Skip to content

Releases: agent-sh/agnix

v0.37.5

Choose a tag to compare

@github-actions github-actions released this 05 Jul 00:57

Fixed

  • Crates.io package completeness. Ship the removed-rule lifecycle index inside agnix-core and mirror it from knowledge-base/removed-rules.json, so published agnix-core tarballs verify outside the workspace and downstream crates can publish cleanly.

v0.37.4

Choose a tag to compare

@github-actions github-actions released this 05 Jul 00:37

Added

  • Issue batch: diagnostics, config UX, lifecycle, security taxonomy, and CI portability (closes #1151, #1159, #1160, #1161, #1162, #1163, #1164). CI now runs the workspace test suite on Linux, Windows, and macOS; Windows-sensitive tests normalize CRLF and canonical paths. Diagnostics now carry optional ranges, text output shows code frames, JSON/SARIF/LSP/WASM preserve spans, SARIF includes fixes, and --format github emits GitHub Actions annotations. Added agnix explain <RULE> with text/JSON output. .agnix.toml now supports extend, [rules.severity] per-rule overrides, and inline suppressions (agnix: noqa, agnix-disable-next-line). Rule lifecycle policy is documented, removed AS-* rule IDs warn in config, and 37 security-facing rules now carry CWE/OWASP/vulnerability-class metadata that SARIF exports as taxonomies.

v0.37.3

Choose a tag to compare

@github-actions github-actions released this 04 Jul 20:53

Added

  • Release provenance attestations. Release archive builds now generate GitHub artifact attestations with job-scoped OIDC and attestation permissions, while release publishing keeps write access isolated to the release job.

Fixed

  • Markdown import scanner performance. Avoided repeated prefix rescans when extracting @import references from large non-code spans, keeping dense-at-sign inputs linear while preserving UTF-8 behavior.
  • Rule suppression config warnings. Recognized every shipped rule-prefix namespace in .agnix.toml validation, avoiding spurious core.config.unknown_rule warnings when disabling valid rules.
  • Windows checkout line endings. Added repository attributes that keep source files LF-normalized across platforms while preserving CRLF for Windows command and PowerShell scripts.
  • npm installer checksum verification. The npm postinstall downloader now verifies release archive SHA-256 sidecars before extraction, binds sidecar entries to the expected archive filename, streams archive hashing, and cleans temporary artifacts after failed installs.
  • Stale version references in documentation. Updated project instructions and configuration docs to consistently reference the current release version, so release guidance and user-facing docs match the published version.
  • Security follow-ups (closes #1149, #1150, #1154, #1155, #1156, #1157, #1158). Hardened MCP validation against handler panics and absolute-path disclosure, extended panic isolation to project-level checks, bound shell checksum parsing to the selected artifact filename, added VS Code release-download redirect host validation, corrected the YAML parser safety comment, and documented the remaining deprecated transitive serde_yaml dependency from rust-i18n.
  • CLI config and autofix safety followups (closes #1152, #1153, #1165, #1166, #1167). The CLI now fails non-zero when a discovered or explicitly passed .agnix.toml cannot be parsed instead of validating with defaults, skill frontmatter now reports duplicate top-level YAML keys instead of silently applying last-wins parsing, telemetry storage failures are logged at debug level, agnix-lsp initializes stderr tracing for startup/config-load visibility, bare agnix --fix / --dry-run now apply or preview only safe fixes unless --fix-unsafe is explicitly selected, and the rule-doc parity test now catches stale inline/table rule IDs such as the removed AS-010 and AS-014 references.

v0.37.2

Choose a tag to compare

@github-actions github-actions released this 04 Jul 15:26

Fixed

  • Supply-chain hygiene (closes #1144). Removed stale cargo audit ignores for advisories whose crates are no longer in Cargo.lock, realigned the audit and cargo-deny advisory policies with docs/RUSTSEC-ADVISORIES.md, and moved agnix's direct YAML/frontmatter parser dependency to the maintained serde_norway fork while keeping the internal serde_yaml crate alias stable. Added regression coverage so the advisory lists and YAML parser package cannot drift silently.
  • Docs website deployment payload. Reduced the GitHub Pages deploy window from six to three docs versions while keeping all versioned snapshots in the repository, so release docs publish with a smaller Pages artifact and avoid repeated syncing_files deployment failures.
  • Security: MCP path confinement and panic hardening. The MCP validate_file and validate_project tools now reject client-supplied paths that canonicalize outside the server working directory. Completion helpers clamp raw byte offsets to UTF-8 character boundaries before slicing, project validation converts per-file validator panics into diagnostics, and release builds keep unwinding enabled so one bad file cannot abort an entire scan.
  • Release download integrity and publish gating. The GitHub Action installer, VS Code extension, JetBrains plugin, and Zed extension now verify release SHA-256 sidecars before using downloaded agnix/agnix-lsp artifacts. Release tags now run fmt, clippy, and workspace tests before GitHub releases, crates.io publish, or VS Code Marketplace publish can proceed.

v0.37.1

Choose a tag to compare

@github-actions github-actions released this 04 Jul 13:16

Fixed

  • HetCreep validation issue batch (closes #1121 through #1140). Fixed LSP UTF-16 position/range handling for non-BMP characters, stricter .agnix.toml unknown-key rejection with explicit legacy no-op compatibility, character-based skill length checks, lossy non-ASCII AS-004 fix suppression, deterministic diagnostic ordering, and i18n tests that no longer mutate global locale state. Regenerated .agnix.toml schemas, added schema/rule-count CI gates, corrected stale rule/version/package/config docs, updated plugin contact metadata, and made rules.json / VALIDATION-RULES.md parity bidirectional.
  • JetBrains plugin LSP binary path validation. The LSP binary path setting now rejects relative values like agnix-lsp.exe and tells users to provide the full absolute executable path, so locked-down Windows users do not silently fall back to the blocked auto-downloaded binary.

v0.37.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 21:06

Added

  • Claude Code hook schema refresh for v2.1.198 (closes #1106). The Claude hooks validator now recognizes the current hook event set, including UserPromptExpansion, PermissionDenied, and PostToolBatch; treats PermissionDenied as a tool/matcher event; supports the current prompt/agent hook event matrix; and validates documented event-specific matcher values. Notification matchers now accept the new agent_needs_input and agent_completed values. Agent hooks use the current 60-second default timeout threshold, while prompt hooks keep the 30-second threshold. Rule count remains 432.

Changed

  • Tool baselines: triaged the current release-watch batch and bumped amp custom-agents -> read-bigger-threads, claude-code v2.1.195 -> v2.1.198, cline cli-v3.0.31 -> v4.0.6, codex rust-v0.142.3 -> rust-v0.142.5, cursor 3.9.8 -> 3.9.16, and opencode v1.17.11 -> v1.17.13 (closes #1104, #1105, #1107, #1108, #1109). Aside from the Claude hook schema changes above, the releases were triaged as model/runtime/UI/provider/news changes outside agnix's current validated config surfaces. .github/tool-release-baselines.json, knowledge-base/RESEARCH-TRACKING.md, hook rule metadata, generated rule docs, and locales were updated.

Fixed

  • Dead documentation host in shipped rule-doc URLs (refs #1099). The docs site is served at https://agent-sh.github.io/agnix/ (HTTP 200), but several user-facing rule-doc links still hard-coded the pre-migration https://avifenesh.github.io/agnix host, which now returns 404. Updated the live host in the LSP diagnostic code_description (clickable rule links in IDEs), the SARIF helpUri emitted for every rule (CI integrations), the VS Code showRules/showRuleDoc actions, the Neovim AgnixShowRuleDoc command and rule pickers, the npm/VS Code/agnix-rules READMEs, and the Docusaurus url/organizationName/JSON-LD and robots.txt sitemap. Historical website/versioned_docs/** snapshots and past changelog entries are intentionally left untouched. This is the same broken-doc-link class as the JetBrains Marketplace Documentation resource link in #1099 (that link is corrected in the Marketplace web admin, not in-repo).
  • JetBrains plugin: actionable notification when the OS blocks agnix-lsp execution (refs #1102). On locked-down/managed Windows (AppLocker, Windows Defender Application Control, EDR, or antivirus), the OS can refuse to execute the auto-downloaded agnix-lsp.exe from its user-writable plugin directory, surfacing as CreateProcess error=5, Access is denied. Previously this appeared only as a raw CannotStartProcessException stack trace. The plugin now detects access-denied launch failures (locale-independent: matches the Win32 error=5 / POSIX errno=13/EACCES codes, not localized text) and shows an explanatory notification with "Set Binary Path" and "Troubleshooting" actions, since upgrading the IDE does not resolve an OS-level execution block. The original exception is re-thrown so LSP4IJ's lifecycle handling is unchanged. Documented the workaround in editors/jetbrains/README.md and docs/EDITOR-SETUP.md.

v0.36.2

Choose a tag to compare

@github-actions github-actions released this 27 Jun 21:59

Fixed

  • JetBrains plugin IDE compatibility through build 262.*. Upgraded the plugin build toolchain (Gradle 9.6.1, IntelliJ Platform Gradle plugin 2.17.0), raised until-build to 262.*, and resolve the plugin version from a build-time generated resource (with jar-manifest fallback) so LSP binary version checks work in local development and pass verifyPlugin without internal PluginManagerCore APIs. Release workflow now runs plugin verification before publish.

v0.36.1

Choose a tag to compare

@github-actions github-actions released this 27 Jun 12:44

Added

  • CC-SET-013: Non-boolean autoMode.classifyAllShell Setting (closes #1084). Claude Code v2.1.193 added autoMode.classifyAllShell to route all Bash/PowerShell commands through the auto-mode classifier. New MEDIUM claude-settings rule warns when autoMode.classifyAllShell is present with a non-boolean value in settings.json, settings.local.json, or managed-settings.json; strict true/false values, null, and absent keys are accepted.
  • CDX-PL-016: Invalid Dark-mode Logo Path (closes #1081). Codex CLI rust-v0.142.2 added local plugin manifest interface.logoDark for dark-mode logo assets. New MEDIUM Codex plugin rule validates that logoDark starts with ./ and does not traverse outside the plugin root. Rule count 430 -> 432.

Changed

  • Tool baselines: completed the release-watch sweep and bumped amp end-of-public-threads -> custom-agents, claude-code v2.1.187 -> v2.1.195, cline cli-v3.0.24 -> cli-v3.0.31, codex rust-v0.142.0 -> rust-v0.142.3, cursor 3.8.11 -> 3.9.8, gemini-cli v0.45.1 -> v0.49.0, kiro 2.8.0 -> 2.10.0, and opencode v1.17.7 -> v1.17.11 (closes #1079, #1082, #1083, #1085, #1086, #1087). Aside from the Claude Code and Codex changes above, the releases were triaged as UI/runtime/provider/model/packaging/news changes outside agnix's current validated config surfaces. .github/tool-release-baselines.json, knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.

v0.36.0

Choose a tag to compare

@github-actions github-actions released this 25 Jun 07:47

Added

  • CC-SET-012: Invalid sandbox.credentials Setting (closes #1078). Claude Code v2.1.187 added sandbox.credentials to block sandboxed commands from reading credential files and secret environment variables. New MEDIUM claude-settings rule validates the documented sandbox.credentials.files[] and sandbox.credentials.envVars[] shapes: file entries require a non-empty string path and mode: "deny", env var entries require a non-empty string name and mode: "deny", and no other mode is documented. Validated across settings.json, settings.local.json, and managed-settings.json. Rule count 429 -> 430.

Changed

  • Tool baseline: bumped claude-code v2.1.186 -> v2.1.187 after release-note/source triage. The other v2.1.187 changes are model restrictions, UI behavior, CLI flag/help, runtime bug fixes, and remote-session behavior outside agnix's validated config surfaces. No ToolVersions or SpecRevisions change required. .github/tool-release-baselines.json, knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.

v0.35.0

Choose a tag to compare

@github-actions github-actions released this 24 Jun 02:31

Added

  • CC-SET-010: Invalid teammateMode Setting and CC-SET-011: Non-boolean respondToBashCommands Setting (closes #1075). Claude Code v2.1.186 added iterm2 teammate display mode support and the respondToBashCommands setting. New MEDIUM claude-settings rules validate teammateMode against in-process|auto|tmux|iterm2 and require respondToBashCommands, when present, to be a strict boolean. Claude skill frontmatter allow-listing also accepts the new v2.1.186 aliases display-name, default-enabled, and fallback. Rule count 426 -> 428.
  • CDX-CFG-030: Invalid web_search Mode (closes #1076). Codex CLI rust-v0.142.0 added the indexed web-search mode and new config-facing surfaces around orchestrator, token/rollout/current-time feature config, and multi-agent mode. The Codex config allow-lists now cover those surfaces and CDX-CFG-030 validates web_search against disabled|cached|indexed|live. Rule count 428 -> 429.

Changed

  • Tool baselines: bumped claude-code v2.1.185 -> v2.1.186 and codex rust-v0.141.0 -> rust-v0.142.0 after release-note/source triage. .github/tool-release-baselines.json, knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.