Changelog

Releases are published to npm and GitHub Releases.

​

[0.8.0] — 2026-06-10

Trustworthy execution — multi-provider executors with full run observability. (Jumps from 0.3.3: 0.4.x–0.7.0 were consumed by pre-reset publishes and versions are forward-only — see RELEASING.md.)

​

Added

• DeepSeek provider via aider delegation (#822) — provider: deepseek in agent frontmatter (or --provider flag, or squad providers.default) delegates execution to aider with --model deepseek/deepseek-chat. File-based roles only (no web tools); the OpenAI-compatible seam makes further providers a config swap.
• Per-run outcome capture (#818) — observability records now capture what each run actually produced: actions, commits, PRs, issues.
• Provider run observability (#826) — every foreground provider run writes an observability record; real token/cost figures parsed from executor output via the new CLIConfig.parseUsage seam (implemented for aider/deepseek); agent model: frontmatter is now parsed so records carry the agent’s real model.

​

Fixed

• Executor work can never be lost (#825) — provider-executor output is harvested from the isolated worktree (commit → ff-merge into the project root, guarded by the secret/PII staged-diff scan) instead of being destroyed with it. On divergence the agent/* branch is preserved with the manual-merge command printed; harvest runs on failed exits too, so partial work survives.
• Tag pushes produce GitHub Releases again (#819) — release.yml dropped its always-failing npm-publish step (only publish.yml is the OIDC trusted publisher), which had been blocking GitHub Release creation.

​

Docs

• RELEASING.md (#827) — in-repo release procedure: publish path, version ladder, squash-divergence recipe, known traps.

​

[0.3.3] — 2026-06-08

Runtime reliability — squads run is safe and pleasant to leave unattended.

​

Fixed

• Per-agent timeout now actually bounds agents — --timeout <min> was ignored in conversation mode; it now caps each agent (precedence: SQUADS_AGENT_TIMEOUT_MINUTES env > --timeout > default). Default lowered 30 → 15 min so a hung agent can’t burn half an hour (#806).
• Founder-context refresh no longer blocks the run — when context is stale, the digest now refreshes in the background while the run proceeds with the current copy (was a multi-minute synchronous Pass-1 over the whole session history). --force / SQUADS_DIGEST_SYNC=1 still refresh synchronously (#807).

​

Added

• Per-squad-run worktree isolation — each squad run executes in its own git worktree, so agents never switch branches, drop files, or open PRs in your working checkout. Graceful fallback to in-place if the dir isn’t a git repo; SQUADS_NO_WORKTREE=1 to disable (#808).

​

Changed

• squads run (no target) now lists squads and surfaces a Run all squads: squads run --org hint; corrected the misleading “autopilot mode” command description (#805).

​

[0.3.2] — 2026-06-08

Agent runtime, founder-context, and a full safety/governance layer.

​

Added

• Founder-context layers — founder-context.md (universal) + per-squad founder-alignment.md injected first into every agent’s context, so squads run aligned with the operator’s live pipeline.
• squads brief — distills founder intentions from recent sessions into GitHub issues.
• Live --verbose streaming — squads run --verbose streams each agent’s output as it works (not just post-run).
• Per-agent max_context_tokens — cap an agent’s context-assembly budget in YAML frontmatter.
• Agent Contract — schema + CI validator for agent capabilities (tool grants, write scope, credential scope, resource ceilings).
• OS sandbox (opt-in) — run agent sessions in Claude Code’s OS sandbox with an egress allowlist.
• API type codegen — generated client types from the squads-api OpenAPI spec.

​

Changed

• Roadmap-bounded autonomy — leads plan, delegate, update state, and land reviewed PRs, but cannot author or ship code themselves; workers do the building.
• Role-based timeouts + anti-collision rules in the conversation engine.
• Requires Node ≥ 20 — dropped EOL Node 18 from the test/release matrices; the bundled vitest/rolldown toolchain imports styleText from node:util, available only on Node ≥ 20.

​

Fixed

• Release pipeline — release.yml/publish.yml no longer fail on Node 18, which had silently blocked the last two tagged releases from publishing to npm.
• Telemetry write-key restored (broken since 2026-03-14).
• Services made path-agnostic (no hardcoded paths).
• Agent guardrail Bash denylist now actually fires.
• UX: prerequisites check, no-args squad list, schedule hint.

​

Security

• Secret/PII guardrail — blocks agent auto-commits that would leak secrets or PII.
• Governance deny-rules — agents can’t edit goals/priorities/directives/SQUAD.md during runs.
• Defensive validation hardening across contract / secret-scan / brief / sandbox.

​

0.3.1 — 2026-04-24

First stable v0.3.x release on @latest. Same code as 0.3.0-rc.1 (burned in on @next).

Note: 0.3.0 was skipped because that version slot is reserved by a deprecated historical pre-release (Jan 2026) and npm enforces version immutability.

​

Added

• Conversation protocol — agents talk to each other and use tools mid-conversation. squads run <squad> now drives a lead → scan → work → review → verify cycle.
• Org cycle — squads run with no target runs all squads in waves, with smart-skip for converged work.
• New commands — review, credentials, goals, log, plus minor refinements to init, status, and run.
• Project config system — .squads/config.yml for per-project settings (agent_timeout_minutes, token_budget, cost_ceiling, company_name, compose_file, telemetry). Resolution: env var > config file > defaults.
• PreToolUse guardrail hooks — agent sessions can be gated by user-defined safety hooks.
• Demo agent scaffold — squads init now includes starter agents and “what’s next” guidance.
• Growth squad template — added to squads init seed templates.
• Tier 2 documentation — guides for local-services mode (Postgres, Redis, API, Bridge).

​

Changed

• Run engine rewrite — decomposed into smaller modules (conversation.ts, workflow.ts, context helpers). Foundation for future cloud execution.
• Role-based timeouts — workers, reviewers, and leads have appropriate per-role timeouts (replaces hardcoded 8-minute ceiling).
• Anti-collision rules — multiple squads no longer race to create the same release PR or duplicate issues.
• Prompts extracted — lead briefings, planning instructions, and orchestrator prompts moved from TypeScript into templates/prompts/*.md.
• Services command — agnostic compose-file discovery (no hardcoded internal paths).
• OIDC trusted publishing — release.yml and publish.yml now publish via GitHub OIDC instead of NPM_TOKEN. No long-lived secret to rotate.
• Audit remediation — removed hardcoded values, parameterized company name, extracted internal prompts.

​

Fixed

• Telemetry write-only key — restored after being incorrectly removed in March (telemetry has been silent since 2026-03-14).
• First-run UX — prerequisites check, helpful empty-state for squads list with no squads, schedule hint after first run.

​

Infrastructure

• @next dist-tag channel — pre-release tags (v0.3.0-rc.1, v0.4.0-beta.1, etc.) auto-publish to @next for burn-in. Clean semver tags publish to @latest.
• npm install via npm i -g squads-cli@next for early access.

​

0.2.2 — 2026-03-28

• IDP (Internal Developer Platform), observability infrastructure, tiered architecture, org cycle scaffolding.

​

0.2.1 — 2026-03-13

• First-run experience reset.

​

[0.2.0] and earlier

See GitHub Releases for the full history.

Versions 0.3.0, 0.4.0–0.4.13, 0.5.0–0.5.1, 0.6.0–0.6.2, and 0.7.0 were experimental pre-releases published in early 2026 and have been deprecated on npm. Do not install them. Start at 0.2.2 or 0.3.1+.