v0.6.0
Coyote v0.6.0
This release introduces a brand-new Skills system and a fully generalized secrets / vault backend that supports remote secret providers (AWS, GCP, Azure, gopass, 1Password) in addition to the local vault — alongside a host of agent, graph, and reliability improvements.
Important
⚠️ Before you upgrade: migrate your vault (ignore if you've already done this in v0.2.0 or later)
This release ships a newer version of gman (0.4.1 → 0.5.0) that no longer supports the previous cryptographically-insecure local vault encryption mechanism. gman 0.4.1 added temporary migration logic to allow users to still decrypt their old vaults using the previous encryption mechanism, but gman 0.5.0 removes that old logic and exclusively uses the more cryptographically-secure implementation.
This means that any local vaults that have not been migrated will no longer work after upgrading.
If you have not already migrated, you must do so before upgrading. Migration means:
- Dump your secrets out of Coyote,
- Upgrade to the latest version,
- Add all of your local secrets back so they use the new encryption status.
Full, step-by-step migration instructions are in the v0.2.0 release notes. If you have not migrated yet, follow those instructions first, then come back and upgrade.
Important
📦 Reinstall the updated built-in assets
This release updates and modifies several built-in assets. After upgrading, reinstall them with the .install REPL command or the coyote --install CLI flag for every asset category:
coyote --install agents
coyote --install macros
coyote --install skills
coyote --install functions
coyote --install mcp_configOr, from within the REPL:
.install agents
.install macros
.install skills
.install functions
.install mcp_config
Reinstalling overwrites the bundled assets with this release's versions. The skills category is new in this release, and the mcp_config, agents, macros, and functions assets have all been updated.
✨ Highlights
🧠 Skills — modular, loadable knowledge & capability packs
Skills are modular knowledge or capability packs the LLM can load and unload mid-conversation, dynamically bringing their instructions, tools, and MCP servers into scope only when needed. They persist to disk like agents, are name-validated everywhere, and ship with a set of built-ins.
- New skill registry and skill module, with skills persisted to disk (like agents) rather than held in-memory (like built-in roles).
- Skills policy that tracks the available skills per context, with
visible_skills(the universe of allowable skills) andenabled_skills(the default-available set) configurable globally and per role/agent/session/LLM node. - Built-in functions for listing, loading, and unloading skills, with dynamic loading/unloading of a skill's tools and MCP servers whenever
load_skill/unload_skillis invoked. - A set of auto built-in skills:
ai-slop-remover,code-review,delegation-protocol,frontend-ui-ux,git-master,oracle-protocol,parallel-research, andverification-gates. --skillCLI flag (repeatable) to start the REPL or a CLI run with one or more skills pre-loaded.- REPL integration:
.edit skill <name>support,setcommands for toggling skills and changing which skills are enabled, andskills_diradded to Coyote'sinfooutput. auto_unloadskills that release their scope automatically during chat.- Skill hint injection: an optional, configurable prompt hint (
inject_skill_instructions/skill_instructions) that points the model atskill__listwhenever skills are enabled in the current context. - LLM graph nodes now support skills, and the Sisyphus agent family was refactored to use the skills system for improved performance and reliability — including delegating significant code changes to the code-reviewer agent (a "reflexion"-style pass).
enabled_skillsaccepts both YAML list and comma-separated string formats.- Skills require
function_calling_support: trueto function.
🔐 Generalized secrets / vault providers
Coyote's vault logic was refactored to be generic over a SupportedProvider, so you can store and resolve {{SECRET}} templates against a variety of backends — not just the local encrypted vault.
- Generalized
gmanusage to work with multiple vault providers via theSupportedProviderenum directly in configuration. - Supported providers: Local, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, gopass, and 1Password.
- New first-time-run wizard for choosing and configuring a secrets provider.
- Round-trip validation for vault providers to verify permissions and authentication up front (with provider-specific guidance, e.g.
aws sso login/aws configurefor AWS). - Shorthand: setting
vault_password_file(or nothing at all) selects the localgmanprovider; settingsecrets_providerexplicitly takes precedence. - Config secrets stored in remote vaults are now usable during config interpolation, because the secrets-provider configuration is cloned when bootstrapping the app config.
- Upgraded to gman 0.5.0 (see the migration note above).
🛠️ Tooling, agents & reliability
fs_grepnow works with both files and directories.execute_commandno longer mangles heredocs; the coder and Sisyphus agents are now explicitly instructed to preferfs_write/fs_patchoverexecute_commandfor writing files.- Improved explore agent and improved code-reviewer agents (now skills-aware).
- Fallthrough on missing secrets during
mcp.jsonmerging. - Upgraded to the latest version of
mcp-remote. enabled_toolsandenabled_mcp_serversnow accept both CSV and YAML-list formats.
🐛 Notable fixes
- Fixed a greedy secrets regex that caused multiple secrets on a single line to fail, and stopped interpolating a line when any error occurs.
- Azure Key Vault: handle the fact that Azure doesn't support underscores in key-vault secret names; vault round-trip tests now use characters supported by all major providers.
init_barenow loads only the provisionedsecret_providerfrom the config without interpolating the rest of the file, failing only when no config exists (i.e. a genuine first run).- Hardened skill handling: path/name validation everywhere (including
has_skillandlist_skills) to prevent side-channel attacks, fixed a privilege leak when unloading skills left tool scope untouched, fixed tool filtering for skills and user functions in agents, and correctedeffective_policyoverwriting skill values for role-like structs. - Redirect guard
stderrinto the user's/dev/tty; set-euo pipefailfor the temporaryexecute_command.shscript. - Disabled skills for specific built-in roles where they don't apply.
AI Use Disclosure
The above release notes were created by Claude Opus 4.8 and reviewed and revised by myself, @Dark-Alex-17.
All code (the gman refactor, the new skills system, agent and skill rewrites, built-in tool fixes) was
first designed by myself and tested out with simple POCs. AI was used to do the implementation step-by-step with myself
intervening between each step to review, sometimes write more complex code manually (because I don't trust it), and make
changes and catch bugs.
All bugs that emerge as part of this release and any new code added are fully my responsibility
and fully created by myself.
Every line of code written was thoroughly reviewed, tested, and devised by myself prior to any commit.
Models used:
- Claude (Opus and Sonnet)
- OpenAI (GPT 5.4)
- Ollama (Gemma4, Phi4, Qwen3, llama3.3)
- Mistral (Codestral and Devstral)
- Gemini (3.1-pro-preview)