Audit: Reviewed all 121 doc files against the 23 issues in v0.35.1 to ensure user-facing changes were reflected in docs. Found 8 gaps across security, UX, and completeness categories.
Files updated:
Process: three parallel Explore agents read the changelog, full doc tree, and GitHub issues; a Plan agent synthesised the prioritised list; implementation ran through the superpowers:executing-plans skill with TaskCreate/TaskUpdate for progress tracking.
Closed by PR #304.
Audit: Reviewed all 121 doc files against the 23 issues in v0.35.1 to ensure user-facing changes were reflected in docs. Found 8 gaps across security, UX, and completeness categories.
Files updated:
docs/how-to/group-chat.md— new "Button press validation" section (documents security: callback query sender not validated in group chats #192)docs/how-to/security.md— cross-reference to button validation, fixed misleading SSRF allowlist claim, added bot token auto-redaction tip (security: bot token leaked in structured log URLs #190)docs/how-to/plan-mode.md— new "Auto-approval after plan approval" section (bug: diff_preview gate requires manual approval for every tool after ExitPlanMode in plan mode #283)docs/how-to/interactive-approval.md— admonition linking to plan bypass behaviourdocs/how-to/troubleshooting.md— new "Engine output line cap" section (security: unbounded JSONL line buffer can cause OOM crash #191)docs/reference/commands-and-directives.md—/pingnow mentions uptime reset + trigger summary (bug: /ping uptime does not reset on service restart #234)docs/reference/runners/amp/runner.md—sanitize_prompt()note (security: user prompt passed as CLI arg without -- separator (flag injection) #194)docs/reference/glossary.md— 3 new entries: delayed run, webhook action, hot-reloadProcess: three parallel Explore agents read the changelog, full doc tree, and GitHub issues; a Plan agent synthesised the prioritised list; implementation ran through the superpowers:executing-plans skill with TaskCreate/TaskUpdate for progress tracking.
Closed by PR #304.