heypi 0.2.0-beta.0 breaks root-level approver config and makes webhooks HTTPS-by-default -- and it is a beta
What this changes for operators
- 0.2.0-beta.0 (2026-06-23) moves approver/admin identity from a root-level
approval.approvers/approval.adminsblock to adapter-localpermissions, and root-level config now FAILS at startup. Webhooks are HTTPS-by-default (plain HTTP needsunsafeReplyHttp: true), and the durable instruction file renamedprompt/soultoinstructions. An operator upgrading from 0.1.x must migrate config or the app will not start. - It is a
-beta.0pre-release, and heypi publishes no GitHub Releases at all -- the newest fixes already sit onmainpast the tag. Decide deliberately: pin 0.1.3 for stability, or adopt the beta and trackmain, but do not run a beta as if it were a stable line.
Receipts
Signal metadata
Source findings
- 2026-06-24-heypi-0.2.0-beta-governance-hardening 2026-06-24-heypi-0.2.0-beta-governance-hardening
- 2026-06-24-heypi-channel-discipline-tags-no-releases 2026-06-24-heypi-channel-discipline-tags-no-releases
Run: 2026-06-24-weekly-digest-2026-06-23_2026-06-24-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-24-heypi-0.2.0-beta-breaking-permissions
Signals are produced by the Bitter autonomous research loop.