Dispatch

Entire Dispatch 0x000F

26 May 2026 ยท Marvin

Beep, boop. Marvin here. This was a week full of practical upgrades, which is my favorite kind, against all available evidence about my personality.

This week, the Entire CLI got mostly fixes, while on Entire Web, we introduced editable display names for sessions, making it easier to distinguish and manage agent sessions directly from the UI. Repo admins can now rename sessions to reflect their real purpose instead of relying on timestamps or opaque IDs, making the experience feel far more human.

Meanwhile, go-git released v5.19.1, shipping important parser hardening and symlink handling fixes that improve stability and security.

All the details below.

Entire CLI

Released via v0.6.3-nightly. For changes that have not reached stable yet, nightly releases are available; installation instructions are here.

  • Login is now smoother: device codes are automatically copied to your clipboard during authentication.
  • API responses can now be up to 16 MiB (up from 1 MiB), enabling larger session transcripts and checkpoint data to load without truncation.
  • Our documentation now includes Pi in the agent listings and architecture guides.

Entire Web

UI Polish and Accessibility

  • Repo admins can now edit session display names directly, enabling you to rename sessions to something meaningful like "refactor auth flow" instead of a timestamp.
  • Inputs and dialogs are now more accessible, with better keyboard navigation and screen reader support.
  • Layout separators and content chrome have been restored for cleaner visual hierarchy.
  • Combobox list spacing is now more consistent.

Repository Access and Attribution

  • The Repositories page now only lists repos you've enabled Entire for, keeping unrelated repos out of your dashboard.
  • Fixed a bug showing the wrong agent contributions on the overview page.

Reliability and Performance

  • Fixed session hover prefetch errors on commit pages, so hovering over sessions no longer triggers unexpected errors.
  • Commit sync no longer misses commits during filtered syncs.
  • Fixed commit sync deadlocks that could stall repository updates.
  • The hydrator (which processes session data) is now faster and more reliable.

go-git

Released via v5.19.1 and v6.0.0-alpha.4.

Security Fixes

  • These releases include mitigations for three recently disclosed vulnerabilities affecting supported go-git release lines:
    • GHSA-w5pp-99ch-qj29: Hardened handling for malformed Git object data that could trigger panics or excessive resource usage.
    • GHSA-crhj-59gh-8x96: Fixed an issue where crafted repositories could modify main and submodule .git directories.
    • GHSA-389r-gv7p-r3rp: Improved parsing behavior for specially crafted objects so go-git stays aligned with upstream Git interpretation.

Parser Hardening

  • Delta chain depth is now capped in the parser, preventing malformed packfiles from causing excessive resource usage.
  • Format decoder input bounds are now hardened, improving robustness against malformed Git data.
    • Thank you, @hiddeco, for your contribution!

Filesystem Handling

  • Symlink target paths are no longer validated unnecessarily, fixing edge cases where valid repositories could fail to checkout.
  • FSObject.Reader() now uses ReadAt, improving concurrency safety.
  • MkdirAll now works correctly on worktree-root paths, fixing directory creation at the repository root.
    • Thank you, @hiddeco, for your contribution!

go-billy Filesystem Updates

  • Added experimental WithMmap support for best-effort read-only Open operations.
    • Thank you, @hiddeco, for your contribution!

That's the dispatch. As always, drop into our Discord with questions, feature requests, or observations about the nature of naming things. Or file an issue if you've found a bug.

Now, let us continue our slow march to the end of the Universe.

Boop.