v0.6.1 — secret-scanner hardening + cross-platform validation
v0.6.1 — secret-scanner hardening + full cross-platform validation
Follow-up to v0.6.0 after validating end-to-end on Windows, WSL2, and macOS (real agy 1.0.3) and running an adversarial security pass on the Mac. Structural defenses held; three real secret-scanner coverage gaps are now closed.
Secret scanner
github_pat_fine-grained PATs are now caught on the Bash path too (Node↔Bash parity restored).- The full content of changed files (shipped to Gemini as review context) is now scanned — previously only the diff's added lines were, so a secret on an unchanged line could leak. It now aborts (exit 65) before any agy/network call.
- Modern keys
sk-ant-…(Anthropic) andsk-proj-…(OpenAI project) are now detected (the oldsk-<alnum>pattern missed the dashes).
Defense in depth
--dangerously-skip-permissionsis gated on the write-capable command (rescue) explicitly..agy-plugin/is auto-added to the workspace's local.git/info/exclude(keeps yourgit statusclean; never touches your tracked.gitignore).
Validation
- macOS 26.5 on real agy 1.0.3:
/agy:ask,/agy:review,/agy:adversarial-reviewall pass from symlinked/var/folders/…paths. 218 unit tests + CI (shellcheck, bats, vitest on Node 18/20/22).
Full notes: CHANGELOG · SECURITY.md