v0.2.0

Highlights

• Unified Task model — single polymorphic /api/tasks HTTP resource covering Repo Tasks, Repo Task blueprints, and Standalone Tasks
• Standalone Tasks (Agent Workflows) — agent runs with no repo checkout, {{PARAM}} prompt templates, four trigger types (manual / schedule / webhook / ticket), isolated pod execution, WebSocket log streaming, auto-retry, clone, visual editors, search and filters
• Connections — external service integrations via MCP with built-in providers (Notion, GitHub, Slack, Linear, PostgreSQL, Sentry, Filesystem) plus custom MCP servers and HTTP APIs
• Reconciliation control plane (shadow mode) — K8s-style reconciler for task and pod state
• StatefulSets for repo pods, Jobs for workflow pods
• Generic OIDC OAuth provider — self-hosted SSO
• OpenTelemetry + Fastify HTTP metrics
• OpenAPI spec + Swagger UI at /docs — Zod type-provider migration across all routes
• Workspace-level audit log and activity feed
• Outbound webhooks on workflow run events
• Multi-arch image publishing — amd64 + arm64 for all service and agent images
• OpenClaw agent runtime; OpenCode custom OpenAI-compatible endpoints
• Planning mode and message bar improvements

Added

• Ticket trigger UI and ticket-provider auth failure handling with auto-disable
• Stale Claude OAuth token detection before 401s
• nodeSelector and tolerations for api, web, optio, postgres, redis, and agent pods
• OPTIO_ALLOW_PRIVATE_URLS — SSRF-check bypass for private network integrations
• Expanded dashboard analytics — performance, agents, and failure insights

Changed

• Overview panel redesign — reordered sections, side-by-side recent tasks and pods, responsive grid
• Replaced connections modal with inline form
• Renamed "Workflows" to "Agent Workflows" in UI; docs consolidate Schedules + Workflows into unified Tasks
• Removed redundant templates and schedules — superseded by agent workflows

Removed

• Top Failures and Performance dashboard panels
• "N tasks failed today" dashboard banner

Fixed

• Classify agent auth failures as run failures rather than global failures
• Escalate repo tasks to needs_attention when the agent completes without opening a PR
• Prevent false task failures when agent creates a PR but exits non-zero
• Detect and clean up zombie workflow_runs with terminated pods
• Six K8s infra bugs blocking standalone/scheduled runs and repo pods
• Pod securityContext and explicit UID for PVC permissions on GKE
• Re-read task state before orphan reconciliation transitions
• Persist workflow run logs and publish to per-run channel
• Treat empty-string env vars as missing in parseInt parsing
• Health check passes when ClusterRole is not deployed
• Record GitHub 401s to auth_events; dismiss and clear stale auth-failure banners
• Replace Drizzle migrate() with hash-based runner; add missing 0046 migration entry to Drizzle journal

See CHANGELOG.md for the full list.

v0.1.0 — Initial release

First tagged release of Optio — workflow orchestration for AI coding agents. Think CI/CD, but the build step is an AI agent.

Highlights

Core orchestration

• Pod-per-repo architecture with git worktrees so multiple tasks run concurrently in a single long-lived pod
• Multi-pod scaling: maxPodInstances × maxAgentsPerPod with least-loaded scheduling and same-pod retry affinity
• Task lifecycle state machine, priority queue, bulk retry/cancel, dependencies, subtasks, and workflow templates
• Per-repo shared persistent cache directories (npm, pip, cargo, etc.) backed by PVCs

Agents

• Claude Code, OpenAI Codex, GitHub Copilot, Google Gemini CLI, and OpenCode (experimental) adapters
• Auto-triggered code review agent on CI pass / PR open, with auto-resume on "changes requested"
• Mid-task messaging / interject, stalled-task detection via activity heartbeats
• Structured NDJSON log parsing with live WebSocket streaming

Integrations

• Ticket sync: GitHub Issues, Linear, Jira, Notion
• PR watcher: CI/review status, auto-merge, auto-fail on close
• Webhooks, schedules, Slack notifications, MCP servers, custom skills
• optio CLI — terminal-first client for the API

Web UI

• Next.js 15 dashboard with live log streaming, cost analytics, interactive sessions (terminal + chat)
• Multi-provider OAuth (GitHub, Google, GitLab) and workspace multi-tenancy
• Browser push notifications for task lifecycle events

Security & operations

• AES-256-GCM secret encryption with algorithm-version tagging for crypto-agility
• TLS + auth for in-cluster Postgres and Redis; post-quantum TLS support (Kubernetes 1.33+)
• Ed25519 Envoy sidecar CA, constant-time session comparison, SSRF validation, rate-limited auth endpoints
• Read-only root filesystems, Zod-validated request bodies, sliding-window session expiry
• OpenTelemetry export for traces, metrics, and logs

Deployment

• Helm chart published to GHCR as an OCI artifact (oci://ghcr.io/jonwiggins/optio)
• Service and agent images published to GHCR; default values work on any cluster out of the box
• Namespace-only RBAC mode for clusters without ClusterRole permissions

Images

All published to ghcr.io/jonwiggins:

• optio-api:0.1.0, optio-web:0.1.0, optio-optio:0.1.0
• optio-agent-base:0.1.0 + optio-agent-{node,python,go,rust,full}:0.1.0
• Helm chart: oci://ghcr.io/jonwiggins/optio:0.1.0

Install

```bash
helm install optio oci://ghcr.io/jonwiggins/optio --version 0.1.0 \
-n optio --create-namespace \
--set encryption.key=$(openssl rand -hex 32)
```

See helm/optio/values.yaml for the full configuration reference.