Skip to content

chernistry/bernstein

v1.8.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-framework agent-orchestrator agentic-ai ai-agents ai-coding aider
+14 more
anthropic claude-code cli-tool codex-cli coding-agent deterministic-scheduler hmac-audit llm mcp-server model-context-protocol multi-agent parallel-worktrees python swe-bench

Affected surfaces

rce_ssrf

Summary

AI summary

Prompt caching, structured memory layer, and OpenTelemetry semantic conventions for agent spans were introduced.

Full changelog

v1.8.0

Eight feature drops focused on memory, observability, and safety.

Features

  • Prompt caching for system prompts and role templates. Repeated role-prompt runs now read from the Anthropic prompt cache, cutting input-token cost on warm paths.
  • Structured memory layer. Episodic (per-session event trace) and semantic (long-lived facts) stores, queryable from any adapter.
  • Shared memory with actor-aware tagging. Cross-agent writes are tagged with the writing agent so reads can filter/scope without manual bookkeeping.
  • Pluggable guardrail pipeline. Policy checks run as ordered pluggy hooks, so custom guardrails drop in without forking the orchestrator.
  • Agent-specific operational metrics. Per-adapter dashboards for latency, error rate, and tool-use distribution.
  • Compound error rate tracking. Separates "agent errored" from "tool errored within agent" so retries target the right layer.
  • Structured SSE event types. TUI/web stream consumers get typed events instead of a JSON grab-bag.
  • OpenTelemetry semantic conventions for agent spans. Spans now match the OTel GenAI conventions — plug into existing APM without custom parsing.
  • Claude Code Routines integration for scripted agent sessions.

Fixes

  • Strengthened path-traversal mitigation in the changelog command (Sonar S2083, BLOCKER).
  • Resolved 40+ SonarCloud issues across the codebase.
  • .sdd/ state directory is no longer tracked in git.
  • Dropped unused imports flagged by ruff.

Dependencies

  • Bumped python-multipart in the uv group.

Full changelog: https://github.com/chernistry/bernstein/compare/v1.7.4...v1.8.0

Security Fixes

  • Strengthened path‑traversal mitigation in the changelog command (Sonar S2083, BLOCKER)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track chernistry/bernstein

Get notified when new releases ship.

Sign up free

About chernistry/bernstein

Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.

All releases →

Related context

Beta — feedback welcome: [email protected]