agent-deck

v1.9.31 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 11d Developer Productivity

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agent ai-agents ai-coding-assistant aider bubble-tea claude-code

+11 more

cli codex developer-tools discord gemini-cli go mcp productivity session-manager tmux tui

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 11d

Release v1.9.31 adds CSRF protection for mutation endpoints in the web UI and hardens session manager defenses.

Why it matters: The new CSRF safeguard mitigates cross‑site request forgery attacks on web API mutation endpoints, directly protecting user data integrity.

Summary

AI summary

Updates multi-repo, web, and recommended across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Adds CSRF protection for mutation endpoints in the web UI. Adds CSRF protection for mutation endpoints in the web UI. Source: llm_adapter@2026-05-23 Confidence: high	—
Feature	Medium	Enhances Claude context with @path imports and permission settings for multi‑repo workloads. Enhances Claude context with @path imports and permission settings for multi‑repo workloads. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix
Bugfix	Medium	Pre‑accepts Claude trust and emits a parent CLAUDE.md file. Pre‑accepts Claude trust and emits a parent CLAUDE.md file. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix	Medium	Prevents hidden terminal tab from shrinking the tmux window. Prevents hidden terminal tab from shrinking the tmux window. Source: llm_adapter@2026-05-23 Confidence: low	—
Bugfix	Medium	Implements structural telegram‑leak defenses for conductor child sessions. Implements structural telegram‑leak defenses for conductor child sessions. Source: llm_adapter@2026-05-23 Confidence: low	—

Full changelog

Agent Deck v1.9.31

Terminal session manager for AI coding agents.

Installation

Homebrew (recommended):

brew install asheshgoplani/tap/agent-deck

Quick Install:

curl -fsSL https://raw.githubusercontent.com/asheshgoplani/agent-deck/main/install.sh | bash

Go Install:

go install github.com/asheshgoplani/agent-deck/cmd/[email protected]

Changelog

2c63e45c658f1dff31c1a94273ddb42f1e71e318 chore(release): v1.9.31 — structural telegram-leak fix (#1164) + spawnia multi-repo/CSRF/terminal fixes
cafe9ae7a9170134c80e7c760b373617adbc8bba feat(multi-repo): enhance Claude context with @path imports and permission settings (#1156)
8b424e55d9672bd0f00f064ed5433ba7d3055dd5 fix(multi-repo): pre-accept Claude trust and emit parent CLAUDE.md (closes #1149) (#1155)
bfb7dc78806a2d4d02235782a8c38ae8a8460697 fix(session): structural telegram-leak defenses for conductor children (#1163) (#1164)
a0fb454e7d1ef65430facb5fddab4c4c6708ff9e fix(web): add CSRF protection for mutation endpoints (#1158)
d87b0dd04f564b3d8539c8635aeff8611d28d5e6 fix(web): prevent hidden terminal tab from shrinking tmux window (#1157)

Full Changelog: https://github.com/asheshgoplani/agent-deck/compare/v1.9.30...v1.9.31

Security Fixes

Adds CSRF protection for mutation endpoints in the web interface (fix(web): add CSRF protection for mutation endpoints)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track agent-deck

Get notified when new releases ship.

About agent-deck

Terminal session manager for AI coding agents. One TUI for Claude, Gemini, OpenCode, Codex, and more.

All releases →