Changelog

v3.177.5 — 2026-06-18

Plugin

• The /ship Phase 6 auto-close scan and the CI auto-close scanner now also scan the branch commit messages, catching a keyword that would auto-close an issue via the squash-merge commit even when the PR body is clean.

v3.177.4 — 2026-06-18

• fix(ci): correct strip_log_injection tr bug (3 workflows) + terraform-target-parity non-SSH coverage

v3.177.3 — 2026-06-18

Web Platform (infra)

• inngest-inventory.sh emits a 4th JSON key durability_state (durable|degraded|sqlite_only|unknown) + a journald durability=<enum> summary (reaches Better Stack via Vector's tag allowlist). Enum only, no connection strings.

CI

• scheduled-inngest-health.yml gains a between-deploy durability detector: an advisory ci/inngest-degraded-durability issue filed/commented on the non-durable union (severity by state, relabel across transitions), auto-closed when durable again. Existing inngest_down hard-outage path and Sentry heartbeat unchanged.

v3.177.2 — 2026-06-18

Docs / Ops

• Re-armed two Inngest reminders (5417, 5469) dropped in the #5542 durable cutover; HTTP 202 ×2 acceptance evidence recorded in rearm-record.md.
• PIR inngest-durable-redis-missing-outage-postmortem.md #5548 row marked done with the re-arm result + the 5432-drop disposition + a "reconstruct survivors from source automations" note.
• Runbook inngest-oneshot-and-reminder-patterns.md §A: added a "cutover survivors must be re-armed by hand if inngest was DOWN" callout.
• Learning + one work-skill bullet on cross-artifact line-citation drift from doc insertions.

v3.177.1 — 2026-06-18

Plugin

• New: scripts/regenerate-c4-model.sh — pinned, off-tree-validated, idempotent LikeC4 model regen primitive.
• New: plugins/soleur/test/c4-model-freshness.test.sh — CI freshness gate (renders + byte-diffs the committed model.likec4.json).
• lefthook: c4-model-regenerate pre-commit hook auto-regenerates + re-stages the compiled model on any .c4 edit.
• architecture skill + diagrams README: fix npx likec4@latest → pinned 1.50.0; document the automatic-on-commit regen mandate.
• Regenerated model.likec4.json (now reflects the email-triage / inngest architecture).

Web Platform

• Extended c4-likec4-version-pin.test.ts to assert the new executable surfaces (regen script + ci.yml install) match the Dockerfile pin and reject a floating tag.

v3.177.0 — 2026-06-18

• feat(inbox): dedicated /dashboard/inbox surface + nav entry

v3.176.2 — 2026-06-18

Fixed cla-check for soleur:fix-issue bot-fix PRs by allowlisting the soleur-ai[bot] GitHub login and pinning the bot's commit author email to the resolvable GitHub-noreply address.

Ref #5520

🤖 Generated with Claude Code

v3.176.1 — 2026-06-18

Web Platform (infra)

• Order deploy_pipeline_fix after infra_config_handler_bootstrap via depends_on so a newly-added webhook-delivered FILE_MAP file lands in a single terraform apply instead of one apply late.
• Rewrite the stale comment block; update the shared concurrency-group comment for the two-element depends_on.
• Add regression tests (edge present, co-targeting invariant, cross-workflow blast-radius, bridge triggers_replace) to ship-deploy-pipeline-fix-gate.test.ts.

web-v0.154.9 — 2026-06-18

• fix(inngest): cap --postgres-max-open-conns at 10 (under session-pooler pool_size 15)

web-v0.154.8 — 2026-06-18

• chore(cloud-init): bump inngest-bootstrap pin to v1.1.16 (#5547)

web-v0.154.7 — 2026-06-18

Web Platform

• test/live-repo-badge.test.tsx: replace the regainCommitted body-settle gate with a fetchMock.toHaveBeenCalledTimes(2) + await act(async () => {}) render-commit proof before the re-revoke focus; add a toHaveBeenCalledTimes(3) assertion after re-surface (anti-false-green: mount-solo ≡ re-revoke-solo, so the terminal toBeInTheDocument() alone cannot prove the transition); remove the now-superseded regainCommitted flag and the vacuous synchronous toBeNull() assertion.

web-v0.154.6 — 2026-06-18

Web Platform (infra)

• ci-deploy.sh: existing-host inngest deploy now stages the three durable-Redis assets to /tmp; verify_inngest_health emits a no-SSH degraded-durability advisory; degraded deploys record reason=success_degraded_durability.
• inngest-bootstrap.sh: durable vs SQLite-only ExecStart branched on REDIS_READY via a sentinel substitution (server stays available when Redis is unprovisioned).
• infra-validation.yml: runs inngest.test.sh (durable-Redis + ExecStart-branch drift-guards).

web-v0.154.5 — 2026-06-18

Web Platform

• Webhooks: resolveSoloFounderForInstallation now scopes the SELECT by (installation_id, normalizeRepoUrl(repo_url)), matching the push-reconcile fan-out key. Route composes https://github.com/<full_name> before normalize; a missing repository.full_name drops via a pre-compose none/404 guard. The >1 fail-closed branch is retained for the genuine same-repo two-users-same-fork residual. founderId + single-founder dispatch unchanged.
• Dispatch provisioning: repo-readiness-self-heal.ts gains a ready-but-.git-absent recoverable branch (lock-free graft — claim_repo_clone_lock matches only error/stale-cloning rows; concurrency via the clone's atomic-rename .git-sentinel). cc-dispatcher.ts widens the readiness gate with existsSync(.git) evaluated after !repoReadiness.ok so the ready+.git-present hot path keeps its zero-DB/JWT-round-trip property.
• Migration 113: set_repo_status writes the failure reason to workspaces.repo_error (the column the gate reads as of migration 110) instead of the dropped users.repo_error, so a member-triggered heal failure surfaces the honest reason instead of looping. SECURITY DEFINER, search_path pinned, membership-gated, verify/113 sentinel.
• ADR-044 amended (non-push repo-scope + ready-but-.git-gone consequence). PIR filed for the incident.

web-v0.154.4 — 2026-06-18

• perf(web): frontend quick-wins bundle — loading skeletons, parallel invites, explicit conversation columns, no-blank chat shell

web-v0.154.3 — 2026-06-18

• inngest-rearm-reminders.sh: INNGEST_REARM_MODE (capture|rearm) + INNGEST_CUTOVER_CAPTURE_FILE source priority (stdin > capture > self-enumerate); delete-on-success.
• hooks.json.tmpl: rearm hook mode → INNGEST_REARM_MODE pass-environment.
• cutover-inngest.yml: op=capture choice + arm.
• Runbook FALLBACK: capture-before-deploy sequence.

web-v0.154.2 — 2026-06-18

• chore(inngest): bump cloud-init bootstrap pin v1.1.14 → v1.1.15 (release-prep)

web-v0.154.17 — 2026-06-18

• chore(inngest): bump bootstrap pin v1.1.17→v1.1.18 (argv→env secrets) + fix redis-rotation comment

web-v0.154.16 — 2026-06-18

Web Platform

• No runtime change; a comment line re-arms the live-verify trigger to validate the harness fix end-to-end in CI.

web-v0.154.15 — 2026-06-18

Web Platform

• The post-deploy live-verify harness now waits for the server to accept the chat session before sending, removing a race that prevented a real PASS and making a genuine session rejection a precise, deterministic signal.

web-v0.154.14 — 2026-06-18

• Emit failure_mode raw (P1 misclassification fix).
• Rename SESSION_POOL_CAP→INNGEST_CLIENT_CAP=10; filtered inngest-attributable count; 80% threshold; drop the total>=cap exhaustion branch (keep EMAXCONNSESSION); log per-backend breakdown.
• Reconcile inngest.tf comment, runbook triage, nfr-register; amend the capacity-monitor learning with the corrected rule.

web-v0.154.13 — 2026-06-18

Web Platform (infra)

• inngest-server secrets delivered via the doppler-run environment, never inngest start argv (closes a world-readable /proc/cmdline exposure).
• Durable-backend detection re-keyed to the non-secret --postgres-max-open-conns sentinel across 3 runtime parsers + 4 test files; drift-guard token arrays updated.
• SQLite-only fail-safe unsets INNGEST_POSTGRES_URI (load-bearing — env present in both branches).
• ADR-030 invariant I7 + amendment log; runbook secret-delivery note; scheduled-inngest-health detector prose.

web-v0.154.12 — 2026-06-18

Pool-utilization probe (leading indicator)

• New poolprobe step reads pg_stat_activity session counts on the dedicated inngest Supabase project (ref pigsfuxruiopinouvjwy) via the Management API every 15 min.
• pool_pressure alerts at ~70% of the session-pool cap before EMAXCONNSESSION (integer arithmetic; SESSION_POOL_CAP env).
• pool_exhausted (EMAXCONNSESSION in a 5xx body OR count ≥ cap) alerts but is excluded from the auto-restart gate — a restart churns more session connections and worsens exhaustion (#5558). The tracking issue points at the stale-session / --postgres-max-open-conns 10 remediation, not a restart.
• pool_probe_unavailable (degraded probe) files a distinct [ci/inngest-pool-probe] issue so a broken probe never masquerades as pool-hot.
• The probe runs after the liveness probe and only sets a mode when the liveness verdict is empty, so a genuinely-down inngest keeps its restart path. It re-emits the effective failure_mode (id poolprobe); all four downstream consumers repoint to it.
• The account-scoped PAT is redacted at every print site via scrub_pat (sbp_REDACTED); the host is hardcoded api.supabase.com (no env-override exfil seam).

IaC

• Publishes SUPABASE_ACCESS_TOKEN to a GH Actions secret via a github_actions_secret resource sourced from a no-default var.supabase_access_token (hr-tf-variable-no-operator-mint-default), routed through the App-auth integrations/github provider.
• Records the default_pool_size 15→30 config drift (verified live = 30 via the Management API on 2026-06-18) and the decision to revert to the project default and rely on the client cap (#5559). SESSION_POOL_CAP tracks the live cap (30); it drops to 15 in lockstep with that revert.

Docs

• Runbook gains a no-SSH-first session-pool triage subsection.
• nfr-register.md gains a Service-Level Monitoring entry for the inngest session pool.

web-v0.154.11 — 2026-06-18

Web Platform

• No runtime change. A comment line was added to middleware.ts purely to satisfy the live-verify trigger-paths gate so the report-only harness runs once in CI.

web-v0.154.10 — 2026-06-18

Web Platform (infra)

• inngest-inventory.sh emits a 4th JSON key durability_state (durable|degraded|sqlite_only|unknown) + a journald durability=<enum> summary (reaches Better Stack via Vector's tag allowlist). Enum only, no connection strings.

CI

• scheduled-inngest-health.yml gains a between-deploy durability detector: an advisory ci/inngest-degraded-durability issue filed/commented on the non-durable union (severity by state, relabel across transitions), auto-closed when durable again. Existing inngest_down hard-outage path and Sentry heartbeat unchanged.

web-v0.154.1 — 2026-06-18

Plugin

• New: scripts/regenerate-c4-model.sh — pinned, off-tree-validated, idempotent LikeC4 model regen primitive.
• New: plugins/soleur/test/c4-model-freshness.test.sh — CI freshness gate (renders + byte-diffs the committed model.likec4.json).
• lefthook: c4-model-regenerate pre-commit hook auto-regenerates + re-stages the compiled model on any .c4 edit.
• architecture skill + diagrams README: fix npx likec4@latest → pinned 1.50.0; document the automatic-on-commit regen mandate.
• Regenerated model.likec4.json (now reflects the email-triage / inngest architecture).

Web Platform

• Extended c4-likec4-version-pin.test.ts to assert the new executable surfaces (regen script + ci.yml install) match the Dockerfile pin and reject a floating tag.

web-v0.154.0 — 2026-06-18

• feat(inbox): dedicated /dashboard/inbox surface + nav entry

web-v0.153.4 — 2026-06-18

Fixed cla-check for soleur:fix-issue bot-fix PRs by allowlisting the soleur-ai[bot] GitHub login and pinning the bot's commit author email to the resolvable GitHub-noreply address.

Ref #5520

🤖 Generated with Claude Code

web-v0.153.3 — 2026-06-18

Web Platform (infra)

• Add [sources.host_scripts_journald] Vector source so host-script logger -t stderr (NOTICE/WARN) becomes queryable in Better Stack, wired through the existing PII redaction chain with no PRIORITY-filter widening (quota-safe).
• Add config-assertion fixtures to vector-pii-scrub.test.sh: source shape, exact-tag drift guard vs the scripts' actual logger -t tags, no-PRIORITY-filter regression guard, and redaction-boundary membership guard.

web-v0.153.2 — 2026-06-18

• [bot-fix] bug(ci-deploy): re-point cron-plan probe to POST /v0/gql (#5520)

web-v0.153.1 — 2026-06-18

• fix(inngest): replace per-page argv edge accumulation with a mktemp spool file + a single post-loop jq -s 'add // []' collapse (file I/O has no argv size limit) in both inngest-inventory.sh and inngest-enumerate-reminders.sh.
• In-function trap "rm -f '$edges_file'" EXIT cleans the spool on all exit paths (EXIT, not RETURN — RETURN does not fire on exit, which would leak the spool on the FATAL branches).
• Added RED-calibrated overflow tests (5 pages × 400 edges drive the running accumulator past the per-arg ceiling; verified to reproduce Argument list too long against the pre-fix code), structural argv-accumulation guards, and FATAL-path temp-file-cleanup tests to both harnesses.