Skip to content

Release 2.0.10 (2026-05-15)

Chores

  • bump version to 2.0.10
  • remove per-repo templates in favor of org defaults Issue templates and PR template are now inherited from vergil-project/.github. Per-repo copies were byte-identical and are no longer needed.

Documentation

  • add credential management design spec Supersedes org governance design (#717) Section 3. Abandons fine-grained PATs in favor of classic PATs managed through gh auth. Credential selection is enforced by the vrg-gh wrapper per-subprocess, with no global state changes. #761 was closed as won't-implement. Ref #775.

  • apply pushback review fixes to credential management design spec

  • add credential management implementation plan Seven-task plan covering: vrg-docker-run GH_TOKEN gate removal, org governance doc supersession notices, permission model cross-references, consuming repo guide update, and deferred work issue creation. Ref #775.

  • apply alignment review fixes to credential management design spec and plan

  • add execution order cross-references between permission model and credential management plans Both plans are executed as a unit: credential management Phase 0 (prep), permission model Phase 1-2 (build and deploy with credential selection baked into vrg-gh), credential management Phase 3 (finalize). Ref #754, #775.

  • add supersession notice to org governance credential section Section 3 of the org governance design is superseded by the credential management spec (#775). Fine-grained PATs and custom keychain management are replaced with classic PATs via gh auth. Ref #775.

  • add supersession notices to org governance setup plan Tasks 2, 3, and 10 are superseded by the credential management design (#775). Classic PATs via gh auth replace fine-grained PATs and keychain storage. Ref #775.

  • add credential selection cross-references to permission model The permission model plan Task 2 and spec Section 3 are updated to reference the credential management design (#775). vrg-gh gains credential selection responsibility. pr merge and pr review --approve change from denied to conditionally allowed with escalation. Ref #775.

  • update consuming repo setup and CLAUDE.md for credential management model Replace GH_TOKEN export instructions with gh auth reference in the consuming repo setup guide. Add shell command policy section to CLAUDE.md directing agents to use vrg-git and vrg-gh wrappers. Ref #775.

Features

  • add vrg-git safe wrapper with subcommand allowlist and audit logging Implements the vrg-git wrapper (permission model plan Task 1): subcommand allowlist/denylist, flag deny lists for destructive operations (force push, force delete, checkout --, interactive rebase), and JSON-lines invocation audit log. Includes vrg-git console script entry point. 55 tests at 100% coverage. Part of #775 and #754.

  • add vrg-gh safe wrapper with credential selection and audit logging Implements the vrg-gh wrapper (permission model plan Task 2 + credential management Task 4): two-level subcommand allowlist/denylist, top-level denials (api, auth), pr review --approve flag gating, pr merge with context validation, credential selection via gh auth account discovery (agent default, human escalation for release operations), GH_TOKEN injection per-subprocess, and JSON-lines invocation audit log. Includes vrg-gh console script entry point and credential selection cross-references in the permission model plan and spec. 45 tests at 100% coverage. Part of #775 and #754.

  • deploy permission model with fully qualified path deny patterns Update deny rules to include Bash(/git ) and Bash(/gh ) patterns that block fully qualified path invocations (e.g., /usr/bin/git status). Resolve Task 4 pattern matching verification via Claude Code documentation. Deploy project-level Bash(vrg-*) allowlist to .claude/settings.json for vergil-tooling. Ref #754.

Refactoring

  • remove GH_TOKEN hard gate from vrg-docker-run The container now launches regardless of whether GH_TOKEN is set. GitHub credentials are not needed for validation, linting, or testing. When GH_TOKEN is present it is still passed through to the container. Ref #775.