chore(main): release meridian 1.33.0

[github-actions]

🤖 I have created a release beep boop

1.33.0 (2026-04-08)

Features

• add build pipeline for npm publishing, remove runtime Bun dependency (4f62897)
• add diagnostic log viewer to telemetry dashboard (d7ab690)
• add env var to disable file change summaries (#209) (374293f)
• add favicon to telemetry dashboard (#238) (52d2c09)
• add ForgeCode agent adapter (#315) (bb7d8e3)
• add LiteLLM passthrough adapter (#215) (beb5a5b)
• add live smoke tests + message validation (#226) (8bc83fc)
• add OpenAI-compatible /v1/chat/completions and /v1/models endpoints (#234) (16a62b4)
• add pi coding agent adapter (#259) (b20585f)
• add proxyOverheadMs metric to telemetry (5c573b1)
• add proxyOverheadMs metric to telemetry (049063e), closes #104
• add request debug logging for tool loop visibility (0051d60)
• add session resume support for conversation continuity (c40ff63)
• add tabbed layout to telemetry dashboard (6800ea5)
• add telemetry dashboard with request performance tracking (def290f)
• add telemetry dashboard with request performance tracking (79c04a2), closes #81
• Claude Max proxy for OpenCode (b9df612)
• clear error messages for auth failures and SDK crashes (4e21e9a)
• concurrency control, auto-restart supervisor, error handling (318ca75)
• Crush (Charm) agent adapter with full E2E test suite (#183) (7395b1f)
• deferred tool loading with auto-defer for large tool sets (#310) (f3c3230), closes #303
• detect rate-limited accounts and fall back from 1m models (#149) (1b56c0b)
• Docker support and README install options (cfb8396)
• Docker support and README install options (d61670e), closes #15
• Droid (Factory AI) agent adapter (#181) (b07d2d4)
• enable 1M context window for Opus models (e23afba)
• enable concurrent requests for subagent support (Phase 3) (34452a3)
• error classification, health endpoint, and startup auth check (43a80f1)
• export TypeScript declarations from dist (cd06761)
• file change visibility in responses (#189) (#192) (9112d4a)
• forward tool_use blocks to clients (Phase 1) (6042cd7)
• fuzzy match agent names for reliable subagent delegation (fec9516)
• fuzzy match agent names to fix invalid subagent_type values (5364124)
• multi-profile support — switch Claude accounts without restarting (#279) (7752413)
• multimodal content support (images, documents, files) (0e6fc7a)
• multimodal content support (images, documents, files) (bc072cb)
• passthrough mode for multi-model agent delegation (4836a48)
• passthrough mode for multi-model agent delegation (a74ced9), closes #21
• passthrough SDK params (effort, thinking, taskBudget, betas) + usage logging (#222) (533323c)
• per-terminal proxy launcher and shared session store (836102c)
• per-terminal proxy launcher and shared session store (d2ace88)
• PreToolUse hook for reliable subagent delegation (01df852)
• register OpenCode tools as MCP tools in passthrough mode (e683539)
• register SDK agent definitions from OpenCode's Task tool (afa480f)
• remove internal MCP tools, use maxTurns: 1 (Phase 2) (a740574)
• restore MCP tool federation for multi-turn agent sessions (099a830)
• session recovery logging and endpoint for conversation restoration (#283) (781e302)
• session resume support for conversation continuity (1e98be0)
• show client model version in telemetry (f77095f)
• show client model version in telemetry (f3b8aa0), closes #169
• subagent model selection via x-opencode-agent-mode header (#235) (bfcd7a9)
• telemetry diagnostic log viewer with tabbed dashboard (94f6c8b)
• token telemetry, anomaly detection, passthrough default + thinking blocks (#306) (44fcf14)
• transparent API proxy with full tool execution and subagent support (96be81c)
• true concurrent SDK sessions (no serialization) (6dd5aa0)
• use PreToolUse hook for agent name correction (replaces stream hacks) (7cb37b6)
• validate passthrough architecture concept (deed3db)

Bug Fixes

• add --version and --help flags to CLI (#196) (029d049)
• add missing hasDeferredTools to test helpers for typecheck (c3c596c)
• add NPM_TOKEN to publish workflow (8339bb0)
• add path parameter fallback in OpenCode file change tracking (#253) (959a84e)
• add SSE heartbeat to prevent connection resets (194fd51)
• add SSE heartbeat to prevent connection resets (ec7120d), closes #1
• add workingDirectory to fingerprint hash for cross-project isolation (69cfa1a), closes #111
• allow 3 turns in passthrough resume to prevent max-turns error (#308) (af4d7e0)
• allow configuring MCP tool working directory via env var (b4d7d74)
• allow-list safe anthropic-beta headers on claude-max profiles (#293) (f28f074), closes #278
• auto-refresh expired OAuth token inline on 401 (#230) (fd377a3)
• block all Claude Code-only tools in passthrough mode (92fbe7b), closes #35
• block Claude Code-only tools in passthrough mode (c06d1ea), closes #35
• block CLAUDE_CODE_ONLY_TOOLS in normal (non-passthrough) mode (54839b2)
• block CLAUDE_CODE_ONLY_TOOLS in normal (non-passthrough) mode (46be89a)
• block SDK built-in tools, enforce MCP-only tool execution (ca1f8e1)
• block SDK tools with schema-incompatible OpenCode equivalents (5bfd10f)
• cache failed auth status lookups to avoid repeated exec calls (#145) (4a79701)
• capture subprocess stderr to surface real exit-code-1 failures (#213) (40eeda7)
• CI workflow must use npm test, not bun test (1644484)
• concurrent requests with auto-restart supervisor (1a8f695)
• correct ci.yml YAML (remove stray XML artifact) (#251) (207d8a3)
• deduplicate message_start/stop events in multi-turn streaming (23a0044), closes #20
• deduplicate streaming events for cleaner multi-turn responses (b98b2dd)
• deduplicate tool_use blocks in streaming passthrough mode (f8238b9)
• deduplicate tool_use blocks in streaming passthrough mode (0007887), closes #69
• default sonnet to 200k — sonnet[1m] requires Extra Usage on Max (#255) (e629d6c)
• default to non-streaming (JSON) when stream field is omitted (#241) (f9f4b6f)
• deny Task tool retries via canUseTool callback (8b1a8b0)
• detect conversation divergence (undo/edit) via lineage hashing (ced5819)
• detect conversation divergence (undo/edit) via lineage hashing (a09558a), closes #86
• deterministically normalize agent names in task tool_use blocks (64133e1)
• disable all tools in Claude Code sessions (7fab74c)
• disable thinking at SDK level when strip-all removes thinking beta (#313) (57b5cad)
• Docker auth persistence and non-root user (afa18f7)
• Docker auth persistence and non-root user (c4f58a6), closes #15
• eliminate proxy-async-ops flaky test in CI (4592dfd)
• emit message_delta and message_stop before error on mid-stream failures (#185) (8bd9b48), closes #168
• enable 1M context window for Sonnet models (0e3464a)
• enable 1M context window for Sonnet models (08dc8ff), closes #124
• ensure Docker entrypoint scripts are executable (#142) (6888f32)
• escape quotes in dashboard onclick handlers (6728fc3)
• export TypeScript declaration files from distFix/types export (3a50c93)
• extract client working directory from system prompt for remote proxy (fbf8cfb)
• extract client working directory from system prompt for remote proxy (10279ec), closes #123
• fall back from sonnet[1m] to sonnet when extra usage not enabled (#228) (7104d15), closes #227
• filter MCP tool events from stream, forward only client-facing tools (18a0280)
• force executable to node in buildQueryOptions (6e33926)
• include mcpTools.ts in published package files (10d8ee8)
• include mcpTools.ts in published package files (5039707)
• include src/plugin/ in published package files (799e29e)
• include system prompt context in proxy requests (948b8fb)
• increase session TTL to 24 hours, verified end-to-end (181a5fe)
• inject agent type hints to prevent capitalization errors (172dca1)
• isolate auth status tests to prevent CI flakiness (07d8331)
• isolate profile-switch-integration tests to prevent mock leakage (c5e8740)
• isolate session recovery tests in CI sequential run (2812576)
• isolate session recovery tests in CI sequential run (6c905ab)
• isolate shared store context-usage test into its own file to prevent parallel contamination (2a1fd66)
• make CLAUDE_PROXY_WORKDIR override extracted cwd (#154) (#158) (7c68ee6)
• make tsconfig.json optional in Docker COPY to prevent build failure (9526f54)
• make tsconfig.json optional in Docker COPY to prevent build failure (fe61ebf), closes #70
• migrate all session store tests to setSessionStoreDir (fc8d72b)
• mock Date.now in pruning test to prevent CI failure (5ca8653)
• mock Date.now in pruning test to prevent flaky CI failure (ea56c74)
• move clearSessionCache to afterEach in shared store test to avoid wiping store before lookup (3fe65fb)
• move npm publish into release-please workflow (82db07c)
• move npm publish into release-please workflow (f7c4b2c)
• narrow event type before translateAnthropicSseEvent to satisfy tsc (8417623)
• npm publish with automation token (230b185)
• only block tools with no OpenCode equivalent (cc73e9e), closes #35
• only send new messages on resume, not full history (b1e101b)
• only send new messages on resume, not full history (5dcbae3), closes #49
• OpenCode auto-detection, adapter telemetry, pi adapter improvements (13bd6cd)
• optimize Docker layer ordering to cache dependencies (dd4351a)
• optimize Docker layer ordering to cache dependencies (8f29948), closes #125
• optimize docker-compose with lightweight init and dedup config (a737190)
• optimize Dockerfile with multi-stage build and node:22-slim runtime (679ceef)
• pass OpenCode system prompt via SDK appendSystemPrompt (1375a7e)
• pass OpenCode system prompt via SDK appendSystemPrompt (9ff630c), closes #74
• pass system prompt via appendSystemPrompt instead of merging into prompt (2b55399)
• pass systemContext to storeSession for consistent fingerprinting (055b025)
• pass systemContext to storeSession for consistent fingerprinting (617530d)
• pass working directory to SDK for correct system prompt (c0a3120)
• pass working directory to SDK query for correct system prompt (d7bfc42), closes #18
• passthrough mode tool_use broken for multi-turn and streaming (#207) (ae2e941)
• prefer system claude binary over cli.js when not running under bun (#217) (88a3eff)
• prevent @hono/node-server from overriding global Response/Request (#141) (64b9a1d)
• prevent cross-project session contamination in fingerprint cache (93ef050)
• prevent empty/failed streaming responses in OpenCode proxy (da170e7)
• prevent env var loop and MCP server transport reuse with SDK >=0.2.81 (b20dfee)
• prevent env var loop and MCP server transport reuse with SDK >=0.2.81 (b3f3ad6)
• prevent false positives in file changes extraction from bash commands (#236) (0464024)
• proxy: add LRU eviction to bound session cache growth (661f007)
• proxy: add LRU eviction to bound session cache growth (93d7959)
• proxy: convert blocking execSync calls to async (fb79545)
• proxy: convert blocking execSync calls to async (e59637f)
• queue concurrent streaming requests to avoid ~60s delay (fb30a48)
• queue concurrent streaming requests to avoid ~60s delay (054dd2c)
• rate-limit retry with backoff and auth status resilience (#156) (f0dd8dd)
• redesign session management with per-message hashing, SDK-native undo, and compaction survival (f1a7e7b)
• redesign session management with per-message hashing, SDK-native undo, and compaction survival (291e20f)
• reduce token overhead in passthrough mode (#191) (98e8f9b)
• remap block indices across multi-turn streaming responses (#153) (#159) (39f09ca)
• remove bun install from publish job (966b2ea)
• remove bun install from publish job (cd36411)
• remove duplicate cleanup timer and stop re-throwing in error event handler (ae7404a)
• remove Hono type leak from public API and fix exports (1764596)
• remove mock.module leak that breaks session store tests (576bbe2)
• remove mock.module leak that breaks session store tests (795fade)
• replace global claude-code install with SDK cli.js shim in Dockerfile (5391f14)
• replace time-based session TTL with durable count-bounded storage (121e82d)
• replace time-based session TTL with durable count-bounded storage (71b2cc7), closes #99
• replace ubuntu base image with multi-stage node:22 build to fix Docker build failures (1702a15)
• resolve Claude executable path and enable true SSE streaming (d95bacb)
• resolve UID mismatch between claude user and docker-compose init volume (b8da7b4)
• resolve UID mismatch between claude user and docker-compose init volume (7e353ad)
• respect client stream parameter in passthrough adapter (#254) (1ec2abb)
• restore concurrency queue, idle timeout, and Docker crash recovery (7270b47)
• restore MCP tools with bypassPermissions for correct tool execution (d25e45d)
• retry as fresh session when undo hits stale UUID (#146) (67442c4), closes #140
• revert to Bun.serve, document known concurrent crash (ecbaec2)
• run MCP tools in the caller project directory (25767ea)
• run proxy-extra-usage-fallback in isolation to prevent mock leak (287dd9a)
• run session store tests sequentially to avoid shared module state (bb4555c)
• session store test race condition on CI (90f927d)
• session-store: add file locking and error logging (b996a81)
• session-store: add file locking for concurrent access safety (10c9a3c)
• show friendly error message when port is already in use (7b9d96a), closes #16
• skip file locking in session store tests (875e136)
• skip labeling in release-please to avoid stale PR node errors (7212318)
• skip system context and assistant messages on resume (1698713)
• stabilize fingerprint resume by removing volatile systemContext and normalizing content format (3256aac)
• stabilize fingerprint resume by removing volatile systemContext and normalizing content format (be88868), closes #111
• strip anthropic-beta headers for Max subscriptions to prevent extra usage billing (#281) (9c673c0), closes #278
• strip thinking blocks and suppress Turn 2 prose in passthrough mode (1a98fe0)
• support running as root (Docker, Unraid, NAS) (#256) (7dd0599)
• surface MERIDIAN_SONNET_MODEL hint on 1m rate limit errors (9d4611c)
• treat identical message replay as diverged, not continuation (c819b4e)
• treat identical message replay as diverged, not continuation (465eb19), closes #171
• trigger npm publish with token (c603363)
• update runCli test mock to match ProxyInstance shape (29429f2)
• update SDK and fix streaming to filter tool_use blocks (ae4d7ea)
• use dynamic import for sessionStore in test to share singleton with server (548ecc1)
• use envBool() for passthrough detection — Boolean('0') was truthy (#261) (41d37da)
• use MERIDIAN_SESSION_DIR env var in shared store test for parallel-safe isolation (43d1de6)
• use positional comparison in lineage overlap to prevent false compaction (#283) (85b5cd7)
• use positional comparison in lineage overlap to prevent false compaction (#283) (1450cbd)
• use subscription type to determine sonnet model variant (#139) (7aee13c)
• write promptYesNo prompt to stderr so it shows in terminal (#301) (099a716)

---

This PR was generated with Release Please. See documentation.