Skip to content

Vigils v0.1.27

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Jun 08:53
· 35 commits to main since this release
v0.1.27
7d8d204

Verifiable supply chain, and a firewall that finally classifies risk on real MCP servers.

Added

  • Build-provenance attestation for every release artifact. The CLI archives, desktop
    installers, and the extension zip now carry a cryptographic SLSA build-provenance attestation
    (via GitHub OIDC + Sigstore — no key to manage). Verify any download with
    gh attestation verify <file> --repo duncatzat/vigils: it confirms the artifact was built by the
    official CI from this repository, closing the "swapped/tampered release" gap that a checksum alone
    can't. See Installation.
  • Effect catalog — the tool-call firewall now classifies risk on real MCP servers. Until now the
    firewall inferred effects only from call arguments, so for third-party servers whose risk is
    implied by tool identity (a github create_issue, a fetch) it saw "no effects" and the heavy
    policy machinery idled. A built-in catalog now seeds baseline effects by identity for common servers
    (filesystem, github, fetch, git, brave-search, slack, postgres) — so what each tool actually does
    (file read/write, network, secret use, outbound message) is now visible in the audit ledger, and
    --enforce can gate on it. It's fail-safe by construction: the catalog only ever raises
    visibility/severity (never suppresses a real effect), and it does not change the default
    monitor posture — no new approval prompts.

中文

可验证的供应链,以及终于能对真实 MCP server 做风险分类的防火墙。

新增

  • 每个发布产物都带 build-provenance 证明。 CLI 压缩包、桌面安装包、扩展 zip 现在都附带密码学
    SLSA build-provenance 证明(经 GitHub OIDC + Sigstore,无需自管密钥)。用
    gh attestation verify <文件> --repo duncatzat/vigils 校验任一下载:确认产物由官方 CI 从本仓库构建,
    关闭"release 被替换/篡改"的缺口(单凭校验和无法关闭)。见安装
  • Effect 目录 —— tool-call 防火墙现在对真实 MCP server 做风险分类。 此前防火墙只从调用参数推断
    效应,故对那些风险由工具身份隐含的第三方 server(githubcreate_issuefetch)只看到
    "无效应",重型策略机器空转。现在内置目录按身份为常见 server(filesystem、github、fetch、git、
    brave-search、slack、postgres)预置 baseline 效应 —— 每个工具实际做什么(读写文件、网络、用 secret、
    对外发消息)现在都在审计账本可见,--enforce 可据此 gate。它结构性 fail-safe:目录只会抬高
    可见性/严重度(绝不掩盖真实效应),且不改默认 monitor 姿态 —— 不新增任何审批弹窗。

Downloads — which file do I want?

  • Desktop app (most users): the installer for your OS — Windows Vigils_*_x64-setup.exe (or .msi), macOS Vigils_*.dmg, Linux .AppImage / .deb / .rpm. Gives you the GUI: Activity Feed, Approval Queue, Server Registry.
  • CLI gateway (put Vigils in front of an AI agent — Claude Code / Codex / Cursor / Zed): vigils-cli-<platform> (contains vigil-hub + vigil-native-host). This is the MCP proxy your agent connects to.
  • Browser extension (guard pasting/typing secrets into AI web apps, Chrome MV3): vigils-chrome-extension.zip — unzip, then load unpacked at chrome://extensions.
  • The .sig and Vigils.app.tar.gz files are desktop auto-updater artifacts — you do not need to download them.

New here? Full setup & agent-integration guide: https://duncatzat.github.io/vigils

Early releases are unsigned; your OS may show a Gatekeeper / SmartScreen prompt on first run.

Apache-2.0 · https://vigils.ai · Full changelog

Assets 22
Loading