Skip to content

v2.0.3

Latest
Latest

Choose a tag to compare

View all tags
@mmilanez mmilanez released this 01 Jun 03:15
· 4 commits to main since this release
v2.0.3
469613b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v2.0.3 — Security patch and public-repo polish

No kernel or schema changes. Framework PROTOCOL_RULES.md version stays at 2.0.0.

Fixed

  • Path traversal in migrate_to_v2.py (security): --actor, --agent, LEAD_PROTOCOL_ACTOR_ID, and LEAD_PROTOCOL_AGENT_ID values are now validated before being used to construct .agents/local/<actor>/<agent>/. Values containing /, \, :, .., absolute paths, or drive letters are rejected with a clear error message. A belt-and-suspenders destination check verifies the resolved path stays under .agents/local/. New TestSlugValidator and TestCheckSlugDestination test classes added.

Changed

  • README.md Quick Start now clones v2.0.3 with a comment directing users to the Releases page for the current version number. PowerShell Copy-Item block added for Windows users. Version history updated to include 2.0.2 and 2.0.3.
  • SECURITY.md scope corrected: supported surface is the scaffold, schemas, docs, validator, and migration tool. CLI and MCP server noted as planned. Supported versions table updated.
  • CONTRIBUTING.md updated: CLI/MCP noted as planned surfaces accepting design input via issues.
  • CI workflow permissions: contents: read added to state-validation.yml.

Upgrading

No migration needed. Replace framework files verbatim per the standard patch upgrade procedure in README.md §Upgrading.

Assets 3
Loading