v0.2.1 — Spanish Locale & i18n

What's Changed

Added

• Spanish Language Support: Full Spanish (es) locale with 2,612 translated keys and 41 .stringsdict plural entries. Informal "tú" form, standard Spanish computing vocabulary. Accessible from Settings > General > Language.

Changed

• Repository Model Unification: RepositoryModel now exists for every known repo, including those in protected directories where live git probing is blocked. The model carries an accessLevel (.live or .cached) so consumers get a single, always-present object instead of switching between live models and thin fallback identities. Eliminates the .cachedIdentity resolution path, simplifies display fallback chains in tab chrome, and fixes the circular dependency where branch data could only be recorded with live access that was itself blocked.

Fixed

• Protected Repo Branch Display: Protected-folder repos that were showing "unknown" branch labels now reliably display the last-known branch. The root cause was that branch data was only recorded during live git probing, which is exactly the path blocked for protected directories. Branch recording now flows through all paths: tab restore, recent-repo updates, and live→cached transitions.
• Pricing Table Accuracy: Fixed wrong prices for Claude Opus 4.6 ($15→$5/$75→$25), Haiku 4.5 ($0.80→$1/$4→$5), and Gemini 2.0 Flash (free→$0.10/$0.40 paid tier). Added ~20 missing models (GPT-5.x, GPT-4.1, o3/o4-mini, Gemini 2.5). Unknown models now log a warning with the model name instead of failing silently. Gemini fallback uses Flash pricing instead of free tier.
• Dashboard Polling Waste: Dashboard now polls adaptively — 2s when agents are active, 5s when idle, 10s with no agents — instead of a fixed 2s interval that wasted CPU even with zero agents running.
• Cost Lock Safety: Replaced bare costLock.lock()/unlock() pairs with defer pattern to prevent lock leaks on unexpected errors.
• Commit Success Stale: The "Committed successfully" banner now auto-dismisses after 3 seconds instead of persisting indefinitely.
• IPC Data Loss: Proxy IPC socket now retries once on a broken connection before giving up, preventing silent data loss after app restarts.
• Event Buffer Performance: Replaced O(n) insert(at: 0) in ProxyIPCServer's event buffer with O(1) append + reverse-on-read.
• DB Query Performance: Added compound index (timestamp, cost_usd) for dailyTrend() queries. Added ANALYZE after migrations to update SQLite's query planner. Added automatic pruning of API call records older than 180 days.
• Proxy Health Monitoring: Dashboard now calls the proxy's existing (but unused) /health endpoint every 5th poll cycle and shows a warning triangle in the header when unhealthy.
• Dashboard Sheet Sizing: Start Agent and Review Commits sheets now use adaptive widths (min/ideal/max) instead of hardcoded pixel values that broke on small displays.
• Timeline Pagination: Dashboard timeline now shows a "Show more..." button when more than 50 events exist, instead of silently truncating.
• Bug Report Success Feedback: The in-app issue reporter now formats the relay-returned issue number correctly in its success banner and falls back to a generic success message if no number is returned.
• Inherited Repo Group Stickiness: Tabs created from a grouped tab now drop inherited repo-group membership once they move to a different repository, instead of staying stuck to the original group.
• Directory-Based Inherited Repo Groups: newTab(at:) now installs the same repo-group observer as standard new tabs, so grouped tabs opened directly into another directory also detach correctly when they resolve to a different repository.
• Protected Repo Identity Collapse: Tabs in protected folders now preserve known repo root and last-known branch even when live git probing is blocked, so passive UI stays repo-aware instead of falling back to “not a repo.”
• Passive Protected Repo Chrome: The selected-tab branch badge, tab git indicator, hover-card branch row, and repo path label now read cached repo identity when live git probing is blocked, so protected repos stay visible in passive tab chrome instead of disappearing after restore or focus changes.
• Protected Repo Branch Persistence: Recent-repo updates and settings import no longer downgrade known repo identities to root-only entries, so a protected repo's last-known branch survives recents reordering and settings import instead of regressing to unknown.
• On-Demand Protected Git Access: User-triggered git surfaces such as the repository pane, diff viewer, and diff-viewer launch fallback now request protected-folder access only when live git work is actually needed, instead of prompting during passive observation or silently failing.
• Protected Folder Prompt Cooldown: User-initiated live-git actions now remember a canceled or failed protected-folder grant per root and return a cooldown state instead of immediately reopening the same Downloads/Desktop/Documents permission panel in a loop.
• Repo Dashboard Dismissal Consistency: Clicking any tab in the overlay toolbar now dismisses the repo dashboard overlay, including clicks on the already-selected tab. The active repo badge is highlighted while its dashboard is open so the overlay state matches the rest of the tab bar.
• Pre-Commit Review Hook Timeout: Scripts/pre-commit-review now applies explicit Unix-socket timeouts for start_review, wait_review, and get_review_result calls so a stalled scripting server fails fast instead of hanging the whole git commit hook indefinitely.
• Delegated Review Prompt Recovery: Interactive delegated review sessions now retain their pending initial prompt until the backend is genuinely ready, and runtime_turn_wait re-attempts delivery instead of leaving sessions stranded forever in starting after the first readiness polling window expires.
• Delegated Review Tab Cleanup: The scripting review API now exposes stop_review, and the pre-commit hook always attempts best-effort teardown of its delegated review session so timed-out or malformed review runs do not leave orphaned Codex review tabs behind.
• MCP Runtime Startup Robustness: runtime_session_create now keeps pending initial prompts tied to real terminal readiness changes instead of a fixed retry loop, so slow interactive launches no longer give up while the session is still legitimately starting.
• MCP Lifecycle Hot-Path Pressure: Runtime-driven tab teardown now queues close work off the immediate stop path, and create/stop/close flows emit focused stall diagnostics so MCP-induced beachballs are easier to trace.
• Release Workflow Secret Gate: The GitHub release workflow no longer references secrets.* from a job-level if, so release runs parse cleanly and the Homebrew tap update step now skips gracefully when HOMEBREW_TAP_TOKEN is absent.
• Release Tag Push Guard: The local pre-push hook now rejects plain version tags like 0.1.1 when the release workflow is configured to trigger only on v*, preventing non-triggering release tags from being pushed.
• Codex Resume Save Churn: Repeated save-time Codex fallback scans now cache unresolved results per terminal session signature and reuse claimed explicit Codex sessions across history growth, which stops autosave from redoing the same replacement search and spamming identical unresolved resume-metadata logs when nothing materially changed.
• Startup Stall Diagnostics: Startup and restore now keep a scoped low-latency App Nap lease during relaunch recovery, coalesce duplicate Metal triple-buffer rebuild churn, and emit explicit main-thread stall telemetry when restore or rendering work blocks long enough to explain a beachball.
• Startup Restore Churn Reduction: Restore now coalesces protected-folder validation logs per root, debounces transient home-directory snippet-context refreshes, delays resume-prefill fallback until a pane view is actually ready, and emits one startup summary with protected-root, snippet, and resume-prefill counts. This keeps relaunch behavior reactive without dropping repo-aware grouping or snippets.
• Blocked Dangerous Command Feedback: Direct terminal input now shows the same explicit blocked-command alert as other dangerous-command paths when Protect Chau7 denies a self-harming command, instead of failing to compile due to a missing guard method.
• Dashboard Accessibility: Agent cards now have combined accessibility labels (backend, state, tokens). Batch action buttons have accessibility hints. Health indicator uses localized strings.
• Custom Pricing Documentation: ~/.chau7/pricing.json format is now documented with a JSON example in code comments. Malformed files now log a warning instead of being silently ignored.
• Telemetry Active-Run Queries: run_list and run_get no longer duplicate active runs that were already inserted into SQLite at runStarted. MCP telemetry responses now consistently annotate run_state (active or completed) and content_state (missing, partial, final) so orchestrators can distinguish live partial data from finalized runs.
• Active Codex Transcript Visibility: run_transcript now surfaces live Codex prompts from ~/.codex/history.jsonl before runEnded, with PTY-log fallback for active sessions that do not yet have persisted turns. Active Codex runs no longer appear as empty shells while the session is still in progress.
• Session Rollup Clarity: session_list now includes active_run_count, completed_run_count, latest_run_id, and latest_run_state, making resumed session IDs with multiple historical runs easier to interpret.
• Forced Shell Termination Diagnostics: SIGTERM/SIGKILL escalation logs now capture close-to-signal timing, PTY log state, and a process-tree snapshot with command lines so stuck shell shutdowns are actionable ins...

0.1.1

0.1.1 focuses on delegated AI review, runtime hardening, and overlay/polish improvements.

Highlights

• Added delegated task orchestration for AI sessions, including runtime lineage, lifecycle controls, dashboard review workflows, and pre-commit review plumbing.
• Added staged-diff pre-commit review integration with explicit scripting transport diagnostics, fast socket timeouts, and a default reviewer model of gpt-5.3-codex.
• Hardened local runtime infrastructure with stale socket self-healing, launch readiness gating for interactive backends, approval-timeout cleanup, and better shell termination diagnostics.
• Improved repo overlay behavior so the repo dashboard highlights like a selected tab and closes when any tab, including the current tab, is clicked.
• Tightened protected-path access behavior to require explicit grant before automatic access.
• Added full Spanish localization support and multiple telemetry, dashboard, proxy, and documentation improvements.

Validation

• Full local pre-push CI passed before publishing this tag, including swift build, swift test, Rust checks, and Go checks.

v0.1.0

Full Changelog: https://github.com/Aeptus/chau7/commits/v0.1.0