chernistry/bernstein

v1.10.2

A maintenance release that mostly cared about TLS strictness, two new adapters, and closing adversarial gaps in the air-gap path. 43 adapters now, multi-OS CI green on Python 3.12 and 3.13.

Adapters

• JetBrains Junie. First-class adapter for the Junie CLI (junie), BYOK across Anthropic, OpenAI, Google, xAI, OpenRouter, and the Copilot proxy. Bring whichever key the org already has procurement for; Bernstein doesn't care which provider is on the other side.
• AWS Q Developer. Wraps q chat --no-interactive --trust-all-tools so AWS-resident teams can route the same plan through Q for the steps where their security model wants the AWS-trusted lane.
• Devin for Terminal registry fix. The 1.10.1 adapter was importable but not registered in _ADAPTERS, so cli_agent: devin_terminal resolved to nothing. Plugged in and covered by the spawn-surface contract test.

Cluster mTLS under OpenSSL 3.2 strict mode

Python 3.13 ships against OpenSSL 3.2, which is stricter about certificate hygiene than the 3.0/3.1 line most CI matrices were calibrated for. The intra-node TLS path picked up four corrections so it works without disabling any default verification:

• TLS 1.2 floor pinned (no silent downgrade to a 1.0/1.1 negotiation that 3.2 then rejects).
• AKI/SKI extensions added to the test CA chain.
• KeyUsage marked correctly on the test CA so chain validation succeeds with verify_mode=CERT_REQUIRED.
• Explicit cipher allowlist instead of relying on the platform default ordering.

If you run Bernstein clusters and have started moving runners to 3.13, this is the upgrade.

Reliability and hardening

• Memo-cache replay determinism. The persistence-side memo cache had a small concurrency window where two ticks could race the same key and the replay would choose differently. Fixed at the cache-write boundary; replay output is now byte-stable.
• Air-gap distribution hardening. Three sharp edges closed in the wheelhouse / verify path: path traversal in archive extraction, IPv6 host parsing without bracket handling, and a TOCTOU between manifest read and signature check.

Self-autofix CI workflow

A bernstein-autofix.yml workflow that re-runs Bernstein against its own failed CI jobs to draft fixes, gated behind the BERNSTEIN_CI_FIX_ENABLED repo variable so it stays off by default. Useful as a worked example of running Bernstein as a recurring CI participant rather than as a one-shot CLI.

Coverage

Adversarial test coverage added or tightened around: regulatory-class lineage verification, the AST chunker on UTF-8 BOM and tiny budgets, the lethal-trifecta capability matrix, the HMAC-chained audit log, and CLM adapter master-key filtering and mTLS hostname checks. Rolled-up coverage is up across the security-sensitive surfaces, not just the new code.

Full changelog: https://github.com/sipyourdrink-ltd/bernstein/compare/v1.10.1...v1.10.2