diff --git a/.claude/skills/sm-upgrade/reference/version-history.md b/.claude/skills/sm-upgrade/reference/version-history.md
index 047c4259..3d5622e9 100644
--- a/.claude/skills/sm-upgrade/reference/version-history.md
+++ b/.claude/skills/sm-upgrade/reference/version-history.md
@@ -2,6 +2,20 @@
 
 Version-specific migration notes for each major/minor version transition. Agents should reference this file when guiding users through multi-version upgrades.
 
+## 0.14.0 to 0.15.0
+
+**Key changes:**
+- **Security:** Rails bumped to 8.1.3 (security release), picking up fixes for five CVEs including XSS in tag/DebugExceptions helpers, an Active Storage path-traversal, and a NumberConverter issue.
+- **ViewComponent 4.x:** the `view_component` dependency widens from `>= 3.0, < 4.0` to `>= 3.0, < 5.0`, allowing host apps to resolve ViewComponent 4.x (engine lockfile resolves to 4.5.0). Engine components use only stable APIs unaffected by v4.
+- **Solid Queue 1.4.0:** bumped from 1.3.1 with race-condition and supervisor stability fixes; dynamic recurring tasks are opt-in.
+- **Documentation:** engine conventions consolidated into `AGENTS.md`; `CLAUDE.md` now points to it.
+
+**Action items:**
+1. `bundle update source_monitor`
+2. `bin/rails source_monitor:upgrade`
+3. No migrations or breaking config/API changes.
+4. If the host app has ViewComponent 3.x customizations (custom components, previews), test after upgrading and consult ViewComponent v4 migration guides if needed.
+
 ## 0.13.1 to 0.14.0
 
 **Key changes:**
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ecb40ffb..bbf179e7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,20 @@ All notable changes to this project are documented below. The format follows [Ke
 
 - No unreleased changes yet.
 
+## [0.15.0] - 2026-06-18
+
+### Security
+- Bump Rails to 8.1.3 via the 8.1.2.1 security release (#104), picking up fixes for five CVEs including XSS in tag/DebugExceptions helpers, an Active Storage path-traversal, and a NumberConverter issue.
+
+### Changed
+- **Allow ViewComponent 4.x** (#96). The `view_component` dependency constraint widens from `>= 3.0, < 4.0` to `>= 3.0, < 5.0`, so host apps can now resolve ViewComponent 4.x (the engine's lockfile moves to 4.5.0). The engine's components use only stable ViewComponent APIs and are unaffected by the v4 upgrade — but a host app on its own ViewComponent 3.x customizations should review the v4 upgrade notes before running `bundle update`.
+- Bump Solid Queue to 1.4.0 (#102) — race-condition and supervisor stability fixes; the new dynamic recurring-tasks feature is opt-in and off by default.
+- Bump nokolexbor to 0.6.4 (#103) and json to 2.19.2 (#99).
+- Development/CI dependency bumps: test-prof 1.6.0 (#101), webmock 3.26.2 (#100), brakeman 8.0.4 (#88), selenium-webdriver 4.41.0 (#78), stackprof 0.2.28 (#71), and the GitHub Actions artifact actions (#87, #86).
+
+### Documentation
+- Consolidate engine conventions into `AGENTS.md` as the canonical, cross-agent reference; `CLAUDE.md` now points to it instead of duplicating content (#134).
+
 ## [0.14.0] - 2026-05-28
 
 ### Security (BREAKING)
diff --git a/Gemfile.lock b/Gemfile.lock
index 926dedbe..2d8267c5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    source_monitor (0.14.0)
+    source_monitor (0.15.0)
       cssbundling-rails (~> 1.4)
       faraday (~> 2.9)
       faraday-follow_redirects (~> 0.4)
diff --git a/README.md b/README.md
index 40f055ea..f6298f2a 100644
--- a/README.md
+++ b/README.md
@@ -9,8 +9,8 @@ SourceMonitor is a production-ready Rails 8 mountable engine for ingesting, norm
 In your host Rails app:
 
 ```bash
-bundle add source_monitor --version "~> 0.14.0"
-# or add `gem "source_monitor", "~> 0.14.0"` manually, then run:
+bundle add source_monitor --version "~> 0.15.0"
+# or add `gem "source_monitor", "~> 0.15.0"` manually, then run:
 bundle install
 ```
 
@@ -46,7 +46,7 @@ This exposes `bin/source_monitor` (via Bundler binstubs) so you can run the guid
 Before running any SourceMonitor commands inside your host app, add the gem and install dependencies:
 
 ```bash
-bundle add source_monitor --version "~> 0.14.0"
+bundle add source_monitor --version "~> 0.15.0"
 # or edit your Gemfile, then run
 bundle install
 ```
diff --git a/VERSION b/VERSION
index a803cc22..a5510516 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.14.0
+0.15.0
diff --git a/docs/setup.md b/docs/setup.md
index cb68f806..63a82797 100644
--- a/docs/setup.md
+++ b/docs/setup.md
@@ -7,7 +7,7 @@ This guide consolidates the new guided installer, verification commands, and rol
 | Requirement | Minimum | Notes |
 | --- | --- | --- |
 | Ruby | 4.0.1 | Use rbenv and match the engine's `.ruby-version`. |
-| Rails | 8.1.2 | Run `bin/rails about` inside the host to confirm. |
+| Rails | 8.1.3 | Run `bin/rails about` inside the host to confirm. |
 | PostgreSQL | 14+ | Required for Solid Queue tables and item storage. |
 | Node.js | 18+ | Needed for Tailwind/esbuild assets when the host owns node tooling. |
 | Background jobs | Solid Queue (>= 0.3, < 3.0) | Add `solid_queue` to the host Gemfile if not present. |
@@ -18,8 +18,8 @@ This guide consolidates the new guided installer, verification commands, and rol
 Run these commands inside your host Rails application before invoking the guided workflow:
 
 ```bash
-bundle add source_monitor --version "~> 0.14.0"
-# or add gem "source_monitor", "~> 0.14.0" to Gemfile manually
+bundle add source_monitor --version "~> 0.15.0"
+# or add gem "source_monitor", "~> 0.15.0" to Gemfile manually
 bundle install
 ```
 
diff --git a/docs/upgrade.md b/docs/upgrade.md
index a2e70e02..aa716216 100644
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -46,6 +46,20 @@ If a removed option raises an error (`SourceMonitor::DeprecatedOptionError`), yo
 
 ## Version-Specific Notes
 
+### Upgrading to 0.15.0
+
+**What changed:**
+- **Security:** Rails bumped to 8.1.3 (security release), fixing five CVEs including XSS in tag/DebugExceptions helpers, an Active Storage path-traversal, and a NumberConverter issue.
+- **ViewComponent 4.x compatibility:** The `view_component` dependency constraint widens from `>= 3.0, < 4.0` to `>= 3.0, < 5.0`, so host apps can now resolve ViewComponent 4.x (the engine's lockfile moves to 4.5.0). The engine's components use only stable ViewComponent APIs unaffected by the v4 upgrade, but host apps with their own ViewComponent 3.x customizations should review the [ViewComponent v4 release notes](https://github.com/ViewComponent/view_component/releases) before running `bundle update`.
+- **Solid Queue 1.4.0:** Bumped from 1.3.1 with race-condition and supervisor stability fixes. The new dynamic recurring-tasks feature is opt-in and off by default.
+- **Documentation:** Engine conventions consolidated into `AGENTS.md` as the canonical cross-agent reference; `CLAUDE.md` now points to it.
+
+**Action items:**
+1. `bundle update source_monitor`
+2. `bin/rails source_monitor:upgrade`
+3. No database migrations and no breaking API or configuration changes.
+4. If your host app has its own ViewComponent 3.x customizations, test after upgrading and consult the ViewComponent v4 migration guide if issues arise.
+
 ### Upgrading to 0.14.0
 
 **What changed:**
diff --git a/lib/source_monitor/version.rb b/lib/source_monitor/version.rb
index bad42d87..3dd4d9be 100644
--- a/lib/source_monitor/version.rb
+++ b/lib/source_monitor/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SourceMonitor
-  VERSION = "0.14.0"
+  VERSION = "0.15.0"
 end
diff --git a/test/models/source_monitor/fetch_log_test.rb b/test/models/source_monitor/fetch_log_test.rb
index aac33b54..0ec96fd5 100644
--- a/test/models/source_monitor/fetch_log_test.rb
+++ b/test/models/source_monitor/fetch_log_test.rb
@@ -49,7 +49,9 @@ def build_loggable(overrides = {})
 
       source_logs = FetchLog.where(source: @source)
       assert_equal [ failed, successful, older ], source_logs.recent.to_a
-      assert_equal [ successful, older ], source_logs.successful.to_a
+      # successful/failed are filter-only scopes (no inherent order); chain :recent
+      # for a deterministic comparison rather than relying on DB row order.
+      assert_equal [ successful, older ], source_logs.successful.recent.to_a
       assert_equal [ failed ], source_logs.failed.to_a
     end