Releases: kahramanemir/Vallum
Release list
0.8.1
Release Notes
Added
- Interactive agent picker for
install-hook/uninstall-hook. Bare
vallum install-hookon a terminal now opens a multi-select (space =
toggle,a= toggle all, enter = confirm, esc = cancel) listing Claude
Code, Codex CLI, Cursor, and Gemini CLI with detected/installed status;
detected-but-unhooked agents come preselected.uninstall-hookgets the
same picker over currently hooked agents. Non-interactive invocations
(pipes, CI) keep the silent Claude Code default, and explicit--agent
never prompts. No new dependencies — hand-rolled termios raw mode.
Install vallum 0.8.1
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.8.1/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.8.1Download vallum 0.8.1
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.8.0
Release Notes
Security
- TUI-headed commands are now gated in hook mode on all four agents.
less /etc/shadowand friends were previously skipped before policy
evaluation (a disclosed known gap); they are now evaluated like any
command — Ask prompts natively on Claude Code/Cursor and fails closed on
Gemini CLI/Codex CLI. A clean Allow still passes the command through
unwrapped, and an approved Ask on Claude Code runs the original command
directly, so interactive TTYs keep working.
Added
vallum policy test "<cmd>"— one-shot guardrail verdict without
running an agent: printsALLOW/ASK [rule] (built-in|user rule)/
DENY [rule] …/PASS-THROUGH (…)and exits 0/10/20 (125 on config
error) for scripting.
Fixed
vallum install-hookno longer panics when a hand-edited agent config
has the right JSON syntax but the wrong shape (e.g. ahookskey that
is a string) — it reports a clean error with the file path instead.- Welcome screen says
1 rule activeinstead of1 rules active.
Changed
vallum doctorand the welcome screen derive their per-agent probe
paths from the installers' own path helpers, so the three can no longer
drift apart.
Install vallum 0.8.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.8.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.8.0Download vallum 0.8.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.7.0
Release Notes
Added
- Welcome screen. Bare
vallumnow prints a branded status banner —
guardrail state (on/off + active rule count), per-agent hook install
status (with the Codex one-time-trust reminder), and a three-command
quick start — instead of clap's default help. Color only on an
interactive stdout (NO_COLORandTERM=dumbrespected).
Changed
- Bare
vallumnow exits 0 (welcome screen on stdout). It previously
exited 2 with the help text on stderr; scripts that invoked bare
vallumexpecting a usage error must call a real subcommand instead.
The same shift applies to a hand-edited agent hook entry that mistakenly
invokes barevallum(missing thehooksubcommand): it used to fail
closed (exit 2 blocked every command); it now no-ops silently and commands
run ungated.vallum install-hooknever writes that shape, andvallum doctorreports it as not installed. --helprestyled: tagline is now "The wall between AI agents and your
shell" (was "AI CLI Proxy"), headers are colored, commands are listed
task-first, and a "Quick start" block closes the help text.
Install vallum 0.7.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.7.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.7.0Download vallum 0.7.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.6.1
Release Notes
Changed
vallum doctor'shook (codex)line now reminds, on a successful install,
that Codex requires a one-time hook trust (and codex-cli ≥ 0.141) — Codex
silently skips untrusted hooks, and that trust state is invisible to Vallum.
Documentation
- README + SECURITY.md: documented two live-verified Codex CLI findings
(2026-07-08, codex-cli 0.142.5): an installed-but-untrusted hook is skipped
without warning (fail-open until the one-time trust step), and hook-trust
handling incodex execwas only fixed in codex-cli 0.141.0
(openai/codex#26434) — on 0.139 the hook never fired at all. Enforcement
(Ask-rule deny, benign pass-through,agent=codexaudit lines) verified
live end-to-end on 0.142.5.
Install vallum 0.6.1
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.6.1/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.6.1Download vallum 0.6.1
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.6.0
Release Notes
Added
- Multi-agent guardrail hooks.
vallum hook --agent claude|cursor|gemini|codex
extends the pre-exec Allow/Ask/Deny guardrail to Cursor
(beforeShellExecution, native ask), Gemini CLI (BeforeTool), and Codex
CLI (PreToolUse). On agents without a native ask, Ask fails closed as a
deny with instructions.vallum install-hook --agent <x>/
uninstall-hook --agent <x>perform idempotent JSON merges into each
agent's config;vallum doctorreports per-agent hook status;policy.log
lines now recordagent=. Barevallum hookstill means Claude Code, and
Claude hook output is byte-identical to v0.5.1.
Install vallum 0.6.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.6.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.6.0Download vallum 0.6.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.5.1
Release Notes
Fixed
- Hook mode no longer degrades silently on a broken config. A TOML or
regex error in the config file used to drop the user's custom policy rules
(and every other custom setting) without any diagnostic while the hook kept
running with defaults. The hook now prints a warning to stderr (surfaced by
Claude Code) and keeps gating with the built-in policy; directvallum run
still refuses to run (exit 125) on a broken config. - Trivial shell obfuscation no longer slips past the guardrail. Command
lines are lightly normalized before rule matching — empty quote pairs and
identity backslash escapes are stripped — sor''m -rf /and\rm -rf /
now triggerrm_rf_rootjust like the plain spelling. Raw matches are never
lost, and the benign-command precision gate is unchanged.
Changed
- A bare string in
[scrubber] extra_secret_patternsnow fails with an error
that shows the expected{ pattern = "…", replacement = "…" }table form
instead of a generic serde type error. vallum run --helpnow shows examples, including the--separator needed
when the wrapped command has flags of its own.
Documentation
- README: documented the guardrail's honest scope (text-pattern matching is a
defense-in-depth speed bump, not a sandbox) and the broken-config fallback
behavior in hook mode vs directvallum run.
Install vallum 0.5.1
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.5.1/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.5.1Download vallum 0.5.1
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.5.0
Release Notes
Added
- Guardrail / policy layer — Vallum now evaluates each command before it
runs against a set of dangerous-command rules and returns Allow / Ask / Deny.
Enforced through the Claude CodePreToolUsehook (native allow/ask/deny) and
through directvallum run(deny → exit 125; ask → terminal prompt or
fail-closed when non-interactive). Ships with a narrow built-in rule set
(rm -rfon root/home,curl … | sh,ddto a block device, fork bomb,
recursivechmod 777, reading private keys/credentials, force-push, …),
a benign-command precision gate, redactedpolicy.logauditing, and
vallum doctorreporting. User rules and disables live under[policy].
Changed
- Behavior change: the guardrail is enabled by default
(security.guardrail = true) with all built-in rules set toask— a
genuinely dangerous command now prompts for confirmation instead of running
silently. Built-in patterns are deliberately narrow so ordinary commands are
unaffected. Opt out withsecurity.guardrail = false; auto-approve prompts in
scripts withsecurity.assume_yes = trueorVALLUM_ASSUME_YES=1.
Install vallum 0.5.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.5.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.5.0Download vallum 0.5.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.4.0
Release Notes
Added
- Chinese (zh) injection detection across all four pattern families
(ignore / reveal / roleplay / new-instructions), plus zh benign coverage so
zh precision is measurable. - Detection for noun-free "disregard everything above" phrasing, DAN/persona
jailbreaks, French negative-imperative and adjective-free ignore, Spanish
adjective-free ignore, and the Turkishpromptloanword reveal. - Per-category recall breakdown in the detection eval report.
Changed
- Grew the labeled eval corpus with curated, permissively-licensed samples
fromdeepset/prompt-injections(Apache-2.0) plus hand-authored multilingual
and mutation rows; provenance recorded inevals/corpus/SOURCES.md. - Recalibrated
MIN_INJECTION_RECALLto the grown-corpus measurement
(calibrate-to-measurement policy); precision 1.000 and benign FP 0.000 hold.
Documentation
- Enriched the README title/intro and crates.io metadata (keywords,
categories, description) for discoverability.
Install vallum 0.4.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.4.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.4.0Download vallum 0.4.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.3.1
Release Notes
Documentation
- Added a crate-level overview and one-line module-level rustdoc so docs.rs
renders an intentional landing page (with a "this crate is a CLI" pointer and
an "internal, not-semver-stable library surface" note) instead of a bare,
description-less module list. Cleared all outstanding rustdoc warnings
(private intra-doc links, an unclosed<cwd>HTML tag);cargo docis clean.
Install vallum 0.3.1
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.3.1/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.3.1Download vallum 0.3.1
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>0.3.0
Release Notes
Added
vallum doctor— install/health self-check that validates the config file,
flags unknown[optimizer] disablednames, reports whether the Claude Code
hook is installed, checks that avallumbinary is onPATH, and probes the
log directory for writability. Exits non-zero only on a hard failure.kubectl getoptimizer — collapses runs of healthy (Running/Completed)
resource rows while keeping the header and any pod in a problem state
(CrashLoopBackOff,Pending,Evicted, …).terraform plan|applyoptimizer — collapses state-refresh chatter and
attribute-diff bodies while keeping per-resource action headers, the
Plan:/Apply complete!summary, and errors.- Expanded secret-format coverage: GitLab (
glpat-), SendGrid (SG.),
Twilio (SK…), npm (npm_), PyPI (pypi-), Hugging Face (hf_), OpenAI
project keys (sk-proj-), and bare (non-Bearer) JWTs.
Changed
- Documented a minimum supported Rust version (
rust-version = "1.85", raised
from 1.82 to track theclap4.6 edition-2024 floor) and enforce it with a
dedicated,--lockedCI job.
Security
- New scheduled
cargo auditGitHub Actions workflow that fails on known
advisories in the dependency tree. Granted itchecks: writeso it can post
results instead of erroring on the check-run API. - Bumped the
anyhowdev-dependency to 1.0.103, clearing RUSTSEC-2026-0190
(unsoundness inError::downcast_mut).
Distribution
- Prebuilt binaries for macOS (Intel + ARM) and Linux (x86_64 + aarch64, musl
static) published on tagged releases viadist, with shell, Homebrew,
cargo install, and npm installers, SHA-256 checksums, and GitHub build
provenance attestations.
Install vallum 0.3.0
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/kahramanemir/Vallum/releases/download/v0.3.0/vallum-installer.sh | shInstall prebuilt binaries via Homebrew
brew install kahramanemir/tap/vallumInstall prebuilt binaries into your npm project
npm install vallum@0.3.0Download vallum 0.3.0
| File | Platform | Checksum |
|---|---|---|
| vallum-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| vallum-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| vallum-aarch64-unknown-linux-musl.tar.xz | ARM64 MUSL Linux | checksum |
| vallum-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo kahramanemir/VallumYou can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>