Skip to content

5dive

v0.1.3 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 22d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agents ai automation shell claude-code cli
+4 more
codex gemini self-hosted systemd

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Inter-agent group mirror moved to sender side, fixing identity mismatches and double-posting.

Full changelog

Changed

  • Inter-agent group mirror moved to the sender side. 5dive agent send (and agent ask) now posts @<receiver>\n<body> to the sender's group via the sender's bot, so both halves of an exchange show up under the correct identity. The previous receiver-side hooks (userprompt-mirror-inter-agent.sh, stop-mirror-inter-agent.sh) are retired as no-ops — they posted via the receiver's bot, so marketing → main showed up under main's identity, and the reply hook double-posted (once as payload, once as transcript narration).
  • stop-telegram-reply-check.sh now decides at the turn level, not per text block. If the agent called reply or edit_message anywhere in the turn, all auto-relay is suppressed. Eliminates trailing (auto-relay) ... duplicates that landed in the user's DM right after the real reply.
  • StopFailure Telegram alerts include the upstream API error string (e.g. API Error: 529 Overloaded) pulled from the claude pane capture, instead of just naming the high-level server_error reason.
  • Per-agent Telegram guidance moved out of the shared projects-CLAUDE.md. Telegram-paired claude agents now get a dedicated telegram-agent-CLAUDE.md dropped at \$HOME/.claude/CLAUDE.md during agent setup. Non-Telegram agents no longer carry the reply mandate or bot references that didn't apply to them.
  • projects-CLAUDE.md and telegram-agent-CLAUDE.md tightened — smaller token footprint on every agent's session prompt.

Removed

  • posttool-telegram-relay.sh retired as a no-op. The mid-turn relay's premise (loose mid-turn text = message the user should see) was wrong; preambles and progress narration are transcript text too and were getting curled to the user as noise. The legitimate "talked to the transcript instead of replying" miss is now caught by the turn-level Stop hook above.
  • SECURITY.md removed. Security-reporting instructions inlined into the README; CONTRIBUTING.md points at GitHub's private advisory page directly.

Fixed

  • install-smoke CI workflow now ships telegram-agent-CLAUDE.md in the bundle. Without this, install.sh's new curl for that file hit a missing source and bailed (curl exit 37).

Documentation

  • README "How it works" clarifies that agents share CLI binaries and subscriptions, with a diagram showing two claude agents alongside one codex.
  • hooks/README.md surfaces the three Telegram-plugin deadlocks in the table.
  • README prose stripped of em-dashes (kept in the agent-type table where they mark n/a entries).

Full changelog: https://github.com/5dive-com/5dive/blob/v0.1.3/CHANGELOG.md

Breaking Changes

  • Inter-agent group mirror relocated from receiver to sender side; previous receiver-side hooks (`userprompt-mirror-inter-agent.sh`, `stop-mirror-inter-agent.sh`) are retired as no-ops.
  • Removed scripts: `posttool-telegram-relay.sh` and `SECURITY.md`.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track 5dive

Get notified when new releases ship.

Sign up free

About 5dive

All releases →

Related context

Beta — feedback welcome: [email protected]