Release history

v0.11.3 — Review Sweep Final Fixes

Final sweep of v0.11 review issues after eliminating stale (17), false alarms (10), and code-style-only items (18).

Fixes

• P0-5 + P0-13: Unique constraint (taskid, reviewerid) + composite index (taskid, status) on taskreviewers via migration 0012. Service checks for existing assignments before creating.
• P2-13: Sprint date overlap validation. New getOverlappingForHabitat() query rejects overlapping sprint dates within the same habitat.
• P3-11: Human-readable event type labels in watching emails. EVENTTYPELABELS mapping shows "Task Submitted" instead of raw "task.submitted".
• P3-13: updateUserEmail coerces empty string to null to prevent empty-string pollution in user records.

Stats

• 8 files changed, 56 insertions, 7 deletions
• All 2591 tests passing (1344 API + 311 MCP + 1244 UI + 36 shared)
• Typecheck clean across all 6 packages

v0.11.2 — Comprehensive Review Fix Sweep

35 issues fixed across 28 files in 7 parallel batches. All HIGH + user-facing MEDIUM issues from the v0.11 code review are now resolved.

Backend Services

• Remove status from SprintUpdateInput — state machine bypass closed
• Add endDate > startDate validation in createSprint
• Fix carryOverPolicy unsafe cast
• Add CAS-style status guard in completeSprint (prevents auto-completer race)
• Sort findNextPlanningSprint by startDate
• Fix burndown endDate to use sprint's end date, not now
• Remove dead code in predictionService
• Add race condition guard in approveTask
• Use requiredCount in hasAllRequiredApprovals
• Add idempotency to recordApproval
• Fix isSelfApproval to be dynamic (not hardcoded true)
• Notify task assignee on priority change
• Pass commentContent for mentioned notifications
• Parallel email dispatch with Promise.allSettled
• Add Zod date validation on sprint routes

Repository Layer

• Use Drizzle inferred types in update() (removes Record<string, unknown>)
• Replace non-null assertions with descriptive error throws
• Document round-robin counter in-memory limitation

MCP Tools

• Add action-specific input validation for all review actions
• Validate assignmentStrategy against allowed values
• Return unknown action as isError: true (proper MCP response)

UI Fixes

• Add approvalStatus query key to factory
• Fix PrioritizationTab as any casts with Extract types
• Add JSON editor structural validation
• Add loading state for sprint mission operations
• Add client-side date validation in sprint form
• Memoize SprintSelector days-remaining
• Memoize available features filter
• Fix legacy reviewer ID placeholder + empty ID guard
• Fix useTaskReview non-null assertion
• Add SSE cache invalidation for tasks.events, habitats.detail, missions.list
• Add keyboard accessibility to mobile cards (role, tabIndex, onKeyDown)
• Add aria-label to mobile checkboxes
• Fix double selectTaskIds call on mobile
• Memoize TaskCardItem with React.memo

Stats

• 2588 tests passing across all packages
• 28 files changed, 252 insertions, 92 deletions

v0.11.1 — Post-Release Patches

Fixes

• Enforce antiSelfReview: The "Prevent Self-Review" toggle now actually excludes the task creator from the reviewer pool when enabled. Previously the flag was stored but never enforced during reviewer assignment.
• ReviewRulesTab React Query refactor: Replaced manual useState + useEffect data fetching with useQuery/useMutation and centralized queryKeys.reviewRules. Rules are now cached, auto-refreshed, and shareable across components.
• SprintDashboard performance: Added shallow comparison on Zustand store selectors and useMemo for derived data to prevent unnecessary re-renders on large boards.
• SprintDashboard velocity fix: Changed Math.ceil to Math.floor for days-elapsed calculation, preventing inflated velocity on the first day of a sprint.
• Extract TERMINAL_STATUSES constant: Replaced hardcoded ['done', 'approved'] strings in task completion filter.

Stats

• 2588 tests passing, typecheck clean
• 4 files changed across api + ui packages

v0.11.0 "Guardrails" — Review Assignment, Sprint Management & Code Review Hardening

Overview

This release adds structured review workflows and sprint management to Orcy, along with a comprehensive code review that addressed 10 critical/high-severity issues before shipping.

---

Features

Review Assignment System

• Review Rules: Configurable rules matching by domain, labels, and priority with 5 assignment strategies (domainexpert, roundrobin, least_loaded, random, fixed)
• Approval Gates: Multi-approval gate — tasks stay submitted until N approvals collected. Backward compatible (no rules = legacy behavior)
• Visual Rule Builder: Sortable rule cards with drag-and-drop, 10 condition types, 4 action types, data-driven config tables
• Review Panel: 3-mode panel (assigned reviewers with progress bar, legacy fallback, all-approved) with auto-advance confirmation

Sprint Management

• Sprint Lifecycle: planning → active → completed, with cancel support
• Mission Sync: Add/remove missions to planning sprints, only one active sprint per habitat
• Carry-over Policies: Configurable per habitat — backlog, next_sprint, or none
• Auto-completion: Scheduler auto-completes expired sprints every 5 minutes
• Sprint UI: Selector dropdown, planning panel drawer, dashboard with burndown chart, sprint badge

Notifications & SSE

• Email Templates: Priority change and review assignment notification templates
• Notification Preferences: New toggles for taskReviewAssigned and taskPriorityChanged
• SSE Events: 5 new cache invalidation cases for review/sprint/priority state changes

Mobile

• Mobile Table View: Card-based task list for mobile viewports with useIsMobile() conditional rendering

MCP Integration

• Review Dispatch: orcyreview tool with 7 actions (CRUD rules + manage reviewers)
• Sprint Dispatch: orcysprint tool with 11 actions (full sprint lifecycle + mission management)

---

Bug Fixes (from pre-release code review)

18 issues fixed across security, correctness, and performance:

| Category | Fixes | |----------|-------| | Security | XSS in all email templates (escapeHtml utility), missing auth on review+sprint routes, rejectTask missing reviewer check | | Correctness | Broken least_loaded strategy (function arity bug), prediction SQL wrong table alias, sprint state transitions lack transactions | | Notifications | task.rejected now includes reviewerId, task.review_assigned now includes actorId | | Performance | useTaskReview full store subscription → individual selectors, ReviewPanel confirm bypass fix | | Type Safety | API client uses proper shared input types instead of Record<string, unknown> |

---

Stats

• 2588 tests passing (1344 API + 1244 UI)
• 17 files changed in review fix pass
• 3 new migrations: review_rules, sprints, notification preferences expansion
• 3 new repos: reviewRule (6 methods), taskReviewer (9 methods), sprint (10 methods)

Bug Fixes

Patch release fixing a broken prioritization rule template, enriching the priority-changed SSE event, and adding a deprecation warning for agent self-completions.

What changed

Prioritization Rule Template

• Fixed RULETEMPLATE in PrioritizationTab: featurestatus → mission_status
• Fixed rule label: "Feature at risk → high" → "Mission at risk → high"
• Users copying the template no longer get validation errors

Priority Changed SSE Event

• task.priority_changed event now includes oldPriority and newPriority in the data payload
• Event only fires when the priority actually changes (anti-spam: no-op evaluations are silent)
• Shared discriminated union type updated in packages/shared/src/types/events.ts

Agent Self-Approval Warning

• Added deprecation warning log when agents call completeTask() on tasks still in submitted status (bypassing human review)
• No behavior change yet — actual gating will ship with v0.11.0 review assignment rules
• Prepares the codebase for the upcoming review workflow enforcement

Fixes

| Area | Fix | |------|-----| | Prioritization UI | Rule template uses correct mission_status condition type | | SSE events | Priority change notifications include old and new priority values | | Task lifecycle | Self-approval path now logs deprecation warning for observability |

Migration notes

No schema changes. Drop-in upgrade from v0.10.1.

Full diff

v0.10.1...v0.10.2