Skip to content

v1.15.0 — Mode B governed Claude Code + security hardening

Choose a tag to compare

View all tags
@jaschadub jaschadub released this 09 Jun 22:35
v1.15.0
fbc6065
This commit was signed with the committer’s verified signature.
symbibot Symbi Bot
GPG key ID: 7B0BF546C173D14B
Verified
Learn about vigilant mode.

Feature + security-hardening release.

Added

  • Mode B — governed Claude Code subprocess. An agent with metadata executor = "claude_code" now spawns a governed Claude Code subprocess via the runtime's CliExecutor instead of the reasoning loop. symbi run code_reviewer --target <dir> gates the spawn, injects the SYMBIONT_* env handshake (so the symbi-claude-code plugin defers to the outer Gate), loads the plugin via --plugin-dir, and wires the stdio symbi mcp back-channel. New flags: --target, --max-turns (primary bound), --budget-timeout (wall-clock backstop), --budget-tokens, --plugin-dir. New agents/code_reviewer.symbi. cli-executor is now enabled by default.
  • Typed + grounded inter-agent decisionsLoopState.trusted_context, ArgDef.feeds_decision (lint-checked), Cedar requests grounded in trusted context.
  • Opt-in tool_choice on InferenceOptions / LoopConfig.

Changed (upgrade notes)

  • Scheduler LogFile delivery is confined to SYMBIONT_LOG_DIR and disabled (fail-closed) when unset.
  • Browser navigate denies by default when a [browser] manifest has no scope.
  • OPA refuses plaintext HTTP to non-loopback hosts unless SYMBIONT_OPA_ALLOW_INSECURE=1; honors SYMBIONT_OPA_AUTH_TOKEN.
  • E2B sandbox requires https to an e2b.dev host (or SYMBIONT_E2B_ALLOWED_HOSTS).
  • API-key store refuses group/other-readable key files (unix).
  • CliExecutor termination is now graceful (SIGTERM → SIGKILL).

Security

  • Full remediation of symbi-codered engagement 473178fd (path traversal, fail-open scope/SSRF, OPA decision spoofing, E2B SSRF/key exfiltration, API-key perms, SchemaPin key validation, CI least-privilege, Dockerfile HEALTHCHECK, OpenAPI maxItems).

Full details in CHANGELOG.md. Docs updated in English + de/es/ja/pt/zh-cn.

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Assets 17
Loading