Skip to content

Releases: Dark-Alex-17/coyote

v0.7.4

Choose a tag to compare

@github-actions github-actions released this 02 Jul 01:17

v0.7.4

Two themes this release: log rolling so long-running Coyote sessions don't blow up their log files, and a batch of sandbox (coyote --sandbox) fixes that make the first-run experience actually work on macOS.

New

  • Rolling log files. Coyote now rotates its log file automatically so a long-running session (or a chatty agent) can't grow the log unbounded. Nothing to configure — it just happens.
  • --tail-logs survives rollovers. The tailer now follows the log across rotations and idles between reads instead of spinning, so coyote --tail-logs is finally cheap to leave running in a second pane.

Sandbox fixes

If you tried coyote --sandbox on macOS in v0.7.x, it likely (a) failed halfway through the usql install with bzip2: (stdin) is not a bzip2 file, (b) left you attached to an empty container that didn't detect your config, or (c) prompted you for a fresh vault password. All three are fixed:

  • Pinned usql version in the sbx kit. The install no longer hits api.github.com to resolve "latest" (which was rate-limited on some IPs and silently wrote an HTML error page into the tarball). Bumped to a known-good release with curl -fS --retry 3.
  • Config now lands at the right path. The bootstrap copy was writing to /home/agent/.config/ but the sandbox's COYOTE_CONFIG_DIR points at /home/agent/.config/coyote/, so the sandboxed Coyote never saw your host config. Fixed.
  • Top-level config files are no longer silently dropped. The sbx cp recursive directory copy on macOS lost files carrying the com.apple.provenance extended attribute (Docker Desktop's tar bridge issue). Coyote now iterates top-level entries and copies each individually, which sidesteps it.
  • Ownership is now correct. Both the copied config tree and the vault password file are chown -R agent:agent'd after copy, so Coyote inside the sandbox can actually read them.
  • sbx create / sbx run invocation cleaned up. --name moved to the canonical first-flag position (was being ignored in some cobra parse paths), and --kit is re-passed to sbx run on reattach because sbx requires it even for existing sandboxes.
  • Kit spec updated for newer sbx. Reworked the embedded spec.yaml for the sbx CLI update that requires mixins to be directories with a spec.yaml inside, not standalone files.

Docs & tooling

  • Fixed URLs and misc issues in the install_coyote.sh / .ps1 scripts.
  • Wiki: added a Multiple sandboxes per workspace section — you can run any number of independent sandboxes off the same directory by passing coyote --sandbox .

Upgrading

Cargo:

cargo install --locked coyote-ai

Homebrew:

brew upgrade coyote

If you already have a broken sandbox lying around from a previous attempt, blow it away before your first launch on v0.7.4:

sbx rm -f coyote coyote-coyote   # or whichever names you used
coyote --sandbox

AI Use Disclosure

The above release notes were created by Claude Opus 4.8 and reviewed and revised by myself, @Dark-Alex-17.

All code was first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make changes and catch bugs.

All bugs that emerge as part of this release and any new code added are fully my responsibility and fully created by myself.

Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.

Models used:

  • Claude (Opus and Sonnet)
  • OpenAI (GPT 5.4)
  • Ollama (Gemma4, Phi4, Qwen3, llama3.3)
  • Mistral (Codestral and Devstral)
  • Gemini (3.1-pro-preview)

v0.7.3

Choose a tag to compare

@github-actions github-actions released this 24 Jun 18:30

Memory Hotfix

This is a hotfix for the money system. This fix ensure the memory system is bootstrapped on REPL startup, this ensuring users don't have to type .set memory true to trigger a bootstrap of the memory functions.

v0.7.2

Choose a tag to compare

@github-actions github-actions released this 19 Jun 19:04

usql hotfix

Additional hotfix for the usql version.

v0.7.1

Choose a tag to compare

@github-actions github-actions released this 19 Jun 18:16

Sandbox Hotfix

This release is a simple hotfix for Docker Sandboxes where the mixin filenames must be spec.yaml, and --kit references must be directories. So this fix simply find all mixins, creates hashed directories for them (so there's no need to overwrite each time), and writes them to spec.yaml to apply them properly.

v0.7.0

Choose a tag to compare

@github-actions github-actions released this 18 Jun 22:51

Coyote v0.7.0

This release introduces a brand-new persistent memory system and a fully built-in sandboxing (sbx) layer powered by Docker — letting Coyote remember things across sessions and giving every run an isolated, mixin-extensible environment — alongside REPL ergonomics, diagnostic tooling, and a host of reliability improvements.

Important

📦 Reinstall the updated built-in assets

This release updates and adds several built-in assets. After upgrading, reinstall them with the .install REPL command or the coyote --install CLI flag for every asset category listed below:

coyote --install functions

Or, from within the REPL:

.install functions

Reinstalling overwrites the bundled assets with this release's versions.


✨ Highlights

🧠 Memory — persistent, configurable knowledge across sessions

Coyote now ships a first-class memory system that lets the LLM read and write durable memory tied to the global config, a workspace, a role, an agent, or a single session. Memory is a file-backed, append-only knowledge store the model can consult before answering and update as it learns.

  • New memory module with persistent on-disk storage and a generated MEMORY.md index that is auto-appended on every write — no more relying on the model to remember to update it.
  • Memory configuration is wired into the main app config, roles, sessions, and agents, with global and workspace scopes selectable independently.
  • Built-in memory tools for listing, reading, writing, and updating memories, with read-only and read/write modes governed by a memory-specific system prompt that's appended whenever memory is active.
  • --init-memory [global|workspace] CLI flag to quickly enable and scaffold memory in either scope, plus --no-memory to disable memory for a single invocation.
  • Auto-bootstrapped workspace memory when Coyote is launched inside a git repo, so workspace knowledge starts collecting automatically.
  • REPL integration: .set memory commands to toggle memory injection and switch modes mid-conversation, and memory's global configuration is now surfaced in both --info and .info output.
  • Example configurations and docs updated to cover the new memory settings and the --init-memory flag.

📦 Sandboxing — first-class, Docker-powered, mixin-extensible sandboxes

Coyote now has built-in sandboxing ("sbx") powered by Docker, giving every run an isolated environment that can be tailored per workspace via a flexible mixin system.

  • New sbx-kit asset category providing the core sandbox spec, plus a mixin kit for built-in functions and MCP servers so the bundled tooling drops straight into the sandbox.
  • Dynamic sbx mixin discovery: Coyote loads sbx mixins from both the user's workspace and config directories, so projects can ship their own mixins alongside their config.
  • New sbx-vault-mixins asset category with first-party mixins for AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, gopass, and 1Password, so every supported secrets provider works seamlessly inside the sandbox.
  • --fresh CLI flag for spinning up a truly bare-bones sandbox with no config bootstrapping — useful for clean-room experimentation.
  • The .info and --info outputs now include the active sbx directories, so it's obvious what's mounted and where.
  • Cross-platform path handling: Windows-based local vault password file locations now resolve correctly and are bootstrapped into the sandbox when possible, and user-prefixed Mac and Linux paths for the vault password file are auto-translated when running inside a sandbox.

🛠️ REPL, diagnostics & reliability

  • Direct shell execution from the REPL — run shell commands inline without leaving the session.
  • New .info tools diagnostic subcommand to make it easy to see exactly which tools are enabled in every context (global, role, agent, session).
  • Additional .info output for enabled skills and sbx directories.
  • .skills command completion migrated to use StateFlags, with updated help messages.
  • Tool scope is now rebuilt after dynamically updating skills_enabled in the REPL, so toggling skills mid-session takes effect immediately.
  • Tool stdout is now buffered alongside stderr, so any tool that writes errors to stdout has them captured and returned to the model — giving the LLM the context it needs to reason about and recover from failures.
  • Improved fs_patch script description and error handling, making patch failures legible and recoverable.
  • Explicit guardrail handling for pending agents, preventing them from being invoked in inconsistent states.
  • New Claude Fable 5 entry in models.yaml, with require_max_tokens correctly set.
  • Non-streaming Claude requests now use rawPredict for correctness.
  • Pinned aws-smithy-types and time to work around the upstream aws-smithy-types release breakage.

🐛 Notable fixes

  • Auto-bootstrapped memory was incorrectly writing MEMORY.md to the repo root instead of .coyote/memory/MEMORY.md.
  • .vault list no longer attempts to autocomplete past the end of the command.
  • Sandbox: Windows local vault password file paths are now resolved and bootstrapped into the sandbox when possible, and user-prefixed Mac/Linux paths are auto-translated.
  • auto_continue=false no longer leaves stale todo functions in the active function list.
  • Linter complaints in the paths module cleaned up.

AI Use Disclosure

The above release notes were created by Claude Opus 4.8 and reviewed and revised by myself, @Dark-Alex-17.

All code (the new memory system, the sbx sandboxing layer and its mixin kit, the vault mixin specs, REPL diagnostics, and built-in tool fixes) was first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make changes and catch bugs.

All bugs that emerge as part of this release and any new code added are fully my responsibility and fully created by myself.

Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.

Models used:

  • Claude (Opus and Sonnet)
  • OpenAI (GPT 5.4)
  • Ollama (Gemma4, Phi4, Qwen3, llama3.3)
  • Mistral (Codestral and Devstral)
  • Gemini (3.1-pro-preview)

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 05 Jun 21:40

Coyote v0.6.0

This release introduces a brand-new Skills system and a fully generalized secrets / vault backend that supports remote secret providers (AWS, GCP, Azure, gopass, 1Password) in addition to the local vault — alongside a host of agent, graph, and reliability improvements.

Important

⚠️ Before you upgrade: migrate your vault (ignore if you've already done this in v0.2.0 or later)

This release ships a newer version of gman (0.4.1 → 0.5.0) that no longer supports the previous cryptographically-insecure local vault encryption mechanism. gman 0.4.1 added temporary migration logic to allow users to still decrypt their old vaults using the previous encryption mechanism, but gman 0.5.0 removes that old logic and exclusively uses the more cryptographically-secure implementation.

This means that any local vaults that have not been migrated will no longer work after upgrading.

If you have not already migrated, you must do so before upgrading. Migration means:

  1. Dump your secrets out of Coyote,
  2. Upgrade to the latest version,
  3. Add all of your local secrets back so they use the new encryption status.

Full, step-by-step migration instructions are in the v0.2.0 release notes. If you have not migrated yet, follow those instructions first, then come back and upgrade.

Important

📦 Reinstall the updated built-in assets

This release updates and modifies several built-in assets. After upgrading, reinstall them with the .install REPL command or the coyote --install CLI flag for every asset category:

coyote --install agents
coyote --install macros
coyote --install skills
coyote --install functions
coyote --install mcp_config

Or, from within the REPL:

.install agents
.install macros
.install skills
.install functions
.install mcp_config

Reinstalling overwrites the bundled assets with this release's versions. The skills category is new in this release, and the mcp_config, agents, macros, and functions assets have all been updated.


✨ Highlights

🧠 Skills — modular, loadable knowledge & capability packs

Skills are modular knowledge or capability packs the LLM can load and unload mid-conversation, dynamically bringing their instructions, tools, and MCP servers into scope only when needed. They persist to disk like agents, are name-validated everywhere, and ship with a set of built-ins.

  • New skill registry and skill module, with skills persisted to disk (like agents) rather than held in-memory (like built-in roles).
  • Skills policy that tracks the available skills per context, with visible_skills (the universe of allowable skills) and enabled_skills (the default-available set) configurable globally and per role/agent/session/LLM node.
  • Built-in functions for listing, loading, and unloading skills, with dynamic loading/unloading of a skill's tools and MCP servers whenever load_skill/unload_skill is invoked.
  • A set of auto built-in skills: ai-slop-remover, code-review, delegation-protocol, frontend-ui-ux, git-master, oracle-protocol, parallel-research, and verification-gates.
  • --skill CLI flag (repeatable) to start the REPL or a CLI run with one or more skills pre-loaded.
  • REPL integration: .edit skill <name> support, set commands for toggling skills and changing which skills are enabled, and skills_dir added to Coyote's info output.
  • auto_unload skills that release their scope automatically during chat.
  • Skill hint injection: an optional, configurable prompt hint (inject_skill_instructions / skill_instructions) that points the model at skill__list whenever skills are enabled in the current context.
  • LLM graph nodes now support skills, and the Sisyphus agent family was refactored to use the skills system for improved performance and reliability — including delegating significant code changes to the code-reviewer agent (a "reflexion"-style pass).
  • enabled_skills accepts both YAML list and comma-separated string formats.
  • Skills require function_calling_support: true to function.

🔐 Generalized secrets / vault providers

Coyote's vault logic was refactored to be generic over a SupportedProvider, so you can store and resolve {{SECRET}} templates against a variety of backends — not just the local encrypted vault.

  • Generalized gman usage to work with multiple vault providers via the SupportedProvider enum directly in configuration.
  • Supported providers: Local, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, gopass, and 1Password.
  • New first-time-run wizard for choosing and configuring a secrets provider.
  • Round-trip validation for vault providers to verify permissions and authentication up front (with provider-specific guidance, e.g. aws sso login / aws configure for AWS).
  • Shorthand: setting vault_password_file (or nothing at all) selects the local gman provider; setting secrets_provider explicitly takes precedence.
  • Config secrets stored in remote vaults are now usable during config interpolation, because the secrets-provider configuration is cloned when bootstrapping the app config.
  • Upgraded to gman 0.5.0 (see the migration note above).

🛠️ Tooling, agents & reliability

  • fs_grep now works with both files and directories.
  • execute_command no longer mangles heredocs; the coder and Sisyphus agents are now explicitly instructed to prefer fs_write/fs_patch over execute_command for writing files.
  • Improved explore agent and improved code-reviewer agents (now skills-aware).
  • Fallthrough on missing secrets during mcp.json merging.
  • Upgraded to the latest version of mcp-remote.
  • enabled_tools and enabled_mcp_servers now accept both CSV and YAML-list formats.

🐛 Notable fixes

  • Fixed a greedy secrets regex that caused multiple secrets on a single line to fail, and stopped interpolating a line when any error occurs.
  • Azure Key Vault: handle the fact that Azure doesn't support underscores in key-vault secret names; vault round-trip tests now use characters supported by all major providers.
  • init_bare now loads only the provisioned secret_provider from the config without interpolating the rest of the file, failing only when no config exists (i.e. a genuine first run).
  • Hardened skill handling: path/name validation everywhere (including has_skill and list_skills) to prevent side-channel attacks, fixed a privilege leak when unloading skills left tool scope untouched, fixed tool filtering for skills and user functions in agents, and corrected effective_policy overwriting skill values for role-like structs.
  • Redirect guard stderr into the user's /dev/tty; set -euo pipefail for the temporary execute_command.sh script.
  • Disabled skills for specific built-in roles where they don't apply.

AI Use Disclosure

The above release notes were created by Claude Opus 4.8 and reviewed and revised by myself, @Dark-Alex-17.

All code (the gman refactor, the new skills system, agent and skill rewrites, built-in tool fixes) was
first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself
intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make
changes and catch bugs.

All bugs that emerge as part of this release and any new code added are fully my responsibility
and fully created by myself.

Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.

Models used:

  • Claude (Opus and Sonnet)
  • OpenAI (GPT 5.4)
  • Ollama (Gemma4, Phi4, Qwen3, llama3.3)
  • Mistral (Codestral and Devstral)
  • Gemini (3.1-pro-preview)

v0.5.0

Choose a tag to compare

@github-actions github-actions released this 27 May 21:36

By popular demand, Loki is now Coyote!

I originally named Loki "Loki" because it was kind of a joke that if you leave an LLM unsupervised for too long, they tend to create a bit of mischief. Unfortunately, that name also already exists with an incredibly popular logging system for Grafana. So, upon release of the last version of Loki, I asked the community for a better name and @erichury suggested the name "Coyote".

That suggestion received overwhelming positive feedback and I like the name, so Loki is now Coyote! Thank you @erichury for the suggestion!

A little added tidbit about the name: Coyote is also the trickster spirit in a lot of Native American mythologies. Another reason I like the name is because of this added meaning. The whole point of Coyote is to make LLMs more reliable so they can be used for scripting, cron, fuzzy problem solving, etc., and when they're wrong, they're always confidently wrong so they trick you easily if they say what you want to hear.

Migration for existing Loki users

I've written the following scripts for existing Loki users to migrate to the new Coyote binary without losing configurations, personalizations, etc. Be sure to install the new Coyote binary first but don't run it until you run the following scripts!

Mac/Linux

#!/usr/bin/env bash
OS="$(uname -s)"

echo "Renaming loki vault file"
vault_file=$(loki --info | grep vault_password_file | awk '{print $2;}')
vault_dir=$(dirname $vault_file)
mv "$vault_file" "${vault_dir}/.coyote_password"

echo "Migrating configuration directory"
config_file=$(loki --info | grep config_file | awk '{print $2}')
config_dir=$(dirname $config_file)
base_config_dir=$(dirname $config_dir)
new_config_dir="${base_config_dir}/coyote"
mv "$config_dir" "$new_config_dir"

echo "Migrating cache directory"
log_file=$(loki --info | grep log_path | awk '{print $2}')
cache_dir=$(dirname $log_file)
base_cache_dir=$(dirname $cache_dir)
new_cache_dir="${base_cache_dir}/coyote"
mv "$cache_dir" "$new_cache_dir"

echo "Rename loki-specific files"
functions_dir=$(loki --info | grep functions_dir | awk '{print $2}')
mv "${functions_dir}/tools/web_search_loki.sh" "${functions_dir}/tools/web_search_coyote.sh"

echo "Updating Loki environment variable names"
if [[ "$OS" == "darwin" ]]; then
  find "$new_config_dir" -type f -exec sed -i '' 's/LOKI/COYOTE/g' {} +
else
  find "$new_config_dir" -type f -exec sed -i 's/LOKI/COYOTE/g' {} +
fi

echo "Updating built-in tools"
coyote --install functions

Windows/Mac/Linux

#!/usr/bin/env pwsh
# Cross-platform (Linux / macOS / Windows) loki -> coyote migration.
# Requires PowerShell 7+.

$ErrorActionPreference = 'Stop'

function Get-LokiInfoValue {
    param([Parameter(Mandatory)][string]$Key)

    $line = loki --info |
        Where-Object { $_ -match [regex]::Escape($Key) } |
        Select-Object -First 1

    if (-not $line) {
        throw "Could not find '$Key' in 'loki --info' output"
    }

    $fields = ($line.Trim() -split '\s+')
    return $fields[1]
}

Write-Host "Renaming loki vault file"
$vault_file = Get-LokiInfoValue 'vault_password_file'
$vault_dir  = Split-Path -Parent $vault_file
Move-Item -LiteralPath $vault_file -Destination (Join-Path $vault_dir '.coyote_password')

Write-Host "Migrating configuration directory"
$config_file     = Get-LokiInfoValue 'config_file'
$config_dir      = Split-Path -Parent $config_file
$base_config_dir = Split-Path -Parent $config_dir
$new_config_dir  = Join-Path $base_config_dir 'coyote'
Move-Item -LiteralPath $config_dir -Destination $new_config_dir

Write-Host "Migrating cache directory"
$log_file       = Get-LokiInfoValue 'log_path'
$cache_dir      = Split-Path -Parent $log_file
$base_cache_dir = Split-Path -Parent $cache_dir
$new_cache_dir  = Join-Path $base_cache_dir 'coyote'
Move-Item -LiteralPath $cache_dir -Destination $new_cache_dir

Write-Host "Rename loki-specific files"
$functions_dir = Get-LokiInfoValue 'functions_dir'
$tools_dir     = Join-Path $functions_dir 'tools'
Get-ChildItem -LiteralPath $tools_dir -Filter 'web_search_loki.*' -File | ForEach-Object {
    $newName = $_.Name -creplace 'loki', 'coyote'
    Rename-Item -LiteralPath $_.FullName -NewName $newName
}

Write-Host "Updating Loki environment variable names"
Get-ChildItem -LiteralPath $new_config_dir -Recurse -File | ForEach-Object {
    $content = Get-Content -LiteralPath $_.FullName -Raw
    if ($null -ne $content -and $content -cmatch 'LOKI') {
        $updated = $content -creplace 'LOKI', 'COYOTE'
        Set-Content -LiteralPath $_.FullName -Value $updated -NoNewline
    }
}

Write-Host "Updating built-in tools"
coyote --install functions

Bug Fixes

Aside from the rename, a couple of bug fixes did make it into this release:

  • Claude changed their OAuth mechanism again and thus I figured out the correct headers that they use this time to get it to work without needing a proxy like Meridian.
  • A bug was accidentally introduced with the new graph system: In very specific circumstances with normal agents, tool-based guards or inputs or user feedback mechanisms (specifically those born of the scripts, not the binary) would get skipped, or simply stall execution. This has since been fixed.

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 23 May 02:02

This one's big. This one brings all of the new features! (and refactorings (and bug fixes))

This release ships

  • A new declarative graph-based agent system
  • The ability to install configuration bundles from any git repository
  • In-place self-update
  • TypeScript tool support
  • Full HTTP/SSE MCP transports
  • And a long-overdue split of the monolithic Config struct.

⚠️ Breaking Changes

MCP Configurations Now Require a type Field

MCP server entries now declare their transport type explicitly. Existing configs that omit it will fail to load.

Old:

{
  "mcpServers": {
    "my-server": {
      "command": "uvx",
      "args": ["mcp-server-foo"]
    }
  }
}

New:

{
  "mcpServers": {
    "my-server": {
      "type": "stdio",
      "command": "uvx",
      "args": ["mcp-server-foo"]
    }
  }
}

One-liner migration

Adds "type": "stdio" to every existing MCP server in your mcp.json (idempotent; skips entries that already have a type):

F=$(loki --info | grep -i functions_dir | awk '{print $2 "/mcp.json";}') && jq '.mcpServers |= with_entries(.value |= (if has("type") then . else . + {type: "stdio"} end))' "$F" > "$F.tmp" && mv "$F.tmp" "$F"

New Features

Graph-Based Agents

A new declarative, YAML-driven agent system where an agent is defined as a directed graph of typed nodes.

  • Node types: LLM, native agent, script, RAG, approval, user-input, and Map (fan-out / parallel branches)
  • Frontier-based scheduler for parallel super-step execution
  • State management with per-super-step staging area and built-in reducers
  • Graph validation at load time — catches read/write conflicts, dependency cycles, and invalid map chaining before execution
  • Structured output extraction for LLM and agent nodes
  • Structured logging for graph execution
  • Approval nodes support an on_other fallback for free-text alternatives when none of the predefined options match
  • Agent variables with the same env-var flexibility as normal tool calls
  • Branch progress tracker and a RenderMode enum to keep sub-agent stdout from clobbering during parallel execution
  • LLM-node failure propagation up the graph
  • Unified config: a single file defines an agent as either a normal agent or a graph agent
  • Ships with two example graph agents: deep-research and a rebuilt graph-based coder
  • See graph.example.yaml and the Graph Agents Wiki page for the full spec

Remote Asset Installation (.install remote)

Install bundles of agents, roles, macros, tools, and MCP servers from any git repository.

  • Writes assets to disk with interactive category selection
  • MCP config merging when installing remote bundles
  • Interactive secret prompting when a remote MCP config references secrets Loki doesn't have
  • REPL tab completion for .install remote

Self-Update

  • loki .update (from the REPL) and loki --update (from the CLI) update Loki in place

New REPL Commands

  • .install — install bundled assets on demand
  • .edit — open the MCP config file in your editor

TypeScript Tool Support

  • First-class TypeScript custom tools via a refactored ScriptedLanguage trait
  • Demo TypeScript tool and a get_current_weather example
  • The Python demo tool was expanded to showcase all parameter types and variations

MCP Server Transport Types

  • Full HTTP/SSE transport support in MCP configs — Loki now accepts Claude Code-compatible MCP configurations
  • Legacy SSE transport retained
  • Native-TLS support via an upgraded rmcp

Improvements

  • More comprehensive first-run default config so new users are productive immediately
  • Auto-continue support extended to all contexts (not just sessions)
  • Dynamic tab completions now scope sessions per agent instead of dumping global sessions
  • Python tools now parse via tree-sitter queries instead of AST walking; shared parser module across languages
  • Automatic runtime customization via shebangs for scripted tools
  • Replaced the jira-helper agent with the more general atlassian role
  • Documentation migrated from in-repo to the GitHub Wiki

Refactors

  • Removed the monolithic Config struct, splitting it into AppConfig, AppState, and RequestContext
  • LLM graph nodes refactored to use Roles so they behave like inline roles
  • next_node and apply_state_updates consolidated into LlmExecutor
  • Common Python parser logic extracted into a shared module

Bug Fixes

  • LLM node next_single bug and improved outcome handling
  • Inline RAG bug when globbing files by extension without subdirectory globs
  • RagCache not being threaded through to agent / sub-agent instantiation
  • agent__collect freezing on sub-agent escalations
  • Crash when switching to an agent while a session was active
  • MCP servers being re-started on role switch when a session was already active
  • Todo instructions being appended even when function calling was disabled
  • Panic on empty message list during regenerate
  • estimate_token_length now uses the standard word-count method
  • Crate name (loki-ai) vs. binary name (loki) mismatch breaking dynamic completions
  • PollSender lock bug in SSE transport
  • TypeScript function args being passed as objects instead of as direct parameters
  • Various Windows fixes (function calling, binary path shadowing, generalized executable-bit script detection)
  • Merged the required Claude Code system prompt into instructions
  • Argc argument passing in run-tool / run-agent scripts

Testing

Substantial test expansion across the codebase:

  • Integration tests for the parallel frontier-based graph scheduler
  • Integration tests for sub-agent spawning and inter-agent communication
  • Integration tests for cross-feature interactions (RAG + agents, function calling/MCP, etc.)
  • Unit tests for RAG, completions/prompt, macros, vault, and functions/tool usage
  • REPL command + CLI flag tests, request_context tests, input tests
  • Tool-call dispatch/tracking and MCP server lifecycle tests

Build / Chore

  • Rust upgraded to 1.95.0
  • Dependencies updated to latest (reqwest, crossterm, reedline, rand, etc.); unused deps removed
  • Removed the deprecated Claude Haiku 3.5 model
  • Updated models.yaml

AI Use Disclosure

The above release notes were created by Claude Opus 4.7 and reviewed and revised by myself, @Dark-Alex-17.

All code (the graph system, the refactored configuration structure, the new self-update and configuration sharing system, etc.) was
first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself
intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make
changes and catch bugs.

All bugs that emerge as part of this release and any new code added are fully my responsibility
and fully created by myself.

Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.

Models used:

  • Claude (Opus, Sonnet, and Haiku)
  • OpenAI (GPT 5.2, 4o, o4-mini)
  • Ollama (Gemma4, Phi4, Qwen3, llama3.3)
  • Mistral (Codestral and Devstral)
  • Gemini (3.0-pro-preview and 3.1-pro-preview)

v0.3.0

Choose a tag to compare

@github-actions github-actions released this 02 Apr 20:26

Complex Agent Orchestration and Parallelization Support is Here!

Highlights

Built-In Sub-Agent Spawning & Parallelization

Loki agents can now spawn and manage child agents that run in parallel as background tasks inside the same process. This enables orchestrator-style agents that delegate specialized work, with a full lifecycle of tools: agent__spawn, agent__check, agent__collect, agent__list, and agent__cancel.

  • Built-in sub-agent spawning system with configurable can_spawn_agents, max_concurrent_agents, and max_agent_depth safeguards
  • Dependency-aware task queue: (agent__task_create, agent__task_complete, agent__task_fail, agent__task_list) with automatic agent dispatch when tasks become unblocked
  • Teammate messaging between parallel sub-agents: Sibling agents can communicate directly via agent__send_message and agent__check_inbox, enabling real-time collaboration (e.g., sharing cross-cutting findings during parallel code review)
  • User interaction escalation: Sub-agents at any depth can escalate user__* prompts up to the root agent, with configurable escalation_timeout
  • Output summarization for child agents using a configurable summarization_model and summarization_threshold to keep parent context windows manageable
  • Auto-injection of spawning instructions into agent prompts via inject_spawn_instructions

Claude OAuth & Gemini OAuth

Loki now supports OAuth 2.0 PKCE authentication as an alternative to API keys, letting you use your existing Claude Pro/Max or Google Gemini subscriptions directly.

  • Claude OAuth: Authenticate via browser-based OAuth flow with manual authorization code paste-back
  • Gemini OAuth: Authenticate via automatic localhost loopback callback
  • Authenticate from the CLI (loki --authenticate <client>) or from within the REPL (.authenticate)
  • First-run setup now offers OAuth as an option for supported providers
  • OAuth tokens are stored in ~/.cache/loki/oauth and refreshed automatically

Gemini OAuth Note: Because Loki uses the sensitive generative-language.retriever scope and is an open-source CLI without a formal privacy policy, Google cannot verify the app. During the OAuth flow, you'll see a warning page. Click AdvancedGo to Loki (unsafe) to continue.

CodeRabbit-Style Code Reviewer

A new code-reviewer agent that uses the teammate messaging pattern with parallel sub-agents to perform structured code reviews, similar to CodeRabbit.

  • Spawns per-file file-reviewer sub-agents that run in parallel
  • File reviewers share cross-cutting findings with each other via teammate messaging, so discoveries in one file inform reviews of related files
  • New file-reviewer agent designed for single-file review, used by the code-reviewer orchestrator

Upgraded Sisyphus Agent

The Sisyphus orchestrator agent has been significantly upgraded to leverage the new parallelization system:

  • Now uses the built-in sub-agent spawning system to delegate to explore, coder, and oracle agents in parallel
  • Integrated DuckDuckGo web search MCP server for answering user queries
  • Improved token efficiency when delegating to the coder agent
  • Uses built-in user interaction tools instead of custom bash-based tools
  • Explicit delegation to the coder agent for any code-writing tasks

Feat

  • Built-in user interaction tools (user__ask, user__confirm, user__input, user__checkbox). Always-available tools for agents to interactively prompt users, with themed rendering and escalation support for sub-agents
  • DuckDuckGo search MCP server: Added as a built-in MCP server for web search capabilities alongside existing tools
  • Web search support added to the sisyphus, explore, and oracle agents
  • todo__clear function and .clear todo REPL command for resetting the todo list when agent direction changes significantly
  • Themed inquire prompts in the REPL with custom theme support
  • Custom response option for multiple-choice prompts when none of the options suit the user's needs
  • Configurable escalation_timeout for sub-agent user input (defaults to 5 minutes)
  • Improved MCP server lifecycle management — modifies existing config in-place rather than stopping and re-initializing all servers on context switches
  • Available tools now surfaced in prompts for sisyphus, coder, and code-reviewer agent families
  • Added GPT-5.2, Claude 4.6, and Gemini 3.1 Pro Preview to supported models

Fix

  • Do not inject tools when models don't support function calling; conflict detected before API calls happen
  • Fixed Claude code system prompt injection to produce valid requests
  • Secrets injection regex no longer greedily matches across newlines, fixing MCP server secret interpolation
  • Secrets injection now skips commented-out lines in YAML configs
  • Sub-agent stdout/stderr output improved for user visibility
  • Orphaned sub-agents cleaned up when parent agent exits
  • Agent delegation tools correctly passed into {{__tools__}} placeholder
  • Path normalization fix for oracle and explore agents
  • Coder agent no longer creates absolute paths from the current directory
  • Coder agent now outputs a summary so the parent Sisyphus agent knows the outcome
  • REPL .authenticate command works from within sessions, agents, and roles with pre-configured models
  • Agent variables correctly injected into environment variables for global tool calls
  • Removed top_p parameter from some agents for cross-provider compatibility
  • Fixed supervisor and todo built-in errors with OpenAI models
  • Recursion bug with similarly named Bash search functions in the explore agent
  • Updated Atlassian MCP server endpoint to account for future deprecation

Refactor

  • OAuth module made generic to support both loopback and manual OAuth flows
  • Default Sisyphus session name changed to temp to require explicit naming for saved sessions
  • Removed deprecated agent functions from .shared/utils.sh

Docs

  • Comprehensive documentation for the sub-agent spawning system, teammate messaging, user interaction tools, and escalation
  • CodeRabbit-style code reviewer and file-reviewer agent documentation
  • Gemini OAuth documentation with unverified app walkthrough
  • Authorship policy and PR template requiring disclosure of AI assistance
  • Updated MCP server docs for DuckDuckGo search

Build

  • Upgraded to the most recent version of the inquire and rmcp crates

AI Disclosure

Claude was used to assist with the implementation of the OAuth flows for both Claude and Gemini, and to help diagnose issues with the sub-agent spawning system. All AI-generated code was thoroughly reviewed and tested by myself before being committed. This changelog was drafted with the assistance of Claude, then revised and edited by myself.

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 14 Feb 01:49

Highlights

This release is a major step forward for Loki, introducing a coordinated multi-agent system, a built-in task tracking framework, intelligent error recovery for tool invocations, and several new file exploration tools. It also includes a breaking dependency upgrade to G-Man that requires vault migration.


⚠️ BREAKING CHANGES — Please Read Before Upgrading!

Vault Migration Required (G-Man v0.3.0 Upgrade)

Loki now depends on G-Man v0.3.0, which contains a critical security fix for local vault encryption. In previous versions, the encryption key was being zeroized before it was used, meaning local vault secrets were effectively encrypted with an all-zeros key.

You must migrate your existing vault before upgrading Loki. The migration process is:

  1. Before upgrading Loki, dump all your existing secrets from the vault:
    loki --list-secrets
    # Record/export all secret values you need to preserve
  2. Upgrade Loki to v0.2.0.
  3. Re-insert your secrets into the new vault:
    loki --set-secret <name> <value>

Note: If you use a cloud secret provider (AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager), your secrets were always handled by those platforms' own encryption and are unaffected. This only impacts the local vault provider.


✨ New Features

🏗️ Sisyphus Agent System

Loki now ships with a coordinated multi-agent system inspired by OpenCode, designed to make Loki function like Claude Code, Gemini CLI, Codex, or similar AI coding assistants.

  • Sisyphus — The main coordinator agent. Acts as the primary entry point for complex coding tasks, managing multi-step workflows and delegating to specialized sub-agents.
  • Oracle — A high-level architecture and design consultant. Handles complex debugging, tradeoff analysis, code review, and deep reasoning for ambiguous problems. Designed to be delegated to by Sisyphus when expert analysis is needed.
  • Explore — A codebase exploration specialist. Performs deep pattern matching, file system navigation, and context gathering. Read-only by design for safe investigation.
  • Coder — Updated to be more task-focused and work as a delegate of Sisyphus for direct implementation and file modifications.

📋 Built-in Task Tracking System (Todo System)

A new built-in task management system helps LLMs — especially smaller models — complete larger, multistep tasks without losing context.

  • Four built-in tools: todo__init, todo__add, todo__done, and todo__list give agents structured task planning and tracking capabilities.
  • Auto-Continuation: When enabled, Loki automatically prompts the model to continue working when incomplete tasks remain. The current todo state is injected into each continuation prompt, keeping the model focused on remaining work.
  • Configurable per agent: Control auto_continue, max_auto_continues, inject_todo_instructions, and continuation_prompt in each agent's config.yaml.
  • Loop detection: The system detects when a model's continuation response is identical to its previous response and stops automatically to prevent infinite loops.

See the Todo System Guide for full documentation.

🔄 Tool Invocation Error Recovery

Tool and MCP server invocations that error out no longer terminate execution. Instead:

  • Stderr is returned to the model when available, giving the LLM full visibility into what went wrong.
  • Automatic retry logic allows the model to learn from the error and try the invocation again, up to a configurable number of attempts.
  • Loop detection prevents the model from getting stuck in a cycle — both for individual repeated tool invocations and for chains of tool calls that repeat the same pattern.

🔍 New File Exploration Tools

Three new global tools provide more targeted, token-efficient file exploration:

  • fs_read — Controlled file reading with line-range support, reducing token usage compared to fs_cat for large files.
  • fs_grep — Search a file's contents for relevant lines, returning only matching context instead of the full file.
  • fs_glob — Pattern-based file discovery for targeted exploration of project structures.

🤖 Model Support

  • Gemini 3 Pro added to supported Vertex AI models.
  • Claude Opus 4.5 build support added.
  • Gemini 3+ thought signatures are now supported.

📚 RAG Source References

RAG search results now include source attribution, so the model can cite which files or URLs its answers came from.

  • __SOURCES__ placeholder: A new optional template variable that expands to a list of source file paths and URLs used to retrieve context. Use it in your rag_template alongside __CONTEXT__ and __INPUT__.
  • Per-chunk source annotation: Each chunk in __CONTEXT__ is now prefixed with a [Source: <path>] header, letting the model attribute specific information to specific documents.
  • Default template updated: The built-in RAG template now includes a <sources> section and instructs the model to cite sources when answering.

🔧 Agent Enhancements

  • Variable interpolation in conversation starters: Agent conversation starters now support the same {{variable}} interpolation syntax as instructions.
  • Agent-level guard bypass variables: Agent variables can now be defined to bypass guard protections for tool invocations, enabling more flexible agent routing.
  • Environment variable guard bypass: A new environment variable (AUTO_CONFIRM) lets users bypass guard operations in bash scripts, useful for agent routing workflows.
  • Jira Helper upgrade: Now uses the official Atlassian MCP server instead of the custom CLI-based tooling.

🐛 Bug Fixes

  • Claude tool calls with no arguments: Fixed an issue where Claude would provide an empty JSON object or error when a tool required no arguments or flags.
  • Agent variable passthrough: Fixed a bug where --agent-variable values were not being passed to agents correctly.
  • Auto-continuation after compression: Fixed auto-continuation to work correctly in agents after a session is compressed, provided there are still unfinished todo items.
  • Continuation prompt quality: Improved the continuation prompt to discourage the model from creating overly broad todo items.
  • Tool output redirection: fs_ls and fs_cat outputs now always redirect to $LLM_OUTPUT, including on errors.
  • Tool call error message typos: Fixed several typos in tool call error messages.

📖 Documentation

  • Todo System Guide: Comprehensive new documentation covering configuration, usage, best practices, and troubleshooting for the todo system.
  • Agent documentation: Updated to cover the new Sisyphus, Oracle, and Explore agents.
  • Tools documentation: Updated to document the new fs_read, fs_grep, and fs_glob tools.
  • CREDITS file: Created a CREDITS.md file documenting Loki's history and origins from the original AIChat project.
  • Default configuration example: Updated to include the new global functions and agent configurations.

🏗️ Build & Infrastructure

  • G-Man v0.3.0: Upgraded to address local vault encryption vulnerabilities (see Breaking Changes above).
  • Justfile: Added a justfile to streamline common development tasks.
  • Claude Opus 4.5: Added build support.

🎨 Style

  • Cleaned up an anyhow error message for consistency.

📋 Full Changelog

Type Description Commit
feat Created the Sisyphus agent (coordinator for Coder, Explore, Oracle) 6abe2c5
feat Created the Oracle agent for architecture and design decisions 03cfd59
feat Created the Explore agent for codebase exploration 3779b94
feat Updated the Coder agent for task-focused delegation by Sisyphus 4d7d5e5
feat Built-in task management system (Todo System) a935add
feat Tool invocation retry logic and chain loop detection d5e0728
feat Tool/MCP error handling — stderr returned to model 8a37a88
feat Created fs_read tool d4e0d48
feat Created fs_grep tool c7a2ec0
feat Created fs_glob tool 486001e
feat Agent-level variable guard bypass 07f23ba
feat Variable interpolation for conversation starters 8f66cac
feat Environment variable for guard bypass in bash scripts 66801b5
feat Gemini 3 Pro support (Vertex AI) f56ed7d
feat Gemini 3+ thought signatures 2eba530
feat RAG source references — __SOURCES__ placeholder and per-chunk source attribution
feat Official Atlassian MCP server for Jira Helper 621c904
build Upgraded G-Man to v0.3.0 (BREAKING — vault migration required) 0a40ddd
build Claude Opus 4.5 support 5cb8070
build Created justfile cdd8291
fix Claude tool calls with empty/no arguments 25c0885
fix Agent variable passthrough f2de196
fix Auto-continuation after session compression 70c2d41
fix Improved continuation prompt quality b11797e
fix fs_ls/fs_cat output redirection on errors f82c9af
fix Tool call error message typos d79e4b9
docs Todo System documentation d2e541c
docs Agent documentation updates (Sisyphus, Oracle, Explore) 4cfaa2d
docs Tools documentation (fs_read, fs_grep, fs_glo...
Read more