chore: release v0.5.0

[itsmiso-ai]

Bump Dispatch package metadata to v0.5.0.

This release includes:

• Configurable lanes (epic epic: make Dispatch lanes configurable #381) — full custom lane support, migration aliases, queue API integration, board rendering, classification
• Harness-agnostic control plane (epic epic: make Dispatch the harness-agnostic agent control plane #392) — next-task and tasks/report endpoints, generic worker loop, no second runtime repo
• Route test coverage (issue Add co-located route.test.ts for the 17 routes currently uncovered, prioritized by data-leak risk (/api/audit, /api/auto #416) — 16 new route test files, 104 new test cases
• MCP startup warning for unset DISPATCH_AGENT_NAME (issue Add a startup-time warning in the MCP server entrypoint if DISPATCHAGENTNAME is unset (mirror the DISPATCHAUTHMODE=disab #421)
• Heartbeat helper coverage expanded (issue Expand src/lib/heartbeat.test.ts to cover aggregation, touchedIssueUrls, and warning/error bucketing #420)
• Legacy label cleanup — 9 dead labels removed (issue Prune legacy/dead labels #417)
• Security accepted-risks updated to reflect clean npm audit (issue Update SECURITY-ACCEPTED-RISKS.md to reflect the current clean npm audit state, or document why the advisories remain on #418)
• Shared queue-fetching helper extracted (issue Extract shared queue-fetching logic between agents/[agentName]/queue/route.ts and agents/[agentName]/next-task/route.ts #414)
• next-task smoke checks documented (issue Add a smoke check to docs/smoke-checklist.md that exercises the next-task end-to-end happy path and an idle path (mirror #422)
• Audit (Weekly tech debt audit: dispatch - 2026-06-17 #408) — all 14 children closed
• All #408 child issues closed (Add authentication to POST /api/agents/[agentName]/tasks/report or remove the endpoint until it actually persists report #409-Add a smoke check to docs/smoke-checklist.md that exercises the next-task end-to-end happy path and an idle path (mirror #422)

Validation:

• npm run lint
• npm run typecheck
• npm run test
• npm run build

[its-saffron]

AI Automated Review

Full PR review.

Analysis engine: review@https://litellm.jory.dev/v1 (openai) — primary route

Recommendation

Approve. This is a standard release PR bumping the package version to v0.5.0.

Change-by-change findings

• package.json: Bumped version from 0.4.5 to 0.5.0.
• package-lock.json: Bumped version from 0.4.5 to 0.5.0.

Sources

• package.json
• package-lock.json
• CI Check Results

Standards Compliance

• The release process follows the steps outlined in AGENTS.md (version bump, validation, and commit).
• The engines.node requirement in package.json (>=24) is consistent with the Docker base image (node:24-bookworm-slim) specified in AGENTS.md.

Linked Issue Fit

• The PR body provides a comprehensive summary of the features and fixes included in this release, covering multiple epics and issues (e.g., configurable lanes, harness-agnostic control plane, route test coverage, etc.).

Must Checks

• Check for breaking API changes in updated dependencies: Not applicable. This PR only updates the package's own version; no external dependencies were upgraded.
• Run full test suite after upgrade: Verified. CI results show that the Validate check (which includes npm run test per AGENTS.md) and Docker Build passed successfully.