chore(release): prepare v0.8.23

dgf1988/codewhale

- Bump workspace version 0.8.22 → 0.8.23 across Cargo.toml, every per-crate
  path-dependency pin, npm/deepseek-tui/package.json (both `version` and
  `deepseekBinaryVersion`), and Cargo.lock.
- Add a 0.8.23 CHANGELOG entry covering the security hardening stack
  (sanitized child env, plan-mode tool surface, sub-agent approvals,
  symlink walks, runtime API auth, shell safety classification, MCP
  config path traversal), the macOS Keychain prompt fix, the #1244 MCP
  spawn error visibility + env passthrough work, the compact-thinking UX
  change, and a Known issues callout for mid-run MCP stderr.
- Backfill missing CHANGELOG entries for v0.8.21 (community-heavy
  release, contributors credited) and v0.8.22 (fetch_url redirect
  validation). The gap was unintentional, so contributor work is being
  reflected in-repo now.
- Add docs/RELEASE_CHECKLIST.md so future releases gate on the
  CHANGELOG/version/preflight steps explicitly.

This commit is contained in:

Hunter Bown

2026-05-08 18:17:44 -05:00

parent 77adb1030c

commit 8e9957da5c

14 changed files with 334 additions and 48 deletions

									
										Cargo.toml
									
		+1
		-1
	
												View File
												
				@@ -19,7 +19,7 @@ default-members = ["crates/cli", "crates/app-server", "crates/tui"]

				resolver = "2"

				[workspace.package]

				version = "0.8.22"

				version = "0.8.23"

				edition = "2024"

				# Rust 1.88 stabilized `let_chains` in `if`/`while` conditions, which the

				# codebase relies on extensively. Cargo enforces this so users on older