Skip to content

Vanta v0.5.0

Latest

Choose a tag to compare

@github-actions github-actions released this 28 Jun 09:42

v0.5.0 — Autonomous boxed agents + universal live reasoning

Vanta can now run another agent fully autonomously inside an OS-enforced Docker box scoped to exactly the folders it's given — and a model's thinking streams live in the TUI across every provider.

✨ Autonomous Docker-boxed agent runs

call_agent(autonomous:true) runs claude --dangerously-skip-permissions inside a Docker container scoped to exactly the folders Vanta mounts — the mount-set is the boundary. Live-proven end-to-end: the boxed agent authenticated, built a file in its mount, and provably could not read or write any host path outside it (network off).

Safe-by-design: opt-in · kernel-gated approval showing the exact boundary · runs non-root · credential forwarded as env (never the host keychain or argv) · mount-scope derives the blast radius from the task · a destructive task gets an OS-enforced read-only dry-run. One command to set up: vanta agent-image build. Powerful — enable deliberately.

🧠 Universal live reasoning

Any reasoning model's thinking now streams live in the TUI — DeepSeek-R1, OpenRouter reasoning models, Ollama, Gemini, any custom OpenAI-compatible endpoint (reasoning_content/reasoning), and Anthropic extended thinking (thinking_delta; Anthropic gained streaming — it had none). Backends that hide reasoning (e.g. codex) fall back to a spinner.

Also

  • Codex prompt-routing syncvanta skills sync-triggers --codex writes skill routing into ~/.codex/AGENTS.md (cross-agent auto-fire: Vanta / Claude / Codex).
  • Branded installcurl -fsSL https://vanta.theft.studio/install.sh | bash
  • Fixesvanta update pulls origin/<branch> explicitly (no upstream-tracking needed); security scan clean (0 findings, no suppression).

Ship-preflight green: kernel 67/67 · 11,178 TS tests · tsc + size gate clean · 0 secrets. Prebuilt kernels for macOS + Linux (arm64 / x64) attached.

Install: curl -fsSL https://vanta.theft.studio/install.sh | bash