Add --hints/--no-hints flags (default: on in dev builds, off in release).
When disabled, breadcrumbs are stripped from output via WithoutBreadcrumbs().
Rename "Next:" label to "Hints:" across all output modes.

Remove ResolveProject() call that added ~200ms latency on every bare
`basecamp` invocation. Project ID from config is sufficient; name
resolution was nice-to-have but not worth a synchronous API roundtrip.
Show active --profile name in summary when set.

Styled output now shows category headers with aligned command names,
descriptions, and available actions. JSON/markdown still passes full
structure through app.OK() for machine consumption.

Transform raw SDK structs into clean table columns: id, title (truncated
to 60 chars), type (simplified: Chat::Lines::RichText → chat), project
(from Bucket.Name), and created (relative time). Drops noisy columns
like url, app_url, bookmark, visible_to_clients, raw timestamps.

Replace [name, status] columns with [id, name] — every project in the
list is active so the status column wasted space. Add bookmarked field
to detail view for completeness.

submitQuery() no longer silently skips when the user re-submits the same
query (e.g., pressing Enter again to refresh results). The debounce path
still deduplicates to avoid redundant in-flight requests during typing.

Add height clamp to Search.View() to prevent the list from overflowing
its allocated viewport and pushing chrome off-screen.

- upgrade.go: use cmd.OutOrStdout() instead of fmt.Println/os.Stdout
- upgrade.go: extract versionChecker/homebrewChecker vars for testability
- upgrade_test.go: add 4 tests covering dev build, current, available, writer
- commands.go: accept io.Writer param, account for experimental prefix in alignment
- search.go: use rune-based truncation for UTF-8 safety

Change --hints/--stats defaults to false so Changed() can detect explicit
flag usage. New resolvePreferences() in PersistentPreRunE checks:
explicit flag > config value > version.IsDev() fallback.

Negative flags (--no-stats, --no-hints) only suppress config resolution
when their value is true, not merely when Changed.

Add hints, stats, verbose to validKeys. Bool validation for hints/stats,
int 0-2 validation for verbose. Show preferences in config show when
explicitly set.

The config key is "account_id" not "account", so the suggested
command was producing a config error.

len(v) counts bytes, not characters. Multi-byte UTF-8 strings
(e.g. Japanese, emoji) could be sliced mid-rune, producing
invalid output. Use utf8.RuneCountInString and []rune conversion.

Passing theme.Primary (AdaptiveColor) instead of
lipgloss.Color(theme.Primary.Dark) lets lipgloss resolve
Light vs Dark at render time based on terminal background
detection. Fixes incorrect colors on light terminal themes.

Replaces byte-slicing loop with the existing widget.Truncate()
which handles multi-byte UTF-8 correctly.

Remove -no-fail from gosec so findings fail the build. Replace the
deferred TODO with an actual dependency-review job that runs on PRs.

Add lint, test-e2e, and race detection to the release gate. Install
golangci-lint and BATS (with cache) to support the expanded checks.

Drop the dogfooding banner from README, remove GOPRIVATE from go install
instructions, and clean up goreleaser release notes and deferred comments.

Download checksums.txt and verify SHA256 before extracting the archive.
When cosign is available, also verify the Sigstore signature against the
GitHub Actions OIDC issuer. Shared tmpdir between download and verify.

Use ::error:: so regressions surface in the PR checks UI with a red
indicator. Job-level continue-on-error keeps it non-blocking.

The golangci-lint-action was running lint by default then make lint
ran it again. Set install-only: true so make lint is the single
invocation. Add govulncheck as a release-path security check.

The error annotation logged but the step exited 0, making the
regression invisible in the checks UI. The job already has
continue-on-error: true so exit 1 turns the step red without
blocking merge.

Add find_sha256_cmd helper that tries sha256sum before shasum for
Linux compatibility. Tighten cosign identity from a regexp matching
any workflow to an exact match on the release workflow at the
specific tag ref.

Tag pushes don't trigger security.yml (it runs on push-to-main and
PRs). Add workflow_call to security.yml and invoke it from
release.yml so gitleaks, gosec, and trivy must pass before a release
proceeds.

grep with a regex pattern treats dots as wildcards, which could match
unintended lines in checksums.txt. Use grep -F for a literal match.

The securego/gosec Docker action runs its own Go toolchain in a
container that cannot inherit the host's git config, so it fails to
resolve the private SDK module. Switch to go install + direct
invocation so gosec uses the host's Go and git credentials.

Mark dependency-review as continue-on-error since it requires GitHub
Advanced Security which is not enabled on this repo.