Skip to content

Releases: Surya-Hariharan/Velune-CLI

0.9.3.4

26 Jun 10:29
@Surya-Hariharan Surya-Hariharan
v0.9.3.4
4300688

Choose a tag to compare

View all tags
0.9.3.4 Latest
Latest

Release 0.9.3.4 — see docs/CHANGELOG.md for details.

Assets 4
Loading

0.9.3.3

26 Jun 07:17
@github-actions github-actions
v0.9.3.3
eee9292

Choose a tag to compare

View all tags
0.9.3.3

Release 0.9.3.3 — see docs/CHANGELOG.md for details.

Loading

0.9.3.1

25 Jun 16:14
@github-actions github-actions
v0.9.3.1
d425ab1

Choose a tag to compare

View all tags
0.9.3.1

v0.9.3.1 — Formatter Hotfix

Patch release to unblock the CI/CD pipeline.

What changed

Fixed two ruff format violations in velune/cli/repl.py — two console.print() calls were split across multiple lines but fit within the 100-character line limit; ruff collapses them to single lines.
Why a new tag instead of rewriting v0.9.3
v0.9.3 was already published. This patch carries the same features and fixes as v0.9.3 with no functional difference.

Upgrade

pip install --upgrade velune

Loading

0.9.3-beta.1

23 Jun 18:25
@github-actions github-actions
v0.9.3-beta.1
db6c9c8

Choose a tag to compare

View all tags
0.9.3-beta.1 Pre-release
Pre-release

Pre-release. This beta introduces a re-architected startup path and an
explicit, user-driven cognition model. See the Migration Notes below before
upgrading from 0.9.x.

Changed — Startup architecture

  • Instant startup with explicit, on-demand cognition. The REPL no longer
    runs automatic repository cognition (indexing) on launch. The CLI opens
    immediately; you connect a model, open a project, and run cognition only when
    you ask for it. (velune/cli/repl.py, velune/repository/cognition.py)
  • New startup flow: velune → CLI opens instantly → connect model →
    open project → run cognition.

Added — Workspace, model & cognition commands

  • Workspace management via /project
    (open <path> · close · status · list · add <path>). Recently-opened
    workspaces are remembered so the picker can reopen them instantly.
    (velune/cli/workspaces.py, velune/cli/slash_dispatcher.py)
  • Model registry + local model discovery via /model
    (discover · connect <id> · use <id> · list · status ·
    remove <id>). /model discover finds locally available models (e.g. Ollama).
  • Manual cognition via /cognition
    (quick · standard · deep · status · init · cancel · rebuild).
    quick scans manifests only; standard/deep build a full symbol index.

Removed

  • Automatic repository cognition on startup. Indexing is now opt-in through
    the /cognition command. This is the headline behavior change in this release.

Performance

  • Startup no longer blocks on indexing or a second model-reachability probe;
    cognition cost is paid only when explicitly requested.

Migration Notes

  • Indexing is no longer automatic. After opening a project, run
    /cognition standard (or quick/deep) to build the symbol index that
    earlier versions built silently at launch.
  • Connect a model explicitly. Use /model discover then
    /model connect <id> (or /model use <id>) before running cognition or chat.
Loading

0.9.2

23 Jun 13:39
@github-actions github-actions
v0.9.2
7c432ec

Choose a tag to compare

View all tags
0.9.2

Changed — Packaging (lean install)

  • Lean default install. Heavy/compiled dependencies are moved out of the
    base install into opt-in extras so pip install velune-cli resolves fast and
    cleanly on every platform. Core dependencies dropped from ~38 to 21 with no
    heavy compiled wheels. New extras: [rag] (lancedb, pyarrow, qdrant-client),
    [parsing] (tree-sitter grammars), [telemetry] (opentelemetry), [git]
    (gitpython); [all] aggregates everything. Every gated feature degrades
    gracefully when its extra is absent (e.g. semantic search becomes a no-op
    while lexical search and chat keep working). (pyproject.toml)

Changed — Startup performance

  • velune --version is now near-instant (~1.6s → ~0.04s). The console
    script entry point is velune.main:main, which fast-paths --version
    without importing the command graph or runtime. The Typer app is built
    lazily instead of at import time. (velune/main.py, velune/cli/app.py)
  • velune <cmd> --help no longer bootstraps the runtime (~3.9s → ~1.6s):
    the root callback skips full-subsystem initialization when help is requested.
  • Removed a redundant second Ollama reachability probe on REPL startup.

Fixed

  • First run with no providers and a non-interactive stdin now prints the
    velune setup hint and exits cleanly instead of blocking on a confirmation
    prompt or entering an unusable REPL. (velune/cli/app.py)
  • The llama-cpp-python adapter error message no longer references the removed
    [llamacpp] extra. (velune/providers/adapters/llamacpp.py)
  • MANIFEST.in now references the correct docs/CHANGELOG.md path.

Added — Quality

  • Test suite wired into CI. The pytest suite (350 tests) now runs in CI
    across {Linux, macOS, Windows} × {3.11, 3.13} and gates merges and releases;
    asyncio_mode = "auto" is configured under [tool.pytest.ini_options].
  • README documents pipx install velune-cli, the python -m velune fallback,
    and the Windows PATH note for the "velune is not recognized" case.

Added — Providers

  • Cohere provider adapter — native Chat API with preamble/history conversion,
    streaming, and command-r-plus / command-r model catalog.
    (velune/providers/adapters/cohere.py)
  • DeepSeek provider adapter — OpenAI-compatible API at api.deepseek.com;
    supports DeepSeek-R1 and DeepSeek-Coder. (velune/providers/adapters/deepseek.py)
  • Mistral provider adapter — La Plateforme REST API; Mistral Large, Codestral,
    and Mixtral models. (velune/providers/adapters/mistral.py)
  • NVIDIA NIM provider adapter — OpenAI-compatible API at integrate.api.nvidia.com;
    hosts Llama, Mistral, and partner NIM models. (velune/providers/adapters/nvidia.py)

Added — Git Integration

  • GitHub and GitLab REST clientsvelune/integrations/github.py and
    gitlab.py implement push-branch, create-PR/MR, fetch-issue, and
    post-comment operations using each platform's REST API.
  • /push REPL command — pushes the current branch to origin (with optional
    --force). (velune/cli/slash_dispatcher.py)
  • /pr REPL command — creates a pull request (GitHub) or merge request
    (GitLab) for the current branch from inside the REPL.
  • /issue <number> REPL command — fetches a GitHub/GitLab issue by number
    and injects the title, body, and labels as conversation context.
  • /sandbox REPL command — shows the active sandbox type (subprocess or
    Docker) and its configuration status.

Added — Code Intelligence

  • velune/analysis/ package — code intelligence tools running locally without
    an LLM call:
    • linter.py — runs ruff / pyflakes and surfaces structured diagnostics.
    • refactor.py — detects code smells (long functions, deep nesting, high
      complexity) and returns ranked findings.
    • type_inferrer.py — suggests type annotations for unannotated function
      signatures using AST analysis.
    • symbol_search.py — fast symbol and definition lookup across the indexed workspace.
  • /lint [file] REPL command — lint a Python file and display Rich diagnostic output.
  • /refactor <file> REPL command — detect code smells with severity rankings.
  • /typify <file> REPL command — suggest type hints for unannotated functions.

Added — Declarative Plugin System

  • velune/plugins/declarative/ package — Markdown-based plugin manifests:
    declarative agents (agent.py), slash commands (command.py), skills
    (skill.py), and a filesystem scanner (scanner.py).
  • SKILL.md injection — plugins can ship a SKILL.md that is automatically
    appended to the council's system context when the plugin is active.
  • /plugin REPL command — list, enable, disable, and reload declarative
    plugins without restarting the session.
  • Lifecycle hook system (velune/hooks/) — a typed hook dispatcher and executor
    that fires pre_tool / post_tool events; plugins register handlers via
    their manifest.

Added — Background Service

  • velune/daemon/ package — a background Velune service (server.py) with
    an IPC transport (transport.py) and a client (client.py).
  • velune daemon start|stop|status CLI subcommands to manage the service.

Added — CLI Subcommands

  • velune workspace subcommand group — init, status, graph, list,
    open, remove. workspace graph renders an interactive dependency tree
    from velune/observability/workspace_graph.py.
  • velune session subcommand group — list, delete, export.
  • velune provider subcommand group — add, remove, test, list, status.
  • velune config subcommand group — get, set, show.
  • velune usage, velune quota, velune health commands for
    analytics and provider monitoring.
  • velune logs (alias for trace) — view or follow the execution event
    stream from the current workspace.
  • velune status (alias for context) — show index freshness, file counts,
    and cognitive-core record counts without starting the full runtime.
  • velune pipeline (alias for retrieval) — trace a retrieval query through
    the BM25 + vector + graph pipeline and show per-stage scores.
  • velune memory subcommand group — inspect, clear, compact.

Added — REPL Commands

  • /council <task> — force the full council tier regardless of task
    complexity classification.
  • /new [title] — start a fresh conversation while keeping project memory.
  • /project [name|path] — switch or manage project workspaces from within
    the REPL.
  • /bench [run] — view stored benchmark results or trigger a new empirical
    capability run.
  • /graph — render a hierarchical tree of knowledge graph entities for the
    current workspace.
  • /hunk — toggle hunk-by-hunk review mode; each proposed file edit is
    shown and approved individually before being applied.
  • /undo — revert the last Velune-generated git commit, leaving the changes
    staged for inspection.
  • /approve [safe|ask|block] — set the tool/command approval gate for the
    session.
  • /hooks — list all active lifecycle hooks and their configuration source.
  • /stats — show session statistics: tokens used, estimated cost, turn
    count, and uptime.
  • /history — show the REPL command execution history for the current session.
  • /pull [model-id] and /delete <model-id> — download or delete
    Ollama models from within the REPL with live progress output.
  • /mcp subcommands — servers, tools, resources, connect <name>,
    disconnect <name>, refresh <name> — inspect MCP connections without
    leaving the REPL.

Security

  • Isolated llama-cpp-python from the default install set to eliminate the
    diskcache ≤ 5.6.3 transitive vulnerability (unsafe pickle deserialization — no
    patched version exists). The [gguf] optional extra now installs only the
    gguf metadata library, which is unaffected. In-process GGUF inference is
    available via the new [llamacpp] extra (pip install 'velune-cli[llamacpp]'),
    which is deliberately excluded from [all]. pip-audit now reports
    no known vulnerabilities on a default install. (pyproject.toml,
    velune/providers/adapters/llamacpp.py)

Added

  • Intent reconstruction — new velune/cognition/intent.py with IntentClassifier
    and IntentType enum (EXPLAIN / GENERATE / REFACTOR / DEBUG / REVIEW / QUESTION / COMMAND).
    Zero-latency keyword + word-boundary scoring; wired into ContextOrchestrationEngine
    as Phase 0 on every prompt. (velune/cognition/intent.py)

  • Council pipelineCouncilRunner orchestrates the full planner → coder →
    reviewer → debate → synthesizer pipeline. Cycle exhaustion escalates REVISE to REJECT
    automatically. (velune/cognition/council_runner.py)

  • DebateSession — scores and ranks council proposals using challenger severity and
    reviewer decision; produces structured audit reports for the synthesizer.
    (velune/cognition/council/debate.py)

  • Multi-model role dispatchContextOrchestrationEngine.execute() routes requests
    through CouncilRunner when a CouncilAgentFactory is configured; degrades
    gracefully when no factory is present. (velune/orchestration/engine.py)

  • WebSocket MCP transportWebSocketConnection implements the MCPConnection
    contract over JSON-RPC 2.0 on ws:// and wss:// URLs, with SSRF URL validation,
    per-call timeout guards, and optional resource discovery.
    (velune/mcp/transports/websocket.py)

  • /doctor council panel — new "Council" category in velune doctor output shows
    role assignment coverage (roles → model IDs) or warnings for unmapped roles.
    (velune/cli/commands/doctor.py)

  • Async background tasks — long /run tasks no longer block the REPL prompt.

    • /run --bg <task> submits a task to the background and returns immediately.
    • The status bar shows ⚙ N bg whil...
Read more
Loading

0.9.1

21 Jun 14:33
@github-actions github-actions
v0.9.1
843ff64

Choose a tag to compare

View all tags
0.9.1

This is a stabilization and trust-recovery release. It cuts the runtime-hardening
and packaging-correctness work that had accumulated on main since 0.9.0 into a
properly tagged, reproducible PyPI artifact. There are no new features and no breaking
changes — pip install --upgrade velune-cli is a safe, drop-in update.

Security

  • Windows PATH-hijack guard now enforced. _is_trusted_path previously returned
    True unconditionally on Windows, so a malicious binary planted earlier in PATH
    would be executed. The resolved binary must now live under a system/program-install
    root, the interpreter's own environment, or a workspace venv — matching the existing
    POSIX behavior. (velune/execution/command_spec.py)
  • Interpreter inline-code execution blocked. Allowlisted interpreters could run
    arbitrary program text with no approval gate (python -c …, node -e/--eval/-p …,
    including Python short-flag clusters like -Ic). These flags are now rejected;
    running a file is still permitted, and agent-authored files must pass the
    DiffPreview write-approval flow before they can be run.
  • Execution-model documentation corrected for honesty. SECURITY.md and
    docs/THREAT_MODEL.md now describe the execution layer as a managed, resource-limited
    execution environment     — explicitly not an OS-level sandbox — and document the
    residual risk (allowlisted interpreters/build tools run workspace files as the user)
    plus the OS-isolation roadmap. README's architecture label updated accordingly.
  • Added Bandit static analysis to CI (gates on medium+ severity) and gitleaks secret scanning.
  • Resolved Bandit high/medium findings: marked the non-cryptographic workspace-slug SHA-1 with usedforsecurity=False, and gave the Ollama HTTP client a bounded default timeout (60s, 5s connect) so non-streaming calls cannot hang indefinitely.

Fixed

  • Subprocess pipe-buffer deadlock in the execution sandbox. SubprocessSandbox.execute
    read child output via communicate() only after the poll loop saw the process exit.
    A child that wrote more than the OS pipe capacity (~64 KiB) blocked on write(), never
    exited, and was killed as a false timeout with all output lost — affecting any normal
    test run, verbose build, or pip install. Both pipes are now drained concurrently on
    dedicated threads while the process runs, into a per-stream memory-bounded buffer
    (default 10 MiB, configurable via max_output_bytes). This removes the deadlock, bounds
    parent memory against runaway producers, and preserves partial output on timeout.
    (velune/execution/sandbox.py)

Added

  • velune doctor runtime path-safety check. A new Security-category diagnostic resolves
    each allowlisted executable via the same shutil.which lookup the sandbox uses and
    validates it against the real _is_trusted_path guard, surfacing any tool that resolves
    to an untrusted location (PATH-hijack candidate or non-standard install the sandbox will
    refuse to run). Makes the PATH-hijack guarantee observable rather than silent.
    (velune/cli/commands/doctor.py)

Changed

  • CI test matrix expanded to Ubuntu / Windows / macOS × Python 3.11 / 3.12 / 3.13.
  • Release pipeline now publishes to PyPI via OIDC trusted publishing (no long-lived token); removed the continue-on-error that silently swallowed failed publishes.
  • Release & CI builds are now reproducible (SOURCE_DATE_EPOCH pinned to the commit, [tool.hatch.build] reproducible = true) and validated with twine check --strict.
  • Release pipeline now asserts the git tag matches velune.__version__ before building, so a mistagged release fails fast.
  • Coverage reporting made honest: shrank the omit list from ~70 modules to only un-unit-testable surfaces (TTY/daemon/live-network/optional-native). Full-codebase coverage is now measured (~21%) with a CI floor of 20%.
  • Migrated the event-bus Event model from Pydantic v1 class Config to ConfigDict (removes a deprecation warning, forward-compatible with Pydantic v3).
  • Dependabot now groups minor/patch bumps into single PRs and uses the correct GitHub reviewer handle.

Added

  • New CI build + install-smoke jobs: reproducible build, strict metadata validation, pure-python wheel assertion, and a cross-platform (Ubuntu/Windows/macOS × Py 3.11/3.13) wheel-install + velune --version/--help REPL smoke test.
  • Python 3.13 classifier, Typing :: Typed classifier, and a Documentation project URL in pyproject.toml.
  • Unit tests for execution/validator.py (16% → 90% coverage).
  • CLI Design Modernization — Comprehensive frontend redesign for professional appearance
    • Modern startup banner with clean, spacious layout
    • Refined REPL prompt with sophisticated color palette (blue primary + gold accent)
    • Simplified prompt display: only shows context bar when >40% full
    • Updated error rendering with cleaner panel formatting
    • Enhanced theme colors with semantic tokens (muted, accent)
    • Better visual hierarchy throughout terminal interface
Loading

v0.9.0

12 Jun 19:05
@github-actions github-actions
v0.9.0
5f45f41

Choose a tag to compare

View all tags
v0.9.0

Security

  • Plugin sandbox status: Plugin sandbox remains unimplemented or disabled for standard CLI operations.
  • Removal of run_until_complete anti-pattern: Cleaned up all async loop management and centralized loop execution in entrypoint.py.
  • Security audit suite extension: Centralized static and runtime vulnerability controls.

Fixed

  • Fixed memory lifecycle shutdown duplication to prevent multiple DB closure errors.
  • Fixed Ollama context-window detection to correctly read local model metadata.

Changed

  • Consolidated AST parser logic into a unified syntax parsing layer.
  • Consolidated council orchestrators to streamline Planner/Coder/Reviewer loops.
  • Modernized CLI theme, refined color palettes, updated startup banner, and context trackers.
  • Reconciled documentation and cleaned up dead MCP CLI commands.

Removed

  • Removed superseded tests/ and scripts/ directories entirely from the repository.
Loading

Velune v0.5.0-beta

10 Jun 06:59
@Surya-Hariharan Surya-Hariharan
v0.5.0-beta
6be77c4

Choose a tag to compare

View all tags
Velune v0.5.0-beta Pre-release
Pre-release

Velune v0.5.0-beta

Public beta release — APIs and behaviours may change before the stable 1.0 line.

What's in this build

  • Terminal-first multi-model AI developer CLI
  • Council-based multi-agent orchestration
  • Persistent memory tiers (working, episodic, semantic)
  • Repository cognition and hybrid retrieval (BM25 + vector + graph)
  • Async runtime consolidated to a single asyncio.run() entry point
  • Path-traversal protection on all filesystem and git tools
  • gitpython-backed git tools (no raw subprocess for git operations)
  • Subprocess sandbox with resource limits

Known limitations (beta)

  • Some provider integrations are still in active development
  • Daemon IPC is functional but not yet hardened for production use

Installation

pip install velune-cli==0.5.0b1

Feedback and bug reports: https://github.com/Surya-Hariharan/Velune-CLI/issues

Loading