Skip to content

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 05 Jun 21:40

Coyote v0.6.0

This release introduces a brand-new Skills system and a fully generalized secrets / vault backend that supports remote secret providers (AWS, GCP, Azure, gopass, 1Password) in addition to the local vault — alongside a host of agent, graph, and reliability improvements.

Important

⚠️ Before you upgrade: migrate your vault (ignore if you've already done this in v0.2.0 or later)

This release ships a newer version of gman (0.4.1 → 0.5.0) that no longer supports the previous cryptographically-insecure local vault encryption mechanism. gman 0.4.1 added temporary migration logic to allow users to still decrypt their old vaults using the previous encryption mechanism, but gman 0.5.0 removes that old logic and exclusively uses the more cryptographically-secure implementation.

This means that any local vaults that have not been migrated will no longer work after upgrading.

If you have not already migrated, you must do so before upgrading. Migration means:

  1. Dump your secrets out of Coyote,
  2. Upgrade to the latest version,
  3. Add all of your local secrets back so they use the new encryption status.

Full, step-by-step migration instructions are in the v0.2.0 release notes. If you have not migrated yet, follow those instructions first, then come back and upgrade.

Important

📦 Reinstall the updated built-in assets

This release updates and modifies several built-in assets. After upgrading, reinstall them with the .install REPL command or the coyote --install CLI flag for every asset category:

coyote --install agents
coyote --install macros
coyote --install skills
coyote --install functions
coyote --install mcp_config

Or, from within the REPL:

.install agents
.install macros
.install skills
.install functions
.install mcp_config

Reinstalling overwrites the bundled assets with this release's versions. The skills category is new in this release, and the mcp_config, agents, macros, and functions assets have all been updated.


✨ Highlights

🧠 Skills — modular, loadable knowledge & capability packs

Skills are modular knowledge or capability packs the LLM can load and unload mid-conversation, dynamically bringing their instructions, tools, and MCP servers into scope only when needed. They persist to disk like agents, are name-validated everywhere, and ship with a set of built-ins.

  • New skill registry and skill module, with skills persisted to disk (like agents) rather than held in-memory (like built-in roles).
  • Skills policy that tracks the available skills per context, with visible_skills (the universe of allowable skills) and enabled_skills (the default-available set) configurable globally and per role/agent/session/LLM node.
  • Built-in functions for listing, loading, and unloading skills, with dynamic loading/unloading of a skill's tools and MCP servers whenever load_skill/unload_skill is invoked.
  • A set of auto built-in skills: ai-slop-remover, code-review, delegation-protocol, frontend-ui-ux, git-master, oracle-protocol, parallel-research, and verification-gates.
  • --skill CLI flag (repeatable) to start the REPL or a CLI run with one or more skills pre-loaded.
  • REPL integration: .edit skill <name> support, set commands for toggling skills and changing which skills are enabled, and skills_dir added to Coyote's info output.
  • auto_unload skills that release their scope automatically during chat.
  • Skill hint injection: an optional, configurable prompt hint (inject_skill_instructions / skill_instructions) that points the model at skill__list whenever skills are enabled in the current context.
  • LLM graph nodes now support skills, and the Sisyphus agent family was refactored to use the skills system for improved performance and reliability — including delegating significant code changes to the code-reviewer agent (a "reflexion"-style pass).
  • enabled_skills accepts both YAML list and comma-separated string formats.
  • Skills require function_calling_support: true to function.

🔐 Generalized secrets / vault providers

Coyote's vault logic was refactored to be generic over a SupportedProvider, so you can store and resolve {{SECRET}} templates against a variety of backends — not just the local encrypted vault.

  • Generalized gman usage to work with multiple vault providers via the SupportedProvider enum directly in configuration.
  • Supported providers: Local, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, gopass, and 1Password.
  • New first-time-run wizard for choosing and configuring a secrets provider.
  • Round-trip validation for vault providers to verify permissions and authentication up front (with provider-specific guidance, e.g. aws sso login / aws configure for AWS).
  • Shorthand: setting vault_password_file (or nothing at all) selects the local gman provider; setting secrets_provider explicitly takes precedence.
  • Config secrets stored in remote vaults are now usable during config interpolation, because the secrets-provider configuration is cloned when bootstrapping the app config.
  • Upgraded to gman 0.5.0 (see the migration note above).

🛠️ Tooling, agents & reliability

  • fs_grep now works with both files and directories.
  • execute_command no longer mangles heredocs; the coder and Sisyphus agents are now explicitly instructed to prefer fs_write/fs_patch over execute_command for writing files.
  • Improved explore agent and improved code-reviewer agents (now skills-aware).
  • Fallthrough on missing secrets during mcp.json merging.
  • Upgraded to the latest version of mcp-remote.
  • enabled_tools and enabled_mcp_servers now accept both CSV and YAML-list formats.

🐛 Notable fixes

  • Fixed a greedy secrets regex that caused multiple secrets on a single line to fail, and stopped interpolating a line when any error occurs.
  • Azure Key Vault: handle the fact that Azure doesn't support underscores in key-vault secret names; vault round-trip tests now use characters supported by all major providers.
  • init_bare now loads only the provisioned secret_provider from the config without interpolating the rest of the file, failing only when no config exists (i.e. a genuine first run).
  • Hardened skill handling: path/name validation everywhere (including has_skill and list_skills) to prevent side-channel attacks, fixed a privilege leak when unloading skills left tool scope untouched, fixed tool filtering for skills and user functions in agents, and corrected effective_policy overwriting skill values for role-like structs.
  • Redirect guard stderr into the user's /dev/tty; set -euo pipefail for the temporary execute_command.sh script.
  • Disabled skills for specific built-in roles where they don't apply.

AI Use Disclosure

The above release notes were created by Claude Opus 4.8 and reviewed and revised by myself, @Dark-Alex-17.

All code (the gman refactor, the new skills system, agent and skill rewrites, built-in tool fixes) was
first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself
intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make
changes and catch bugs.

All bugs that emerge as part of this release and any new code added are fully my responsibility
and fully created by myself.

Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.

Models used:

  • Claude (Opus and Sonnet)
  • OpenAI (GPT 5.4)
  • Ollama (Gemma4, Phi4, Qwen3, llama3.3)
  • Mistral (Codestral and Devstral)
  • Gemini (3.1-pro-preview)