From de16a904a3154e26f81d8b64ae967d083b7e8d44 Mon Sep 17 00:00:00 2001 From: Kishore Kumar Date: Thu, 11 Jun 2026 11:17:09 +0530 Subject: [PATCH 1/2] =?UTF-8?q?docs(changelog):=20M90=5F002=20=E2=80=94=20?= =?UTF-8?q?terminal=20gate=20writes,=20strand=20recovery,=20loss-proof=20w?= =?UTF-8?q?ebhooks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Jun 11, 2026 entry: events refused by a lease gate now end in a visible gate_blocked row with a named failure_label instead of stranding; stranded deliveries recover; webhook enqueue failures stay deliverable on retry; steering a paused zombie returns 409 UZ-ZMB-012 with current_state; paused webhooks return 200 ignored zombie_paused (UZ-WH-003 retired). Co-Authored-By: Claude Fable 5 --- changelog.mdx | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/changelog.mdx b/changelog.mdx index 16ec9eb..da23c36 100644 --- a/changelog.mdx +++ b/changelog.mdx @@ -22,6 +22,27 @@ export const STAGE_SELF_MANAGED_M66 = "$0.0001"; usezombie is in **stealth-mode testing** and pre-production. APIs and agent behavior may change between releases without long deprecation windows. Email [usezombie@agentmail.to](mailto:usezombie@agentmail.to) if you want a hand calibrating an agent or to join as a design partner. + + ## Events that can't run now say why, instead of stranding silently + + Every accepted delivery now ends in a state you can see, or stays recoverable. Before, an event refused by a lease gate — a missing credential, a denied approval, an approval that timed out — sat in `received` forever with no signal; a delivery stranded in a retired or crashed runner's queue was never retried; and a webhook whose enqueue hit a transient error came back `duplicate` on the sender's retry and was lost for good. All three are fixed. + + ## What's new + + - **Steering a paused zombie fails loudly** — `POST /v1/workspaces/{workspace_id}/zombies/{zombie_id}/messages` returns `409 UZ-ZMB-012` with a resume hint and a `current_state` field, instead of accepting a message that would silently never run. + + ## Bug fixes + + - **Gate refusals are visible** — a delivery a lease gate refuses is written as a terminal `gate_blocked` event with a named `failure_label` (`secret_missing`, `tenant_resolve_failed`, `approval_denied`, `approval_expired`, `balance_exhausted`), so the events history shows why nothing ran instead of leaving the event pending forever. + - **Stranded deliveries recover** — a delivery left pending in a retired or crashed runner's queue is reclaimed and re-leased, rather than waiting forever. + - **Webhooks are loss-proof** — a transient enqueue failure no longer burns the idempotency slot, so the sender's retry delivers the event exactly once. A genuine duplicate still dedupes. + - **Missing credentials refuse the run** — a zombie that declares a credential absent from the vault no longer ships a run with an empty secrets map; it refuses with a `secret_missing` terminal row. + + ## API reference + + - **Webhooks to a paused zombie** — the generic, GitHub, and Svix webhook endpoints now return `200 {"ignored": "zombie_paused"}` for a paused zombie instead of `409`; the retired `UZ-WH-003` code is gone. The idempotency slot is not consumed, so a redelivery after resume processes normally. + + ## Groundwork for kernel-enforced egress allowlists on sandboxed runners From bf7f973be101e17fb3fa7ae621e718dace3416db Mon Sep 17 00:00:00 2001 From: Kishore Kumar Date: Thu, 11 Jun 2026 23:13:04 +0530 Subject: [PATCH 2/2] docs(changelog): fix section order + legacy product noun (greptile P2x2) Sections back to the fixed order (What's new -> API reference -> Bug fixes); prose "zombie" -> "agent" in three bullets (wire tokens like zombie_paused and route paths stay); "events history" -> the canonical "activity stream" for the append-only event record. Co-Authored-By: Claude Fable 5 --- changelog.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/changelog.mdx b/changelog.mdx index da23c36..388f6e4 100644 --- a/changelog.mdx +++ b/changelog.mdx @@ -29,18 +29,18 @@ export const STAGE_SELF_MANAGED_M66 = "$0.0001"; ## What's new - - **Steering a paused zombie fails loudly** — `POST /v1/workspaces/{workspace_id}/zombies/{zombie_id}/messages` returns `409 UZ-ZMB-012` with a resume hint and a `current_state` field, instead of accepting a message that would silently never run. + - **Steering a paused agent fails loudly** — `POST /v1/workspaces/{workspace_id}/zombies/{zombie_id}/messages` returns `409 UZ-ZMB-012` with a resume hint and a `current_state` field, instead of accepting a message that would silently never run. + + ## API reference + + - **Webhooks to a paused agent** — the generic, GitHub, and Svix webhook endpoints now return `200 {"ignored": "zombie_paused"}` for a paused agent instead of `409`; the retired `UZ-WH-003` code is gone. The idempotency slot is not consumed, so a redelivery after resume processes normally. ## Bug fixes - - **Gate refusals are visible** — a delivery a lease gate refuses is written as a terminal `gate_blocked` event with a named `failure_label` (`secret_missing`, `tenant_resolve_failed`, `approval_denied`, `approval_expired`, `balance_exhausted`), so the events history shows why nothing ran instead of leaving the event pending forever. + - **Gate refusals are visible** — a delivery a lease gate refuses is written as a terminal `gate_blocked` event with a named `failure_label` (`secret_missing`, `tenant_resolve_failed`, `approval_denied`, `approval_expired`, `balance_exhausted`), so the activity stream shows why nothing ran instead of leaving the event pending forever. - **Stranded deliveries recover** — a delivery left pending in a retired or crashed runner's queue is reclaimed and re-leased, rather than waiting forever. - **Webhooks are loss-proof** — a transient enqueue failure no longer burns the idempotency slot, so the sender's retry delivers the event exactly once. A genuine duplicate still dedupes. - - **Missing credentials refuse the run** — a zombie that declares a credential absent from the vault no longer ships a run with an empty secrets map; it refuses with a `secret_missing` terminal row. - - ## API reference - - - **Webhooks to a paused zombie** — the generic, GitHub, and Svix webhook endpoints now return `200 {"ignored": "zombie_paused"}` for a paused zombie instead of `409`; the retired `UZ-WH-003` code is gone. The idempotency slot is not consumed, so a redelivery after resume processes normally. + - **Missing credentials refuse the run** — an agent that declares a credential absent from the vault no longer ships a run with an empty secrets map; it refuses with a `secret_missing` terminal row.