byterover-cli

v3.16.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 9d AI Coding Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent ai autonomous-agents cli coding-assistant context-memory

+7 more

developer-tools knowledge-management llm mcp memory typescript vibe-coding

ReleasePort's take

Light signal

editorial:auto 9d

Version v3.16.0 introduces --cancel for task termination and an opt‑out flag to disable automatic update prompts.

Why it matters: The new --cancel CLI option enables immediate cessation of running tasks, while the update.checkForUpdates setting lets teams suppress update notifications—a direct operational control for developers and SREs managing workflows.

Summary

AI summary

Added task cancellation from anywhere and an opt‑out switch for update prompts; fixed custom model setup errors on OpenAI‑compatible providers.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Patches npm dependencies to clear several npm audit advisories. Patches npm dependencies to clear several npm audit advisories. Source: llm_adapter@2026-05-25 Confidence: low	—
Feature
Feature	Medium	Adds update.checkForUpdates setting to opt out of automatic update prompts. Adds update.checkForUpdates setting to opt out of automatic update prompts. Source: llm_adapter@2026-05-25 Confidence: low	—
Feature	Medium	Adds --cancel <taskId> to curate, query, and dream commands for task cancellation. Adds --cancel <taskId> to curate, query, and dream commands for task cancellation. Source: llm_adapter@2026-05-25 Confidence: low	—
Feature	Medium	Introduces `update.checkForUpdates` configuration setting to disable automatic update prompts. Introduces `update.checkForUpdates` configuration setting to disable automatic update prompts. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Feature	Low	Allows cancelling foreground tasks with first Ctrl+C (graceful) and second Ctrl+C (hard exit). Allows cancelling foreground tasks with first Ctrl+C (graceful) and second Ctrl+C (hard exit). Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Feature	Low	Enables task cancellation in REPL using Ctrl+Q shortcut. Enables task cancellation in REPL using Ctrl+Q shortcut. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Feature	Low	Adds Cancel button on task list rows and task detail header in `brv webui`. Adds Cancel button on task list rows and task detail header in `brv webui`. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Feature	Low	Provides WebUI toggle for the `update.checkForUpdates` setting in the Updates panel. Provides WebUI toggle for the `update.checkForUpdates` setting in the Updates panel. Source: granite4.1:30b@2026-05-25-audit Confidence: low	—
Bugfix	Medium	Fixes setup error that blocked custom models on OpenAI‑compatible providers. Fixes setup error that blocked custom models on OpenAI‑compatible providers. Source: llm_adapter@2026-05-25 Confidence: high	—

Full changelog

ByteRover CLI 3.16.0 lets you cancel long-running tasks from anywhere and gives you a switch to turn off update prompts. It also fixes a setup error that blocked custom models on several third-party AI providers, and refreshes dependencies to clear security advisories. Safe to upgrade, with no behavior change unless you opt in.

What's Changed

✨ Added

Cancel a running task from anywhere. brv curate, brv query, and brv dream now accept --cancel <taskId>, so you can stop a task that was started from another terminal or detached to the background. In the foreground, the first Ctrl+C asks the task to stop cleanly; a second Ctrl+C hard-exits with code 130. In the REPL, Ctrl+Q cancels the active curate or query task, and a footer hint shows when it is armed. brv webui also adds a Cancel button on task list rows and on the task detail header. No more killing the daemon to stop a runaway run. By @bao-byterover in #680, with the WebUI cancel button by @ncnthien in #693 and the REPL Ctrl+Q footer by @cuongdo-byterover in #697.
Opt out of update checks. New setting update.checkForUpdates (boolean, defaults to true). Run brv settings set update.checkForUpdates false to silence the y/n update prompt at startup and stop the background auto-update from kicking in. Manual brv update still works whenever you want to upgrade on your own schedule. By @bao-byterover in #696, with the matching WebUI toggle in the Updates panel by @ncnthien in #695.

🐛 Fixed

Custom models on OpenAI-compatible providers. Connecting DeepSeek, GLM, Moonshot, Cerebras, Cohere, DeepInfra, Together AI, MiniMax, Perplexity, or any other OpenAI-compatible endpoint with a non-default --model used to fail with a confusing "Model X is not supported for provider 'gemini'" error. The registry now routes every OpenAI-compatible provider through the right model list, so any model your endpoint exposes is accepted. By @cuongdo-byterover in #701
Security dependency update. Patched npm dependencies to clear several npm audit advisories. No user action required. By @bao-byterover in #702

🚀 Upgrade & Install

Fresh install (macOS / Linux):

curl -fsSL https://byterover.dev/install.sh | sh

Existing users: re-run the installer above to upgrade in place, then run brv restart so the daemon picks up the new version.

✅ No Breaking Changes

All changes are backward compatible. update.checkForUpdates defaults to true, so your update behavior is unchanged unless you explicitly opt out. Cancel is opt-in too: nothing cancels until you press Ctrl+C, press Ctrl+Q in the REPL, click Cancel in brv webui, or pass --cancel <taskId>. Existing context trees, provider connections, settings, and connected agents continue to work with no migration.

🙏 Contributors

Thanks to @bao-byterover, @ncnthien, and @cuongdo-byterover for shipping this release.

Full Changelog: https://github.com/campfirein/byterover-cli/compare/v3.15.1...v3.16.0

Security Fixes

Patched npm dependencies to resolve multiple `npm audit` security advisories.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track byterover-cli

Get notified when new releases ship.

About byterover-cli

ByteRover CLI (brv) - The portable memory layer for autonomous coding agents (formerly Cipher)

All releases →