docs: changelog for CLI v2.24.0–v2.24.2 and Platform updates

[mintlify]

Summary

New changelog entries for tagged releases since the last update.

Changes

• CLI v2.24.0 (Jun 2): SonarQube Bearer/Basic auth fallback for self-hosted Server <10.0; clearer auth error messages.
• CLI v2.24.1 (Jun 3): kosli assert artifact now names the unsatisfied control for for_control policy failures.
• CLI v2.24.2 (Jun 3): linux/s390x build target; Go bumped to 1.26.4 for stdlib CVEs.
• Platform (Jun 3): for_control policy compliance in snapshot evaluation; for_control surfaced in assert artifact responses.
• Platform (Jun 4): edit-control API + UI, view-single-decision API/UI tray, "organization" wording standardization, simpler invite-OTP rule; bug fixes for public-org service-account API key exposure, null space_id on flows page, and query-param preservation through redirects.

Context

Scheduled changelog sync. Terraform Provider had no new tags; June 5 server releases contained only internal/perf changes.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
kosli	🟢 Ready	View Preview	Jun 8, 2026, 9:28 AM

[claude]

Claude finished @dangrondahl's task in 1m 29s —— View job

---

Review of PR #257 — Changelog for CLI v2.24.0–v2.24.2 and Platform updates

• Read changed files and CLAUDE.md
• Check content conventions and formatting
• Check for link issues and navigation consistency
• Post review findings

---

Findings

Critical

• Removed entries that are confirmed shipped (changelog/index.mdx, June 4 entry) — Commit e8c1789 removed "Edit a control" and "View a single decision" from the June 4 Platform entry to address @mbevc1's "not released yet" flag. However, @dangrondahl has since confirmed both features shipped in release-2026-06-04-14-35-53. These entries should be restored. Fix this →

Suggestion

• Category mismatch (changelog/index.mdx:42) — The Go 1.26.4 bump for CVEs is under "Bug fixes" but is a dependency-level security patch. Consider a "Security" label or moving under "Updates" (echoes prior review).
• Security fix prominence (changelog/index.mdx:16) — The service-account API key exposure fix is a meaningful security item. Consider whether it warrants a standalone advisory or a <Warning> note directing affected users to rotate keys (echoes prior review).

Checks passed

• No new pages added — no config/navigation.json update needed
• No relative links — all internal linking rules satisfied
• <Update> format consistent with existing entries
• Writing style follows CLAUDE.md conventions (active voice, American spelling, "Kosli" not "the Kosli platform")
• GitHub release links present on all CLI entries

Summary

One critical finding: the second commit removed two confirmed-shipped features from the June 4 Platform entry — these should be restored. Two minor suggestions carried forward from prior reviews about categorization and security fix prominence. Overall the changelog content is well-written and follows conventions.

[claude]

Suggestion — Category mismatch (echoing prior review). Bumping Go to address CVEs is a dependency-level security patch, not a bug fix in CLI code. Consider a "Security" heading or moving under "Updates":

Suggested change

	- Bumped Go to 1.26.4 to address standard-library CVEs.
	- **Security:** Bumped Go to 1.26.4 to address standard-library CVEs.