chernistry/bernstein

v1.5.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider

+14 more

anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Summary

AI summary

WebSocket live updates and API versioning header added.

Full changelog

Highlights

Spawn error classification — The spawner now categorizes failures (rate limit, missing adapter, permission denied, resource exhausted) and uses the category to decide retry strategy: fail-fast for permanent errors, fallback for transient ones. (#594)

EU AI Act compliance engine — New compliance module with risk classification, conformity assessment templates, and evidence export for regulated environments.

WebSocket frontend + API versioning — Live WebSocket updates for dashboards, plus X-Bernstein-API-Version header for forward-compatible API evolution. (#593)

TUI improvements — New MERGING/IDLE agent states with animated spinners, cost sparkline widget, accessibility mode, graceful fallback for terminals without Textual support, configurable keybindings. (#584, #588)

Features

Agent context inheritance + OS-level resource limits (cgroups/rlimit) for sandboxed agents
Consensus verifier: N-model majority vote for high-stakes changes
Semantic diff analysis for detecting behavioral changes beyond textual diffs
Prompt size pre-check with automatic model fallback chain (#589)
Per-endpoint rate limiting + SSE disconnect detection
Sigstore attestation wired into task completion
Output fingerprinting module for reproducibility tracking
Adapter health monitoring + output normalization
Zero-trust agent JWT scope enforcement + automated SBOM generation
Cluster JWT auth and tenant isolation (#585)
Batch size tuning and idle backoff multiplier (#592)

Docs & Guides

Migration guides: CrewAI → Bernstein, LangGraph → Bernstein
Adapter selection matrix + Redoc API reference (#590)
Security hardening guide and interactive quickstart tutorial
Performance tuning and deployment guides
Architecture Decision Records (ADR-004 through ADR-008)

Fixes

Missing super().__init__() in 5 adapter subclasses causing AttributeError on spawn
SonarCloud quality gate: resolved all bugs, vulnerabilities, and CodeQL alerts
Rate-limit errors now classified as RETRY_FALLBACK instead of hard failure
Guard missing SeedConfig attrs (model_fallback, agent_resource_limits)
TUI crash fix (BigStats.alive → agents)
Spell checker: allow "ehr" (Electronic Health Record) in HIPAA module

CI/Infra

GitHub App token for auto-release bot identity (proper avatar)
JUnit test result upload in CI
Pentest workflow shell redirect grouping

Full changelog: https://github.com/chernistry/bernstein/compare/v1.5.3...v1.5.4

Security Fixes

SonarCloud quality gate resolved all bugs, vulnerabilities, and CodeQL alerts.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →