What's new in v1.33.0
10 PRs landed since v1.32.0, focused on multi-model SDD workflows, security hardening, and operator visibility. Contributions from @danielgap (4 PRs!) plus maintainer work.
Multi-model SDD (the headline)
-
Judgment-Day with configurable per-phase models. The JD agents (
jd-judge-a,jd-judge-b,jd-fix-agent) now have their own model assignment slot in the TUI, separate from the rest of the SDD pipeline. You can wire JD to cheaper/faster models when running dual review, while keeping the main phases on Opus. Three PRs landed the chain end-to-end: foundation (#475), agent prompt files for Claude+Kiro (#476), TUI picker integration (#477). Thanks @danielgap. -
Sync now reports which files changed.
gentle-ai syncpreviously printed only an aggregate file count. The output now lists the changed file paths, so users can audit what actually moved before trusting the run. (#498 — thanks @danielgap)
New CLI commands & flags
-
gentle-ai doctor— a read-only ecosystem diagnostics subcommand. Checks tool binaries (PATH resolution + shadow detection for engram/gga/claude/opencode/gentle-ai),state.jsonvalidity, Engram MCP reachability, and disk space. Output ispass/warn/failper check, with remedy suggestions on failure. (#690) -
OpenCode custom providers in the model picker. The TUI Configure Models screen previously only showed providers from the cached opencode catalog. Now it merges custom providers declared in your
opencode.json— on key collision, your custom entry wins (user-managed beats catalog). (#693)
Security hardening
-
Default deny for sensitive paths in permissions. New installs ship with a default deny list covering
~/.ssh/*,~/.credentials/*,~/Library/Keychains/*,**/*.pem,**/*.key,**/.env*,**/secrets/*,~/.aws/credentials,~/.config/gh/hosts.yml,**/*.p12,**/*.pfx. Applied to Claude Code and OpenCode (the two adapters with a permissions overlay). User-managed deny rules are preserved. (#689) -
CI workflows pinned to immutable commit SHAs. All
.github/workflows/*.ymlreferences to floating action tags (@v4,@v5,@v6,@v7) are now pinned to specific SHAs with the version as a comment. Dependabot/Renovate can keep them updated; the SHA pin closes the supply-chain hole. (#692)
Install & upgrade
- Auto-detect order now matches the docs.
effectiveMethodused to pickbrew → binaryand never auto-selectedgo-install, even whengowas available and the tool had aGoImportPathdeclared. The detection now followsbrew → go-install → binaryas documented. (#691)
Docs
- Comprehensive docs sync. Caught up
README.md,PRD.md,docs/quickstart.md,docs/usage.md,docs/components.md,docs/agents.md,docs/non-interactive.md,docs/platforms.md,docs/rollback.md, anddocs/antigravity-sdd-workaround.mdwith all the v1.31.0 + v1.32.0 changes (preset label renames, persona/preset decouple,--scope=workspace,GENTLE_AI_CONFIRM_UPDATE, doctor command, sensitive-paths deny, Trae IDE agent, Antigravity scope clarification, etc.). (#697)
Contributors
Big thanks to @danielgap for the JD chain (3 PRs across days) and the sync-show-files feature.
Install
brew upgrade gentle-aior gentle-ai upgrade if you installed via the script path. If you hit anything weird, try the new gentle-ai doctor to surface tool/state/MCP issues at a glance.