chore: release v1.0.0

[yacosta738]

🤖 I have created a release beep boop

1.0.0 (2026-04-06)

⚠ BREAKING CHANGES

• ci: make all now includes all checks and will fail on any error

Features

• 276 expand dashboard and web operational clients to match runtime admin capabilities (#352) (307a1f1)
• 277 session and memory visibility across Corvus clients (#366) (4db1b16)
• add apply progress, verification, and archive reports for enhance-auto-update system (33f94a7)
• add audio input support for http gateway and cli phase 2 (#437) (faa496f)
• add basic chat UI with vue.js (#24) (71c441f)
• add configuration to ignore platform-specific Corvus binaries (9f5ae23)
• add dependabot configuration for all ecosystems (#189) (926b2d5)
• Add first-run dashboard activation prompt and user guidance (#147) (0768810)
• Add first-run web dashboard activation prompt and guidance (c096805)
• Add first-run web dashboard activation prompt and guidance (b3f6c1d)
• add functions to collect and apply restart fields for various configurations (57b2087)
• add jules and antigravity agents to agentsync (5aea1e4)
• add McpToolAdapter to implement the Tool trait for MCP tools, including output limiting and configuration validation. (47425cd)
• add provider account pools and rust coverage (#240) (0f350a7)
• Add RustCliBridge for executing Rust CLI commands as an agent core bridge. (9b7e39e)
• Add secure shell command execution and external tool integration via a new Rust-Kotlin native runtime bridge. (32213cd)
• Add ShellTool for secure shell command execution with sandboxing, timeout, and output truncation. (d28df1d)
• add ShellTool for secure, sandboxed shell command execution with output truncation and timeouts. (bea54ef)
• add Vite configuration for Vue project with testing and build setup (d2ed52b)
• agent-runtime: activate surreal graphs plugin memory runtime (#68) (a3295f6)
• agent-runtime: add auth and provider runtime upgrades (#29) (e4a74a0)
• agent-runtime: add code_search rollout benchmarks (aff6dc8)
• agent-runtime: add indexed candidate verification for code search (#443) (79080e4)
• agent-runtime: add secure plugin runtime and surreal-graphs onboarding (#54) (6f2fba8)
• agent-runtime: add SurrealDB memory backend and secure wizard flow (#46) (7ca0787)
• agent-runtime: complete gateway webhook dispatcher parity (#283) (b327cfa)
• agent-runtime: expand channels, cron tooling, and provider integrations (33bfe89)
• agent-runtime: keep search index fresh across file writes and workspace changes (#444) (82fa489), closes #358
• agent: add code-specialized bootstrap entrypoint (31c8461)
• auth: encrypt Copilot token cache at rest (#52) (9cdb0c3)
• cerebro: add embedded migration and TUI (#242) (06eeec2)
• ci: add comprehensive check pipeline to make all (8d01a94)
• code search tool (#440) (d5dfcbb)
• conductor: implement conductor task routing and observability features (#157) (a4edf15)
• config: enhance CodeRabbit configuration with improved review instructions and auto-labeling (77db2ef)
• config: enhance CodeRabbit configuration with improved review instructions and auto-labeling (cb459fc)
• config: enhance site URL resolution and server configuration (ee371cb)
• copilot: add support for GitHub Copilot as a provider and enhance OAuth handling (#50) (be6208f)
• cron: enhance job type validation and schema requirements (6c46e1e)
• dashboard: add secure web admin configuration surface (#75) (7c17c50)
• define cerebro distribution channels and dedicated docs presence (#396) (4f5ec99)
• define trusted skills distribution and installation model for corvus (#311) (47e894c), closes #261
• dev: align local dashboard flow with prod proxy (#244) (ecf4aff)
• docs: add comprehensive agent instructions and guidelines for Kotlin project (12e5cc1)
• enhance configuration and dependencies for code specialist sessions (530c6ca)
• Enhance dashboard with full agent config and mission governance (#139) (438ce2a)
• Enhance pnpm configuration and implement mobile runtime parity (#372) (76a53ea)
• Enhance quick pair dashboard flow and improve code readability (#245) (556a334)
• expand mcp platform support beyond tools only integration (#336) (646ee79)
• finalize code agent specialist delivery (1308150)
• finalize code agent specialist updates (5b68a8a)
• Harden security policy and introduce code_search tool enhancements (#442) (024aa20)
• implement code-specialist session architecture and entry point (873a9d3)
• implement comprehensive auto-update system with centralized management and safety features (#142) (5138701)
• implement Docker runtime adapter with resource limits, network isolation, and workspace mounting. (a5e4d3d)
• Implement MCP support and update dependencies for agent runtime (#129) (6f7f105)
• implement McpClient for listing and calling microservice tools via command execution or HTTP, including mock support. (13f1d64)
• install: enhance installer with new options and improved error handling (8ffaf82)
• install: improve download handling and add TTY check for onboarding (43ef58c)
• Introduce agent runtime configuration schema and create MCP tool adapter. (d221f8b)
• Introduce McpToolAdapter to integrate MCP tools, providing output limiting and argument validation. (a35b94a)
• introduce mission layer for autonomous objective orchestration (#132) (198353c)
• issue-273: unify onboarding and pairing flow across CLI, web, and mobile clients (#308) (c9efabf)
• issue-275: define canonical client surfaces capability matrix (90358e4), closes #275
• issue-278: cross-client i18n governance and shared UX/UI language (#310) (9538500)
• marketing (96c21b0)
• marketing: add marketing app with landing pages and funnels (5e81a1f)
• marketing: enhance marketing site with cross-compilation support and environment configuration (b4f63f6)
• migrate memory to Cerebro MCP (#235) (ffaa3a0)
• multimodal image input mvp (#324) (b0aeb20)
• onboard: enable live model discovery for Copilot (#69) (ff48634)
• optimize CodeRabbit configuration for Corvus monorepo (#127) (9fca327)
• plugin store (#62) (e2358d5)
• plugins doble sing (#64) (1f99372)
• plugins edge catalog domain (#73) (3fc8ea2)
• plugins: add runtime plugins guide and update config (32dbc39)
• plugins: automate plugin release publishing on Cloudflare (#63) (b283f6b)
• plugins: replace cosign CLI with native Sigstore verification for plugin signatures (#81) (c7eebd6)
• provider vision gating and Anthropic image adapter (#268) (#335) (d169a5a)
• publish: dynamically resolve Rust channel and update Docker build process (0a32fb2)
• publish: resolve Rust channel dynamically in GitHub Actions workflow (60e8615)
• publish: resolve Rust channel dynamically in GitHub Actions workflow (#44) (c4177e3)
• publish: update npm package structure and add platform-specific packages (72ddf58)
• rename npm package from @corvus/cli to @dallay/corvus and update related configurations (e7e4ecf)
• rulesets: update branch protection rules for main and minor branches (e743645)
• runtime image normalization pipeline with history support (#267) (#333) (fc2e18c)
• runtime: add audio input support with local transcription for Telegram (#413) (258d3c3)
• runtime: wire CostTracker to agent loop with budget enforcement (3854403)
• security: sonar security hardening and gateway refactor (#119) (5567957)
• service: add linger option for service install and restart commands (#71) (7af6bf3)
• simulate failure states in Rust and Kotlin runtime adapters (6c505fb)
• streamline installer updates and script layout (301f7d0)
• unify and fix CodeRabbit configuration (f30e06f)
• update Cargo.lock to include new package configurations for Corvus and Corvus Robot Kit (3993b1e)
• update Cargo.lock to include new package configurations for Corvus and Corvus Robot Kit (ca75804)
• update: enhance update confirmation handling and improve state management (949d14e)
• update: implement update notification and confirmation handling (cdd772c)
• web: align visual design between docs and marketing apps (#124) (b9b7539)
• web: configure Codecov and Vitest coverage (#133) (e742b6d)
• web: root docs locale and portless dev flow (#192) (0bba656)
• web: scaffold vue chat dashboard with shadcn-style ui (5c53f89)
• web: unified visual design, a11y, and perf optimizations across all apps (#155) (f6b717d)

Bug Fixes

• [MEDIUM] Fix permission race condition in secret storage (#60) (a56417c)
• [Snyk] Security upgrade astro from 5.17.2 to 5.17.3 (#152) (d46a273)
• 253 improve sonarqube coverage in the highest impact uncovered files (#286) (6c84864)
• address clippy review findings (d603366)
• address inline review comments from PR (04fa487)
• address runtime safeguards and release blockers (54b12a1)
• agent-runtime: align bootstrap behavior with runtime usage (15872ee)
• agent-runtime: arreglar warnings de cargo build (93d40b8)
• agent-runtime: complete rollout benchmark lint fix (8780e52)
• agent-runtime: enforce secure config.toml permissions (#49) (afa31d1)
• agent-runtime: finish rollout benchmark enum rename (8b786d9)
• agent-runtime: harden gateway auth and http tool header validation (#66) (43d861e)
• agent-runtime: propagate routed provider runtime options (c63c15a)
• agent-runtime: remove duplicate test cfg attribute (b974927)
• agent-runtime: sanitize gateway fallback and extend blocking tests (7c2a770)
• agent-runtime: satisfy rollout benchmark lint (b4afa50)
• agents: correct destination path for skills symlink (0c34c6b)
• apply CodeRabbit auto-fixes (d8ccc59)
• apply CodeRabbit auto-fixes (b9ecd1f)
• apply CodeRabbit auto-fixes (#216) (fcc55b2)
• bootstrap: honor configured agent profile across runtime paths (5cb8150)
• cerebro: restore surreal storage migration checks (f2bb8a6)
• ci: add toolchain input to rust-toolchain action (7195d62)
• ci: correct Sonar multicriteria configuration (aa2dc6b)
• ci: desplegar docs en release publicado (f8795f1)
• ci: desplegar docs en release publicado (25f7bc0)
• ci: normalize cosign certificate output before verification (d055872)
• ci: remove Sonar quality gate mutation step (0af9c30)
• ci: resolve SonarQube workflow secret condition parsing (403befb)
• ci: restore missing scribe agent file (aac9f83)
• ci: restore Sonar coverage reporting and reduce major code smells (#121) (8e02231)
• ci: revert _publish.yml to v0.3.0 to fix release workflow (748d5a7)
• ci: stabilize make all by hardening dependency resolution (7586cdf)
• compose: avoid host-specific desktop lock drift (97dcee4)
• config: change gateway host to 127.0.0.1 in config and Dockerfile (78850f8)
• config: point plugin registry defaults to profiletailors domain (#59) (48c82e8)
• config: reorder imports and clean up pnpm-lock.yaml (85dd1c9)
• Consolidate documentation and address security findings (#280) (81728ba)
• copilot: correct LocalFree argument type for security_descriptor (e3005ba)
• corvus: borrow tmp in rename call (e3c2e46)
• create coverage directory before generating Rust coverage report (7257b7c)
• dependencies: update shared package path and add vite dependency (51bd372)
• deps: remove build artifacts causing Renovate parsing errors (#39) (f751c14)
• docs: avoid starlight id collisions across locales (9847892)
• docs: correct architecture diagram links (053d9ca)
• docs: correct formatting and remove TODO comments in documentation files (b99ed27)
• docs: correct formatting and remove TODO comments in documentation files (ed39b82)
• docs: correct guide links for architecture, release, and getting started (40f7686)
• docs: correct hardware design link in ESP32 UI README (ca4224c)
• docs: documentation cleanup and WebSearchTool security hardening (b1baef2)
• docs: remove duplicate sections in architecture.md and use DOCS_MODULE variable (290ea6a)
• docs: remove invalid sidebar slug causing build failure (#17) (9b76bcc)
• docs: repair broken local links (f560f8c)
• docs: repair broken local links (#399) (ee07750)
• docs: resolve 404 issues by correcting relative links and moving diagram assets to public/ (34e0672)
• docs: resolve 404 issues, relocate diagram assets, and refine architecture guides (e7ae38f)
• docs: standardize spacing in YAML and improve readability in spec documents (522f1fe)
• docs: update architecture diagram links (3123fe7)
• docs: update architecture diagram links and overview references (febd998)
• docs: update paths in documentation and Makefile for clients/web (5514ece)
• docs: update sidecar isolation documentation and clarify health-check behavior (072d203)
• gateway: keep timeout idempotency keys retryable (2dcf5f5)
• gateway: reject empty origin and allow ipv6 loopback (eef51d8)
• gitignore: correct spelling of skills directory (d4c8164)
• gradle: exclude tooling configs from dependency locks (80b8489)
• gradle: reduce build-logic lockfile drift (1a87468)
• gradle: stabilize dependency lock checks (d88965c)
• gradle: update build-logic junit locks (78c6bf2)
• Harden sandbox isolation and update allowed status handling (#398) (b8d994e)
• health: add health checks for channel and scheduler components (aa89de4)
• health: implement health checks for channel listener and adjust tick intervals (f2d74a1)
• Improve dashboard configuration form and monorepo scripts (#25) (32e5dde)
• Improve Docker Compose examples and enhance documentation (fabaecf)
• improve formatting and readability in documentation files (57972e8)
• install preflight plugin signature (#77) (6b4c963)
• installer: support tarball release assets (#47) (3a33809)
• json: streamline formatting in main-protection.json (1f3e6b6)
• marketing: remove /en prefix from docs links to fix 404 errors (#281) (7cd314c)
• plugins: add Worker deployment step to publish workflow (c7e40cd)
• plugins: allow smoke checks to pass on 403 when fallback is enabled (6eabcf4)
• plugins: create pnpm store before cache save (8814790)
• plugins: enforce remote R2 and strict edge checks (9fe13ae)
• plugins: harden install preflight and signature verification (#76) (1af691f)
• plugins: harden plugin install verification and fetch security (#88) (7e1fdb8)
• plugins: harden worker smoke checks after deploy (a6b952d)
• plugins: make worker deploy step non-blocking in CI (f44fb15)
• plugins: make Worker deployment non-blocking (fec1908)
• plugins: make workers.dev smoke check authoritative (179c310)
• plugins: parse workers.dev URL from deploy logs (d3bbac7)
• plugins: publish plugin bundles to R2 by default (#74) (c8d964c)
• plugins: remove invalid --yes flag from wrangler deploy (3f4bbb6)
• plugins: set deploy_to_r2 output and make smoke test conditional (5116690)
• plugins: update code signing EKU OID encoding and improve Fulcio intermediate handling (#86) (f22ede4)
• Potential fix for code scanning alert no. 418: Untrusted Checkout TOCTOU (#191) (0f50e45)
• Potential fix for code scanning alert no. 425: Untrusted Checkout TOCTOU (#369) (bf3f1e7)
• prompt: centralize compact context truncation limits (4ea0851)
• quality: reduce cognitive complexity and fix pre-existing bugs (#135) (3fccacd)
• quality: reduce cognitive complexity and fix shell script issues (#136) (9152639)
• reduce concurrency limits and remove post-update options in renovate configuration (88bab39)
• Refactor runtime and scripts; extract common UI components (#143) (7e159fa)
• release: align web package versions with v0.2.3 (0684d60)
• release: refresh agent-runtime lockfile for 0.1.13 (5636807)
• release: remove unused cargo patch for locked builds (22eac3f)
• release: sync agent-runtime lockfile version (8019362)
• release: sync Cargo.lock for v0.3.2 (eac184d)
• release: update all npm package versions to 0.1.4 (296e24a)
• release: update corvus version to 0.1.14 in Cargo.lock (9e43517)
• remove reduced motion !important overrides (bdc651b)
• renovate: migrate to renovate.json5, fix invalid JSON, enable managers, add memory optimizations (#434) (7010efc)
• renovate: update renovate.json5 to use YAML-like syntax for configuration (d237b5f)
• repair http_request and pushover tests (734f372)
• resolve all SonarCloud code smells and improve test coverage (#351) (5e0c8a5)
• resolve PR review blockers (4ce00b6)
• resolve Renovate memory issues and Kotlin compiler OOM (b1fee6a)
• resolve SonarCloud quality gate issues across all surfaces (#309) (7d5336a)
• runtime: refine cost warning and estimation diagnostics (6a19a63)
• security: enforce security policy and rate limits in WebSearchTool (7bf0d1e)
• security: harden ImageInfoTool security and redact internal paths (d591be6)
• security: harden ImageInfoTool with rate limiting and symlink protection (9b3e388)
• security: harden path validation and block shell input redirection (#357) (167dec6)
• security: ignore RUSTSEC-2023-0071 advisory until fix available (202c76d)
• security: moved record_action after provider validation in WebSearchTool (4170d78)
• security: resolve multiple dependency vulnerabilities (#82) (54e1b81)
• shared: standardize CSS import syntax in app-shell.css (08b964a)
• sonar: reduce false positives and improve analysis signal (faaf003)
• sonar: relax gate threshold and refactor peripheral handlers (172f350)
• update author name in command line parser (e1aca54)
• update project structure and rename dashboard to chat (#58) (39400e8)
• use --cobertura instead of --xml for cargo-llvm-cov (d0910d4)
• web: align CSS imports with stylelint (1db2c8d)
• web: remove !important lint violations in docs CSS (#108) (ae2291f)
• web: resolve pnpm frozen-lockfile and regenerate pnpm-lock.yaml (a74a8da)

Performance Improvements

• ⚡ Optimize Chat Workspace Performance (#80) (92fc5ac)
• compose: optimize chat workspace recompositions (#241) (3dfbad3)
• compose: optimize ChatWorkspace UI with remember and static constants (#28) (abe50eb)
• compose: optimize UI recompositions and state caching (b144c3a)
• compose: remember PasswordVisualTransformation in passwordTextField (#193) (88db9e5)
• Enhance Docker setup for dashboard with improved config bindings (#151) (0a64bb3)

---

This PR was generated with Release Please. See documentation.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Repository-wide version bump from 0.4.0 → 1.0.0 across release manifest, Cargo/npm/gradle manifests, and version.txt; only metadata version fields changed, no source code or behavioral changes.

Changes

Cohort / File(s)	Summary
Release & Version Configuration /.release-please-manifest.json, version.txt	Root release manifest and global version file updated 0.4.0 → 1.0.0.
Rust Package Manifest clients/agent-runtime/Cargo.toml	Package version bumped 0.4.0 → 1.0.0.
NPM Agent Runtime Packages clients/agent-runtime/npm/corvus/package.json, clients/agent-runtime/npm/corvus-cli/package.json, clients/agent-runtime/npm/corvus-{darwin-arm64,darwin-x64,linux-arm64,linux-x64,windows-arm64,windows-x64}/package.json	Package version fields bumped 0.4.0 → 1.0.0; clients/agent-runtime/npm/corvus/package.json also updates six platform optionalDependencies to 1.0.0.
Web Application Manifests clients/web/package.json, clients/web/apps/{chat,dashboard,docs,marketing}/package.json	Web app and entry package version bumped 0.4.0 → 1.0.0.
Web Package Manifests clients/web/packages/{locales,shared,ui}/package.json	Shared/web packages version bumped 0.4.0 → 1.0.0.
Gradle Build Configuration gradle.properties, gradle/build-logic/gradle.properties	Build/version constants bumped 0.4.0 → 1.0.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore: add release-please automation #236 — Updates release-managed manifest and version files consistent with release-please automation.
• docs: Update dependencies for Rust, Ubuntu, Compose, and others #212 — Earlier changes to agent-runtime manifests and corvus npm package versions.
• chore(release): bump version to 0.1.7 #70 — Prior repository-wide version bump touching Cargo.toml, package.jsons, and gradle properties.

Suggested labels

risk:high, area:rust, area:web, area:gradle, area:ci

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is auto-generated by Release Please and contains comprehensive release notes with features, bug fixes, and breaking changes, but does not follow the repository's PR description template structure.	Clarify whether Release Please–generated descriptions are exempt from the template requirement, or provide a supplementary summary following the template sections (Related Issues, Summary, Tested Information, Documentation Impact, Breaking Changes).

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'chore: release v1.0.0' follows Conventional Commit style with a 'chore' prefix and clearly summarizes the release action as the main change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release-please--branches--main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	fe35e7b
Status:	✅  Deploy successful!
Preview URL:	https://59c86802.corvus-42x.pages.dev
Branch Preview URL:	https://release-please--branches--ma.corvus-42x.pages.dev

View logs

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	89%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	10	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3082 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	516	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	91%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	203	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-04-06 to 2026-04-06}

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud