You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add GitHub Checks API reporting for TaskSpawners. Setting reporting.checks on a githubPullRequests or githubWebhook (with PR events) source creates GitHub Check Runs that reflect task status, enabling branch protection rules and merge queue integration. An optional checks.name field overrides the default check name. (#1016, @knechtionscoding)
TaskSpawner GitHubWebhook filters now support a commentOn field (Issue or PullRequest) that scopes issue_comment events to comments on plain issues or pull requests. Empty matches both (existing behavior). (#1081, @app/kelos-bot)
Add Slack as a TaskSpawner source with a centralized kelos-slack-server that connects via Socket Mode and routes messages to matching agents.
(#1002, @jkahuja)
Add bodyPattern and excludeBodyPatterns regex filter fields to GitHub webhook filters. Deprecate bodyContains in favor of bodyPattern. (#1058, @knechtionscoding)
Add CommentBody and CommentURL template variables for GitHub comment webhook events (issue_comment, pull_request_review, pull_request_review_comment). (#931, @knechtionscoding)
Add reporting support to GitHubWebhook-based TaskSpawners. Setting reporting.enabled: true on a webhook source posts status comments back to the originating issue or PR, matching the behavior already available for polling-based sources. (#966, @app/kelos-bot)
Added Workspace.spec.setupCommand: an optional exec-form command run in the agent container before the agent starts (e.g. ["sh", "-c", "npm ci"]). A non-zero exit fails the Task. Useful for repo-specific dependency installs and code generation that depend on the cloned lockfile. (#1056, @app/kelos-bot)
Expand PodOverrides (used by both Task and TaskSpawner) with volumes, volumeMounts, podSecurityContext, and containerSecurityContext. This lets callers attach extra volumes, mount them into the agent container, and declare security contexts so spawned pods can land in PSS-restricted namespaces. (#1041, @JustinElst)
feat: Adds support for agentConfigReferences allowing for a list to be built up and shared across taskSpawners
(#1014, @knechtionscoding)
Features
Update cursor image from 2026.04.29-c83a488 to 2026.04.30-4edb302 (#1072, @app/kelos-bot)
Update gemini image from 0.40.0 to 0.40.1 (#1071, @app/kelos-bot)
Update codex image from 0.125.0 to 0.128.0 (#1070, @app/kelos-bot)
Update claude-code image from 2.1.123 to 2.1.126 (#1069, @app/kelos-bot)
Update cursor image from 2026.04.17-787b533 to 2026.04.29-c83a488 (#1046, @app/kelos-bot)
Update opencode image from 1.14.28 to 1.14.30 (#1045, @app/kelos-bot)
Update gemini image from 0.39.1 to 0.40.0 (#1044, @app/kelos-bot)
Update claude-code image from 2.1.121 to 2.1.123 (#1043, @app/kelos-bot)
Generated release notes now include the PR author's GitHub handle alongside the PR number (e.g. (#42, @octocat)). (#1055, @gjkim42)
Bug Fixes
Fix the GitHubWebhook-driven TaskSpawner reporter posting duplicate status comments when a Task transitions phases faster than the informer cache propagates the persisted comment-ID annotation. (#1065, @gjkim42)
Documentation
Document the spec.when.webhook (GenericWebhook) TaskSpawner source: integration guide, field reference, template-variable table, and an end-to-end Sentry example under examples/13-taskspawner-generic-webhook/. The generic webhook endpoint is currently unauthenticated — restrict access at the network layer until per-source HMAC validation lands (tracked in #1040). (#1035, @app/kelos-bot)
Update opencode image from 1.14.27 to 1.14.28 (#1031)
Update claude-code image from 2.1.119 to 2.1.121 (#1030)
Add webhookServer.sources..service.type Helm value to configure the Service type (ClusterIP, LoadBalancer, or NodePort) for each webhook source independently. (#1022)
Update codex image from 0.121.0 to 0.125.0 (#1013)
Update opencode image from 1.4.6 to 1.14.27 (#1005)
Update cursor image from 2026.04.15-dccdccd to 2026.04.17-787b533 (#1006)
Update claude-code image from 2.1.110 to 2.1.119 (#1004)
Bug Fixes
Fix kelos run failing with "no such file or directory" when an @~/... file reference is used in the CLI config (for example oauthToken: "@~/.codex/auth.json"). Tilde paths are now expanded to the current user's home directory. (#1027)
Fix kelos get taskspawner to display the effective per-source poll interval (e.g., spec.when.githubIssues.pollInterval) instead of the deprecated top-level spec.pollInterval. (#1023)
Add filePatterns filtering to githubPullRequests and githubWebhook sources with remove-then-match semantics: files matching exclude patterns are removed first, then the item passes when at least one remaining file matches an include pattern.
(#891)
feat: Add generic webhook source type for TaskSpawner that accepts arbitrary HTTP POST payloads and maps JSON fields to task template variables via JSONPath expressions, enabling integration with any webhook-capable system without Kelos-side code changes.
(#902)
Action Required: The --token-refresher-resource-requests, --token-refresher-resource-limits, and --token-refresher-image flags are removed. Remove these flags from any automation scripts or custom controller manifests before upgrading. (#971)
Remove the token-refresher sidecar container from spawner and ghproxy pods. GitHub App installation tokens are now generated in-process, reducing per-pod resource usage and simplifying pod specs. Existing deployments are migrated automatically on the next controller reconcile. (#971)
Add --values/-f, --set, --set-string, and --set-file flags to kelos install for customizing the embedded Helm chart, enabling arbitrary value overrides without dedicated CLI flags.
(#955)
Add podOverrides.labels field to Task and TaskSpawner for specifying custom labels on Jobs and Pods.
(#938)
Features
Update cursor image from 2026.03.30-a5d3e17 to 2026.04.08-a41fba1 (#934)
Add Homebrew installation support: users can now install Kelos via brew tap kelos-dev/tap && brew install kelos
(#818)
Fix empty {{.Branch}} template variable for issue_comment webhook events on pull requests. The webhook server now fetches the PR's head branch from the GitHub API. Configure credentials via the new webhookServer.sources.github.githubSecretName Helm value, supporting both PAT and GitHub App authentication.
(#892)
Bug Fixes
Fix kelos get taskspawner to display SOURCE column for GitHubWebhook and LinearWebhook TaskSpawners (#919)
Add Linear webhook support for TaskSpawners. Configure when.linearWebhook with resource types and filters to automatically spawn tasks from Linear events (issues, comments, projects). Supports filtering by action (create/update/remove), workflow state, labels, and exclude labels.
(#866)
Add excludeAuthors field to githubWebhook, githubIssues, and githubPullRequests TaskSpawner sources to filter out events and work items from specific GitHub usernames.
(#880)
Features
Update claude-code image from 2.1.87 to 2.1.92 (#873)
Added multi-architecture (amd64/arm64) support for container images (#913)
Add --prompt-file flag to kelos run to read task prompts from a file or stdin, enabling multi-line prompts without shell quoting. (#901)
ghproxy now exposes kelos_ghproxy_github_api_upstream_requests_total to count actual upstream GitHub API calls separately from proxied request volume, including miss, revalidation, and non-GET passthrough paths. (#882)
Bug Fixes
Fixed kelos suspend/resume commands to use patch semantics, preventing accidental loss of newly introduced TaskSpawner fields. (#897)
Add GitHub webhook support for TaskSpawners with new githubWebhook source type. TaskSpawners can now be triggered by GitHub webhook events (issues, PRs, comments) with configurable filtering. Includes webhook server deployment, signature validation, and Helm chart templates with ingress support.
(#851)
Features
Update claude-code image from 2.1.87 to 2.1.88 (#854)
Update cursor image from 2026.03.25-933d5a6 to 2026.03.30-a5d3e17 (#855)
TaskSpawner GitHub discovery now uses a workspace-scoped ghproxy that owns Workspace GitHub auth and coalesces concurrent cache misses, reducing repeated cache misses and unnecessary GitHub API traffic.
(#859)
You can now configure a TaskTemplate with labels and annotations expressions which will be available on the Task
(#810)
Features
Add ghproxy caching server to reduce duplicate GitHub API requests across TaskSpawner pods. Deployed automatically as part of the Helm chart. Configure allowed upstream hosts via ghproxy.allowedUpstreams Helm value. (#838)
Update cursor image from 2026.03.20-44cb435 to 2026.03.25-933d5a6 (#801)
Add Prometheus metrics export to kelos-spawner for discovery cycle observability (#821)
users can now install kelos with helm: "helm install kelos oci://ghcr.io/kelos-dev/charts/kelos"
(#806)
Add Prometheus metrics (kelos_github_api_requests_total, kelos_github_api_request_duration_seconds) for GitHub API calls (#808)
Restructured Helm values.yaml to use nested spawner.resources and tokenRefresher.resources keys instead of flat spawnerResourceRequests/spawnerResourceLimits/tokenRefresherResourceRequests/tokenRefresherResourceLimits values. Also moved spawnerImage and tokenRefresherImage under spawner.image and tokenRefresher.image respectively. (#798)
Helm chart now includes CRDs as templates, enabling standalone helm install/upgrade without the kelos CLI. CRD installation can be disabled via crds.install=false for users managing CRDs externally. (#832)
Bug Fixes
Fix Helm chart release to default to release-tagged images instead of :latest (#825)
Other Changes
Labels on controller-managed resources changed from app.kubernetes.io/* to kelos.dev/*. Spawner Deployments are migrated automatically by the controller. The controller manager Deployment must be manually deleted before upgrading (kubectl delete deployment kelos-controller-manager -n kelos-system) because spec.selector.matchLabels is immutable; it will be recreated by the install process. (#826)
Add none credential type (credentials.type: none) that disables built-in credential injection. Users supply provider-specific credentials via podOverrides.env and can set podOverrides.serviceAccountName for workload identity (IRSA, GKE Workload Identity, Azure Workload Identity). This enables AWS Bedrock, Google Vertex AI, and other providers without provider-specific CRD fields. (#785)
Add --controller-resource-requests and --controller-resource-limits flags to kelos install for configuring controller container resources. The previously hardcoded resource limits have been removed to prevent OOM kills. (#783)
The Kelos skill can now be installed via skills.sh: npx skills add kelos-dev/kelos (#762)
Added kelos install --token-refresher-resource-requests and --token-refresher-resource-limits so GitHub App token refresher sidecars can be configured with CPU and memory resources. (#755)
Add --spawner-resource-requests and --spawner-resource-limits flags to kelos-controller for configuring resource requirements on spawner containers. Also available via kelos install CLI. (#737)
The install mechanism now uses an embedded Helm chart for manifest rendering, replacing raw YAML string manipulation. All existing CLI flags and behavior are preserved. (#728)
