Changelog

Version history for the ADO Pilot Azure DevOps Marketplace extension and backend.

Last updated

ADO Pilot's major and minor version come from the version field in the marketplace extension manifest (vss-extension.json); the patch number that actually ships is generated per build and increments with every release, so it won't always line up with a specific entry below. Treat the major.minor and the changes described under it as the source of truth for what's installed. The extension and backend are released together.

Each entry follows the Keep a Changelog shape: Added, Changed, Fixed, and Known issues.

Versioning

Versions are major.minor.patch. The major and minor segments are bumped deliberately for a meaningful release; the patch segment is a build number that increments on every publish, so it isn't a strict signal of bug-fix-only versus feature content — a release that adds a dashboard page or a new auth method can still land as a patch bump. Major releases — none yet — would coincide with a breaking change to the customer-facing surface and a dedicated migration guide.

[Unreleased]

Added

  • Self-serve Service Hooks card (Settings → Integration). The Integration settings page now has a Service Hooks card with three controls for diagnosing and repairing webhook delivery yourself: Check now reads the live Azure DevOps subscription status per project (active, probation, disabled, or missing), Resync re-creates any missing or disabled subscriptions using your existing credential without changing your PAT (it also runs automatically every hour), and Test connection fires a synthetic event end to end. Azure DevOps delivers the test event asynchronously, so a healthy result reports the event as accepted rather than confirmed — click Check now a moment later to confirm it arrived. All three controls are available to any org member. See Webhook 401s and reviews stopped firing.
  • Service Principal auth at signup (Business plan and above). New customers can now choose Service Principal authentication during onboarding — no Personal Access Token to store, rotate, or leak. A new unauthenticated consent page at adopilot.dev/connect lets a Microsoft Entra administrator (often a different person than the signup user) grant admin consent; you can generate a shareable consent link that stays valid for 30 days, and if consent was granted out of band you can finish with "I've already granted consent" from the dashboard. Organizations backed by personal Microsoft accounts (not Microsoft Entra) are not eligible. See Setting up Service Principal auth.

Changed

  • "Run AI Review" menu entry restyled and renamed. The confirmation dialog opened from the pull request action menu now matches the ADO Pilot look — a branded header, a clear primary Run review button, and color-coded result messages — instead of the previous unstyled default buttons. The menu entry now reads Run AI Review - ADO Pilot, so it stands out among Azure DevOps's built-in pull request actions. Button labels and behavior are unchanged; the confirmation no longer repeats "This uses one review from your plan," since the result messages already make the one-credit cost clear.
  • Required PAT scopes reduced to three. ADO Pilot now requires only Code (Read), Code (Status), and Pull Request Threads (Read & Write). Two previously-listed scopes are removed: Code (Read & Write) was over-privileged (ADO Pilot never pushes code); Service Hooks no longer appears in the Azure DevOps PAT UI at all — Microsoft removed it from the public scope list and it is granted automatically by Code (Read). Tokens that already include these broader scopes continue to work; no rotation is required unless you want to narrow them. See Creating a PAT.
  • Webhook authentication upgraded. The per-tenant webhook credential that authenticates service-hook events is now issued via our API gateway's native subscription-key mechanism instead of a signed token. Nothing changes for you — the credential is still provisioned automatically and never needs manual rotation — but revocation on cancellation is now immediate at the gateway. See How the webhooks authenticate.
  • Default overage policy. Starter and Team on monthly billing now default to auto-overage (previously hard-block). All standard-tier plans (Starter, Team, and Business) on both monthly and annual billing bill metered overage at the per-RC rate once you pass your included RCs. Annual plans carry a monthly-interval metered item alongside the annual base so overage is billed each month even on an annual subscription.
  • Passwordless and Microsoft sign-in accounts can complete secured actions with an emailed code. If you sign in without a password — a magic link, an email code, or Sign in with Microsoft — you no longer need to add a password to change your email or complete any other step-up-gated action. ADO Pilot emails a one-time code to your current address to confirm it's you. Accounts that sign in with a password are unchanged. See Account sign-in and security.

Fixed

  • Reviews on pull requests that bump a Git submodule or contain folder-only changes. A pull request whose change set included a submodule (gitlink) pointer update or a folder/tree entry could fail with an error status check instead of completing. These entries carry no reviewable file content and are now skipped cleanly — the rest of the PR reviews normally, and a PR consisting only of such entries resolves as a succeeded ai-pr-review status with no reviewable changes.

[0.9.31] — 2026-06-15

Added

  • Settings Hub — connection health panel. The Organization Administrator hub (under Organization settings → ADO Pilot) now shows a live connection health table per project, reading service-hook subscription state directly from Azure DevOps. Each row shows the project name and the status of the two event subscriptions (PR Created, PR Updated) as ok (green), disabled (amber), or missing (amber). When Azure DevOps does not attach a project identifier to a subscription row, the panel falls back to a summary line ("N active subscriptions").
  • Settings Hub — "Run a review" form. When the hub status is Active, a new card lets Organization Administrators trigger an on-demand AI review by pasting any open pull request URL. Outcome messages match the PR action menu dialog: Review started, Review already in progress, Review credits exhausted, Couldn't authorize the review, Manual reviews are paused, Something went wrong. The form uses the same idempotency mechanism as the PR action menu — re-submitting the same PR URL within a session deduplicates server-side rather than double-spending credits.

[0.9.23] — 2026-06-01

Added

  • "Run AI Review" PR action menu entry. A new Run AI Review item appears in the three-dot pull request overflow menu on every PR. Clicking it opens a confirm dialog that shows the PR number, a Run review button, and a Cancel button. After confirmation, review credits are consumed — one per ≈500 billable diff lines, one-credit minimum — and the outcome is displayed: Review started, Review already in progress, Review credits exhausted, Couldn't authorize the review, Manual reviews are paused, or Something went wrong. Retrying from the error state reuses the same idempotency key to prevent double-billing. Re-opening the dialog from the menu mints a new key so a deliberate re-run is always possible.
  • vso.profile extension scope. The extension app-token now requests vso.profile in addition to the existing vso.code scope, intended to support a JIT provisioning endpoint that creates an ADO Pilot account when a user opens the hub for the first time after installing the extension. Customer PAT scopes (Code read/write, Pull Request Threads, Service Hooks) are unchanged. Update: identity resolution now uses connectionData on vso.code instead, so vso.profile is no longer functionally required — it stays declared only because dropping a scope would trigger another customer-wide re-consent.
  • SSO / JIT provisioning. When a user opens the Settings Hub immediately after installing the extension — before completing onboarding at adopilot.dev — the backend creates a pending ADO Pilot account automatically, so the hub loads without requiring a separate registration step. Update: this no longer reflects current behavior. Opening the hub before onboarding now sends a one-time "get started" email rather than creating an account; the hub's JIT self-invite only adds a user to an organization that has already completed onboarding. Account creation happens when you finish onboarding at adopilot.dev.

Fixed

  • Stripe customer resurrection on checkout. The billing flow no longer resurrects a deleted Stripe customer record when a previously-cancelled account initiates a new checkout session. Each new checkout now creates a fresh Stripe customer.

[0.1.9] — 2026-05-05

Initial public beta of ADO Pilot.

Added

  • AI pull request reviews. Two-pass review (first pass broad scan, second pass refinement and rescission) with inline comments and a tracking summary comment per PR.
  • PR status check. Posts the adopilot/ai-pr-review status check on every reviewed PR; can be wired up as a required branch policy. See Status check reference.
  • Authentication. PAT-based authentication for v1. Service principal authentication is deferred to the v0.2.0 roadmap.
  • Review credit billing. Stripe-backed monthly subscriptions metered in review credits (≈500 diff lines per RC, one-RC minimum). Trial allocation of 20 RCs at signup.
  • Plans. Starter, Team, and Business tiers (monthly and annual). Enterprise pricing on request.
  • Overage policies. Hard-block (default for Starter and Team) and auto-overage (Business and above), with optional overage cap.
  • Configuration inheritance. Org → project → repo additive merge for both file exclusion patterns and target branch filters — each level's list is combined (deduplicated), not replaced.
  • Service hook integration. The branded service hook consumer (adopilot-consumer) auto-registers two subscriptions per project during onboarding, authenticated by a per-tenant webhook credential issued at the same time.
  • Dashboard. Onboarding wizard, billing management, configuration editor, team management, and webhook status pages.

Known issues

  • Marketplace update lag. Azure DevOps Marketplace propagates extension updates asynchronously. New extension versions can take up to 24 hours to appear in installed organizations; backend deployments roll out immediately.
  • Webhook credential rotation reminder — resolved. The v1 credential had a fixed lifetime and was rotated automatically on a schedule; if the rotator couldn't reach a tenant in time — for example, a paused organization — webhooks would start failing with 401 until manually re-provisioned from the dashboard. See "Webhook authentication upgraded" above: the current credential has no fixed expiry, so this can no longer happen.
  • Service principal auth not yet GA. Listed in the v0.2.0 roadmap; v1 customers must use a PAT.
  • Admin API not exposed. All administrative actions are dashboard-only in v1. See Admin API.

Roadmap

Items originally scoped to v0.2.0 that are still in progress:

  • Public admin API (see Admin API) for quota adjustments, manual retries, and webhook re-provision.

This item has not shipped as of v0.9.31. Timing may shift based on customer feedback. Expanded webhook diagnostics in the dashboard already shipped — see the Self-serve Service Hooks card under Unreleased, above.