v1.13.0

Added

• symbi fmt — canonical formatter for .symbi source files. Reuses the tree-sitter parse tree from symbi-dsl to emit a stable canonical layout (4-space indent, single blank line between top-level items, trailing commas in metadata blocks, normalised spacing). Modes: rewrite-in-place by default; --check exits 2 if changes are needed (CI gate); --stdin for editor integration. Tolerant: returns input unchanged if the source has parse errors.
• Tree-sitter grammar v2 — covers the full DSL surface used by every example agent and documented Symbiont features. New constructs: full expression precedence ladder (||, &&, ==/!=/in, comparisons, arithmetic, unary !/not/-, postfix member/call/index); type literals (Foo { k: v }) and bare records with both identifier and string keys; lambdas (x => expr); vault URLs (vault://...); statements (for in, match, try/catch, assignment, compound assignment, if let Pattern(...) = expr); multi-arg generics (Map<K, V>); underscore separators in numbers.
• LLM API keys via SecretStore — CloudInferenceProvider and LlmClient now resolve provider keys from HashiCorp Vault, OpenBao, or the file-encrypted backend. New env vars OPENROUTER_API_KEY_REF, OPENAI_API_KEY_REF, ANTHROPIC_API_KEY_REF. Fall back to existing *_API_KEY env vars on store miss/failure. New constructors from_env_or_secrets(store).
• ToolClad agent_summary arg type — typestate fence preventing orchestrator-injection of adversarial agent output into trusted orchestration arguments.
• symbi-invis-strip 0.2.0 — INJECTION_MARKERS expanded from tier1-v3 bypass forensics. Runtime tracks the new version.

Fixed

• Slack signature timestamp overflow (crates/channel-adapter/src/adapters/slack/signature.rs): (now - ts).abs() on i64 overflowed for adversarial timestamps near i64::MAX/MIN. Debug builds panicked; release builds wrapped silently and could let stale or future requests slip through the 300-second freshness check. Delta now widened to i128. Surfaced by the slack_signature_verification fuzz target. Regression test extreme_timestamps_do_not_panic covers i64::MIN, i64::MAX, and adjacent values.
• jsonwebtoken v10 crypto backend — pinned rust_crypto feature on jsonwebtoken in crates/runtime and crates/channel-adapter. The v10 release dropped a default backend; without explicit selection, JWT verifier tests panicked at runtime.
• rustfmt drift in toolclad validator + invis-strip tests.

Editor / tooling ecosystem (separate repos, released this cycle)

• tree-sitter-symbiont v0.1.0 — standalone grammar repo; published to npm and crates.io
• vscode-symbiont v0.1.0 — VS Code extension with TextMate grammar (.vsix attached to its release)
• symbiont-sdk-js v1.13.0 — CLI now accepts .symbi files alongside .json and the legacy .dsl

Notes

The symbiont-sdk-python SDK is intentionally left at v1.11.0: the runtime HTTP API surface has not changed since v1.11.0 and the Python SDK does not read agent files from disk in a way the canonical-extension change affects.

Pre-release verification: cargo fmt --check clean; cargo clippy --workspace --all-targets -D warnings clean; cargo test --workspace 1540 passed, 0 failed.

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).