Selena Core v0.1.1 Released

Selena v0.1.1 — Security hardening & CI

This release focuses on safe defaults, SSRF protection, a context-compaction
correctness fix, and continuous integration across all three platforms.

Security

• auto_accept now defaults to false. Tools that require confirmation
  no longer run without explicit operator opt-in. Set "auto_accept": true
  in agent.json to restore the old behavior.
• SSRF protection for webfetch. The built-in web fetch tool now blocks
  loopback (127.0.0.0/8, ::1), RFC1918 private ranges, and link-local
  addresses including cloud metadata (169.254.0.0/16) — with DNS resolution
  vetting to defeat rebinding, IPv4-mapped IPv6 unwrapping, and manual
  redirect handling with per-hop validation and DNS pinning so redirects
  cannot escape the blocklist. Local development can opt out via
  webfetch.allow_private_network or per-host webfetch.allow_hosts.

Correctness

• Context compaction can no longer drop in-flight messages. Compaction
  now guarantees the system prompt, the most recent user message, and all
  messages after it survive, enforced inside ContextManager itself so every
  caller is protected. Covered by new invariant tests.
• Restored/verified Unix process-group handling in the command tool after the
  module refactor.

Tooling & CI

• GitHub Actions CI on ubuntu, macos, and windows: cargo fmt --check,
  cargo clippy --workspace --all-targets -- -D warnings, and
  cargo test --workspace — all green on all three platforms.
• Live-endpoint tests (ollama_smoke) are #[ignore]d in CI; run them
  locally with cargo test -- --ignored against a running Ollama.
• Repository hygiene: stripped UTF-8 BOMs, normalized line endings to LF via
  .gitattributes, added rustfmt.toml (newline_style = "Unix").

Internal

• Split the 1,600-line command.rs into focused modules
  (platform / spawn / streaming / types) with no behavior change.
• Test suite grown to ~400 tests passing in CI.

Full Changelog: v0.1.0...v0.1.1