Skip to content

Release 2.1.0 (2026-06-02)

Bug fixes

  • list live sessions named only in the VM roster vrg-vm list --sessions derived its set of sessions solely from transcript agent-name events, so a live session that had not yet written one was invisible — even though it was fully recorded in the VM roster with an authoritative name. A freshly created session (zero turns) has no transcript at all, hence no agent-name event, hence no row.

The roster already carries each live session name but was read only for liveness and updatedAt. Seed the session set from the roster name too:

  • vrg_vm_resolve._read_state now unions roster_names() with the transcript-derived names (roster authoritative for live sessions), so the resolver list-json and slot selection both see transcript-less live sessions.
  • vrg_vm._list_sessions adopts the VM-reported name for any active session the host has no transcript for, since the roster is VM-local and the host never reads it directly.

Documentation

  • rewrite onboarding docs to pure GitHub App identity model Reconcile the identity/onboarding docs to the pure GitHub App model that the runtime already implements. Every AI agent is a GitHub App named -vergil-; the App installation is the only credential and its permission shape is the security boundary. There are no agent user accounts, classic PATs, or collaborator grants.

  • account-setup.md: rewritten as a dual-App guide (user + audit), with inverted permission tables, App ID + Client ID recording, key generation, installation, and the identities.toml dual stanza.

  • identity-architecture.md: rewritten to the per-role App model, inverted shapes, and what each agent can and cannot do.
  • credential-management.md: rewritten from the deprecated classic-PAT / gh-auth-discovery model to installation-token minting (App ID JWT, /app/installations, short-lived tokens).
  • permission-model.md: server-side boundary section now describes App permission shapes instead of outside-collaborator access levels.
  • design spec: App naming and pure-App-model language fixes.

The -vergil-admin role is a reserved slot and is not provisioned.

Features

  • add identity-aware allowlists, agent denials, and gh api gating
  • detect workflow permission errors on push with identity-aware guidance

Refactoring

  • use plain human-maintainer wording in messages; rename Race Director to Chief Steward in specs

Styling

  • apply ruff format and simplify push error handling