Skip to main content
fabro store dump has been renamed to fabro dump. Update scripts and docs that still call the nested command.To migrate:
  1. Replace fabro store dump ... with fabro dump ....
  2. Re-check any automation that depends on dump output paths.

Tighter server secret boundaries

Server startup now validates authority-bearing secrets at the server boundary instead of letting every subprocess inherit whatever happened to be in the parent environment. Worker subprocesses receive a scoped worker token when they need one, then scrub it from their process environment before launching hooks, sandbox commands, devcontainer setup, MCP stdio, or other descendants. That change reduces the chance of leaking server-level credentials into user-controlled command paths while preserving authenticated run operations. It also makes install-time and startup-time secret handling easier to reason about for self-hosted deployments.

Faster workflow finishing and devcontainer setup

Several workflow phases now do less serialized work. Retros load the event log once, devcontainer Command::Parallel entries actually run concurrently, and final patch creation can overlap with finalize commit work. Users should notice this most on longer workflows with large event logs, devcontainer initialization, or expensive final patch generation. The behavior is the same, but the slow tail of a run has fewer avoidable waits.

More

  • Renamed fabro store dump to fabro dump
  • fabro run --json no longer opens a preview browser window
  • Manifest git detection now respects the workflow working_directory
  • Added CommandContext::json_output() and CommandContext::verbose() accessors for more consistent CLI behavior
  • Sub-workflows now reuse the parent credential source
  • Terminal run events now emit from FINALIZE and include the real terminal error when finalization fails
  • Stage and billing summaries are deduplicated before terminal events are written
  • Auto-PR creation now reuses the resolved LLM client instead of resolving credentials again
  • Dense settings resolution is now cached across manifest, server, workflow, and CLI loaders
  • Server secrets are scrubbed from worker environments before descendant commands can inherit them
  • Pull request creation now runs through server-side plumbing with shared validation
  • Fixed the Get Started button to point to the docs introduction
  • Fixed LLM source resolution gaps in settings-driven runs
  • Fixed PR refactor review feedback around conflict and auth error handling