v0.36.1

⚠️ Security

This release temporarily disables the /help_docs command as a mitigation for a credential-exposure vulnerability (#2445).

/help_docs accepted an untrusted runtime override of its git clone target (e.g. --pr_help_docs.repo_url=... from a PR comment), and the clone-URL host validation only checked substring containment. A host that merely contained the allowed host — e.g. github.com.attacker.tld — passed validation, so the git provider token was embedded into a clone URL pointing at an attacker-controlled host, exposing GITHUB_TOKEN (and the equivalent token on other providers).

What's Changed

• Publish Docker Hub image attestations and document digest verification by @copilot-swe-agent[bot] in #2433
• feat: add Gemini 3.1 stable and 3.5 model identifiers to supported model registry by @copilot-swe-agent[bot] in #2432

🚀 Features

• feat(config): add --extra_config_url to merge external .pr_agent.toml by @kiennt2 in #2406
• feat: add Claude Opus 4.8 support by @PeterDaveHello in #2423

🐛 Bug Fixes

• fix: add claude-opus-4-7 to NO_SUPPORT_TEMPERATURE_MODELS (#2400) by @raywcm in #2448
• fix: remove closed Discord community links by @IsmaelMartinez in #2446
• fix(security)!: temporarily disable /help_docs command (#2445) by @naorpeled in #2451
• fix: handle missing [github] settings section at import time by @PraneelBhatia in #2428
• fix: run gitlab_webhook under gunicorn for worker isolation by @pdecat in #2412
• fix: update reference link to configuration.toml by @arsalanyavari in #2425
• fix: readme-markdown-spacing by @DoraC7 in #2333

📚 Documentation

• docs: Fix broken list markup in gitea installation document by @brlin-tw in #2413

Full Changelog: v0.36.0...v0.37.0

v0.36.0

What's Changed

• Update azuredevops_provider.py by @agonzalesipcoop-cmyk in #2375
• fix: prevent KeyError when removing type from PR description data by @wishhyt in #2271
• fix: return empty list on ValueError in _get_commands_list_from_settings by @wishhyt in #2275
• fix: use instance prompt variable for user prompt in code suggestions by @wishhyt in #2270
• refactor: normalize AI request messages by @MGMCN in #2403
• feat(mosaico): add MOSAICO A2A solution agent integration by @ofir-frd in #2414
• feat(mosaico): add Docker Compose overlay for PR-Agent solution agent by @ofir-frd in #2415
• build(ci): add mosaico_agent Docker image to publish workflow by @ofir-frd in #2416

New Contributors

• @agonzalesipcoop-cmyk made their first contribution in #2375
• @MGMCN made their first contribution in #2403

Full Changelog: v0.35.0...v0.36.0

v0.35.0

What's Changed

• feat: update default model to OpenAI's GPT-5.5 by @PeterDaveHello in #2368
• feat(providers): add Sambanova provider by @luisfucros in #2313
• feat: add AWS_USE_IMDS support for ambient IAM credential resolution on Bedrock by @ira-at-work in #2307
• feat(progress-comment): make GIF URL and width configurable by @nicksalt in #2224
• ci: publish multi-arch (arm64) Docker images by @naorpeled in #2396
• ci: pin all GitHub Actions to commit SHAs by @naorpeled in #2395
• ci: add CodeQL workflow for Python static analysis by @naorpeled in #2365
• docs: replace old qodo-ai/pr-agent refs with new the-pr-agent/pr-agent by @PeterDaveHello in #2392
• docs: update documented reasoning_effort configuration values by @PeterDaveHello in #2370
• test: add focused unit tests for core PR-Agent flows by @PeterDaveHello in #2373

🐛 Bug Fixes

• fix: try_fix_yaml failed on snippets with prefix oryml by @XinyuWuu in #2097
• fix(sambanova): correct context windows, add MiniMax-M2.7, cover key forwarding by @naorpeled in #2394
• fix(github-action): handle string "false" for ENABLE_OUTPUT setting by @gvago in #2319
• fix(gerrit): raise HTTPException instead of returning it in Gerrit server by @wishhyt in #2277
• fix(gerrit): explicitly set git provider in server startup by @gvago in #2317

🧹 Maintenance

• chore(deps): upgrade LiteLLM from v1.81.12 to v1.83.14 with dependency updates by @PeterDaveHello in #2369
• chore(deps): upgrade LiteLLM from v1.83.14 to v1.84.0 by @naorpeled in #2390
• chore(deps): update Docker base images from Python v3.12.10 to v3.12.13 by @PeterDaveHello in #2371
• chore(deps): update python-gitlab and pydantic by @donbowman in #2374

Full Changelog: v0.34.3...v0.35.0

v0.34.3

What's Changed

• ci(release): rename codiumai/pr-agent to pragent/pr-agent by @naorpeled in #2360

📚 Documentation

• docs(readme): point examples at the-pr-agent/pr-agent slug by @naorpeled in #2363

Full Changelog: v0.34.2...v0.34.3

v0.34.2

What's Changed

🐛 Bug Fixes

• fix(release): publish under pragent/pr-agent (the actual Docker Hub repo) by @naorpeled in #2361

Full Changelog: v0.34.1...v0.34.2

v0.34.1

What's Changed

• ci(release): add release-drafter and automated publish workflow by @naorpeled in #2359
• Align OpenAI model defaults and examples with GPT-5.4 variants by @PeterDaveHello in #2305
• Add Anthropic's Claude Opus 4.7 model support by @PeterDaveHello in #2354
• Add OpenAI's GPT-5.5 model support by @PeterDaveHello in #2355
• Enhance README with logo and project details by @ofir-frd in #2343
• Remove 'Try It Now' section from README by @ofir-frd in #2340
• Revise README for PR-Agent's open-source transition by @ofir-frd in #2339
• Clean up README by removing old feature announcements by @ofir-frd in #2338
• Fix documentation links in README.md by @ofir-frd in #2336
• docs: update GitHub org references from qodo-ai to the-pr-agent by @ofir-frd in #2328

Full Changelog: v0.34...v0.34.1

v0.34

What's Changed

• fix: Gemini API key invalid due to Ollama Cloud key overwrite by @shine911 in #2288
• Expand and fix auto-generated file filtering in is_valid_file() by @PeterDaveHello in #2289
• fix: prevent dummy_key from overriding provider-specific API keys by @yanukadeneth99 in #2293

New Contributors

• @shine911 made their first contribution in #2288
• @yanukadeneth99 made their first contribution in #2293

Full Changelog: v0.33...v0.34

v0.33

What's Changed

• added a comment to the open source READ.md file by @elanab-qodo in #2239
• docs: add dismissible announcement banner by @naorpeled in #2243
• Add support for Gemini 3 Flash Preview models by @yu-iskw in #2240
• feat: Add OpenAI's gpt-5.3-codex model support by @PeterDaveHello in #2233
• Fix stale docs links and navigation targets by @PeterDaveHello in #2232
• docs: fix banner accessibility and hover color contrast by @naorpeled in #2245
• Add OpenAI's GPT-5.4 model by @PeterDaveHello in #2247
• Use git_provider.remove_comment to delete Azure DevOps comment removal by @jegork in #2237
• docs: remove PR benchmark page by @ofir-frd in #2248
• fix(settings): restore missing large PR handling config for pr_description by @Hank076 in #2234
• Update default model to gpt-5.4-2026-03-05 by @PeterDaveHello in #2254
• fix: restore Dynaconf fresh vars support by @pdecat in #2104
• feat: add branch name issue extraction feature by @damnthonyy in #2231
• Add OpenAI's latest GPT-5.4-mini and GPT-5.4-nano model by @PeterDaveHello in #2266
• feat: add support for gemini-3.1-flash-lite-preview by @rynomster in #2264
• docs: fix broken Get Started link and remove empty div by @Napat in #2262
• feat: add max token for gpt-5.3-chat by @ElliotNguyen68 in #2280
• chore: refine PR reviewer prompt guidance by @PeterDaveHello in #2209
• feat(ollama): Add API key support for Ollama Cloud by @arynyklas in #2278
• Fix minor text issues in prompts and comments by @PeterDaveHello in #2284
• fix: sanitize changes diagram input by @nagai9999 in #2212
• perf: optimize regex compilation in patch processing by @rynomster in #2263

New Contributors

• @elanab-qodo made their first contribution in #2239
• @jegork made their first contribution in #2237
• @Hank076 made their first contribution in #2234
• @damnthonyy made their first contribution in #2231
• @rynomster made their first contribution in #2264
• @Napat made their first contribution in #2262
• @ElliotNguyen68 made their first contribution in #2280
• @arynyklas made their first contribution in #2278
• @nagai9999 made their first contribution in #2212

Full Changelog: v0.32...v0.33

v0.32

What's Changed

• Update README.md v2 by @DanaFineTLV in #2095
• feat: improvements for Gitea integration by @siccous in #2071
• Remove Scala and other languages from docs by @AdamWalkerQodo in #2064
• docs: add GPT-5.1 benchmark results to PR benchmark documentation by @ofir-frd in #2106
• feat: add OpenAI GPT-5.1 series models by @PeterDaveHello in #2103
• docs: add Gemini-3-pro-review benchmark results by @ofir-frd in #2111
• Add Claude Opus 4.5 to PR Banchmark by @ofir-frd in #2118
• Update README.md by @DanaFineTLV in #2135
• docs(README): add note formatting by @naorpeled in #2136
• Update README.md by @DanaFineTLV in #2143
• Update README.md by @DanaFineTLV in #2145
• Add OpenAI GPT-5.2 models by @PeterDaveHello in #2133
• Add latest Claude 4~4.5 series model entries by @PeterDaveHello in #2124
• add gpt5 models to models without temperature support by @dzmitryashkinadze in #2116
• chore: upgrade actions/checkout from v4 to v5 by @luojiyin1987 in #2108
• feat(models): support US Claude Opus 4.5 by @naorpeled in #2146
• docs: add AGENTS.md (comprehensive agent guide) by @PeterDaveHello in #2040
• Update README.md by @DanaFineTLV in #2149
• docs: re-add quick start by @naorpeled in #2150
• chore(ci): upgrade actions/checkout from v5 to v6 by @dethan3 in #2148
• Set default model to GPT-5.2 per PR benchmark, newer knowledge cutoff by @PeterDaveHello in #2154
• Update README.md by @DanaFineTLV in #2164
• Add support for OpenAI's gpt-5.2-codex by @PeterDaveHello in #2166
• Handle /similar_issue on non-GitHub providers by @evanscastonguay in #2158
• chore(qodo-reviewer): add new agentic reviewer by @naorpeled in #2170
• change deprecated dict() to model_dump() pydantic method by @even-even in #2123
• Update README.md by @DanaFineTLV in #2187
• fix(gitlab): add missing ssl_verify parameter for private_token auth by @heoyongun in #2173
• Fix: Respect reasoning_effort config for GPT-5 models by @Tyler-Rak in #2131
• docs: fix inconsistent parameter name in CLI help text by @cxxCoolStar in #2102
• core(gitea): update authentication method to use AuthorizationHeaderToken for API calls by @philipp-horstenkamp in #2142
• feat: add Claude Opus 4.6 model support by @PeterDaveHello in #2204
• feat: add Claude Opus 4.6 model to MAX_TOKENS by @hholst80 in #2205
• feat: add support for gemini-3-pro-preview model by @claudiunicolaa in #2202
• Update azure-devops version to 7.1.0b4 to fix #2207 by @AieatAssam in #2208
• feat: Add Gemini 3.1 preview model mappings by @PeterDaveHello in #2225
• Allow PORT override for GitLab webhook server by @evanscastonguay in #2157
• up pytest to 9.xx and add pytest-asyncio to fix some warnings in tests by @even-even in #2222
• docs: remove Qodo merge references by @naorpeled in #2198
• fix: pin PyJWT to 2.10.1 to keep GitHub App auth working by @ernest-gonzales in #2218
• fix: defer Azure DevOps annotations to avoid import-time crash by @ernest-gonzales in #2219
• feat: add Anthropic Claude Sonnet 4.6 model mappings by @PeterDaveHello in #2221
• Bump LiteLLM from 1.77.7 to 1.81.12 by @ofir-frd in #2227
• docs: improve dark mode contrast and replace favicon by @ofir-frd in #2228

New Contributors

• @DanaFineTLV made their first contribution in #2095
• @siccous made their first contribution in #2071
• @naorpeled made their first contribution in #2136
• @dzmitryashkinadze made their first contribution in #2116
• @luojiyin1987 made their first contribution in #2108
• @dethan3 made their first contribution in #2148
• @evanscastonguay made their first contribution in #2158
• @even-even made their first contribution in #2123
• @heoyongun made their first contribution in #2173
• @Tyler-Rak made their first contribution in #2131
• @cxxCoolStar made their first contribution in #2102
• @philipp-horstenkamp made their first contribution in #2142
• @hholst80 made their first contribution in #2205
• @claudiunicolaa made their first contribution in #2202
• @AieatAssam made their first contribution in #2208
• @ernest-gonzales made their first contribution in #2218

Full Changelog: v0.31...v0.32

v0.31

codiumai/pr-agent:0.31
codiumai/pr-agent:0.31-github_app
codiumai/pr-agent:0.31-bitbucket_app
codiumai/pr-agent:0.31-gitlab_webhook
codiumai/pr-agent:0.31-github_action
codiumai/pr-agent:0.31-azure_devops_webhook
codiumai/pr-agent:0.31-gitea_app

What's Changed

• feat: wrap the command's entry point to catch all errors by @alessio-locatelli in #1884
• More informative error message in case search returned an error by @sharoneyal in #1894
• Enhance Azure DevOps Integration with Work Item Ticket Retrieval and Comment Thread Updates by @abishlal in #1890
• gemini 2.5 flash/pro GA models by @rppavan in #1895
• test: auto-trigger /add_docs on PR opened events by @jmsb02 in #1891
• Add bedrock Llama 4 Scout/Maverick by @dcieslak19973 in #1892
• feat: enable PR diagram by default and improve mermaid diagram genera… by @mrT23 in #1897
• feat: support ignoring auto-generated files by language/framework by @isExample in #1898
• docs: add suggestions_depth configuration parameter documentation by @mrT23 in #1903
• Tr/suggestions depth by @mrT23 in #1904
• Update docs that Gitlab also supports Incremental Update by @sharoneyal in #1905
• docs: update sequence diagram support section and recent updates by @mrT23 in #1907
• fix: improve indentation handling in code suggestions by @mrT23 in #1909
• docs: update README organization and add Qodo Merge open source link by @ofir-frd in #1908
• add support for PR sequence diagram in description markers by @abhinav-1305 in #1911
• clarify that Fetching Ticket Context affects Ask tool by @abhinav-1305 in #1913
• apply repository settings before processing push commands in GitLab webhook by @abhinav-1305 in #1914
• fix: correct typo in configuration comments by @abhinav-1305 in #1920
• fix: Remove trailing comma in gerrit provider prepare_repo function by @abhinav-1305 in #1922
• fix: Correct resultsContainer handling by @abhinav-1305 in #1923
• fix: correct FAQ answer numbering for questions 6 and 7 by @abhinav-1305 in #1924
• docs: improve installation for various providers by @abhinav-1305 in #1927
• feat: support OpenAI Flex Processing via [litellm] extra_body config by @abhinav-1305 in #1921
• fix: Add ignore logic for Bitbucket Server webhook by @abhinav-1305 in #1929
• fix: clean up PR title formatting before publishing by @abhinav-1305 in #1931
• feat: Support Only Streaming Model by @Makonike in #1925
• refactor(ai_handler): move streaming response handling and Azure toke… by @mrT23 in #1935
• docs: A new compliance tool by @ofir-frd in #1942
• Tr/describe redesign by @mrT23 in #1944
• docs: add detailed configuration examples for GitHub Actions models by @abhinav-1305 in #1933
• docs: update Google Tag Manager ID in custom analytics integration by @abhinav-1305 in #1934
• Hl/create ticket docs by @hussam789 in #1946
• reorder by @hussam789 in #1947
• fix: add support for filtering ignored files in Bitbucket Server provider by @furikake6000 in #1938
• fix: update documentation for tools by @abhinav-1305 in #1945
• merge the docs of chrome extension into one page by @hussam789 in #1956
• update recent updates and add gitlab issues docs by @hussam789 in #1957
• Update changing_a_model.md by @loicngr in #1958
• Add high-level suggestions to docs by @sharoneyal in #1961
• feat: Add support for Bedrock custom inference profiles via model_id by @abhinav-1305 in #1954
• feat: add eyes reaction to GitLab provider by @FabrizioCafolla in #1949
• docs: add interactive Q&A feature documentation for review comments by @doljae in #1973
• docs: add compliance tool to RAG context enrichment documentation by @ofir-frd in #1971
• docs: improve document for enable using commands in PR comments the GitHub Actions by @doljae in #1975
• feat: allow configuring gitlab ssl verification by @marc0777 in #1955
• Fix: defer file sorting until after token calculation by @huangyoje in #1970
• Fix GitLab authentication for private deployments running GitLab 11.1.4 (401 Unauthorized error) by @Mr-jing in #1969
• Fix issue in the GitLab provider by @emmanuel-ferdman in #1979
• Fix comment_id name in handle_ask_line by @huangyoje in #1978
• Update GitHub marketplace link by @ericglau in #1981
• Tr/benchmark by @mrT23 in #1983
• fix: update litellm dependency to include proxy support and clean up … by @mrT23 in #1984
• fix: update model prefix in litellm_ai_handler and adjust dependencie… by @mrT23 in #1986
• docs: fix typo in OpenAI model parameter name to search by @cxyfreedom in #1988
• Update fetching_ticket_context.md by @hussam789 in #1972
• fix: add temperature arg to self reflect of improve by @yamoyamoto in #1996
• Add models for Groq by @dceoy in #1995
• Adds a new configuration group [azure_devops] to allow "active" comments by @LawrenceMantin in #1998
• feat: enhance BitbucketServerProvider authentication with username and password fallback by @boston008 in #1980
• Correct variable for url for bitbucket server by @papi656 in #2000
• PR reviewer tool: add an opt-in work time estimation by @alessio-locatelli in #2006
• Tr/updates23 by @mrT23 in #2008
• Set a status for comments on azure devops by @acamacho-sprbrk in #2011
• Clarify README: PR-Agent vs. Qodo Merge by @coditamar in #2016
• docs: update hierarchical repository examples with generic naming conventions by @ofir-frd in #2019
• fix: correct variable name for last merge source commit in Azure DevOps provider by @abhinav-1305 in #2018
• feat: enhance documentation with additional repository metadata secti… by @mrT23 in #2021
• [GitLab] Submodule expansion functionality added by @alex107ivanov in #2014
• docs: update Azure DevOps pipeline instructions for PR-Agent by @abhinav-1305 in #2017
• feat: Qdrant support to find similar issues by @Anush008 in #2022
• docs: add Qodo Merge CLI section to documentation navigation by @hussam789 in #2030
• docs: simplify navigation links in Qodo Merge CLI documentation by @hussam789 in #2031
• Support Gitbooks Rendering by @AdamWalkerQodo in #2032
• Add gitbook configuration file by @AdamWalkerQodo in #2033
• Fix typo on docs by @rizkiandrianto in #2035
• docs: add super exhaustive mode configuration for comprehensive code suggestions by @ofir-frd in #2036
• Update Qodo Merge installation for Gitlab documentation by @sharoneyal in #2034
• Update documentation to clarify the need to set bitbucket data center url by @sharoneyal in #2052
• chore: add error log on model prediction failure by @yamoyamoto in #2053
• fix: upgrade packages to address security vulnerabilities by @XoRohan in #2051
• Remove useless pass from git_provider by @sbobryshev in #2059
• feat: add support for Claude Sonnet 4.5 by @cawamata in https://github.com/qodo-...