PushPals CLI v1.1.32

PushPals CLI Release Log

Release Metadata

• version: v1.1.32
• start_commit: 9357d9e367b9e708dad1b6285612faab64b9141a
• end_commit: f6c101e8da66d093aec1e5224e2617f23dae5b8e
• commits_in_range: 1

Highlights

• Add a release-time npm package payload verifier that fails if @pushpalsdev/cli would ship external toolchain files such as Bun, Node, Git, Docker, Codex, UV, Python, real node_modules, virtualenvs, native libraries, or standalone executables.
• Wire the verifier into the npm publish workflow before npm publish, so a bad package payload is blocked before it reaches users.
• Add a GitHub release asset-name guard so direct release uploads stay limited to PushPals binaries, checksums, and signatures rather than accidental third-party tool artifacts.
• Document the release policy boundary: npm package payloads must not vendor external tools; PushPals-built standalone CLI/runtime release artifacts remain a separate supported distribution path.

Validation

• bun test tests/release-package-payload.test.ts
• bun run cli:bundle
• bun run cli:verify-package-payload
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• The npm package still requires a working Bun runtime to launch the package entrypoint; this release prevents vendored external tool files from entering the package, it does not remove the Bun runtime requirement for npm installs.
• Direct GitHub release binaries are PushPals-built standalone artifacts. Removing embedded Bun runtime from those standalone artifacts would require a separate runtime distribution redesign.
• Active runtimes that were started from an older release must be restarted after installing this release before new startup or packaged-runtime behavior takes effect.
• Docker-backed WorkerPal execution can use the first stalled Docker Codex startup as the signal to switch future WorkerPal spawns to direct isolated-worktree execution; the first affected job may fail as the canary that activates fallback.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.31...v1.1.32

PushPals CLI v1.1.31

PushPals CLI Release Log

Release Metadata

• version: v1.1.31
• start_commit: 4e934d31293bc0c32da399426383411f81d23447
• end_commit: ecbba5baae51af23a4fb1b4b2f4883c85fbd879c
• commits_in_range: 1

Highlights

• Resolve Windows Bun npm/nvm shims to the underlying node_modules/bun/bin/bun.exe before probing or launching the packaged CLI.
• Preserve the v1.1.30 Bun probe timeout while avoiding the false “Bun runtime is required” failure when bun is available through bun.cmd or extensionless Windows shims.
• Keep the shell fallback only for unresolved Windows Bun commands; resolved Bun executables now run directly under the timeout/watchdog path.
• Add regression coverage that the package shim knows about Windows where.exe Bun discovery and shim-target resolution.

Validation

• bun run cli:bundle
• node --check packages/cli/bin/pushpals.cjs
• node packages/cli/bin/pushpals.cjs -h
• bun test tests/cli.runtime-bootstrap.test.ts
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• v1.1.30 npm installs can incorrectly report that Bun is missing on Windows when Bun is exposed through npm/nvm shims; install v1.1.31 or use direct binary assets.
• Active runtimes that were started from v1.1.29 or earlier must be restarted after installing this release before the startup watchdog and fresh-binary WorkerPal prewarm delay take effect.
• Docker-backed WorkerPal execution still uses the first stalled Docker Codex startup as the signal to switch future WorkerPal spawns to direct isolated-worktree execution; the first affected job may fail as the canary that activates fallback.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.30...v1.1.31

PushPals CLI v1.1.30

PushPals CLI Release Log

Release Metadata

• version: v1.1.30
• start_commit: bd19e4572bf491b79b0f9328364afa6937e69da7
• end_commit: 36fb3f8e76dd1581c90d83c58bfdfadf0fc9b03b
• commits_in_range: 1

Highlights

• Add a Node-side Bun probe timeout for the npm package entrypoint so a wedged bun --version check fails fast instead of freezing the shell.
• Add a bootstrap watchdog and ready-marker handshake around the Bun CLI child so startup hangs terminate the Bun process tree with a clear diagnostic.
• Kill the Bun process tree on parent SIGINT/SIGTERM, avoiding orphaned Bun workers after Ctrl+C or terminal shutdown.
• Delay first WorkerPal prewarm after freshly downloaded Windows runtime binaries, giving AVG and other security scanners time to inspect standalone binaries before WorkerPal starts.
• Ship the refreshed packaged RemoteBuddy fallback runtime generated by bun run cli:bundle.

Validation

• bun run cli:bundle
• node --check packages/cli/bin/pushpals.cjs
• bun test tests/cli.runtime-bootstrap.test.ts
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.29 or earlier must be restarted after installing this release before the startup watchdog and fresh-binary WorkerPal prewarm delay take effect.
• Docker-backed WorkerPal execution still uses the first stalled Docker Codex startup as the signal to switch future WorkerPal spawns to direct isolated-worktree execution; the first affected job may fail as the canary that activates fallback.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.29...v1.1.30

PushPals CLI v1.1.29

PushPals CLI Release Log

Release Metadata

• version: v1.1.29
• start_commit: e578e9a1fd58d53a238deb44aa3ead7d5d73f723
• end_commit: d590a84b800bbc5072dd8233d64cacaf2953fecc
• commits_in_range: 1

Highlights

• Resolve packaged Python executor scripts from the extracted runtime directory before failing, fixing installed WorkerPal jobs that looked for openai_codex_executor.py under Bun's transient package cache.
• Apply the same packaged-wrapper path resolution to MiniSWE so all generic Python-backed WorkerPal executors use runtime-stable script discovery.
• Improve missing-wrapper diagnostics by listing every checked candidate path instead of reporting one misleading cache-derived path.
• Ship the refreshed packaged CLI runtime assets generated by bun run cli:bundle.

Validation

• bun run cli:bundle
• bun test tests/workerpals.generic-python-executor.test.ts
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.28 or earlier must be restarted after installing this release before the packaged Python executor path fix takes effect.
• Docker-backed WorkerPal execution still uses the first stalled Docker Codex startup as the signal to switch future WorkerPal spawns to direct isolated-worktree execution; the first affected job may fail as the canary that activates fallback.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.28...v1.1.29

PushPals CLI v1.1.28

PushPals CLI Release Log

Release Metadata

• version: v1.1.28
• start_commit: ee9762a30878f542824481f3bf0136efe042ee3d
• end_commit: e29ff2032ec3f19d2e3f9925ba504cb4660c1037
• commits_in_range: 4

Highlights

• Fall back from Docker-backed WorkerPal spawning to a direct isolated-worktree WorkerPal after a Docker Codex startup stall, so later jobs can make publishable progress instead of repeating the same stalled container path.
• Propagate Codex startup-stall cooldowns through the Docker job runner with a distinct worker exit code, preserving the 10-minute cooldown signal while allowing RemoteBuddy to switch execution backends.
• Keep repeated startup stalls classified as infrastructure/startup failures instead of no-publishable trajectory failures, improving diagnostics and rollout-coach decisions.
• Stabilize the git-heavy merge-conflict release checks with explicit timeout headroom under full-suite Windows load.
• Ship the refreshed packaged CLI runtime fallback assets generated by bun run cli:bundle.

Validation

• bun run cli:bundle
• bun test tests/workerpals.merge-conflict-job.test.ts
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.27 or earlier must be restarted after installing this release before the new Docker Codex startup-stall fallback behavior takes effect.
• Docker-backed WorkerPal execution still uses the first stalled Docker Codex startup as the signal to switch future WorkerPal spawns to direct isolated-worktree execution; the first affected job may fail as the canary that activates fallback.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.27...v1.1.28

PushPals CLI v1.1.27

PushPals CLI Release Log

Release Metadata

• version: v1.1.27
• start_commit: e166836e6103a0b53e8415d667621d92d00c8b37
• end_commit: b814445246c729f952db70385b7c1303f85b944e
• commits_in_range: 2

Highlights

• Recover OpenAI Codex WorkerPal jobs when the Codex subprocess stalls after only startup events, by restarting once with patch-first recovery guidance before failing the job.
• Classify repeated Codex startup stalls as openai_codex stalled before first response so diagnostics treat them as infrastructure/timeouts instead of no-publishable worker trajectories.
• Add regression coverage for both successful startup-stall recovery and repeated startup-stall cooldown behavior.
• Stabilize RemoteBuddy task enqueue failure coverage under full-suite load so release checks keep enforcing that failed enqueues do not emit orphan task lifecycle events.
• Ship the updated WorkerPal sandbox runtime mirror in the packaged CLI assets.

Validation

• bun run cli:bundle
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.26 or earlier must be restarted after installing this release before the new Codex startup-stall recovery behavior takes effect.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.26...v1.1.27

PushPals CLI v1.1.26

PushPals CLI Release Log

Release Metadata

• version: v1.1.26
• start_commit: e1a5ba4910e4020590a6386d638071eda62d0dd9
• end_commit: 2b586c0976968d3f064ff6f5e58ace21e19c404f
• commits_in_range: 2

Highlights

• Add an autonomy WorkerPal failure circuit for repeated no-publishable/no-edit outcomes so background autonomy stops creating new jobs during unhealthy windows.
• Suppress repeated autonomy jobs that match recent no-publishable failures by pattern key or overlapping target paths, with structured retry metadata instead of another long WorkerPal attempt.
• Teach RemoteBuddy autonomy dispatch to honor structured enqueue rejections with a timed backoff, reducing repeat dispatch loops after safety gates fire.
• Add bounded WorkerPal cooldown metadata for OpenAI Codex no-publishable and broad/off-track timeout failures so retry storms pause after exhausted attempts.
• Ship the updated RemoteBuddy and WorkerPal sandbox runtime mirror in the packaged CLI assets.

Validation

• bun run cli:bundle
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.25 or earlier must be restarted after installing this release before the new autonomy failure circuits, dispatch backoff, and WorkerPal cooldown behavior take effect.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.25...v1.1.26

PushPals CLI v1.1.25

PushPals CLI Release Log

Release Metadata

• version: v1.1.25
• start_commit: d6ffb6d1c1112be2d0a6bbac079895d22b5ec564
• end_commit: 585b57a0ba94545fdcba27f3cfed32acb9669b84
• commits_in_range: 4

Highlights

• Shorten no-edit recovery for stuck OpenAI Codex WorkerPal jobs so off-track tasks fail or recover faster instead of burning a full execution window.
• Skip low-value critic retries after deterministic fast validation failures, preserving remaining job budget for actionable repair attempts.
• Reduce duplicate cooldowns for narrow contract/test retry families so WorkerPals can respond to active validation noise without waiting through stale long cooldowns.
• Sanitize stale planner path hints before WorkerPal execution, including stale prose guidance, so workers do not chase nonexistent repo prefixes such as outdated client/app paths.
• Ship the updated WorkerPal sandbox mirror in the packaged CLI runtime assets.

Validation

• bun run cli:bundle
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.24 or earlier must be restarted after installing this release before stale-path sanitization and faster WorkerPal recovery behavior take effect.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.24...v1.1.25

PushPals CLI v1.1.24

PushPals CLI Release Log

Release Metadata

• version: v1.1.24
• start_commit: 8a4f44050d49c0b1a7185e9815a89d143145f3e5
• end_commit: 08d87215b101579bcdf74e1ccf2267c58a7c74a4
• commits_in_range: 2

Highlights

• Add a 6-hour cooldown for repeated autonomy jobs that target the same file, preventing unhealthy retry storms on one narrow objective.
• Shorten OpenAI Codex no-edit and rollout watchdogs for narrow contract/test tasks so stuck jobs recover or fail faster instead of burning full execution windows.
• Strengthen no-edit recovery guidance with a patch-first contract that tells workers to make a publishable edit before repeating discovery.
• Mark no-edit watchdog and rollout-coach terminal diagnostics correctly so job investigations show watchdog-triggered failures instead of hiding them as generic terminal failures.
• Ship the updated RemoteBuddy and WorkerPal sandbox mirrors in the packaged CLI runtime assets.

Validation

• bun run cli:bundle
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.23 or earlier must be restarted after installing this release before autonomy dedupe cooldowns and faster narrow-task watchdogs take effect.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.23...v1.1.24

PushPals CLI v1.1.23

PushPals CLI Release Log

Release Metadata

• version: v1.1.23
• start_commit: 9293f4e721983e72bf61edd3819c680008847a02
• end_commit: 11f1182de1c4f58074043ea69ede35ea0cee88a5
• commits_in_range: 2

Highlights

• Fix OpenAI Codex WorkerPal dirty-baseline accounting so pre-existing worktree changes are not misclassified as broad worker-created patches.
• Preserve the safety guard for genuinely broad or noisy small-task edits by counting new paths and same-path edits made after the job starts.
• Use bounded filesystem fingerprints for baseline paths so the fix does not add expensive per-path Git diff work on Windows.
• Add regression coverage for dirty baseline timeout handling and same-path baseline mutations.
• Update the task.execute integration harness to allow bounded diagnostics on executor results while still asserting the stable result contract.
• Ship the updated WorkerPal sandbox mirror in the packaged CLI runtime assets.

Validation

• bun run cli:bundle
• python apps/workerpals/src/backends/openai_codex/test_openai_codex_runtime_config.py
• bun test tests/integration/task.execute.test.ts
• bun run test:root
• git diff --check

Install

npm i -g @pushpalsdev/cli

bun install -g @pushpalsdev/cli

Artifacts

• pushpals-linux-x64
• pushpals-windows-x64.exe
• pushpals-macos-x64
• pushpals-macos-arm64
• SHA256SUMS.txt

Breaking Changes

• None.

Known Issues

• Docker-backed WorkerPal execution still requires Docker to be installed and running when WorkerPal auto-spawn is enabled; pushpals --clear cleanup is best-effort when Docker is unavailable or times out.
• Active runtimes that were started from v1.1.22 or earlier must be restarted after installing this release before WorkerPal jobs use the dirty-baseline fix.
• Codex gpt-5.5 requires a recent Codex CLI; older Codex CLIs fall back to gpt-5.4 for WorkerPal and RemoteBuddy Codex execution when they report model incompatibility.
• GitHub contribution credit for WorkerPal commits requires the configured commit email to be associated with the target GitHub account.
• User-local runtime/configs/local.toml overrides can preserve older runtime defaults during manual smoke testing; use pushpals --clear or remove the local override to pick up new packaged defaults.
• Some Windows Git installations may need Schannel certificate handling for remote operations, for example git -c http.sslBackend=schannel fetch origin.

Full Changelog: v1.1.22...v1.1.23