Releases: agent-sh/agnix
Releases · agent-sh/agnix
Release list
v0.37.5
Fixed
- Crates.io package completeness. Ship the removed-rule lifecycle index inside
agnix-coreand mirror it fromknowledge-base/removed-rules.json, so publishedagnix-coretarballs verify outside the workspace and downstream crates can publish cleanly.
v0.37.4
Added
- Issue batch: diagnostics, config UX, lifecycle, security taxonomy, and CI portability (closes #1151, #1159, #1160, #1161, #1162, #1163, #1164). CI now runs the workspace test suite on Linux, Windows, and macOS; Windows-sensitive tests normalize CRLF and canonical paths. Diagnostics now carry optional ranges, text output shows code frames, JSON/SARIF/LSP/WASM preserve spans, SARIF includes fixes, and
--format githubemits GitHub Actions annotations. Addedagnix explain <RULE>with text/JSON output..agnix.tomlnow supportsextend,[rules.severity]per-rule overrides, and inline suppressions (agnix: noqa,agnix-disable-next-line). Rule lifecycle policy is documented, removedAS-*rule IDs warn in config, and 37 security-facing rules now carry CWE/OWASP/vulnerability-class metadata that SARIF exports as taxonomies.
v0.37.3
Added
- Release provenance attestations. Release archive builds now generate GitHub artifact attestations with job-scoped OIDC and attestation permissions, while release publishing keeps write access isolated to the release job.
Fixed
- Markdown import scanner performance. Avoided repeated prefix rescans when extracting
@importreferences from large non-code spans, keeping dense-at-sign inputs linear while preserving UTF-8 behavior. - Rule suppression config warnings. Recognized every shipped rule-prefix namespace in
.agnix.tomlvalidation, avoiding spuriouscore.config.unknown_rulewarnings when disabling valid rules. - Windows checkout line endings. Added repository attributes that keep source files LF-normalized across platforms while preserving CRLF for Windows command and PowerShell scripts.
- npm installer checksum verification. The npm postinstall downloader now verifies release archive SHA-256 sidecars before extraction, binds sidecar entries to the expected archive filename, streams archive hashing, and cleans temporary artifacts after failed installs.
- Stale version references in documentation. Updated project instructions and configuration docs to consistently reference the current release version, so release guidance and user-facing docs match the published version.
- Security follow-ups (closes #1149, #1150, #1154, #1155, #1156, #1157, #1158). Hardened MCP validation against handler panics and absolute-path disclosure, extended panic isolation to project-level checks, bound shell checksum parsing to the selected artifact filename, added VS Code release-download redirect host validation, corrected the YAML parser safety comment, and documented the remaining deprecated transitive
serde_yamldependency fromrust-i18n. - CLI config and autofix safety followups (closes #1152, #1153, #1165, #1166, #1167). The CLI now fails non-zero when a discovered or explicitly passed
.agnix.tomlcannot be parsed instead of validating with defaults, skill frontmatter now reports duplicate top-level YAML keys instead of silently applying last-wins parsing, telemetry storage failures are logged at debug level,agnix-lspinitializes stderr tracing for startup/config-load visibility, bareagnix --fix/--dry-runnow apply or preview only safe fixes unless--fix-unsafeis explicitly selected, and the rule-doc parity test now catches stale inline/table rule IDs such as the removedAS-010andAS-014references.
v0.37.2
Fixed
- Supply-chain hygiene (closes #1144). Removed stale
cargo auditignores for advisories whose crates are no longer inCargo.lock, realigned the audit andcargo-denyadvisory policies withdocs/RUSTSEC-ADVISORIES.md, and moved agnix's direct YAML/frontmatter parser dependency to the maintainedserde_norwayfork while keeping the internalserde_yamlcrate alias stable. Added regression coverage so the advisory lists and YAML parser package cannot drift silently. - Docs website deployment payload. Reduced the GitHub Pages deploy window from six to three docs versions while keeping all versioned snapshots in the repository, so release docs publish with a smaller Pages artifact and avoid repeated
syncing_filesdeployment failures. - Security: MCP path confinement and panic hardening. The MCP
validate_fileandvalidate_projecttools now reject client-supplied paths that canonicalize outside the server working directory. Completion helpers clamp raw byte offsets to UTF-8 character boundaries before slicing, project validation converts per-file validator panics into diagnostics, and release builds keep unwinding enabled so one bad file cannot abort an entire scan. - Release download integrity and publish gating. The GitHub Action installer, VS Code extension, JetBrains plugin, and Zed extension now verify release SHA-256 sidecars before using downloaded
agnix/agnix-lspartifacts. Release tags now run fmt, clippy, and workspace tests before GitHub releases, crates.io publish, or VS Code Marketplace publish can proceed.
v0.37.1
Fixed
- HetCreep validation issue batch (closes #1121 through #1140). Fixed LSP UTF-16 position/range handling for non-BMP characters, stricter
.agnix.tomlunknown-key rejection with explicit legacy no-op compatibility, character-based skill length checks, lossy non-ASCII AS-004 fix suppression, deterministic diagnostic ordering, and i18n tests that no longer mutate global locale state. Regenerated.agnix.tomlschemas, added schema/rule-count CI gates, corrected stale rule/version/package/config docs, updated plugin contact metadata, and maderules.json/VALIDATION-RULES.mdparity bidirectional. - JetBrains plugin LSP binary path validation. The LSP binary path setting now rejects relative values like
agnix-lsp.exeand tells users to provide the full absolute executable path, so locked-down Windows users do not silently fall back to the blocked auto-downloaded binary.
v0.37.0
Added
- Claude Code hook schema refresh for v2.1.198 (closes #1106). The Claude hooks validator now recognizes the current hook event set, including
UserPromptExpansion,PermissionDenied, andPostToolBatch; treatsPermissionDeniedas a tool/matcher event; supports the current prompt/agent hook event matrix; and validates documented event-specific matcher values.Notificationmatchers now accept the newagent_needs_inputandagent_completedvalues. Agent hooks use the current 60-second default timeout threshold, while prompt hooks keep the 30-second threshold. Rule count remains 432.
Changed
- Tool baselines: triaged the current release-watch batch and bumped
ampcustom-agents->read-bigger-threads,claude-codev2.1.195->v2.1.198,clinecli-v3.0.31->v4.0.6,codexrust-v0.142.3->rust-v0.142.5,cursor3.9.8->3.9.16, andopencodev1.17.11->v1.17.13(closes #1104, #1105, #1107, #1108, #1109). Aside from the Claude hook schema changes above, the releases were triaged as model/runtime/UI/provider/news changes outside agnix's current validated config surfaces..github/tool-release-baselines.json,knowledge-base/RESEARCH-TRACKING.md, hook rule metadata, generated rule docs, and locales were updated.
Fixed
- Dead documentation host in shipped rule-doc URLs (refs #1099). The docs site is served at
https://agent-sh.github.io/agnix/(HTTP 200), but several user-facing rule-doc links still hard-coded the pre-migrationhttps://avifenesh.github.io/agnixhost, which now returns 404. Updated the live host in the LSP diagnosticcode_description(clickable rule links in IDEs), the SARIFhelpUriemitted for every rule (CI integrations), the VS CodeshowRules/showRuleDocactions, the NeovimAgnixShowRuleDoccommand and rule pickers, the npm/VS Code/agnix-rulesREADMEs, and the Docusaurusurl/organizationName/JSON-LD androbots.txtsitemap. Historicalwebsite/versioned_docs/**snapshots and past changelog entries are intentionally left untouched. This is the same broken-doc-link class as the JetBrains Marketplace Documentation resource link in #1099 (that link is corrected in the Marketplace web admin, not in-repo). - JetBrains plugin: actionable notification when the OS blocks
agnix-lspexecution (refs #1102). On locked-down/managed Windows (AppLocker, Windows Defender Application Control, EDR, or antivirus), the OS can refuse to execute the auto-downloadedagnix-lsp.exefrom its user-writable plugin directory, surfacing asCreateProcess error=5, Access is denied. Previously this appeared only as a rawCannotStartProcessExceptionstack trace. The plugin now detects access-denied launch failures (locale-independent: matches the Win32error=5/ POSIXerrno=13/EACCEScodes, not localized text) and shows an explanatory notification with "Set Binary Path" and "Troubleshooting" actions, since upgrading the IDE does not resolve an OS-level execution block. The original exception is re-thrown so LSP4IJ's lifecycle handling is unchanged. Documented the workaround ineditors/jetbrains/README.mdanddocs/EDITOR-SETUP.md.
v0.36.2
Fixed
- JetBrains plugin IDE compatibility through build
262.*. Upgraded the plugin build toolchain (Gradle 9.6.1, IntelliJ Platform Gradle plugin 2.17.0), raiseduntil-buildto262.*, and resolve the plugin version from a build-time generated resource (with jar-manifest fallback) so LSP binary version checks work in local development and passverifyPluginwithout internalPluginManagerCoreAPIs. Release workflow now runs plugin verification before publish.
v0.36.1
Added
- CC-SET-013: Non-boolean autoMode.classifyAllShell Setting (closes #1084). Claude Code v2.1.193 added
autoMode.classifyAllShellto route all Bash/PowerShell commands through the auto-mode classifier. New MEDIUMclaude-settingsrule warns whenautoMode.classifyAllShellis present with a non-boolean value insettings.json,settings.local.json, ormanaged-settings.json; stricttrue/falsevalues,null, and absent keys are accepted. - CDX-PL-016: Invalid Dark-mode Logo Path (closes #1081). Codex CLI
rust-v0.142.2added local plugin manifestinterface.logoDarkfor dark-mode logo assets. New MEDIUM Codex plugin rule validates thatlogoDarkstarts with./and does not traverse outside the plugin root. Rule count 430 -> 432.
Changed
- Tool baselines: completed the release-watch sweep and bumped
ampend-of-public-threads->custom-agents,claude-codev2.1.187->v2.1.195,clinecli-v3.0.24->cli-v3.0.31,codexrust-v0.142.0->rust-v0.142.3,cursor3.8.11->3.9.8,gemini-cliv0.45.1->v0.49.0,kiro2.8.0->2.10.0, andopencodev1.17.7->v1.17.11(closes #1079, #1082, #1083, #1085, #1086, #1087). Aside from the Claude Code and Codex changes above, the releases were triaged as UI/runtime/provider/model/packaging/news changes outside agnix's current validated config surfaces..github/tool-release-baselines.json,knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.
v0.36.0
Added
- CC-SET-012: Invalid sandbox.credentials Setting (closes #1078). Claude Code v2.1.187 added
sandbox.credentialsto block sandboxed commands from reading credential files and secret environment variables. New MEDIUMclaude-settingsrule validates the documentedsandbox.credentials.files[]andsandbox.credentials.envVars[]shapes: file entries require a non-empty stringpathandmode: "deny", env var entries require a non-empty stringnameandmode: "deny", and no other mode is documented. Validated acrosssettings.json,settings.local.json, andmanaged-settings.json. Rule count 429 -> 430.
Changed
- Tool baseline: bumped
claude-codev2.1.186->v2.1.187after release-note/source triage. The other v2.1.187 changes are model restrictions, UI behavior, CLI flag/help, runtime bug fixes, and remote-session behavior outside agnix's validated config surfaces. NoToolVersionsorSpecRevisionschange required..github/tool-release-baselines.json,knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.
v0.35.0
Added
- CC-SET-010: Invalid teammateMode Setting and CC-SET-011: Non-boolean respondToBashCommands Setting (closes #1075). Claude Code v2.1.186 added
iterm2teammate display mode support and therespondToBashCommandssetting. New MEDIUMclaude-settingsrules validateteammateModeagainstin-process|auto|tmux|iterm2and requirerespondToBashCommands, when present, to be a strict boolean. Claude skill frontmatter allow-listing also accepts the new v2.1.186 aliasesdisplay-name,default-enabled, andfallback. Rule count 426 -> 428. - CDX-CFG-030: Invalid web_search Mode (closes #1076). Codex CLI
rust-v0.142.0added theindexedweb-search mode and new config-facing surfaces aroundorchestrator, token/rollout/current-time feature config, and multi-agent mode. The Codex config allow-lists now cover those surfaces andCDX-CFG-030validatesweb_searchagainstdisabled|cached|indexed|live. Rule count 428 -> 429.
Changed
- Tool baselines: bumped
claude-codev2.1.185->v2.1.186andcodexrust-v0.141.0->rust-v0.142.0after release-note/source triage..github/tool-release-baselines.json,knowledge-base/RESEARCH-TRACKING.md, rule metadata, and generated rule docs were updated.