Skip to content

AlekseiMarchenko/central-intelligence

v0.2.0 Security

This release includes 6 security fixes for security teams reviewing exposed deployments.

Published 2mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 6 known CVEs

Affected surfaces

auth rce_ssrf

Summary

AI summary

SQL injection and double‑credit race condition fixes harden the payment protocol.

Full changelog

What's New

x402 Payment Protocol

Agents with a Base wallet can now pay per-call ($0.001 USDC) via /x402/* endpoints — no API key needed. Powered by Coinbase CDP facilitator.

USDC on Base Payments

Manual deposit flow: send USDC on Base, verify on-chain, credits added instantly. Auto-upgrades to Pro tier.

Security Hardening

  • SQL injection fix (parameterized queries)
  • Atomic double-credit prevention (INSERT ON CONFLICT)
  • TOCTOU race condition fix (pre-auth debit pattern)
  • 12-block confirmation requirement for deposits
  • Rate limiting on payment verification
  • CORS restrictions
  • 64KB request body limit

Analytics Dashboard

GitHub OAuth-protected dashboard at /dashboard with memory usage, active agents, and operation metrics.

Interactive API Docs

/docs — styled HTML docs for developers
/docs/json — machine-readable spec for agents

Distribution

  • Official MCP Registry
  • mcp.so, Glama.ai, PulseMCP
  • OpenClaw skill file
  • AstrBot plugin (China market)
  • npm: central-intelligence-mcp, central-intelligence-cli

Security Fixes

  • SQL injection vulnerability fixed by enforcing parameterized queries
  • Atomic double‑credit prevention implemented with INSERT ON CONFLICT
  • TOCTOU race condition eliminated in pre‑authentication debit pattern
  • Deposits now require 12‑block confirmation on Base
  • Rate limiting added to payment verification endpoints
  • CORS policy tightened and request body limited to 64KB
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track AlekseiMarchenko/central-intelligence

Get notified when new releases ship.

Sign up free

About AlekseiMarchenko/central-intelligence

Persistent memory for AI agents. Five tools (remember, recall, context, forget, share) with semantic search via vector embeddings and agent/user/org scoping. Works with Claude Code, Cursor, Windsurf, and any MCP client.

All releases →

Related context

Beta — feedback welcome: [email protected]