Cradicle Explorer
ai-ops-security_ag3ntum
/ CHANGELOG.md
CHANGELOG.md
 1  # Changelog
 2  
 3  All notable changes to Ag3ntum are documented in this file.
 4  
 5  Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 6  Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 7  
 8  ## [0.2.0] - 2026-02-25
 9  
10  ### Added
11  - Production build mode — frontend pre-built during Docker image creation, eliminating npm install at startup and reducing container start time (dev mode with Vite HMR still available via `--dev` flag)
12  - Active tool display in web UI spinner — shows currently executing tool name (e.g., "Reading file...") instead of generic "Processing..."
13  - Subagent status tracking — color-coded dots and live list of active subagents in the web console during multi-agent execution
14  - Clipboard fallback for HTTP deployments — copy buttons now work without HTTPS via `document.execCommand` fallback
15  - CI/CD pipeline with self-hosted runner — full lint, structural, audit, and Docker test suite runs on every PR
16  
17  ### Fixed
18  - Web container crash-loop on fresh install — fixed Vite permission errors when source mount is read-only (EXT-2)
19  - User login failure after repeated install — fixed stale group/shadow entries left by previous user deletion cycles
20  - Session PermissionError after user creation — API container now automatically restarts to pick up new user's group membership
21  - Incorrect file ownership on fresh install — fixed GID lookup to use actual primary GID from passwd instead of assuming GID == UID
22  - `create_image` skill permission error — added `PYTHONDONTWRITEBYTECODE=1` to sandbox to prevent `__pycache__` writes on read-only `/skills` mount
23  - Stale dynamic mount entries in web UI — mount selector now validates localStorage state against server on load
24  - Status border incorrectly shown on all messages — now only applied to the last agent message
25  - File popup closing during text selection — fixed mousedown/click origin tracking on overlay
26  
27  ### Changed
28  - Replaced `--subset` test flag with first-class `--core` flag alongside `--backend`, `--security`, `--sandboxing`
29  - Explicit production vs development deployment modes with separate Docker compose overlays and entrypoint logic
30  - Configuration files now have two validation tiers: REQUIRED_SECRET (fail with instructions) and REQUIRED_SAFE (auto-create from template)
31  - Vite config migrated from TypeScript to ESM JavaScript (.mjs) for read-only source mount compatibility
32  
33  ### Security
34  - Patched CVE-2024-53981 (python-multipart), GHSA-r6ph-v2qm-q3c2 (cryptography), GHSA-cfh3-3jmp-rvhc (Pillow)
35  - Enforced `/src` as read-only mount in production containers
36  - Made `/skills` directory world-readable for unprivileged sandbox UIDs
37  
38  ## [0.1.0] - 2026-02-13
39  
40  ### Added
41  - Initial versioned release
42  - Automated release pipeline with GitHub Actions
43  - Version displayed in health endpoint and Docker image labels