v1.9.0

Added

• Multi-harness support: Added support for Qwen Code CLI harness alongside Claude Code
  • New kairo harness get command to display current default harness
  • New kairo harness set <harness> command to set default harness (claude or qwen)
  • New --harness flag for switch command to override harness per invocation
  • New --model flag for switch command to override model (passed to Qwen CLI)
  • New DefaultHarness field in Config struct for persistent harness selection
  • Harness names validated and case-insensitive (Claude/Qwen/claude/qwen all valid)
  • Invalid harness names default to claude with warning message
  • Order of precedence: --harness flag → config default → claude
  • 286 new tests for harness functionality and wrapper environment variable support

Changed

• Wrapper script enhancement: Enhanced wrapper script generation to support custom environment variable names
  • Qwen harness uses ANTHROPIC_API_KEY instead of ANTHROPIC_AUTH_TOKEN
  • Wrapper script now accepts optional envVarName parameter
  • Maintains backward compatibility with existing Claude harness behavior
  • Improved security for API key delivery across different CLI harnesses

Documentation

• README: Updated with multi-harness support documentation and examples
• Command documentation: Updated cmd/README.md with harness commands and usage examples
• User guide: Updated docs/guides/user-guide.md with harness setup instructions

v1.8.4

Added

• Audit context: Added hostname, username, and session ID to audit entries
  • Improves traceability across users, hosts, and sessions
  • Context captured at logger creation and applied to all entries
  • Session IDs generated as unique 16-character hex identifiers
  • Backward compatible with existing audit logs (new fields use omitempty)
  • 7 new tests for context field functionality

Fixed

• Environment variable deduplication: Fixed duplicate environment variables in switch command
  • Custom providers could create duplicate ANTHROPIC_BASE_URL and other built-in env vars
  • Added mergeEnvVars() helper with proper deduplication (last occurrence wins)
  • Order of precedence: system env vars → built-in Kairo env vars → provider EnvVars → secrets
  • Invalid env var formats (no '=' or empty key) are skipped
  • 13 new tests for mergeEnvVars functionality and performance
• Thread-safe audit reads: Fixed race condition in LoadEntries() method
  • Previous implementation could read log file while writes were in progress
  • Changed from sync.Mutex to sync.RWMutex for concurrent read access
  • Multiple goroutines can now read audit entries without blocking each other
  • Updated documentation to reflect thread-safe status
  • 2 new tests for concurrent read and read/write scenarios
• Model validation: Fixed empty model names for custom providers
  • Custom providers now require non-empty model names
  • Built-in providers (like anthropic) can still use empty values
  • Whitespace trimmed before validation
  • URL validation already enforced via validateBaseURL() (HTTPS required, blocks localhost/private IPs)
  • 22 new tests covering model and URL validation

v1.8.3

Fixed

• Config migration: Fixed provider model not being updated during kairo update when builtin default model changes (e.g., MiniMax-M2 to MiniMax-M2.5)
  • Migration now properly updates both provider.Model and default_models when builtin defaults change
  • Added comprehensive test coverage for migration scenarios
• Pre-commit hooks: Added auto-install of staticcheck in deps target to prevent hook failures

Changed

• Config version field: Deprecated unused version field in config.yaml
  • Marked with omitempty to allow omission from new configs
  • Maintains backward compatibility with existing configs

v1.8.2

Fixed

• Dependencies: Removed unused golang.org/x/net and golang.org/x/text dependencies to fix CI tidy check
• Pre-commit: Updated hooks to use Go 1.25.7 to match CI and prevent version mismatches

v1.8.1

Added

• MiniMax model update: Updated default model from MiniMax to M2.5
• Auto-update config migration: When kairo update successfully updates the CLI, it now automatically syncs configured providers with new default models from the updated built-in provider definitions
  • New default_models field in config tracks which model was set as default
  • Migration logic preserves user-customized models (only updates providers using default models)
  • Displays config changes after successful update (e.g., "Config updates: zai: glm-4.7 -> glm-4.8")

v1.8.0

Added

• Key recovery commands: New kairo recover commands for key restoration
  • kairo recover identity - Recover identity file from passphrase
  • kairo recover key <provider> - Recover provider-specific encryption keys
  • kairo recover all - Recover all keys in batch
• Config caching: Added file watcher for automatic cache invalidation when config files change
  • Config caching layer integrated into commands for faster startup
  • Automatic cache invalidation on file modifications
• Error recovery: Improved error messages with actionable recovery suggestions
• UI enhancement: Clear terminal screen before running Claude for cleaner output

Fixed

• Backup security: Fixed Zip Slip vulnerability in archive extraction
• Backup resources: Fixed resource leaks in backup operations
  • Added proper deferred Close handling
  • Added zip archive verification before extraction
• Test isolation: Fixed configDir reset in TestGetConfigDir to avoid test pollution

Changed

• Build system: Replaced Taskfile and Makefile with Justfile for command runner
• Pre-commit hooks: Added staticcheck for Go static analysis
• Pre-commit hooks: Changed Windows cmd to bash for Go hooks
• Development tools: Added Just runner installation to deps target
• Documentation: Added backup and recovery documentation
• Documentation: Added metrics documentation to README
• Documentation: Improved table formatting in README metrics section
• Tests: Added integration tests for backup and recovery
• Tests: Used filepath.Join for cross-platform temp paths in metrics tests
• Code style: Fixed whitespace and handled ignored errors in tests

Security

• Backup extraction: Fixed Zip Slip vulnerability preventing path traversal attacks

v1.7.1

Fixed

• Windows file locking: Close audit logger to prevent file lock on Windows when running update command
• Update command: Use platform-specific temp file extensions (.tmp on Windows, .tmp.XXXXXX on Unix) to avoid extension issues
• Wrapper script execution: Fixed wrapper script execution on Windows by using correct directory and extension handling
• CI/CD: Removed invalid deny-licenses configuration in dependency review workflow
• CI/CD: Fixed coverage report step in CI pipeline

Changed

• Go version: Updated to 1.25.7 to fix crypto/tls vulnerability (CVE-2024-45338)
• Pre-commit hooks: Added Windows-compatible PowerShell pre-commit script for developers on Windows

Documentation

• AGENTS.md: Updated with comprehensive AI agent context for better Claude Code integration

v1.7.0

Added

• API key validation: Strengthened validation with provider-specific formats
  • Anthropic keys: Must start with sk-ant-api0 followed by 76+ characters
  • Z.AI keys: Must start with sk-zaic- followed by 32+ characters
  • MiniMax keys: Must start with eyJ (JWT format) or custom validation
  • DeepSeek keys: Must start with sk- followed by 52+ characters
  • Kimi keys: Must start with sk- followed by 52+ characters
  • Clear error messages indicating expected format for each provider
• Decryption error handling: Fail early on decryption failures with actionable errors
  • Clear guidance when identity file is missing or wrong
  • Better error messages for malformed recipient files
  • Integration tests for decryption failure scenarios

Fixed

• Go version: Updated to 1.25.6 to fix crypto/tls vulnerability (CVE-2024-45338)
• Dependencies: Updated golang.org/x/crypto to v0.45.0 for security fixes
• CI/CD: Fixed coverage report step and updated dependency review for PATENTS
• Update command: Simplified to use platform-appropriate install scripts

Refactored

• Audit logging: Made audit logging errors visible to callers instead of silent failures
• Private IP validation: Extracted CIDR blocks to package-level constants for maintainability
• State management: Removed unnecessary dual state in reset and rotate commands
• Platform detection: Consolidated in cmd/rotate with pkg/env for consistency
• Validation helpers: Removed redundant nil check in validateCustomProviderName

Test

• Integration tests: Added decryption failure scenario tests
• Audit helpers: Added comprehensive test coverage
• Crypto package: Added disk full error handling tests
• Switch command: Increased test coverage with new run tests
• Race detection: Fixed race conditions in integration tests

Documentation

• Package-level docs: Added documentation to cmd, crypto, and wrapper packages
• Function docs: Added documentation to utility helper and security-critical private functions
• Documentation standardization: Standardized function documentation format

v1.6.1

Fixed

• Reset command: Remove age.key file when resetting all providers to ensure clean state

Changed

• Documentation: Updated changelog with version link for v1.6.0
• Contributing guide: Added pre-commit to Before Submitting section
• Markdownlint: Migrated configuration to markdownlint-cli2 format
• AGENTS.md: Created concise version for AI assistant context
• README: Fixed install command URLs in documentation table

v1.6.0

Added

• Config file extension: Changed config filename from config to config.yaml
  • Better format recognition and editor support with YAML extension
  • Automatic migration from old format on first run
  • Original file backed up as config.backup (never deleted)
  • Migration includes YAML validation before conversion
  • Permission preservation during migration
  • Atomic operation with rollback on failure
  • Comprehensive test coverage (7 new migration tests)
• Audit logging: Added LogMigration() method for future migration event tracking

Fixed

• Windows installer: Fixed hashtable access for checksum hash validation
• Windows self-update: Implemented binary swap-after-exit pattern for reliable updates