Skip to content

byterover-cli

v3.11.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 28d AI Coding Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent ai autonomous-agents cli coding-assistant context-memory
+7 more
developer-tools knowledge-management llm mcp memory typescript vibe-coding

Summary

AI summary

Recall metadata in brv query --format json now includes matchedDocs, tier, durationMs, and topScore.

Full changelog

v3.11.0 adds two new ways to power your agent: DeepSeek (chat and reasoner models) and Z.AI's GLM Coding Plan subscription. It also unblocks Claude Opus 4.7, which started rejecting some calls from earlier brv versions, and tightens up a few rough edges in the provider picker and web UI.

What's Changed

✨ Added

  • Two new LLM providers: DeepSeek and GLM Coding Plan. Pick DeepSeek (deepseek-chat, deepseek-reasoner) or Z.AI's GLM Coding Plan subscription tier in brv providers connect or the web provider picker. The existing glm provider stays for pay-per-token users, so subscription and pay-as-you-go tiers no longer collide. By @ngduyanhece in #604
  • Recall metadata in brv query --format json. The JSON envelope now includes matchedDocs, tier, durationMs, and topScore, so scripts and IDE bridges can show evidence of what an answer was drawn from. By @danhdoan and @RyanNg1403 in #610

🐛 Fixed

  • Reasoning streams correctly for DeepSeek-R1 and Reasoner. Thinking output now shows up live and is carried back into follow-up turns. Previously the second turn of any multi-step query failed with a reasoning_content must be passed back error from DeepSeek. By @ngduyanhece in #604
  • Claude Opus 4.7 no longer fails with a 400 error. Opus 4.7 rejects temperature, top_p, and top_k; the CLI now drops those before sending to Anthropic and OpenRouter (and warns once). Opus 4.6 and other Claude models are unchanged. By @cuongdo-byterover in #612
  • Signing in to the GLM Coding Plan no longer rejects valid keys. API-key validation now tries each known model in turn instead of giving up after the first model-not-found, so a real key is no longer reported as invalid. The "Get your API key" link in both the TUI and the web UI also points straight to the key page. By @ngduyanhece in #604
  • OpenClaude icon shows up in brv webui. The LocalWebUI agent grid used to render OpenClaude as a missing icon; it now uses a monochrome SVG that matches the other connectors. By @cuongdo-byterover in #613
  • Security dependency refresh. Refreshed package-lock.json to clear several npm audit advisories. By @bao-byterover in #614

🚀 Upgrade & Install

Fresh install (macOS / Linux):

curl -fsSL https://byterover.dev/install.sh | sh

Existing users: re-run the installer above to upgrade in place, then run brv restart to reload the daemon.

✅ No Breaking Changes

All changes are backward compatible. Existing context trees, provider configs, and connected agents continue to work without any migration.

🙏 Contributors

Thanks to @ngduyanhece, @danhdoan, @RyanNg1403, @cuongdo-byterover, and @bao-byterover for shipping this release.

Full Changelog: https://github.com/campfirein/byterover-cli/compare/v3.10.3...v3.11.0

Security Fixes

  • Security dependency refresh: updated package-lock.json to clear several npm audit advisories
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track byterover-cli

Get notified when new releases ship.

Sign up free

About byterover-cli

ByteRover CLI (brv) - The portable memory layer for autonomous coding agents (formerly Cipher)

All releases →

Related context

Beta — feedback welcome: [email protected]