Skip to content

v0.3.0 - Major UX & Security Improvements

Choose a tag to compare

View all tags
@tenequm tenequm released this 16 Feb 10:23
· 3 commits to main since this release
v0.3.0
2a01dc7
This commit was signed with the committer’s verified signature.
tenequm Misha Kolesnik
SSH Key Fingerprint: x6eNag9noXUTzjdPHtRxApRJn5xk14WzOJ28I2uVGiQ
Verified
Learn about vigilant mode.

v0.3.0 - Major UX & Security Improvements

🎯 Highlights

  • Context-aware info command - Auto-discovers agent-registration.json without needing network/mint args
  • Critical security fix - Keypairs created with mode 0o600 (owner-only permissions)
  • Friendly error messages - No SDK stack traces, actionable recovery steps
  • Type-safe codebase - Eliminated all any types with proper interfaces
  • ERC-8004 compliance - Best-practices integration via git submodule

🔒 Security

  • File permissions: Keypairs created with mode 0o600 (owner-only read/write)
  • Better address validation: Friendly errors with examples instead of SDK stack traces
  • Existing keypair warning: Prevents accidental overwrites during init
  • IPFS privacy warning: Clear notice before uploading permanent public data

✨ Features

  • Info command auto-discovery: Reads agent-registration.json in current directory
  • Flexible agent ID formats: Accepts both CAIP-2 (solana:...:mint) and mint-only formats
  • Clear update vs create distinction: Explicit messaging when updating existing agents
  • Improved error messages: Shows recovery steps (e.g., "Run pnpm cli init first")
  • Comprehensive template: agent-registration.jsonc with 230+ lines of inline comments

🛠️ Technical Improvements

  • Full type safety: Proper interfaces in src/lib/types.ts (no any types)
  • SDK error wrapping: Catches and wraps all SDK errors with friendly messages
  • Best-practices submodule: Git submodule at docs/best-practices/ for updateability
  • Code quality enforcement: pnpm check mandatory (0 errors, 0 warnings)
  • Solana SDK migration: @solana/kit 5.x exclusively (no web3.js v1 legacy)

📦 Dependencies

  • Added @solana-program/system dependency (fixes fresh install crashes)
  • Updated to @solana/kit 5.x for modular web3.js v2 architecture
  • All peer dependencies aligned

🐛 Bug Fixes

  • Fixed undefined registeredMint variable in publish success message
  • Fixed file permissions (was 0o664, now 0o600)
  • Fixed invalid address error handling (friendly messages instead of stack traces)
  • Fixed missing dependency causing crashes on fresh installs

📊 Test Results

Multi-persona testing with 3 independent reviewers:

  • Hackathon dev: 7.5/10 → Critical security fix is "GAME CHANGER"
  • Security audit: 4.5/10 → 8/10 → File permissions verified (600 not 664)
  • Fresh user: 9.5/10 → "Would hack with again"

All critical blockers resolved. pnpm check passes with 0 errors, 0 warnings.

Full Changelog: v0.2.1...v0.3.0

Install: npm install -g create-sati-agent@0.3.0

Quickstart:

npx create-sati-agent init
# Edit agent-registration.json
npx create-sati-agent publish
Assets 2
Loading