Skip to content

v0.20.9

Choose a tag to compare

@github-actions github-actions released this 01 Jul 06:31
b4e0bb7

What's changed

Added

  • preview_object — the agent can now read a bounded preview of an object's
    content.
    Previously the agent could enumerate keys and read metadata
    (head_object) but could not look inside an object. It now has a read-only
    preview_object(provider_id, bucket, key) tool: a single bounded Range GET
    (hard cap 1 MiB/call), text-only (binary/oversized objects are reported, not
    decoded), redaction-passed, never persisted, and bounded per turn (a few
    objects / a few MiB) so it can't be looped into a bulk download. This makes
    "what's inside this manifest / config / log object?" answerable inline.
    • Agent-native by bounds, not a gate: no per-call confirmation (that would
      ossify the loop) — safety is code-enforced caps + sanitization + audit, the
      same model as the other read-only probes.
    • Security rule #11 updated accordingly: from "no object bodies by default"
      to "no bulk body downloads, with preview_object as the one bounded,
      audited, per-turn-capped exception." Bulk/recursive/full-object downloads
      remain prohibited; evidence import (GB-scale) still requires confirmation.

Install

Builds are unsigned / ad-hoc (no Apple notarization, no Windows Authenticode). Verify downloads against the SHA256SUMS-*.txt files.

  • macOS (arm64): open the .dmg, drag to Applications. First launch shows a Gatekeeper prompt — right-click the app → Open, or run xattr -dr com.apple.quarantine "/Applications/Storage Agent Workbench.app". It starts in a few seconds.
  • Linux (x64): sudo apt install ./storage-agent-workbench-v0.20.9-linux-x64.deb
  • Windows (x64): run the -setup.exe; if SmartScreen warns, choose More info → Run anyway.

Prompt-free signed builds: see docs/signing.md.