All releases
v0.3.2

Pluralistic Git: Many Hosts, Transports & Identities

Trinity now runs every project against its own git host, transport, credential, and identity — in parallel. Delivered by managed SSH as an opt-in transport, a four-host forge layer (GitHub, GitLab, Gitea, Forgejo), a local credential store, and per-destination identity resolution — plus a safer access model and a destination/identity picker at team setup.

New

  • Per-project git host, transport, and identity — Trinity resolves the git host, the door, the credential, and the identity per destination rather than from one global git context. Different projects can push to GitHub, GitLab, Gitea, or Forgejo, over different transports, as different accounts — all running at the same time, with each operation pinning its own settings.
  • Managed SSH transport — A new opt-in door per destination: Trinity generates and stores a per-account SSH key pair, enrolls the public key with the host, and selects the right door for each device automatically. HTTPS tokens remain the default door and are fully supported.
  • Per-device key auto-fulfill — On devices that haven't enrolled yet, Trinity detects the gap and silently provisions the missing key, so a fresh machine is ready without any manual step.
  • GitHub, GitLab, Gitea, and Forgejo adapters — A unified forge interface with a full capability model backs all four hosting providers. Each adapter handles listing, pagination, and credential threading in a provider-native way.
  • Credential store for git hosting — Hosting credentials and git identities live in a local credential plane, with per-destination identity resolution used for every invite, revoke, and provisioning operation.
  • Destination/identity picker at team-create — When creating a team, you now choose the hosting destination and the identity Trinity will use to manage that team's repositories, right at setup time.
  • Access removal as a soft-delete — "Remove from project" replaces "Revoke" and runs a disable-first state machine: access is cut off immediately, cleanup completes in the background, and the operation is safe to interrupt or retry.
  • Access-state cache — Trinity caches each member's access state from the last completed operation rather than re-probing permissions at story start, making access decisions faster and consistent across concurrent operations.
  • Per-destination roster — Collaborator suggestions at invite time are sourced from the team's hosting roster rather than inferred from invite history, so suggestions reflect who actually has access on that host.
  • Project access management page — A new per-member access panel shows every team member's push status against each managed repo — ready, blocked (with the specific repo named), invited, no linked account, or unverified — and lets owners invite or remove members inline. A request-access inbox collects access requests so owners can act on them in one place.
  • Git-write gate at story start — Stories now check whether the executing member can push to every managed repo before agent work begins. A blocked member sees a named gate with the affected repo and a path to request access, rather than hitting a push failure mid-run.
  • Auto-approve technology deviations — A new per-project (and global) flag auto-clears the technology-deviation gate, mirroring the existing autoApproveQualityCheckpoints option. Teams that trust their stack choices can skip the deviation approval step entirely.

Improved

  • GitLab API-scope guidance on SSH enroll failure — When enrolling an SSH key against a GitLab account fails due to insufficient token scope, Trinity surfaces the exact scope needed rather than a generic error.
  • Project-access panel polish — Loading, empty, and error states in the project-access panel are cleaner and fully accessible.

Fixed

  • Forge list operations now walk all pages — List endpoints previously returned only the first page from most providers; Trinity now follows pagination to completion so no repositories are silently omitted.
  • Provider max page size respected — Requests to forge list endpoints are capped at each provider's maximum allowed page size, preventing 422 errors on large accounts.
  • Persisted SSH door survives a silent re-save — Re-saving a credential without changing the door selection no longer resets the stored door to the default.
  • Five access-model defects on multi-account identity paths — Edge cases where a member's identity was resolved against the wrong account on bound or multi-account setups are fixed.
  • Team-member removal gated before forge operations — Removing a member now verifies authority before issuing any forge revoke or leak-table writes, preventing partial state on permission failures.
  • Write-but-not-admin org members unblocked — Members with write access but without org-admin privileges were incorrectly blocked at the git-write gate; they now pass through correctly.
  • Duplicate provisioning skipped — Trinity skips inviting members who are already present or have a pending invite on a repository, avoiding redundant API calls and spurious errors.
  • Auto-invite fails closed — A race at the shared-identity read that could cause auto-invite to proceed with the wrong identity is fixed; the operation now fails closed if identity resolution is ambiguous.
  • Session tokens stored at tight permissions — Session token files and account metadata are written at 0600 and their parent directories at 0700, tightening on-disk credential security.