Releases: agent-sh/agent-core
Releases · agent-sh/agent-core
v0.4.5
[0.4.5] - 2026-04-26
Security
- lib/binary: client-side SLSA build-provenance verification (#16). After SHA-256 sidecar check, the downloader spawns
gh attestation verify <file> --repo agent-sh/agent-analyzer --format json. On mismatch the binary is refused before extraction. Soft-warns ifghis not on PATH; setAGENT_ANALYZER_REQUIRE_ATTESTATION=1to make missinggha hard fail. - ensureBinarySync forwards requireAttestation to its child process (previously silently dropped).
- Sync workflow allowlist (#17). Replaced broad
rsync -awith explicit--include/--excluderules. Test files and known-internal subdirs (dev-only/,scripts/,.cache/,.internal/) never propagate. Filter-rule ordering documented - exclude rules come BEFORE subdir includes or they never fire.
v0.4.4
Security
- lib/enhance/fixer.js refuses symlinked targets + closes TOCTOU race (#15). Before each read/backup/write,
assertNotSymlinkcallsfs.lstatSyncand refuses operations on symbolic links. Both the initial check and the check immediately before write are present, closing the gap where an attacker could swap a regular file for a symlink between calls. Previously a hostile repo could pointagent.mdat~/.ssh/authorized_keysand a HIGH-certainty auto-fix would overwrite the target.
Full Changelog: v0.4.3...v0.4.4
v0.4.3
v0.4.2
v0.4.1
Security patch release.
Security
- lib/binary: SHA-256 verify release assets before extraction (#13)
- lib/binary: path-validate archive entries before extracting (#13)
- lib/binary: PowerShell extraction uses
-Filehelper script + env vars, not command-string interpolation (#13) - lib/binary: scratch dir cleaned up on extraction failure (#13)
Added
lib/collectors/analyzer-queries.js- Batch collector that invokesagent-analyzerquery subcommands in one pass and normalizes their output for downstream consumers.
Full changelog: https://github.com/agent-sh/agent-core/blob/v0.4.1/CHANGELOG.md