v2.4.1

Fixed

• Release notes extraction now correctly stops at the next version boundary instead of dumping the entire CHANGELOG to EOF

---

Released by GoReleaser.

v2.4.0

Added

• --no-update-check flag on kairo version to skip GitHub API calls
• Windows ANSI support detection via Virtual Terminal Processing

Changed

• CLI commands now propagate the Cobra command context to child operations and TUI interactions instead of using context.Background(), enabling proper cancellation on Ctrl+C
• Config loading in delete and list commands now uses the config cache for consistency
• Root command decomposed into runRoot, loadRootConfig, and dispatchExecution for maintainability
• Removed DecryptSecrets (string return) in favor of DecryptSecretsBytes with ClearMemory to allow secure memory clearing of decrypted key material

Fixed

• Release CI now extracts the versioned section from CHANGELOG.md matching the tag, instead of using the [Unreleased] section which may be empty
• Temp auth directory no longer leaks on error paths — cleanup now runs before os.Exit
• Hyphens in custom provider names no longer produce invalid environment variable names (e.g., MY-PROVIDER_API_KEY → MY_PROVIDER_API_KEY)
• mustParseCIDR no longer panics on invalid CIDR constants — uses log.Fatalf with a clear message
• HTTP client in update command now has TLS handshake and response header timeouts for better protection against slow/misbehaving servers
• Capture error from windows.GetStdHandle instead of silently discarding it

v2.3.7

Added

• DeepSeek default model updated to deepseek-v4-pro[1m], with deepseek-v4-flash set as the haiku/subagent model via env vars

Fixed

• Malformed secret lines are preserved during deletion instead of being silently dropped
• Secrets warnings from LoadSecrets are now surfaced in the setup flow

v2.3.6

Fixed

• Update command no longer migrates provider models using stale defaults from the pre-update binary

v2.3.5

Changed

• Z.AI default model updated from glm-4.7 to glm-5.1

v2.3.4

Fixed

• Update command now correctly looks up script names in checksum verification

v2.3.3

Fixed

• Update command now properly includes scripts checksums file in release artifacts

v2.3.2

Added

• Completion command restored with automatic shell completion file saving

Changed

• Banner now uses middle dot separator with improved spacing

Fixed

• Config validation now clears invalid DefaultProvider references to prevent runtime errors

v2.3.1

Changed

• Error handling performance optimized with strings.Builder
• CLI state management consolidated for better maintainability
• Test infrastructure improved with PromptUI adapter for testable prompts

Security

• Update command now verifies SHA256 checksums before installing downloaded binaries

v2.3.0

Added

• --yolo / -y flag for direct provider execution to skip harness permission prompts
  • Passes --dangerously-skip-permissions to Claude Code
  • Passes --yolo to Qwen Code

Security

• Custom provider URL validation now blocks private IPv6 addresses in addition to localhost, private IPv4, and link-local addresses