Skip to content

v1.10.0 — HTTP Input LLM invocation with ToolClad

Choose a tag to compare

View all tags
@jaschadub jaschadub released this 14 Apr 00:01
· 62 commits to main since this release
v1.10.0
4c3b1f1
This commit was signed with the committer’s verified signature.
symbibot Symbi Bot
GPG key ID: 7B0BF546C173D14B
Verified
Learn about vigilant mode.

HTTP Input LLM invocation with ToolClad ORGA loop

When the target agent is not Running on the runtime communication bus, the webhook handler now falls through to an on-demand LLM invocation path that runs an ORGA-style tool-calling loop against ToolClad manifests. This enables webhook endpoints to execute agents that live as DSL definitions without requiring them to be long-running listeners.

Added

  • HTTP Input LLM invocation with ToolClad: Falls back to LLM + ToolClad when the target agent is not Running. Tools execute on a blocking thread pool with a 120-second per-tool timeout. Duplicate (tool, input) pairs within a single iteration are deduplicated. Provider auto-detected from OPENROUTER_API_KEY, OPENAI_API_KEY, or ANTHROPIC_API_KEY.
  • Normalized LLM tool-calling client: LlmClient::chat_with_tools returns a unified content-block shape across Anthropic (native tool_use) and OpenAI/OpenRouter (function calling normalized to the same format).
  • Webhook response metadata: LLM-invoked responses include response, tool_runs, model, provider, latency_ms, and status: completed.

Fixed

  • Agent state check before communication bus dispatch: invoke_agent now verifies the target agent is in the Running state via scheduler.get_agent_status() before sending a message. Previously send_message returned Ok for unregistered agents and delivery failed silently, producing a false "execution_started" response.
  • UTF-8 safe string truncation: Tool output previews and caller-supplied system_prompt values are truncated on UTF-8 character boundaries to prevent panics on multi-byte output.
  • system_prompt length cap: Caller-supplied system_prompt is now capped at 4096 bytes and logged; remains a prompt-injection surface when exposed to untrusted callers.

Docs

Updated docs/http-input.md with a new "LLM Invocation with ToolClad Tools" section, updated response shapes, real audit log examples, and translations for de, es, ja, pt, zh-cn.

Tests

  • 4 new tests for LlmClient tool/message normalization
  • 8 new tests for UTF-8 safe truncation covering ASCII, emoji, CJK, boundary conditions

Full Changelog: v1.9.1...v1.10.0

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Assets 17
Loading