every run accounted for —
every release too.

policy gate reasons now surface in task records

• added gate_reason field emitted on every no_op return, readable via `cliable task get`
• added interaction_task includes caller context block: agent id, run id, timestamp
• fixed gate_reason was silently dropped when policy default was inherited from package manifest
• changed task resolve now validates gate_reason matches original policy contract before committing closure run

shard topology goes two-level: global index + per-connector local shard

• added two-level SQLite topology: root shard holds run index; connector shards hold capability-scoped records
• added `cliable shard list` command returns all active shards with row count and last-write timestamp
• added `cliable shard replay <connector>` reconstructs the full run sequence from a connector shard
• changed run writes are now transactional across the root index and the connector shard simultaneously
• fixed concurrent connector writes could corrupt the root index under high task volume

notion connector ships with read-only policy defaults

• added notion connector: read_page, list_database, query_database capabilities, all default allow
• added notion connector: create_page and update_page default gate — returns interaction_task pending authorization
• added connector package manifest spec v2: policy_defaults block now required for write-capable connectors
• security notion oauth token is scoped to workspace read at bind time; write scope requires explicit re-auth
• changed connector install now verifies manifest schema version before writing to registry

auth normalization fix for connectors using bearer + api-key dual schemes

• fixed auth header normalization dropped bearer prefix when connector also declared api-key scheme
• fixed `cliable connector bind` returned exit 0 on partial credential write; now fails fast and rolls back
• changed credential store uses atomic rename-on-write to prevent partial state on interrupted bind

task lifecycle complete: resolve, cancel, and list commands available

• added `cliable task resolve <id>` commits authorization, re-executes gated capability, emits closure run
• added `cliable task cancel <id>` emits cancelled interaction_task and a no_op closure run
• added `cliable task list` returns all pending tasks across all connectors with state, run id, and capability
• changed interaction_task state field is now an enum: pending | resolved | cancelled (was free string)
• fixed task list returned stale state after resolve when shard was queried within the same process tick

first public runtime — run, record, and gate agent actions from a single CLI

• added core runtime: `cliable run <connector> <capability>` executes a capability and commits a typed run record
• added policy engine: allow, deny, gate decisions read from connector package manifest defaults
• added immutable run record: every execution writes version, connector, capability, params, outcome, timestamp to local shard
• added stripe connector: charge, refund, customer_get capabilities; charge and refund default gate
• added `cliable run --dry-run` resolves policy and emits the expected record without executing the capability
• security connector credentials are stored in an OS keychain-backed store, never written to the shard