v0.2.2

A focused hardening release: a misbehaving plugin can no longer take down the whole agent.

Plugin sandbox (dirge-l6bf)

Janet plugins ran in the full default environment, which exposes os/exit — a direct call to C exit() that terminated the entire dirge process, bypassing the (try …) that already wraps every plugin hook, command, and tool. A single buggy or hostile plugin could quit the app out from under you.

os/exit, os/proc-kill, and os/sigaction are now rebound in the shared plugin environment to raise a catchable Janet error instead of terminating or signalling the host. Plugin errors are caught and surfaced as a [plugin] … errored notification exactly like any other plugin failure — dirge stays up. The worker side was already crash-safe (graceful eval timeouts, bounded shutdown join), so this closes the last way a plugin could crash the tool.

Plugin process-exec (os/spawn/os/shell) is intentionally left intact — it's a legitimate capability, not a crash vector.

Install: cargo install dirge-agent (binary: dirge). Cross-platform binaries are attached below.