v0.5.0 — Autonomous boxed agents + universal live reasoning
Vanta can now run another agent fully autonomously inside an OS-enforced Docker box scoped to exactly the folders it's given — and a model's thinking streams live in the TUI across every provider.
✨ Autonomous Docker-boxed agent runs
call_agent(autonomous:true) runs claude --dangerously-skip-permissions inside a Docker container scoped to exactly the folders Vanta mounts — the mount-set is the boundary. Live-proven end-to-end: the boxed agent authenticated, built a file in its mount, and provably could not read or write any host path outside it (network off).
Safe-by-design: opt-in · kernel-gated approval showing the exact boundary · runs non-root · credential forwarded as env (never the host keychain or argv) · mount-scope derives the blast radius from the task · a destructive task gets an OS-enforced read-only dry-run. One command to set up: vanta agent-image build. Powerful — enable deliberately.
🧠 Universal live reasoning
Any reasoning model's thinking now streams live in the TUI — DeepSeek-R1, OpenRouter reasoning models, Ollama, Gemini, any custom OpenAI-compatible endpoint (reasoning_content/reasoning), and Anthropic extended thinking (thinking_delta; Anthropic gained streaming — it had none). Backends that hide reasoning (e.g. codex) fall back to a spinner.
Also
- Codex prompt-routing sync —
vanta skills sync-triggers --codexwrites skill routing into~/.codex/AGENTS.md(cross-agent auto-fire: Vanta / Claude / Codex). - Branded install —
curl -fsSL https://vanta.theft.studio/install.sh | bash - Fixes —
vanta updatepullsorigin/<branch>explicitly (no upstream-tracking needed); security scan clean (0 findings, no suppression).
Ship-preflight green: kernel 67/67 · 11,178 TS tests · tsc + size gate clean · 0 secrets. Prebuilt kernels for macOS + Linux (arm64 / x64) attached.
Install: curl -fsSL https://vanta.theft.studio/install.sh | bash