You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Release provenance attestations. Release archive builds now generate GitHub artifact attestations with job-scoped OIDC and attestation permissions, while release publishing keeps write access isolated to the release job.
Fixed
Markdown import scanner performance. Avoided repeated prefix rescans when extracting @import references from large non-code spans, keeping dense-at-sign inputs linear while preserving UTF-8 behavior.
Rule suppression config warnings. Recognized every shipped rule-prefix namespace in .agnix.toml validation, avoiding spurious core.config.unknown_rule warnings when disabling valid rules.
Windows checkout line endings. Added repository attributes that keep source files LF-normalized across platforms while preserving CRLF for Windows command and PowerShell scripts.
npm installer checksum verification. The npm postinstall downloader now verifies release archive SHA-256 sidecars before extraction, binds sidecar entries to the expected archive filename, streams archive hashing, and cleans temporary artifacts after failed installs.
Stale version references in documentation. Updated project instructions and configuration docs to consistently reference the current release version, so release guidance and user-facing docs match the published version.
Security follow-ups (closes #1149, #1150, #1154, #1155, #1156, #1157, #1158). Hardened MCP validation against handler panics and absolute-path disclosure, extended panic isolation to project-level checks, bound shell checksum parsing to the selected artifact filename, added VS Code release-download redirect host validation, corrected the YAML parser safety comment, and documented the remaining deprecated transitive serde_yaml dependency from rust-i18n.
CLI config and autofix safety followups (closes #1152, #1153, #1165, #1166, #1167). The CLI now fails non-zero when a discovered or explicitly passed .agnix.toml cannot be parsed instead of validating with defaults, skill frontmatter now reports duplicate top-level YAML keys instead of silently applying last-wins parsing, telemetry storage failures are logged at debug level, agnix-lsp initializes stderr tracing for startup/config-load visibility, bare agnix --fix / --dry-run now apply or preview only safe fixes unless --fix-unsafe is explicitly selected, and the rule-doc parity test now catches stale inline/table rule IDs such as the removed AS-010 and AS-014 references.