Skip to content

v0.1.1 — Security & Polish

Choose a tag to compare

@bobbyjohnstx bobbyjohnstx released this 26 Jun 17:07

tinycode v0.1.1

Security fixes, new features, and release readiness polish.

Security

  • Timing-safe password comparison (crypto.timingSafeEqual)
  • Command injection prevention in pdftotext and omt tools (execFileSync)
  • Security headers middleware (X-Frame-Options, Referrer-Policy, Permissions-Policy)
  • Auth token query parameter deprecation warning
  • Provider filter fix — enabled_providers/disabled_providers now apply to locally-discovered providers
  • Dependency updates: ws 8.21.0 (DoS fix), dompurify 3.4.11 (XSS bypass fixes)

Added

  • Mock LLM provider for deterministic testing (ProviderTest.fake({ scenarios }))
  • Plugin lifecycle hooks: session.start, session.end, session.switch, session.model.change
  • Session export to HTML (tinycode export --format html)
  • Session tree sidebar in TUI (<leader>b)
  • CI workflow (lint, typecheck, test on PRs)
  • Dependency audit CI (daily bun audit)
  • CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md, CHANGELOG.md
  • Issue/PR templates, CODEOWNERS, Dependabot

Fixed

  • Removed dead omt LSP stub tools
  • Fixed 6 failing tests (TUI sync, help snapshots, provider filter, CORS)
  • Updated README with accurate agent/skill lists, badges, ecosystem details

Full changelog

v0.1.0...v0.1.1