Patch release — bin/ops-external and bin/ops-marketing-dash are now preferences-aware and surface real Shopify, Klaviyo, Meta, Instagram, and GSC data per project. /ops:ops-yolo always archives prior session reports to force a fresh-state run.

Fixed

• bin/ops-external now reads preferences.json (Shopify stores in .ecom.projects and .partner_registry.shopify_admin.stores, marketing channels in .marketing.projects, .integrations) instead of returning [] when only registry.json is empty. Resolves credential references using a shared grammar (env:VAR / doppler:project/config/SECRET / inline). Probes Shopify Admin API for live healthy / auth_expired / not_found / unreachable status. Adds -g (globoff) to all curl calls so bracketed query params (fields[shop]=…) don't get mangled. Guards against the BSD seq 0 -1 quirk that previously emitted spurious alias: null entries when the registry selection was empty.
• bin/ops-marketing-dash is now project-aware. Reads marketing.default_project from preferences.json (overridable via --project <name> arg or OPS_MARKETING_PROJECT env). Resolves nested cred refs (env:AB_KLAVIYO_TOKEN, doppler:hueman/prd/BRIGHT_KLAVIYO_TOKEN, etc.) before falling back to the legacy flat env / claude plugin config get / bare-Doppler chain. Adds -g and --max-time 5 to every curl. Output now includes a project field so downstream surfaces know which project's data they're seeing.

Added

• bin/ops-dash surfaces marketing health + Shopify count in the header status block (marketing N/100 Status (project) | shopify N/N), backgrounded against the existing probes so render time is unchanged.
• /ops:ops-go Phase-1 pre-gather now invokes ops-marketing-dash so the briefing's MARKETING section actually has data instead of falling through to (marketing not configured).
• /ops:ops-yolo Phase 0 archives any prior /tmp/yolo-*/ to ~/.claude/yolo-archive/<session>-<epoch>/ and allocates a fresh SESSION_DIR on every run. C-suite agent prompts now include a verbatim "fresh-state" directive forbidding reuse of cached reports. ops-marketing-dash added to Phase-1 data.

Patch release — second pass on YOLO false-fire suppression. Adds an inline annotation so C-suite agents can short-circuit on projects whose tracking is intentionally delegated to a workspace-level coordinator.

Changed

• bin/ops-gsd-states annotates SUBORDINATE projects (PR #204). When a GSD project's .planning/STATE.md frontmatter has status: subordinate_to_workspace, its phase tracking is intentionally delegated to a workspace-level coordinator (e.g. healify-api and healify-agentcore both delegate to healify-workspace). Prior to this fix, the C-suite YOLO agents treated these as independent projects and flagged them as "stalled" when their phase progress was static — but the staticness is correct: the workspace owns the schedule. Now the script appends [SUBORDINATE — tracking delegated to workspace; do NOT flag as stalled] to the project header, giving C-suite agents an inline short-circuit. Pairs with the CLAIM VERIFICATION GUARDRAIL shipped in 2.1.1. Concrete case from 2026-05-01 YOLO session: COO claimed healify-api v3.1 Phase 1 stalled 6d on closed PR #3217. Reality: PR #3217 was intentionally closed and superseded by #3222, which merged 2026-04-25. The workspace-level STATE.md correctly reflects this with status: subordinate_to_workspace; the YOLO scan would have surfaced that status if the script annotated it. Implementation uses a small awk frontmatter scalar parser; activates only on the literal value subordinate_to_workspace; all other status values stay silent.

Patch release — /ops:ops-yolo reliability fixes. Restores Phase 1 data-gathering after a regression, and adds a verification guardrail to the C-suite agents so they stop reporting false fires.

Fixed

• /ops:ops-yolo Phase 1 silent abort (PR #201). The inline ! shell block in skills/ops-yolo/SKILL.md used the bash-only parameter expansion ${d/#\~/$HOME} for tilde substitution. Claude Code's ! block executor runs under sh/dash, so the expansion was a syntax error and the GSD-state aggregation step silently aborted — taking the rest of YOLO data-gathering down with it. Extracted the loop to bin/ops-gsd-states with an explicit #!/usr/bin/env bash shebang. Same convention as every other Phase 1 block, which are all thin shims around bin/ scripts. Output format unchanged: === <basename> === header + STATE.md body + --- separator.

Changed

• YOLO C-suite agents now require claim verification (PR #202). The 2026-05-01 YOLO session produced multiple false-positive fires: agents flagged CLERK_AUTHORIZED_PARTIES as missing on a stagery-api Doppler config that already had it set; flagged healify-langgraphs-prod desired=0 as a fire when the most recent commit was chore(decomm): disable prod deploy workflow per phase 19.4 Stage 2; and referenced a Doppler stg config that does not exist on stagery-api. Root cause: agent prompts told them to be "brutally honest" but did not require them to verify external state before asserting it. Stale STATE.md notes were promoted to P0 claims. Added a ## CLAIM VERIFICATION GUARDRAIL section to all four agents (yolo-ceo, yolo-cto, yolo-cfo, yolo-coo). Identical block in each, placed before the existing DESTRUCTIVE ACTION GUARDRAIL. Mandates concrete verification commands per claim type (doppler secrets get --plain, aws secretsmanager get-secret-value, git log --grep decomm), distinguishes "set to empty" from "unset", and requires UNVERIFIED labeling when verification is impossible (rate limit, missing creds). Forbidden output patterns include "X is missing in production" without a corresponding read, and any P0/CRITICAL label on state that is the result of a documented planned change.

Minor release — consolidates the feature work from the v2.0.5–v2.0.9 patch series into a single coherent version. No breaking changes; drop-in replacement for v2.0.x.

Added

• Multi-workspace Slack support (was v2.0.9 / PR #195). Single ops install can now connect to multiple Slack workspaces simultaneously and route messages by workspace context. Adds bin/ops-slack-workspaces for inspection.
• /ops:credentials audit skill (was v2.0.6 / PR #184). On-demand audit of which integration credentials are configured, expiring soon (<7d), or stale (>180d). Plugin.json userConfig now carries field hints so the audit can tell users which env var or vault key holds each credential.
• ops-ci current-state filter (was v2.0.9 / PR #196). bin/ops-ci now emits ONLY workflows whose latest run on a tracked branch (main/dev/master) is currently failing — not "any failure in the last 24h". Eliminates the false-fire cascade in /ops-fires and /ops-go where stale failures triggered fix-agent dispatch on already-resolved CI. Smoke test on a real 38-repo portfolio: 14 → 6 entries (57% noise reduction). Behind OPS_CI_MODE=current default; OPS_CI_MODE=legacy reverts.
• MANDATORY pre-dispatch staleness check in ops-fires SKILL (was v2.0.9 / PR #196). Defense-in-depth gate — gh run list --workflow X --branch Y --limit 1 — before spawning any fix agent. Catches cache races where a fix landed in the seconds since the CI cache was written.
• Telegram preflight + keychain fallback (was v2.0.7 / PR #185). SSE/user-config detection runs before Telegram MCP auth; macOS keychain is the fallback secret store when Doppler is unconfigured.
• userConfig schema upgrades (was v2.0.5 / PR #182). enum values, sensitive flags, and per-integration toggles for fine-grained capability gating.

Fixed

• userConfig enum rejection by Claude Code stable (was v2.0.8 / PR #190). Removed unsupported enum keys from fix_model, max_fixes_per_hour, watcher_timeout_seconds, notify_channel, task_reminder_threshold, aws_region, doppler_config. Field descriptions retain the valid value lists.
• Cross-OS macOS keychain guard in /ops:credentials (was v2.0.6 hotfix).
• Plugin.json Prettier formatting (was v2.0.5 hotfix).

Notes

• Plugin v2.1.0 ships 35 skills, 18 agents.
• Marketplace pin must be bumped to 2.1.0 — see follow-up PR.
• Local plugin cache: clear old ops/2.0.* cache directories and re-install via marketplace refresh after merge.

Added

• Multi-workspace Slack support. preferences.json now accepts a slack_workspaces array so ops briefings, inbox scans, and comms reads iterate ALL configured Slack workspaces instead of stopping at one. Each entry carries name, token_env (the env var holding the token — never stored in prefs), and kind (bot_token | user_token). Backwards-compatible: configs with no slack_workspaces fall back to legacy SLACK_MCP_ENABLED=true single-workspace path.
• bin/ops-slack-workspaces helper. Lists every configured workspace, resolves token env vars, and calls slack.com/api/auth.test for each. Outputs a table or --json for machine consumers. Exit code is non-zero if any token is missing or invalid.
• Setup wizard multi-workspace loop. Step 3d now persists each workspace into slack_workspaces[] and asks "Add another workspace?" until done. Running /ops:setup slack a second time appends to the array without overwriting existing entries.
• Updated ops-go, ops-inbox, ops-comms, ops-dash SKILL.md docs to describe multi-workspace iteration, per-workspace labelling, and the MCP-bound-token fallback path (direct curl for non-primary workspaces).

Fixed

• Hotfix: remove unsupported enum keys from plugin.json userConfig. Claude Code's plugin manifest validator rejects enum on userConfig fields ("Unrecognized key"), which broke plugin loading on the latest stable. Removed enum from fix_model, max_fixes_per_hour, watcher_timeout_seconds, notify_channel, task_reminder_threshold, aws_region, and doppler_config. Field descriptions retain the valid value lists so users still know what's allowed. Restores plugin install on Claude Code stable.

Fixed

• Telegram MCP server: macOS Keychain fallback at startup. The plugin's .mcp.json injects TELEGRAM_API_ID/HASH/SESSION/PHONE via ${user_config.telegram_*} placeholders. When users configure Telegram via /ops:setup (which writes to Keychain) instead of pasting into the plugin settings UI, those placeholders resolve to empty strings and the MCP server fails — a working keychain integration appeared "not configured". telegram-server/index.js now falls back to security find-generic-password -s telegram-{api-id,api-hash,session,phone} -w when each env var is empty. macOS-only fallback; Linux/Windows continue to use env vars or the settings UI.
• Preflight: detect SSE-router + user-config.json credential sources. Adds two new credential scout sources to the setup preflight: SSE router config and ${CLAUDE_PLUGIN_DATA_DIR}/user-config.json. Tightens bin/ops-setup-detect to handle the SSE/user-config presence map. New test in tests/test-preflight-sse-userconfig.sh.

PR: #185

Added

• /ops:credentials skill + bin/ops-credentials audit CLI. Scans shell env, ops preferences.json, Doppler (resolves doppler:KEY references live), macOS Keychain, and Dashlane to report which integration credentials are configured vs missing. Output formats: human table (default), JSON (--json), single-service filter (--service stripe). Values masked as first6•••last4; never prints raw secrets. Auto-switches to compact one-line-per-cred format on SSH/mobile (per Rule 7).
• Credential field hints in plugin.json descriptions. All 22 sensitive credential fields now include "If already configured via /ops:setup or stored in keychain/Doppler, leave blank — runtime resolves automatically".

PR: #184

Fixed

• Plugin settings UI: enums + sensitive flags + opt-in toggles. Three fixes to userConfig:
  1. Added enum to finite-value fields: fix_model, notify_channel, aws_region (16 regions), max_fixes_per_hour, task_reminder_threshold, watcher_timeout_seconds, doppler_config.
  2. Marked 22 credential fields sensitive: true so the UI masks them: Telegram api_hash/session, Klaviyo, Meta Ads, Shopify admin, ShipBob, Bland AI, ElevenLabs, Groq, Stripe, RevenueCat, Datadog, New Relic, Pushover, Discord bot/webhook, Doppler token, DPD password, UPS+FedEx client secrets.
  3. Added 25 per-integration *_enabled boolean toggles so users explicitly opt in to each integration. Same pattern as deploy_fix_enabled. Covers: telegram, discord, pushover, ntfy, sentry, linear, datadog, newrelic, otel, doppler, klaviyo, meta_ads, ga4, gsc, shopify, shipbob, bland_ai, elevenlabs, groq, stripe, revenuecat, postnl, dpd, ups, fedex.

PR: #182

Fixed

• Registry path resolution: survive plugin updates. Bin scripts read registry.json from \$PLUGIN_ROOT/scripts/registry.json (the cache path), which is wiped on every plugin upgrade. Symptom: after a version bump, /ops:ops-dash and friends report "No project registry found" until the user manually re-runs /ops:setup, even though their data-dir registry is intact.
• New lib/registry-path.sh helper resolves OPS_DATA_DIR and REGISTRY with precedence: data-dir → caller-supplied legacy fallback → \$PLUGIN_ROOT/scripts → canonical default.
• Patched 9 bin scripts and the daemon's prefetch_project_health. bin/ops-projects already followed this pattern; this brings the rest of the surface in line.

PRs: #180, #181