Release Vigils v0.1.31 · duncatzat/vigils

Audit checkpoint anchoring — detect a full-chain rewrite of the tamper-evident ledger.

vigil-hub checkpoint and vigil-hub verify — external anchoring against full-chain rewrite.
The audit ledger's SHA-256 hash chain makes partial tampering evident, but an attacker with full
write access to the database could rewrite the entire chain consistently and still pass internal
verification (audit threat #7). vigil-hub checkpoint now records the current chain head into an
append-only sidecar (<ledger>.checkpoints) kept separate from the database; vigil-hub verify
checks chain-internal consistency and that every anchored head still matches — so a DB-only
full-chain rewrite is detected (while the checkpoint file is intact), exiting non-zero on any tamper.
Honest scope: this is not a tamper-proof guarantee against an attacker with full filesystem write
access — for that, keep the .checkpoints file append-only (chattr +a) or synced offsite;
verification reports Unanchored (never "verified") when no checkpoints exist. The embeddable
vigil-audit gains the CheckpointLog API. The existing hash-chain digest and verify_chain are
unchanged (purely additive). See
ADR 0020.

中文

审计 checkpoint 锚定 —— 检出防篡改账本的整链重写。

vigil-hub checkpoint 与 vigil-hub verify —— 对抗整链重写的外部锚定。 审计账本的 SHA-256
哈希链能让部分篡改可见,但持完整数据库写权限的攻击者可一致重写整条链并仍通过内部校验
(审计 threat #7)。vigil-hub checkpoint 现把当前链头记入一份与数据库分离的 append-only
sidecar(<ledger>.checkpoints);vigil-hub verify 同时校验链内一致性与每个锚点是否仍匹配
—— 只要 checkpoint 文件完好,仅改数据库的整链重写即被检出,发现任何篡改即非零退出。诚实边界:
这不是对持完整文件系统写权限者的 tamper-proof 保证 —— 为此请把 .checkpoints 设为
append-only(chattr +a)或异地同步;无锚点时校验报告 Unanchored(绝不报 "verified")。可嵌入的
vigil-audit 新增 CheckpointLog API。既有哈希链摘要与 verify_chain 不变(纯增量)。详见
ADR 0020。

setup --mcp --doctor 现在覆盖全部四个 agent 接入面。 这个只读的启动健康预检 —— 回答"wrap 之后,
每个 MCP server 的底层程序在本环境还能起来吗" —— 此前只查 Claude Code 的 server。现在一次过查 Claude
(user + 各项目)、Codex、Cursor、Windsurf,每行按 agent 标注。--doctor --probe 同样对四个面的 server
做真实 MCP 握手测试。它看穿 Vigil 的包裹 —— 检查的是底层程序(如 npx / uvx / python)而非
vigil-hub 自身。这直接回应 setup --all 后最常见的担忧:"wrap 之后我的工具是不是被弄坏了?"

非 Claude agent 的配置坏了(无法解析或读不了),现在会作为计入失败的 doctor 项报告,并给出准确成因
(解析失败 vs 权限/IO 错误),而不再被静默跳过 —— 这样 --doctor 不会在某个 agent 面整个没被检查到的情况下
仍宣称"所有 server 都可解析"。所有诊断输出(含配置路径)在打印前都经脱敏。

Desktop app (most users): the installer for your OS — Windows Vigils_*_x64-setup.exe (or .msi), macOS Vigils_*.dmg, Linux .AppImage / .deb / .rpm. Gives you the GUI: Activity Feed, Approval Queue, Server Registry.
CLI gateway (put Vigils in front of an AI agent — Claude Code / Codex / Cursor / Zed): vigils-cli-<platform> (contains vigil-hub + vigil-native-host). This is the MCP proxy your agent connects to.
Browser extension (guard pasting/typing secrets into AI web apps, Chrome MV3): vigils-chrome-extension.zip — unzip, then load unpacked at chrome://extensions.
The .sig and Vigils.app.tar.gz files are desktop auto-updater artifacts — you do not need to download them.

New here? Full setup & agent-integration guide: https://duncatzat.github.io/vigils

Early releases are unsigned; your OS may show a Gatekeeper / SmartScreen prompt on first run.