Skip to content

agentic-mcp-tools/owlex

v0.1.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Affected surfaces

auth rce_ssrf

Summary

AI summary

Unified run_agent method replaces agent-specific methods and simplifies the task execution flow.

Full changelog

What's New

Architecture Refactoring

  • Unified run_agent method - Single polymorphic entry point in TaskEngine replacing agent-specific methods
  • Agent enum - Type-safe agent identification
  • AGENT_RUNNERS registry - Clean mapping of agents to their runners
  • Extracted prompts module - Council deliberation templates in dedicated module

Security & Robustness

  • CLI flag injection prevention - Validates session_ref parameters to block malicious flags
  • Config crash prevention - Graceful fallbacks for invalid environment variables
  • Structured error codes - ErrorCode enum for consistent MCP responses
  • Zombie task cleanup - Automatic cleanup of stale tasks on startup
  • Graceful termination - SIGTERM handling for subprocess cleanup
  • Gemini CLI fix - Resolved stdin wait issue causing timeouts

Council Improvements

  • Removed synthesis phase (MCP client now synthesizes responses)
  • Simplified round 1/2 structure with deliberation and critique modes

Testing

  • 86 tests total, all passing
  • New test_config.py - 8 tests for config parsing edge cases
  • New test_server.py - 19 tests for MCP validation paths
  • New test_agents.py - Flag injection prevention tests
  • Updated council tests for new architecture

Breaking Changes

  • Removed agent-specific methods in TaskEngine; replaced with single polymorphic `run_agent` method.

Security Fixes

  • CLI flag injection prevention: validates `session_ref` parameters to block malicious flags
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agentic-mcp-tools/owlex

Get notified when new releases ship.

Sign up free

About agentic-mcp-tools/owlex

AI council server: query CLI agents (Claude Code, Codex, Gemini, and OpenCode) in parallel with deliberation rounds

All releases →

Related context

Beta — feedback welcome: [email protected]