Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.crewship.ai/llms.txt

Use this file to discover all available pages before exploring further.

May 29, 2026
featuresupdatesfixes

Slash commands and per-user capabilities

End users now get a server-driven slash palette in chat and CLI for /routine, /issue, /skill, and /credential. Each action is gated by a per-user capability, so admins can grant a single MEMBER permission to author routines or rotate credentials without promoting them to the MANAGER tier. Capabilities are managed inline from Workspace Settings → Members (with a preview diff before bulk preset changes), or via crewship workspace member capabilities. See Slash commands and RBAC.

Streamlined first-run bootstrap

The setup-token gate is gone. The /bootstrap form now takes name, email, and password — submit and you’re in. Bootstrap stays open for a 5-minute window after crewship start, then returns 410 until the server is restarted. Both browser and headless (crewship init) paths use the same window. See Quickstart.

Disaster-recovery backup rewrite

crewship backup restore adds a --replace mode for the canonical “nuke and restore preserving original IDs” flow. The restore pipeline now discovers workspace-scoped tables at runtime, reconciles users by email so an admin with the same address on source and target doesn’t orphan FK references, and applies section-aware symlink policy so workspaces containing node_modules (or any project with relative-target symlinks) restore cleanly. See Backup and crewship backup.

Declarative apply for crews, agents, skills, integrations, and issues

crewship apply now understands five additional top-level kinds — Skill, Crew, Agent, Integration, and Issue — so a workspace can be provisioned end-to-end from a single manifest bundle. Built-in seed catalogues moved from Go literals to embedded YAML, so the same shapes round-trip through export/apply. See Manifests and crewship apply.

Mission outcomes feed crew memory

When a mission completes, its outcome and provenance now flow into crew memory automatically — agents can recall what they shipped and why on the next mission without an operator re-priming the context. See Episodic memory and Agent memory.

Workspace switcher

The sidebar workspace switcher is now real: list every workspace you belong to, switch with one click, persist the selection across reloads, and create a new workspace from the same menu. The selected workspace is honored by every component that reads it. See Onboarding.

Profiling and tracing setup

Two opt-in observability surfaces landed: a pprof endpoint for CPU/heap snapshots and a Pyroscope push exporter for continuous profiling. The OpenTelemetry service.name is now configurable via env so multiple deployments tag their traces distinctly. See Telemetry and the OTLP setup guide.

Updates

  • Destructive CLI commands prompt before acting. Six commands now ask for confirmation and accept --yes for scripted use.
  • Manifest validate catches duplicate slugs. crewship apply --dry-run now fails fast when two documents share the same metadata.slug within a kind, instead of silently overwriting on apply. See Manifest schema.
  • crewship apply gains --skip-test-gate. Routines that depend on PENDING credentials can now be applied without the pre-flight test invocation, and type: code steps surface a plan-time warning so the gap is visible before the cron fires. See crewship apply.
  • Go toolchain bumped to 1.26.3. Picks up eight stdlib CVE fixes; no API or behaviour change.
  • SQLite busy timeout raised 5s → 30s. Eliminates the spurious “Invalid email or password” login error that surfaced on moderately loaded instances after a backup restore.
  • CLI hardening pass. Security tightening across the CLI binary. See CLI overview.

Fixes

  • crewship workflow create --help no longer panics from a flag-shorthand collision with the root --format flag. See AI workflows.
  • Persona commands crashed on every invocation; now fixed.
  • CLI typo’d subcommands are rejected with a clear error instead of being silently dispatched to crewship ask.
  • crewship now / me / today now exit non-zero when every fetch fails with session_invalid, so wrapper scripts notice the missing login.
  • /metrics loopback bypass now checks the true client IP, closing a path where a misconfigured proxy could expose the endpoint externally. See Metrics.
  • Create-workspace dialog now resets when closed via Cancel, Escape, or overlay click — stale values no longer persist across reopens.
  • MCP registry page size is now capped at 100 to prevent unbounded responses.
  • Example manifest (examples/manifests/full-complete.yaml) had two invalid tool_profile values that failed validation for anyone copying it as a starter — corrected to the documented enum.
May 22, 2026
featuresupdatesfixes

Agent Evolution lands

The full Agent Evolution release rolled out across seven coordinated changes. Highlights:
  • Native memory tools. Agents now have first-class memory read/write tools wired across all MCP-capable adapters. Memory is scanned before it’s persisted and consolidated automatically — see Agent memory and Memory observability.
  • Autonomy slider + auxiliary model slot. Each crew now exposes a per-crew autonomy slider and a separate slot for an auxiliary (smaller / cheaper) model. Tune how often an operator gets pulled in, and route routine sub-tasks to a different model. See Autonomy and self-learning.
  • Keeper Phase 2. Keeper now reviews skills, evaluates per-crew behavior mode, tracks memory health, and applies negative learning from rejected actions. See Keeper and Keeper reviews panel.
  • Ephemeral agents. Hire an agent with a TTL, let it ghost when the TTL elapses, rehire if the work isn’t done — with a full audit trail of when it was active. See Ephemeral agents.
  • PERSONA + peer cards. Per-user agent personas and peer cards land alongside new GDPR primitives for user-scoped data export and deletion. See GDPR.

RBAC v2

Role-based access control gets a major overhaul:
  • Per-crew role editor inline on the crew membership table.
  • Agent owner badges on every agent card, with API exposure of the owner field.
  • Token issuance dialog now shows tier, scopes, and expiry; listing exposes the same fields. CLI bootstrap and pair-redeem tokens are now 256-bit.
  • Per-agent ownership gates on agent create, update, and delete, plus per-crew role elevation honored at create time.
  • Structured 403 responses with denial audit logging.
See RBAC.

Pipeline webhooks: signed by default

  • HMAC signature required on every webhook dispatch.
  • Signing secret auto-generated when a pipeline webhook is created — no more silent unsigned deliveries.
  • Replay protection via synthetic idempotency keys; duplicate replays are now auto-deduped.
  • Rate-limit floor and reserved-key inputs hardened on the webhook endpoint.

Updates

  • OpenAI provider now mirrors the Anthropic retry/backoff behavior — flaky upstreams get the same treatment regardless of provider. See Providers.
  • X-RateLimit-* headers are now returned on every 429 response so clients can back off intelligently.
  • CREWSHIP_FORCE_SECURE_COOKIES env override lets you force secure cookies in front of an HTTPS-terminating proxy. See Environment.
  • Sidecar hardening. The production sidecar baseline got a security pass, and the prod Docker socket is now brokered through a filtering proxy. See Container isolation.
  • Memory scanner now blocks invisible-format (Unicode Cf) codepoint evasion in addition to existing checks. See Memory observability.

Fixes

  • Keeper cross-tenant defense. Workspace context is now correctly wired onto Keeper routes — previously the defense was unreachable.
  • Sidecar memory startup. The agent memory base directory is now set even when the full-text search engine fails to initialize, so agents stay usable in degraded mode.
  • OAuth state and session IDs bumped to 256-bit randomness. See Auth.
  • Path-traversal hardening. .. segments are rejected before the router normalizes them; /_next/* directory autoindex is blocked; every ID interpolated into internal URLs is now path-escaped.
  • Permission gates. Agent files, downloads, and logs now require the read permission; nine pipeline mutating handlers are gated on per-role checks.
  • Log redaction. Raw token values are now logged as fingerprints instead of full tokens, and structured logs are routed through the Lookout redactor.
  • Payload limits. The auth credential callback body is now capped at 16 KiB to bound memory use on hostile clients.
  • Backup integrity. Table identifiers are validated before being used during foreign-key introspection. See Backup.
  • Devcontainer safety. Cumulative tar extraction is capped at 500 MB to prevent decompression-bomb scenarios. See Devcontainers.
  • ETHOS refusals no longer leak tool, directory, or sibling-agent enumeration data in error messages.
  • Orchestrator context propagation. Request context is now correctly threaded through background work spawned by handlers, including five mission-engine call sites that previously dropped it.