Skip to content

v0.8.37

Choose a tag to compare

View all tags
@github-actions github-actions released this 03 Jun 22:45
v0.8.37
4958b90
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • MCP client in the runtime - New everruns-mcp crate ships a first-class MCP client with stdio transport, wired into the runtime and coding-CLI (#2045).
  • API keys renamed to personal access tokens - User-scoped auth credentials are now consistently called "personal access tokens" across the table (personal_access_tokens), API (/v1/auth/personal-access-tokens), UI (Settings > Personal access tokens), CLI, specs, and docs. Tokens are now prefixed evr_pat_ instead of evr_; existing tokens are invalidated and must be re-created (re-run everruns login) (#2043).
  • Security hardening - SSRF DNS pinning for MCP server execution (EVE-516), ReDoS hardening for grep-based tool call regex (EVE-517), distributed + per-account rate limiting (EVE-513), and fail-closed LLM key resolution with env fallback removed (EVE-511).
  • Org-level controls - Feature flags with opt-in UI and API, per-org soft caps on concurrent sessions and active turns (EVE-508), per-org outbound tool-call rate limiting, and concurrency/volume caps for eval runs (EVE-509).
  • User-defined hooks - Composable bash executor for lifecycle hooks; user_prompt_submit and turn_end events now available (#2022).
  • Session file quotas - Per-file and per-session byte quotas enforced (EVE-510).

What's Changed

  • feat(mcp): MCP client in the runtime (everruns-mcp crate, stdio, coding-CLI) (#2045) by @chaliy
  • fix(deno): retry connect_sandbox on 404 DEPLOYMENT_NOT_FOUND (#2044) by @chaliy
  • refactor(auth): rename API keys to personal access tokens (#2043) by @chaliy
  • feat(seed): materialize DEFAULT_*_API_KEY for single-tenant/dev (#2042) by @chaliy
  • feat(feature-flags): org-level feature flag opt-in UI and API by @chaliy
  • feat(sessions): add per-org soft cap on concurrent sessions and active turns (EVE-508) by @chaliy
  • docs(user-hooks): add user_prompt_submit and turn_end examples by @chaliy
  • fix(runtime): keep OpenAI tool call/result pairs during history trimming (EVE-519) by @chaliy
  • feat(evals): concurrency and volume caps for eval runs (EVE-509) by @chaliy
  • feat(session-files): enforce per-file and per-session byte quotas (EVE-510) by @chaliy
  • feat(capabilities): wire the four remaining user-hook lifecycle events (#2032) by @chaliy
  • feat(security): SSRF DNS pinning for MCP server execution (EVE-516) by @chaliy
  • fix(security): harden grep-based tool call regex against ReDoS (EVE-517) by @chaliy
  • feat(e2b,deno): BYO-only sandbox credentials (EVE-505) (#2033) by @chaliy
  • feat(rate-limit): per-org outbound tool-call rate limiting (TM-TOOL-009) by @chaliy
  • feat(apps): schedule channel rate limits (EVE-507) by @chaliy
  • feat(feature-flags): agent_delegation feature flag (EVE-506) by @chaliy
  • feat(security): distributed + per-account rate limiting (EVE-513) by @chaliy
  • feat(llm): fail-closed key resolution, remove env fallback (EVE-511) by @chaliy
  • feat(capabilities): user-defined hooks via composable bash executor (#2022) by @chaliy
  • feat(plugin): add production everruns plugin by @chaliy
  • feat(core): class-aware tool execution scheduler for ActAtom (#2020) by @chaliy
  • feat(ui): smooth chat streaming text by @chaliy
  • test(runtime): end-to-end ActAtom scheduler integration tests (#2021) by @chaliy
  • fix(openapi): preserve enum refs for schema examples (#2014) by @chaliy
  • fix(events): correct SSE id cursor and voice event docs (#2012) by @chaliy
  • fix(api): fail-close llm metadata defaults (#2008) by @chaliy
  • fix(voice): bridge realtime speech to durable chat by @chaliy
  • fix(ui): hide work log for direct answers by @chaliy
  • fix(mcp): extract JSON from SSE response body on tools fetch by @chaliy
  • fix(core): disable direct egress redirect following by @chaliy
  • fix(api): align session cancel action with command behavior by @chaliy
  • fix(api): delegate allowed_actions from ResourceWithCounts by @chaliy
  • fix(api): correct cancel turn OpenAPI success example by @chaliy
  • fix(core): avoid unwrapping user _raw_output_scalar keys by @chaliy
  • fix(coding-cli): replay reason.item signatures on resume by @chaliy
  • fix(cli): clarify /clear command scope in description by @chaliy
  • fix(plugin): use neutral Codex marketplace label by @chaliy
  • chore(specs): resolve TM-TENANT-008 — GET /v1/users already org-scoped (EVE-515) by @chaliy
  • chore(rust): upgrade toolchain to 1.96 by @chaliy
Assets 16
Loading