Skip to content

v0.10.0 — Agent Trust Surface

Choose a tag to compare

@Mickdownunder Mickdownunder released this 02 Jul 19:51

Added

Agent Trust Surface — SafeInstall now protects the files that program your AI agent and configure SafeInstall itself: safeinstall.config.json, the agent hook configs, AGENTS.md/CLAUDE.md/rules files, and .mcp.json. In the agent era these are the persistence surface — whoever edits them owns the next session.

safeinstall trust lock records a hash baseline; SafeInstall reconciles against it before guard decisions and every install/check. Three zones with proportionate responses: enforcement drift locks down, hidden Unicode (Trojan Source, incl. U+061C) always blocks, MCP drift and unpinned (rug-pull) servers block installs.

New commands: trust lock [--mode warn|strict] [--ci github], trust status [--require-lock] (read-only, exit 2 on drift), trust approve (human-gated), trust unlock (human-gated).

CI is the durable anchor. trust lock --ci github scaffolds a workflow that re-verifies the committed baseline on every pull request, with the CLI pinned to an exact version — tampering done on a compromised local machine does not survive review. For it to enforce, make it a required status check and require review of .safeinstall/ (CODEOWNERS).

Honest scope

Locally this is tamper-evident against mistakes and non-targeted tampering, not tamper-proof against a scheme-aware agent in your own account. The durable guarantee is CI re-verification of the committed lock on a machine the agent does not control.

Full changelog: https://github.com/Mickdownunder/SafeInstall/blob/main/CHANGELOG.md