chernistry/bernstein

v1.8.6

Security hardening and reliability — the largest patch in the 1.8.x line.

Security

• OAuth: PKCE state parameter is validated on callback.
• SAML: assertion signature is verified.
• Webhooks: every POST requires a valid HMAC; stack traces stripped from hook error responses.
• MCP server: auth required by default; bound to localhost out of the box.
• Licensing: empty signing keys are rejected at load time.
• Agents: real per-agent credential scoping at spawn — an agent can only see the credentials it declared a need for.
• Auth: on by default; unauth bypass paths removed.
• Auto-approve: rules tightened; the always_allow list is read-only to agents.
• Rate limiter: keyed on the real peer IP, not the trusted forwarded header (closes a spoofing gap).
• Audit log: HMAC key is now stored separately from the log files, so reading the log doesn't leak the key.
• PII redaction: dedup key is now (rule, span), not rule alone (duplicate rules on different spans used to clobber each other).
• File hooks: path validation to prevent traversal.
• Telemetry/logs: dropped OTLP endpoint URL from init logs; always_allow tamper logs redact sensitive content.

Reliability

• WAL: uncommitted entries are closed on recovery instead of being replayed into failing tasks.
• Cross-process file locks on .sdd/ so concurrent Bernstein processes don't tear state writes.
• Atomic writes (temp + rename) for state files.
• Task lifecycle: retry counter consolidated to a typed field; exhausted retries now go to the DLQ instead of vanishing; cancel propagates to children; claim_by_id rejects double-claim; stale-task release is flushed to JSONL; batch state transitions go through the FSM.
• Priority queue: stale-task ordering uses a heap — was O(n·log n) per tick, now O(log n).
• Recovery backup: .sdd/runtime/ is now included in the disaster-recovery snapshot.
• Observability file sizes: api_usage.jsonl rotates instead of growing unbounded.

Cost & budgeting

• Removed the unused quota_tracker and cost_hooks modules.
• In-memory usage history is now bounded.
• Budget policy is evaluated on each cost event (previously hooked but not invoked).
• Context-degradation detector wired in — flags when token pressure drops answer quality.
• Routing bandit learns the effort level from rewards, not just the model choice.

Git / worktree

• Incremental merge refuses to overwrite main — the previous behaviour could fast-forward past protected state.
• Uncommitted work is salvaged before a worktree is torn down.
• Unmerged agent branches are preserved through hygiene passes.
• Concurrent merges are enqueued through the merge queue instead of racing.
• Rebase-or-merge fallback aborts cleanly on failure instead of leaving a half-merged tree.

Adapters

• Opus aliases across aider, amp, cody, and goose now resolve to claude-opus-4-7.
• GitHub API usage paginates properly instead of capping at --limit.
• Adapter autodetect uses correct binary names.
• All spawn kwargs are forwarded through the caching wrapper.
• Broken roo_code and tabby adapters removed; cody and continue_dev fixed.

Tokens

• Compactor consolidated to a single source of truth.
• Token estimator consolidated to a single source of truth.

Server

• All routers are now mounted under /api/v1 (several were previously unreachable).
• Uvicorn --reload is disabled in evolve mode to stop the constant-restart death loop.
• Hook-error responses are sanitized before going back to the client.

UX / docs

• README: restored the pluggable-plugin (pluggy) and behavior-anomaly claims; reworked to match current reality; unified adapter count at 17.
• Docs reorganized into topical sub-folders; dead [email protected] swapped for [email protected].
• HTML nav repaired after the reorg; demo GIF recompressed; fake benchmark numbers purged.
• CLI: restored init, status, start, wrap-up names to match the docs.
• Splash banner path fixed after the cli/display/ reorg.

Housekeeping

• Communication layer: orphan discord_bot scaffolding removed.
• scripts/archive/** excluded from lint.
• Hardcoded personal paths removed; marketing drafts moved to a private folder.
• Removed self_healing module (no production importers).

Full changelog: https://github.com/chernistry/bernstein/compare/v1.8.5...v1.8.6