Skip to content

v1.0.164

Choose a tag to compare

View all tags
@mksglu mksglu released this 22 Jun 12:53
· 5 commits to main since this release
v1.0.164
4b4b976

context-mode v1.0.164

A focused follow-up to v1.0.163: two community-reported fixes — a security containment for the sandbox file tool and a Pi/omp prompt-injection fix — plus adapter and lifecycle improvements.

Security

  • ctx_execute_file is now confined to the project boundary (#852, reported by @Project579). Previously an absolute or ../-escaping path could read files outside the project root, which a sandboxed host would otherwise block. The tool now refuses out-of-project paths (symlink-canonical escapes included); the opt-in escape hatch reuses the host's existing permissions.allow Read(...) rules rather than a bespoke setting, and the ctx_execute / ctx_execute_file tool titles now state plainly that they execute code.

    This closes the reported file-read vector. The broader hardening of ctx_execute / ctx_batch_execute arbitrary code execution (which still inherits the process filesystem and needs OS-level confinement) is tracked separately in #857.

Bug fixes

  • Casual phrases no longer freeze as a re-injected behavioral directive (#856, reported by @riddlex-beep). On the Pi/omp adapter, a throwaway phrase such as "that's fine for now" could be classified as a standing role and re-injected every turn, producing a do-nothing loop. Three changes resolve it: the role classifier now requires a genuine persona/directive cue (so real personas still persist, casual phrases don't), the Pi adapter no longer replays role events as a per-turn standing directive, and the routing-block framing was softened so the user's most recent message always takes precedence.

  • Idle MCP bridge children are now reaped (#854 by @ken-jo). Stops Pi/omp sessions from accumulating orphaned MCP bridge processes over time.

Adapters

  • Antigravity CLI: one-command plugin install (#853 by @ken-jo). Drops the npm wrapper in favor of a single agy plugin install, with documentation cleanup.

Contributors

Thanks to @ken-jo for the adapter and lifecycle work, and to @Project579 and @riddlex-beep for precise reports with reproductions that made both fixes straightforward.

Install

npx skills add mksglu/context-mode

Existing installs: /context-mode:ctx-upgrade.

Links

Contributors

Project579, ken-jo, and riddlex-beep
Assets 2
Loading