issues/592)) ([2e8e633](https://github.com/Aureliolo/synthorg/commit/2e8e633afee489f4288f09a86580e50eb1e32d3f))
* **main:** release 0.3.7 ([#594](https://github.com/Aureliolo/synthorg/issues/594)) ([139dfc1](https://github.com/Aureliolo/synthorg/commit/139dfc1ab4d0cee3dc2b5d8be1a473761011fc8f))
* reset failed v0.3.7 release ([#591](https://github.com/Aureliolo/synthorg/issues/591)) ([b69000d](https://github.com/Aureliolo/synthorg/commit/b69000da37ae9092ff59698a15cf10abd3d06ebb))

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.46%. Comparing base (d0f4992) to head (b1a85ab).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #596   +/-   ##
=======================================
  Coverage   92.46%   92.46%           
=======================================
  Files         551      551           
  Lines       27681    27681           
  Branches     2678     2678           
=======================================
  Hits        25595    25595           
  Misses       1634     1634           
  Partials      452      452           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.