AetherShell 1.6.0 — security hardening

AetherShell 1.6.0 is a security-hardening release. It ships zero dependency CVEs, opt-in controls for running untrusted/agent-generated code (native-plugin gating, network egress allowlist, FIPS-strict crypto), and a new VM/sandbox benchmark in the bundled agentic-eval library. No breaking changes — every new control is opt-in, so existing scripts and configs run unchanged.

🔒 Security

Hardening from a security audit mapped to CVE / NIST FIPS / MITRE ATT&CK / CMMC 2.0:

• 0 dependency CVEs. Patched quinn-proto (HIGH QUIC DoS), rustls-webpki (4 TLS cert-path-validation flaws), and tar (symlink chmod / PAX). Repaired the cargo-deny supply-chain gate (was unparseable under cargo-deny ≥ 0.18 and wrongly denied the project's own AGPL license).
• SHA-256 integrity replaces collision-broken MD5 for checkpoint/state integrity (persistence.rs) and package-download verification (marketplace.rs). Legacy MD5 digests are still read for backward compatibility but never written.
• Native plugin loader is default-deny in agent mode. Under AETHER_MODE=agent, DynamicPlugin::load refuses native plugins unless allowlisted via AETHER_PLUGIN_ALLOW=<dirs>; AETHER_PLUGINS=off is a hard kill switch. Closes a native-code-execution surface (ATT&CK T1129 / T1574).
• Network egress allowlist. AETHER_NET_ALLOW=<hosts> restricts all network builtins to allowed hosts/subdomains (E_EGRESS_DENIED otherwise). Anti-exfiltration control (ATT&CK T1041).
• FIPS-strict mode. AETHER_FIPS=1 enforces approved-algorithms-only: hash builtins reject MD5/SHA-1 (E_FIPS_DISALLOWED) and integrity verification fails closed on legacy MD5 digests (SHA-256 only). The crypto/FIPS posture and the remaining path to a FIPS-140-validated build are documented in docs/security/CRYPTO_AND_FIPS.md.

✨ Added

• agentic-eval 0.8.0 — the bundled evaluation library gains a vms module: a curated benchmark of VM/sandbox systems (AetherVM, Firecracker, Cloud Hypervisor, gVisor, Kata Containers, QEMU/KVM, Docker) for agentic AI use, scored on agent-native axes (start-latency, density, isolation, snapshotting, agent-control). Run it with cargo run -p agentic-eval --example vm_benchmark. See crates/agentic-eval/CHANGELOG.md.

⬆️ Upgrade notes

Drop-in for 1.5.x — no config or script changes required. To turn on the new hardening for untrusted/agent workloads:

Goal	Set
Lock down native plugins for agents	AETHER_MODE=agent (+ AETHER_PLUGIN_ALLOW=<dirs> to permit specific ones)
Disable native plugins entirely	AETHER_PLUGINS=off
Restrict outbound network	AETHER_NET_ALLOW=example.com,api.internal
Enforce FIPS-approved crypto	AETHER_FIPS=1

Checkpoints and downloaded packages are now verified with SHA-256; existing artifacts written by 1.5.x (MD5) still validate, and are upgraded to SHA-256 on next write.

---

Full changelog: https://github.com/nervosys/AetherShell/blob/v1.6.0/CHANGELOG.md
Licensed AGPL-3.0-or-later.

v1.5.0

AetherShell v1.5.0 — token-efficiency release (@prefix lever, compact…

v1.4.0

AetherShell 1.4.0 — agentic safety, reliability, and tooling release

v1.3.1

AetherShell 1.3.1 — agent-mode workspace-jail correctness fixes

v1.3.0

AetherShell 1.3.0 — agentic-first release

Token-efficient AECON output (default in agent mode, ~2.6-2.8x fewer tokens,
lossless/reversible), an effect/capability/approval/audit safety model with a
workspace jail and RBAC, filesystem transactions with savepoints + plan/apply
covering files/trees/sqlite/kv, a persistent kv store, deterministic output,
grammar additions, and a single-pass agentic transpiler (Phase 5). See CHANGELOG.

AetherShell v0.3.1

AetherShell v0.3.1

Maintenance release with license and compliance updates.

Changes

• License: Switched to AGPL-3.0-or-later with commercial dual-license option
• CLA: Added Contributor License Agreement for all contributions
• CI: Added automated CLA compliance check to GitHub Actions
• Code Quality: Fixed all 88 compiler warnings (dead code, unused imports)
• Python SDK: Corrected license field to AGPL-3.0-or-later
• Version Bump: All crates, VS Code extension, and Python SDK updated to 0.3.1
• Implicit Match: \match\ in lambdas now uses implicit scrutinee from enclosing parameter
• Linguist: Added GitHub Linguist submission package for .ae\ syntax highlighting

Upgrade

\\�ash
cargo install aethershell # from crates.io (when published)
\\

Or download binaries from the assets below.

Full Changelog: v0.3.0...v0.3.1

v0.3.0

AetherShell v0.3.0

The first major public release of AetherShell — a typed, functional shell with multi-modal AI agents.

Highlights

• Typed Functional Pipelines — Data flows as structured \Value\ types (Int, Float, String, Array, Record, Lambda), not raw text
• 1,000+ Builtins across 30+ modules — \�i, \�gent, \mcp, \crypto, \db, \ile, \sys, and more
• Multi-Agent Framework — Single agents, swarms with coordinator patterns, and Recursive Language Models (RLM)
• Protocol Support — MCP (Model Context Protocol), A2A (Agent-to-Agent), A2UI, NANDA
• TUI Interface — Rich terminal UI with multi-modal content (images, audio, video)
• AI Model API — OpenRouter-compatible local API server with model management (\�imodel\ binary)
• VS Code Extension — Syntax highlighting, LSP, snippets, code actions, agent panel
• Python SDK — LangChain integration and cloud deployment support
• Web Dashboard — Real-time WebSocket monitoring and REST API
• Bash Transpiler — Convert bash scripts to native AetherShell syntax
• GitHub Linguist — Submission package ready for .ae\ syntax highlighting on GitHub

Language Features

• Hindley-Milner type inference
• Pattern matching with \match\ expressions
• Lambda syntax: \n(x) => x * 2\
• Dot-notation modules: \�i.chat(), \�gent.spawn(), \mcp.servers()\
• Import/export system with visibility controls
• Async/await, try/catch/throw
• Conditional compilation with #[cfg(...)]\

Infrastructure

• CI/CD with GitHub Actions (security audit, release builds)
• Cross-platform: Windows (MSVC), Linux (GNU)
• 272+ tests, 0 failures
• \cargo install aethershell\ (crates.io ready)

Binaries

Platform	Binary
Windows x86_64	\�ethershell-0.3.0-x86_64-pc-windows-msvc.zip\
Linux x86_64	\�ethershell-0.3.0-x86_64-unknown-linux-gnu.tar.gz\