> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crewship.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Changelog

> What's new in Crewship — features, updates, and fixes shipped each week.

<Update label="May 29, 2026" tags={["features", "updates", "fixes"]}>
  ## Slash commands and per-user capabilities

  End users now get a server-driven slash palette in chat and CLI for `/routine`, `/issue`, `/skill`, and `/credential`. Each action is gated by a per-user capability, so admins can grant a single MEMBER permission to author routines or rotate credentials without promoting them to the MANAGER tier. Capabilities are managed inline from Workspace Settings → Members (with a preview diff before bulk preset changes), or via `crewship workspace member capabilities`. See [Slash commands](/cli/slash) and [RBAC](/security/rbac).

  ## Streamlined first-run bootstrap

  The setup-token gate is gone. The `/bootstrap` form now takes name, email, and password — submit and you're in. Bootstrap stays open for a 5-minute window after `crewship start`, then returns 410 until the server is restarted. Both browser and headless (`crewship init`) paths use the same window. See [Quickstart](/quickstart).

  ## Disaster-recovery backup rewrite

  `crewship backup restore` adds a `--replace` mode for the canonical "nuke and restore preserving original IDs" flow. The restore pipeline now discovers workspace-scoped tables at runtime, reconciles users by email so an admin with the same address on source and target doesn't orphan FK references, and applies section-aware symlink policy so workspaces containing `node_modules` (or any project with relative-target symlinks) restore cleanly. See [Backup](/guides/backup) and [`crewship backup`](/cli/backup).

  ## Declarative apply for crews, agents, skills, integrations, and issues

  `crewship apply` now understands five additional top-level kinds — `Skill`, `Crew`, `Agent`, `Integration`, and `Issue` — so a workspace can be provisioned end-to-end from a single manifest bundle. Built-in seed catalogues moved from Go literals to embedded YAML, so the same shapes round-trip through export/apply. See [Manifests](/guides/manifests) and [`crewship apply`](/cli/apply).

  ## Mission outcomes feed crew memory

  When a mission completes, its outcome and provenance now flow into crew memory automatically — agents can recall what they shipped and why on the next mission without an operator re-priming the context. See [Episodic memory](/guides/episodic-memory) and [Agent memory](/guides/agent-memory).

  ## Workspace switcher

  The sidebar workspace switcher is now real: list every workspace you belong to, switch with one click, persist the selection across reloads, and create a new workspace from the same menu. The selected workspace is honored by every component that reads it. See [Onboarding](/guides/onboarding).

  ## Profiling and tracing setup

  Two opt-in observability surfaces landed: a `pprof` endpoint for CPU/heap snapshots and a Pyroscope push exporter for continuous profiling. The OpenTelemetry `service.name` is now configurable via env so multiple deployments tag their traces distinctly. See [Telemetry](/guides/telemetry) and the [OTLP setup guide](/observability/otlp-setup).

  ## Updates

  * **Destructive CLI commands prompt before acting.** Six commands now ask for confirmation and accept `--yes` for scripted use.
  * **Manifest validate catches duplicate slugs.** `crewship apply --dry-run` now fails fast when two documents share the same `metadata.slug` within a kind, instead of silently overwriting on apply. See [Manifest schema](/configuration/manifest-schema).
  * **`crewship apply` gains `--skip-test-gate`.** Routines that depend on PENDING credentials can now be applied without the pre-flight test invocation, and `type: code` steps surface a plan-time warning so the gap is visible before the cron fires. See [`crewship apply`](/cli/apply).
  * **Go toolchain bumped to 1.26.3.** Picks up eight stdlib CVE fixes; no API or behaviour change.
  * **SQLite busy timeout raised 5s → 30s.** Eliminates the spurious "Invalid email or password" login error that surfaced on moderately loaded instances after a backup restore.
  * **CLI hardening pass.** Security tightening across the CLI binary. See [CLI overview](/cli/overview).

  ## Fixes

  * **`crewship workflow create --help` no longer panics** from a flag-shorthand collision with the root `--format` flag. See [AI workflows](/cli/ai-workflows).
  * **Persona commands** crashed on every invocation; now fixed.
  * **CLI typo'd subcommands** are rejected with a clear error instead of being silently dispatched to `crewship ask`.
  * **`crewship now` / `me` / `today`** now exit non-zero when every fetch fails with `session_invalid`, so wrapper scripts notice the missing login.
  * **`/metrics` loopback bypass** now checks the true client IP, closing a path where a misconfigured proxy could expose the endpoint externally. See [Metrics](/cli/metrics).
  * **Create-workspace dialog** now resets when closed via Cancel, Escape, or overlay click — stale values no longer persist across reopens.
  * **MCP registry page size** is now capped at 100 to prevent unbounded responses.
  * **Example manifest** (`examples/manifests/full-complete.yaml`) had two invalid `tool_profile` values that failed validation for anyone copying it as a starter — corrected to the documented enum.
</Update>

<Update label="May 22, 2026" tags={["features", "updates", "fixes"]}>
  ## Agent Evolution lands

  The full **Agent Evolution** release rolled out across seven coordinated changes. Highlights:

  * **Native memory tools.** Agents now have first-class memory read/write tools wired across all MCP-capable adapters. Memory is scanned before it's persisted and consolidated automatically — see [Agent memory](/guides/agent-memory) and [Memory observability](/guides/memory-observability).
  * **Autonomy slider + auxiliary model slot.** Each crew now exposes a per-crew autonomy slider and a separate slot for an auxiliary (smaller / cheaper) model. Tune how often an operator gets pulled in, and route routine sub-tasks to a different model. See [Autonomy and self-learning](/guides/autonomy-and-self-learning).
  * **Keeper Phase 2.** Keeper now reviews skills, evaluates per-crew behavior mode, tracks memory health, and applies negative learning from rejected actions. See [Keeper](/guides/keeper) and [Keeper reviews panel](/guides/keeper-reviews-panel).
  * **Ephemeral agents.** Hire an agent with a TTL, let it ghost when the TTL elapses, rehire if the work isn't done — with a full audit trail of when it was active. See [Ephemeral agents](/guides/ephemeral-agents).
  * **PERSONA + peer cards.** Per-user agent personas and peer cards land alongside new GDPR primitives for user-scoped data export and deletion. See [GDPR](/security/gdpr).

  ## RBAC v2

  Role-based access control gets a major overhaul:

  * **Per-crew role editor** inline on the crew membership table.
  * **Agent owner badges** on every agent card, with API exposure of the owner field.
  * **Token issuance dialog** now shows tier, scopes, and expiry; listing exposes the same fields. CLI bootstrap and pair-redeem tokens are now 256-bit.
  * **Per-agent ownership gates** on agent create, update, and delete, plus per-crew role elevation honored at create time.
  * **Structured 403 responses** with denial audit logging.

  See [RBAC](/security/rbac).

  ## Pipeline webhooks: signed by default

  * **HMAC signature required** on every webhook dispatch.
  * **Signing secret auto-generated** when a pipeline webhook is created — no more silent unsigned deliveries.
  * **Replay protection** via synthetic idempotency keys; duplicate replays are now auto-deduped.
  * **Rate-limit floor** and reserved-key inputs hardened on the webhook endpoint.

  ## Updates

  * **OpenAI provider** now mirrors the Anthropic retry/backoff behavior — flaky upstreams get the same treatment regardless of provider. See [Providers](/configuration/providers).
  * **`X-RateLimit-*` headers** are now returned on every 429 response so clients can back off intelligently.
  * **`CREWSHIP_FORCE_SECURE_COOKIES`** env override lets you force secure cookies in front of an HTTPS-terminating proxy. See [Environment](/configuration/environment).
  * **Sidecar hardening.** The production sidecar baseline got a security pass, and the prod Docker socket is now brokered through a filtering proxy. See [Container isolation](/security/container-isolation).
  * **Memory scanner** now blocks invisible-format (Unicode Cf) codepoint evasion in addition to existing checks. See [Memory observability](/guides/memory-observability).

  ## Fixes

  * **Keeper cross-tenant defense.** Workspace context is now correctly wired onto Keeper routes — previously the defense was unreachable.
  * **Sidecar memory startup.** The agent memory base directory is now set even when the full-text search engine fails to initialize, so agents stay usable in degraded mode.
  * **OAuth state and session IDs** bumped to 256-bit randomness. See [Auth](/guides/auth).
  * **Path-traversal hardening.** `..` segments are rejected before the router normalizes them; `/_next/*` directory autoindex is blocked; every ID interpolated into internal URLs is now path-escaped.
  * **Permission gates.** Agent files, downloads, and logs now require the `read` permission; nine pipeline mutating handlers are gated on per-role checks.
  * **Log redaction.** Raw token values are now logged as fingerprints instead of full tokens, and structured logs are routed through the Lookout redactor.
  * **Payload limits.** The auth credential callback body is now capped at 16 KiB to bound memory use on hostile clients.
  * **Backup integrity.** Table identifiers are validated before being used during foreign-key introspection. See [Backup](/guides/backup).
  * **Devcontainer safety.** Cumulative tar extraction is capped at 500 MB to prevent decompression-bomb scenarios. See [Devcontainers](/guides/devcontainers).
  * **ETHOS refusals** no longer leak tool, directory, or sibling-agent enumeration data in error messages.
  * **Orchestrator context propagation.** Request context is now correctly threaded through background work spawned by handlers, including five mission-engine call sites that previously dropped it.
</Update>
