Skip to content

v1.15.2 — Cedar on by default

Latest
Latest

Choose a tag to compare

View all tags
@jaschadub jaschadub released this 10 Jun 05:40
v1.15.2
422944c
This commit was signed with the committer’s verified signature.
symbibot Symbi Bot
GPG key ID: 7B0BF546C173D14B
Verified
Learn about vigilant mode.

Patch release. Cedar policy enforcement is now on by default in the symbi binary.

Fixed

  • The cedar feature was in symbi-runtime's defaults but not the symbi binary's, and the binary's try_wire_cedar_policy_gate and symbi policy are #[cfg(feature = "cedar")]. So a default cargo build of symbi compiled out the Cedar wiring — symbi up/run fell back to the fail-closed gate and symbi policy evaluate was a no-op. cedar is now in the binary's default features, so Cedar policy enforcement (auto-wired from policies/*.cedar) is active out of the box.

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Assets 17
Loading