settlemesh 0.1.91
Security fix release (audit #42, HIGH).
worker lend / worker start --kind command now fail closed when the host has no filesystem-confining sandbox backend. Previously, on Linux without bubblewrap (user namespaces disabled), a lent coding agent or command could run with no filesystem/network confinement behind only a one-line stderr warning — its injected login credential and the lender's files (~/.ssh, ~/.aws) were reachable and could be returned to the caller via the job result.
Now:
- Registration is refused when no
sandbox-exec(macOS) /bwrapwith user namespaces (Linux) backend is available. - A credential-injecting job is refused at exec time unless confinement is in place — credentials never touch disk unconfined.
- The only opt-out is the explicit, at-your-own-risk
--i-accept-no-sandboxflag.
Install / upgrade:
npm install -g settlemesh@latest
The npm tarball bundles all six static binaries; these release assets are a download fallback.