fast-puppy v0.4.1

Same contents as the intended 0.4.0 release — re-cut as 0.4.1 because PyPI had burned the 0.4.0 filename from a prior deleted upload.

Permission system hardening

• Fail closed in file-permission dispatch — a registered handler that crashed or denied no longer lets the operation through (no-handlers still allows).
• Sub-agent-safe guards — destructive-command and force-push guards gate on a shared can_prompt_user() (interactive TTY and not a sub-agent); sub-agents are hard-blocked instead of grabbing stdin.
• No more double prompts — in interactive non-yolo mode the guards warn and defer approval to the single built-in shell confirmation gate.
• Session approval memory — new "Approve & don't ask again this session" choice for shell commands.
• Protected-path file policy — .env, SSH keys, credentials, etc. always require explicit approval (even in yolo) and are denied non-interactively. Configurable via protected_path_patterns.
• Resilient shell-safety assessor handling — a persistently-unavailable assessor is hard-blocked after repeated consecutive failures instead of silently allowing commands at a high permission level.
• Hardened the file-permission feedback thread-local against stale leaks.

Platform

• Requires Python 3.14; typing modernized (PEP 585/604) and hot-path performance fixes.

Published to PyPI via Trusted Publishing.