Skip to content

0.9.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Jun 14:33
· 156 commits to main since this release
v0.9.1
843ff64

This is a stabilization and trust-recovery release. It cuts the runtime-hardening
and packaging-correctness work that had accumulated on main since 0.9.0 into a
properly tagged, reproducible PyPI artifact. There are no new features and no breaking
changes — pip install --upgrade velune-cli is a safe, drop-in update.

Security

  • Windows PATH-hijack guard now enforced. _is_trusted_path previously returned
    True unconditionally on Windows, so a malicious binary planted earlier in PATH
    would be executed. The resolved binary must now live under a system/program-install
    root, the interpreter's own environment, or a workspace venv — matching the existing
    POSIX behavior. (velune/execution/command_spec.py)
  • Interpreter inline-code execution blocked. Allowlisted interpreters could run
    arbitrary program text with no approval gate (python -c …, node -e/--eval/-p …,
    including Python short-flag clusters like -Ic). These flags are now rejected;
    running a file is still permitted, and agent-authored files must pass the
    DiffPreview write-approval flow before they can be run.
  • Execution-model documentation corrected for honesty. SECURITY.md and
    docs/THREAT_MODEL.md now describe the execution layer as a managed, resource-limited
    execution environment     — explicitly not an OS-level sandbox — and document the
    residual risk (allowlisted interpreters/build tools run workspace files as the user)
    plus the OS-isolation roadmap. README's architecture label updated accordingly.
  • Added Bandit static analysis to CI (gates on medium+ severity) and gitleaks secret scanning.
  • Resolved Bandit high/medium findings: marked the non-cryptographic workspace-slug SHA-1 with usedforsecurity=False, and gave the Ollama HTTP client a bounded default timeout (60s, 5s connect) so non-streaming calls cannot hang indefinitely.

Fixed

  • Subprocess pipe-buffer deadlock in the execution sandbox. SubprocessSandbox.execute
    read child output via communicate() only after the poll loop saw the process exit.
    A child that wrote more than the OS pipe capacity (~64 KiB) blocked on write(), never
    exited, and was killed as a false timeout with all output lost — affecting any normal
    test run, verbose build, or pip install. Both pipes are now drained concurrently on
    dedicated threads while the process runs, into a per-stream memory-bounded buffer
    (default 10 MiB, configurable via max_output_bytes). This removes the deadlock, bounds
    parent memory against runaway producers, and preserves partial output on timeout.
    (velune/execution/sandbox.py)

Added

  • velune doctor runtime path-safety check. A new Security-category diagnostic resolves
    each allowlisted executable via the same shutil.which lookup the sandbox uses and
    validates it against the real _is_trusted_path guard, surfacing any tool that resolves
    to an untrusted location (PATH-hijack candidate or non-standard install the sandbox will
    refuse to run). Makes the PATH-hijack guarantee observable rather than silent.
    (velune/cli/commands/doctor.py)

Changed

  • CI test matrix expanded to Ubuntu / Windows / macOS × Python 3.11 / 3.12 / 3.13.
  • Release pipeline now publishes to PyPI via OIDC trusted publishing (no long-lived token); removed the continue-on-error that silently swallowed failed publishes.
  • Release & CI builds are now reproducible (SOURCE_DATE_EPOCH pinned to the commit, [tool.hatch.build] reproducible = true) and validated with twine check --strict.
  • Release pipeline now asserts the git tag matches velune.__version__ before building, so a mistagged release fails fast.
  • Coverage reporting made honest: shrank the omit list from ~70 modules to only un-unit-testable surfaces (TTY/daemon/live-network/optional-native). Full-codebase coverage is now measured (~21%) with a CI floor of 20%.
  • Migrated the event-bus Event model from Pydantic v1 class Config to ConfigDict (removes a deprecation warning, forward-compatible with Pydantic v3).
  • Dependabot now groups minor/patch bumps into single PRs and uses the correct GitHub reviewer handle.

Added

  • New CI build + install-smoke jobs: reproducible build, strict metadata validation, pure-python wheel assertion, and a cross-platform (Ubuntu/Windows/macOS × Py 3.11/3.13) wheel-install + velune --version/--help REPL smoke test.
  • Python 3.13 classifier, Typing :: Typed classifier, and a Documentation project URL in pyproject.toml.
  • Unit tests for execution/validator.py (16% → 90% coverage).
  • CLI Design Modernization — Comprehensive frontend redesign for professional appearance
    • Modern startup banner with clean, spacious layout
    • Refined REPL prompt with sophisticated color palette (blue primary + gold accent)
    • Simplified prompt display: only shows context bar when >40% full
    • Updated error rendering with cleaner panel formatting
    • Enhanced theme colors with semantic tokens (muted, accent)
    • Better visual hierarchy throughout terminal interface
Assets 4
Loading