Promotes dev → main for v0.17.3. Cut from the post-cleanup dev tip (0.17.3-0027) after resolving the CodeQL delta that blocked the first attempt (PR #455, now closed).
Pre-Cut Gate Checklist (ADR-004 / docs/shipping.md)
- G1a — 0 open P0/P1 beads
- G1b — 0 open HIGH/CRITICAL code-scanning alerts (3
py/path-injectioninbackup.pydismissed as FALSE POSITIVE — airtight_BACKUP_FILENAME_REallowlist + containment + admin gate; bd-0nabr) - G4 — CodeQL delta-zero vs main: the 22-alert dev-vs-main delta was cleared in PR #456 (14 quality fixes + import-cycle break) + 3 FP dismissals
- G5 — version touchpoints consistent (all = 0.17.3)
- G6 — CHANGELOG
[Unreleased]promoted to[0.17.3] — 2026-05-25 - G7 — no other open PRs vs main
Highlights (see CHANGELOG for full detail)
- Removed: retired MCP OAuth 2.1 feature fully deleted (bd-jir0m/9axgc); supported MCP auth (
?api_key=) unchanged - Added:
custom_streamsfirst-class Smart Sort criterion (GH #244, bd-ap1ud); fuzzy stream→channel matching for OTA/callsign "Local" channels with incident-class false-positive guards (bd-jnzst) - Security: reintroduced fuzzy matching gated through a single admission chokepoint (cannot recreate the ~1,341 false-positive merge incident); ReDoS hardening on the LOCALS cleaner (bd-jnzst)
- Changed: MCP
match_streams_to_channelsdefaults to dry-run; internal CodeQL hygiene cleanup (bd-0nabr)
🤖 Generated with Claude Code