v2.8.0

Added

• Support custom provider definitions in config.yaml with custom_providers field

Changed

• Compute provider display order from priority list instead of hardcoded slice
• Deduplicate config loading with loadConfigOrExit and loadConfigOrEmpty
• Consolidate harness logic and introduce crypto interface
• Move key format validation into provider definitions
• Simplify providerFromArgs with inline branching
• Rename hasDoubleDash to hasArgsSeparator, yoloFlag to skipPermissionsFlag
• Remove harnessBinary identity function and setupSignalHandler dead code
• Document custom_providers in config, provider, and dev guides
• Switch contributing guide to Google Go Style
• Fix markdown formatting in config and providers docs

Fixed

• Surface loadConfigOrEmpty errors instead of swallowing them
• Report errors from config and secret operations instead of silently discarding them

---

Released by GoReleaser.

v2.7.0

Added

• Add crush harness option (Charm's Crush CLI) alongside claude, qwen, and pi

Fixed

• Validate model name against actual model ID for provider selection, not the display name

---

Released by GoReleaser.

v2.6.2

Changed

• Add missing package and type doc comments to config, constants, errors, fsutil, and providers packages
• Remove redundant ConfigDir global state — overrides handled exclusively through CLIContext.SetConfigDir
• Rename Get-prefixed update functions and add context.Context to blocking methods
• Remove stale tempPath variable in fsutil after CreateTemp migration

Fixed

• Prevent goroutine leak in setupSignalHandler by returning a stop function for cleanup
• Create temp file in target directory in WriteAtomic to ensure atomic rename across all filesystems

---

Released by GoReleaser.

v2.6.1

Changed

• Add cosign v2 keyless verification fix to changelog

Fixed

• Add certificate identity and OIDC issuer flags for cosign v2 keyless verification

---

Released by GoReleaser.

v2.6.0

Added

• Cosign code signing for release artifacts via goreleaser
• Cosign signature verification in install scripts (install.sh, install.ps1)
• Cosign bundle verification in kairo update flow
• Reject encryption key files with overly permissive permissions in crypto package

Changed

• Banner refactored to harness-aware ASCII art display with Banner struct
• Eliminate global mutable state in update package and providers
• Replace mutable global vars with Deps struct for dependency injection in cmd package
• Decompose large test files into focused modules
• Address medium-priority technical debt across codebase
• Decompose root command Run function into focused helpers (loadRootConfig, lookupProvider, runPiProvider, runStandardProvider, resolveAPIKey)
• Replace mutable global vars with Deps struct for dependency injection, eliminating save-override-restore test patterns
• Centralize ANTHROPIC environment variable constants to internal/constants package
• Migrate all os.IsNotExist usage to errors.Is(err, fs.ErrNotExist)
• Wrap bare fmt.Errorf in cmd package with proper KairoError types
• Add named file/directory permission constants (DirPermSecure, FilePermSecure, etc.) replacing magic numbers
• Consolidate repeated "No providers configured" boilerplate into single helper
• Replace EnvProvider type with config.Provider to eliminate duplication
• Extract fsutil.WriteAtomic for atomic file writes shared by config and crypto packages
• Preserve user-set models during config migration instead of overwriting with built-in defaults
• Add ErrBinaryOutdated sentinel error replacing fragile string-matching on YAML parse errors
• Remove panic from validate package, use os.Exit(1) instead
• Wrap fsutil.WriteAtomic errors with FileError for better context
• Add SetHTTPClient/SetEnvFunc setters for update package test injection
• Add pi harness and complete provider list across all documentation
• Migrate golangci-lint from v1.64.8 to v2.12.2

Fixed

• Use default provider when arguments start with -- separator instead of treating them as provider name
• Use default provider when --harness flag is provided, forwarding positional args as harness arguments
• Reduce linter exclusions and improve test coverage

---

Released by GoReleaser.

v2.5.1

Changed

• Install script checksums now auto-regenerated via pre-commit hook when scripts/install.sh or scripts/install.ps1 are modified

Fixed

• Update command checksum verification failure caused by stale checksums.txt after install script modification

---

Released by GoReleaser.

v2.5.0

Added

• Pi harness support: pi is now a valid harness option alongside claude and qwen (kairo harness set pi, --harness pi)
• env_key option for custom providers to specify a custom environment variable name instead of the auto-derived <PROVIDER>_API_KEY
• Expanded built-in provider registry to 19 providers matching piexo (zai, minimax, zhipu, moonshot, stepfun, yi, lingyiwanwu, deepseek, baichuan, hunyuan, spark, ernie, qwen, gemma, mistral, groq, together, fireworks)

Changed

• Use tap.Cancel for error and cancel messages instead of ui.PrintError in tap-based commands
• Centralize GitHub URLs in internal/constants/urls.go with helper functions for raw file and blob URLs
• Google Go Style Guide compliance: doc comments on all exported symbols, remove Get prefix from getter functions
• Remove unnecessary kairoerrors/kairoversion import aliases where stdlib errors/version is not also imported
• Extract update business logic (release fetching, checksum verification, install script execution) to internal/update package

Fixed

• Load all provider API keys for Pi harness instead of only the active provider's key

---

Released by GoReleaser.

v2.4.1

Fixed

• Release notes extraction now correctly stops at the next version boundary instead of dumping the entire CHANGELOG to EOF

---

Released by GoReleaser.

v2.4.0

Added

• --no-update-check flag on kairo version to skip GitHub API calls
• Windows ANSI support detection via Virtual Terminal Processing

Changed

• CLI commands now propagate the Cobra command context to child operations and TUI interactions instead of using context.Background(), enabling proper cancellation on Ctrl+C
• Config loading in delete and list commands now uses the config cache for consistency
• Root command decomposed into runRoot, loadRootConfig, and dispatchExecution for maintainability
• Removed DecryptSecrets (string return) in favor of DecryptSecretsBytes with ClearMemory to allow secure memory clearing of decrypted key material

Fixed

• Release CI now extracts the versioned section from CHANGELOG.md matching the tag, instead of using the [Unreleased] section which may be empty
• Temp auth directory no longer leaks on error paths — cleanup now runs before os.Exit
• Hyphens in custom provider names no longer produce invalid environment variable names (e.g., MY-PROVIDER_API_KEY → MY_PROVIDER_API_KEY)
• mustParseCIDR no longer panics on invalid CIDR constants — uses log.Fatalf with a clear message
• HTTP client in update command now has TLS handshake and response header timeouts for better protection against slow/misbehaving servers
• Capture error from windows.GetStdHandle instead of silently discarding it

v2.3.7

Added

• DeepSeek default model updated to deepseek-v4-pro[1m], with deepseek-v4-flash set as the haiku/subagent model via env vars

Fixed

• Malformed secret lines are preserved during deletion instead of being silently dropped
• Secrets warnings from LoadSecrets are now surfaced in the setup flow