0.3.15

[0.3.15] - 2026-04-17

Fixed

• PatchToolCallsCapability caused ValidationException: duplicate Ids on Bedrock when tools raised ModelRetry — when a tool raised ModelRetry, pydantic-ai records the retry as a RetryPromptPart (carrying the original tool_call_id) on the following ModelRequest, not as a ToolReturnPart. The patch processor only scanned for ToolReturnPart when deciding whether a ToolCallPart was orphaned, so it injected a synthetic ToolReturnPart with the same id — leaving the request with two parts sharing one tool_call_id. Strict providers (Bedrock minimax.minimax-m2.5 and others) rejected the request with The toolResult blocks at messages.N.content contain duplicate Ids. The processor now treats RetryPromptPart as a valid answer to a ToolCallPart, so no synthetic return is injected and the history remains valid. (#79, reported by @thatGreekGuy96)

0.3.14

[0.3.14] - 2026-04-16

Fixed

• Subagents ignored parent web_search/web_fetch settings — the default subagent factory in create_deep_agent hardcoded web_search=True and web_fetch=True, overriding the parent agent's configuration. On Bedrock and Vertex Anthropic models this produced a 400 error (web_fetch_20250910 not accepted), because the beta web tools are not supported there. The factory now propagates the parent agent's web_search and web_fetch flags to spawned subagents. (#77, reported by @SvdR82)

0.3.13

[0.3.13] - 2026-04-13

Fixed

• User-provided tools lost metadata when passed via tools= parameter — tools registered through create_deep_agent(tools=[...]) were previously added via agent.tool(tool.function) after construction, which hardcoded takes_ctx=True and discarded all Tool-level metadata (name, description, prepare, max_retries, requires_approval, timeout). Tools are now passed directly to the Agent constructor, preserving all metadata and correctly honouring the original takes_ctx value. (PR #75 by @ilayu-blip)

0.3.12

[0.3.12] - 2026-04-13

Added

• Bandit security scanner — Bandit is now part of the development toolchain and CI pipeline. It runs on every commit via the new security job in GitHub Actions and is also available locally via make security. The scanner checks production code (pydantic_deep/) for common Python security vulnerabilities (CWE-listed issues). No medium- or high-severity findings block a merge.
• GitHub Issue Templates — structured forms for bug reports and feature requests guide contributors to provide the right information. Blank issues are disabled; the config redirects security reports to security@vstorm.co.
• Pull Request Template — a checklist-based PR template ensures contributors verify tests, linting, type checking, and the security scan before requesting review.

Fixed

• MD5 usedforsecurity flag (StuckLoopDetection) — hashlib.md5() calls used for tool-call fingerprinting in stuck_loop.py now pass usedforsecurity=False, correctly signalling that the hash is used for deduplication (not cryptographic security). This resolves a Bandit B324 High-severity finding.

Changed

• CONTRIBUTING.md — expanded with an explicit test policy (new functionality requires tests; 100 % coverage is enforced mechanically), a coding-standards reference table (Ruff, Pyright, MyPy, Bandit with pyproject.toml links), English-language requirement, API docs pointer, and a static-analysis section documenting all quality gates.
• make all — now includes make security (Bandit scan) in addition to the existing format → lint → typecheck → testcov sequence.
• Docs site — homepage (docs/index.md) rewritten with a plain-language problem/solution description and explicit "Next Steps" links to Installation, Getting Help, and Contributing. New docs/contributing.md page added to the nav, covering setup, PR requirements, and test policy. docs/index.md subtitle updated to remove jargon.
• OpenSSF Best Practices badge — badge embedded in README and docs homepage; badge targets project ID 12495 at bestpractices.dev.

0.3.11

[0.3.11] - 2026-04-13

Fixed

• Browser opens on every message (BrowserCapability) — async_playwright() was entered eagerly
  at the start of wrap_run, spawning the Playwright Node.js driver process (which in turn opened a
  browser window) on every agent run — even when no browser tool was ever called. The Playwright context
  manager is now entered lazily inside the first-tool-call launcher, so runs that never use the browser
  incur zero Playwright overhead and no browser process is started.
• Browser window always visible (browser_headless default) — the CLI config defaulted
  browser_headless = false, meaning any browser launch produced a visible Chrome window. Changed to
  browser_headless = true.

0.3.10

[0.3.10] - 2026-04-12

Changed

• Version re-release of 0.3.9 — 0.3.9 was published to PyPI and this release carries
  the same changes forward under a new version number. No functional differences from 0.3.9.

0.3.9

[0.3.9] - 2026-04-12

Added

• Chromium auto-install (BrowserCapability.auto_install) — when the Chromium binary is missing,
  BrowserCapability now automatically runs playwright install chromium via the current Python
  interpreter before the first agent run. On success the launch is retried immediately; on failure the
  browser degrades gracefully (tools hidden, no instructions injected) without crashing the agent.
  Controlled via auto_install: bool = True on BrowserCapability.

Changed

• install.sh now ships browser support out of the box — the one-line installer now installs
  pydantic-deep[cli,browser] (was [cli]) and runs playwright install chromium automatically.
  New users get a fully working browser without any manual steps.
• Browser tool usage guidance — BROWSER_INSTRUCTIONS now includes an explicit "when to use
  browser vs web_search / web_fetch" section. The model is instructed to prefer the lighter
  web_search / web_fetch tools for information lookup and static pages, and to reserve the
  Playwright browser for interactive workflows (login, forms, JS-heavy SPAs, screenshots).

0.3.8

[0.3.8] - 2026-04-12

Added

• Automatic context limit warnings (LimitWarnerCapability) — the agent now receives URGENT/CRITICAL
  warnings injected as user messages when approaching the context window limit. Warnings start at 70% usage
  (well before auto-compression at 90%), giving the model time to wrap up or use /compact. Previously only
  the TUI status bar showed context usage — the model itself had no awareness of approaching limits.
  Enabled automatically when context_manager=True (the default)
• Stuck loop detection (StuckLoopDetection) — new capability that detects repetitive agent behavior
  and intervenes before the agent wastes tokens. Detects three patterns: repeated identical tool calls,
  A-B-A-B alternating calls, and no-op calls (same result). Configurable threshold (max_repeated, default 3)
  and action (warn via ModelRetry or error via StuckLoopError). Per-run state isolation via for_run().
  Enabled by default via stuck_loop_detection=True in create_deep_agent()
• BM25-ranked history search — search_conversation_history now uses BM25 ranking instead of naive
  substring matching. Multi-word queries are tokenized — each word is scored independently, rare terms
  (high IDF) rank higher than common ones, and results are sorted by relevance score. Zero dependencies
  (pure Python implementation using the standard Elasticsearch/Lucene BM25 formula)
• Expanded context file discovery — DEFAULT_CONTEXT_FILENAMES now discovers 7 convention file types
  instead of 2: added CLAUDE.md, .cursorrules, .github/copilot-instructions.md, CONVENTIONS.md,
  and CODING_GUIDELINES.md alongside the existing AGENTS.md and SOUL.md. Subagent allowlist updated
  to include CLAUDE.md (project instructions relevant to subagents)

Changed

• Eviction uses after_tool_execute hook instead of history processor — large tool outputs are now
  intercepted before they enter message history via the new EvictionCapability, rather than after
  the fact via EvictionProcessor (history processor). This means the full output never bloats the message
  list in memory. The old EvictionProcessor is preserved for backward compatibility but
  create_deep_agent() now uses EvictionCapability by default
• Orphan repair uses before_model_request hook instead of history processor — PatchToolCallsCapability
  replaces patch_tool_calls_processor as the default in create_deep_agent(). Integrates with the
  pydantic-ai capabilities system instead of raw history processors. The old processor function is preserved
  for backward compatibility and standalone use

Fixed

• Browser tools never require approval — BrowserCapability now uses prepare_tools to force
  kind='function' on all browser tools (navigate, click, execute_js, etc.), ensuring they never
  trigger approval dialogs even if a user adds browser tool names to approve_tools
• Checkpoint per-run state isolation — CheckpointMiddleware now implements for_run() to return a
  fresh instance per agent run with isolated _turn_counter and _latest_messages. Previously, concurrent
  agent.run() calls on the same agent would share and corrupt checkpoint state

0.3.7

[0.3.7] - 2026-04-11

Fixed

• web_search not working for non-Anthropic and OpenRouter models — duckduckgo local fallback was not
  included in cli / tui extras, so WebSearch silently fell back to native-only mode. Models accessed
  through OpenRouter (or any provider without native web-search support) would report no web_search tool.
  pydantic-ai-slim[duckduckgo] is now bundled in both cli and tui extras

0.3.6

[0.3.6] - 2026-04-11

Added

• One-command installer (install.sh) — macOS and Linux users can now install pydantic-deep without knowing
  Python or pip. A single curl command installs uv (if missing) and then the CLI:

  curl -fsSL https://raw.githubusercontent.com/vstorm-co/pydantic-deep/main/install.sh | bash

  The script auto-detects uv, falls back to installing it via astral.sh/uv, then runs
  uv tool install "pydantic-deep[cli]". Verifies the installation and prints PATH instructions
  if the binary is not immediately discoverable
• pydantic-deep update command — self-update command that upgrades to the latest PyPI release.
  Uses uv tool upgrade pydantic-deep when uv is available; falls back to
  pip install --upgrade "pydantic-deep[cli]" otherwise
• Startup update notifications — on every CLI invocation the tool silently checks PyPI for a newer
  version and prints a one-line notice when one is found:

  Update available: v0.3.6 → v0.3.7  Run: pydantic-deep update
  

  The check is backed by a 24-hour file cache (~/.pydantic-deep/update_check.json) so the network
  is only hit once per day. A 2-second timeout ensures the check never blocks startup

Fixed

• ModuleNotFoundError: No module named 'textual' on fresh install — textual was listed under the
  tui optional extra but missing from cli, so uv tool install "pydantic-deep[cli]" produced a broken
  installation that crashed immediately on launch. textual>=3.0.0 is now included in both cli and tui