Symbiont v1.4.0

What's New in v1.4.0

Persistent Memory (MarkdownMemoryStore)

• Markdown-backed agent memory with Facts, Procedures, and Learned Patterns sections
• Daily log append with timestamped entries and retention-based compaction
• DSL memory block for declarative configuration (store, path, retention)
• REPL :memory command for inspection and management

Webhook Verification (SignatureVerifier)

• HmacVerifier with HMAC-SHA256 and constant-time comparison
• JwtVerifier with HS256 JWT token verification
• Built-in presets for GitHub, Stripe, Slack, and Custom providers
• DSL webhook block with provider presets, secrets, path, and event filtering
• Pre-handler signature verification in HttpInputServer

HTTP Input Security Hardening

• Loopback-only default binding (127.0.0.1 instead of 0.0.0.0)
• Explicit CORS origin allow-lists (replaces boolean toggle)
• JWT EdDSA (Ed25519) validation in auth middleware
• /health endpoint exempt from authentication for load balancers
• PathPrefix route matching in HTTP input routing

Skill Scanning (ClawHavoc)

• 10 built-in security rules: pipe-to-shell, wget-pipe-to-shell, env-file-reference, soul-md-modification, memory-md-modification, eval-with-fetch, fetch-with-eval, base64-decode-exec, rm-rf-pattern, chmod-777
• Custom rule support alongside defaults

Metrics & Telemetry

• FileMetricsExporter with atomic JSON writes
• OtlpExporter for OpenTelemetry endpoints
• CompositeExporter for multi-backend fan-out
• Background MetricsCollector thread

DSL Parser Fixes

• Bare identifiers in value rule (store markdown, provider github)
• Short-form duration literals (90d, 6m, 1y)

Crate Versions

Crate	Version
symbi	1.4.0
symbi-dsl	1.4.0
symbi-runtime	1.4.0
repl-core	1.4.0

Packages

• crates.io: symbi, symbi-dsl, symbi-runtime, repl-core
• npm: symbiont-sdk-js v0.6.0
• PyPI: symbiont-sdk v0.6.0