Skip to content

v0.10.0

Latest
Latest

Choose a tag to compare

View all tags
@kalil0321 kalil0321 released this 01 Jun 05:00
· 3 commits to main since this release
v0.10.0
c106455
This commit was signed with the committer’s verified signature.
kalil0321
SSH Key Fingerprint: 5oyWxSs7OwKBhyAtVmr88aff1TPRBNLqFgTwKeAfQ1U
Verified
Learn about vigilant mode.

Changed

  • Packaging metadata: Refreshed the package description, keywords, and classifiers, bumped Development Status to 4 - Beta, and updated the project URLs (Homepage now points to https://reverseapi.dev, added Documentation and Changelog)
  • Source distribution excludes website/: The marketing site under website/ (Astro/Cloudflare Pages source) is now excluded from the sdist build so it no longer ships inside the PyPI package; the wheel already only packaged src/reverse_api

Added

  • agent_provider: "agent-browser": Shell-driven Vercel agent-browser CLI—RAE prefers an agent-browser binary on PATH, otherwise runs npm install -g <pin> (with a console notice), validates --help, and only then falls back to npx -y <pin> if npm cannot install. Prompts embed the resolved shell prefix plus skills get … / skills list, HAR flows, and optional agent_browser_notes. No bundled browser MCP shim; pin via agent_browser_npx_package / RAE_AGENT_BROWSER_PACKAGE.

Added

  • Cursor SDK support: Added sdk=cursor / --sdk cursor engineering support through a bundled Node bridge around the Cursor TypeScript SDK. Cursor runs use the configured Cursor model (default composer-2), accept MCP server configuration, resume Cursor agents across follow-up turns, and normalize streamed tool output plus token usage into the existing TUI/message-store flow
  • Cursor bridge packaging: Bundled the src/reverse_api/cursor_bridge/ Node package so @cursor/sdk dependencies can be installed on demand when Cursor mode is first used

Fixed

  • Manual REPL model resolution: Follow-up engineering now resolves model settings from the selected SDK, including Cursor, OpenCode, and Copilot
  • Cursor streaming: Buffered Cursor model text before rendering so streamed deltas are shown as coherent blocks and no longer produce stray .. lines or bridge hangs
  • Sync test compatibility: Restored the temporary-file helper used by the existing sync test surface

Removed

  • Chrome extension and native messaging host: The chrome-extension/ workspace and the Python native_host module are removed. The install-host, uninstall-host, and run-host CLI subcommands no longer exist. The extension was an experimental/WIP capture surface that never reached parity with manual and agent modes; deleting it also eliminates a JS dev-tooling supply chain (vite, postcss, picomatch, rollup, prismjs) and the corresponding dependabot churn

Security

  • Drop [pricing] extra (litellm): LiteLLM 1.83.7 patched 3 advisories (1 critical SQLi + 2 high RCE/SSTI) but hard-pins click==8.1.8, which would force a click downgrade for all users. The vulnerable code paths are all in the LiteLLM proxy server, which we do not run — we only used litellm as a library for cost lookups. Removed the optional dependency entirely; pricing.py keeps a graceful import-detect path so users who install litellm independently still get the extended model coverage
  • cryptography >=46.0.7 (was >=46.0.6) — patches a buffer overflow on non-contiguous buffer inputs (medium)
  • pytest >=9.0.3 (was >=8.0.0) — patches vulnerable tmpdir handling (medium, dev only)
  • python-multipart >=0.0.27 (was 0.0.22 transitively via mcp) — patches DoS via large multipart preamble/epilogue (medium)
Assets 4
Loading