Skip to content

v0.1.1-rc2

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 18:46
· 38 commits to main since this release
v0.1.1-rc2
34c5c3c

Selena v0.1.1 — Pre-built binaries, security hardening & CI

The headline: you no longer need the Rust toolchain. This release ships
pre-built binaries for five platforms, alongside safer defaults, SSRF
protection, and a context-compaction correctness fix.

Pre-built binaries

First release with downloadable binaries — grab one below for:

  • Linux x86_64 / aarch64
  • macOS Intel / Apple Silicon
  • Windows x86_64

Verify downloads against SHA256SUMS. TLS now uses rustls instead of
OpenSSL, so the binaries are fully standalone — no system libssl required.

Security

  • auto_accept now defaults to false. Tools that require confirmation
    no longer run without explicit operator opt-in. Set "auto_accept": true
    in agent.json to restore the old behavior.
  • SSRF protection for webfetch. The built-in fetch tool now blocks
    loopback, RFC1918 private ranges, and link-local addresses including cloud
    metadata (169.254.0.0/16) — with DNS resolution vetting against
    rebinding, IPv4-mapped IPv6 unwrapping, and manual redirect handling with
    per-hop validation and DNS pinning. Local development can opt out via the
    webfetch allowlist settings.

Correctness

  • Context compaction can no longer drop in-flight messages. Compaction
    now guarantees the system prompt, the most recent user message, and
    everything after it survive — enforced inside ContextManager itself, so
    every caller is protected. Covered by new invariant tests.

Tooling & CI

  • GitHub Actions CI on Ubuntu, macOS, and Windows: cargo fmt --check,
    clippy -D warnings, and the full test suite — green on all three.
  • Live-endpoint tests are #[ignore]d in CI; run locally with
    cargo test -- --ignored against a running Ollama.
  • Repo hygiene: stripped UTF-8 BOMs, normalized line endings to LF,
    deterministic formatting via rustfmt.toml.

Internal

  • Replaced OpenSSL with rustls across the dependency tree.
  • Split the 1,600-line command tool into focused modules
    (platform / spawn / streaming / types) with no behavior change.
  • ~400 tests passing in CI.

Full Changelog: v0.1.1...v0.1.1-rc2

Assets 8
Loading