This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Affected surfaces
ReleasePort's take
Light signalVersion 2.7.0 adds a versioned schema to SKILL.md manifests and introduces deterministic skill‑authoring CLI commands.
Why it matters: The new versioned schema provides clear contract enforcement for manifest parsing, while deterministic `skills init`, `test`, `diff`, and `bench` commands guarantee repeatable build and test outcomes across environments.
Summary
AI summaryStricter release gates, complete Sonar cleanup, deterministic skill authoring tools, and opt‑in telemetry sharing are introduced.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Hardens plugin zip extraction to prevent arbitrary code execution. Hardens plugin zip extraction to prevent arbitrary code execution. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Security | Medium |
Enforces release attestation checks binding verification to on‑disk bytes. Enforces release attestation checks binding verification to on‑disk bytes. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Security | Medium |
Tightens fail‑closed paths: trusted action code for PR review, narrower write boundary for issue decomposition, and enhanced lineage/audit checks. Tightens fail‑closed paths: trusted action code for PR review, narrower write boundary for issue decomposition, and enhanced lineage/audit checks. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Feature | Medium |
Adds versioned schema to SKILL.md manifests. Adds versioned schema to SKILL.md manifests. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Feature | Medium |
Introduces deterministic `skills init`, `test`, `diff`, and `bench` CLI commands. Introduces deterministic `skills init`, `test`, `diff`, and `bench` CLI commands. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Feature | Medium |
Enables strict linting that can block skill installs at runtime. Enables strict linting that can block skill installs at runtime. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Feature | Medium |
Adds opt‑in maintainer‑share telemetry path, off by default and requiring explicit consent. Adds opt‑in maintainer‑share telemetry path, off by default and requiring explicit consent. Source: llm_adapter@2026-05-24 Confidence: low |
— |
| Bugfix | Medium |
Runs real release tests, checks protocol compatibility, and reconciles PyPI/GitHub asset drift in publish workflow. Runs real release tests, checks protocol compatibility, and reconciles PyPI/GitHub asset drift in publish workflow. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Bugfix | Medium |
Reports coverage from full CI shard set, reducing partial artifact gaps. Reports coverage from full CI shard set, reducing partial artifact gaps. Source: llm_adapter@2026-05-24 Confidence: low |
— |
| Bugfix | Medium |
Reduces open Sonar findings to zero and reviews remaining hotspots via dedicated workflow. Reduces open Sonar findings to zero and reviews remaining hotspots via dedicated workflow. Source: llm_adapter@2026-05-24 Confidence: low |
— |
Full changelog
v2.7.0
Released 2026-05-24.
This release focuses on making Bernstein's automation easier to verify: stricter release gates, a complete Sonar cleanup, deterministic skill authoring tools, and an opt-in maintainer-share telemetry path that stays off by default.
Highlights
- Skills are closer to end-to-end.
SKILL.mdmanifests now carry a versioned schema, and the CLI has deterministicskills init,skills test,skills diff, andskills benchcommands. Strict linting can block installs, and sandbox/sanitizer checks protect install-time execution. - Skill routing and local outcome reporting are more useful. Bernstein can build reproducible local helpfulness reports from the activation log, and deterministic routing tools make skill selection easier to inspect without model calls.
- Opt-in telemetry sharing is wired through a real maintainer-share sink. It is still off by default, requires explicit consent plus
BERNSTEIN_TELEMETRY_SHARE_ENDPOINT, uses the same redacted event schema, and signs shared receipts for offline verification. - Release and CI gates are harder to get wrong. The publish workflow now runs real release tests, checks protocol compatibility, asserts GitHub Release assets, reconciles PyPI/GitHub drift, and ties main-branch eligibility to an explicit SHA marker.
- Sonar is green. Coverage is reported from the CI shard set instead of one partial artifact, the tracker is down to zero open findings, and remaining hotspots were reviewed through a dedicated workflow.
- Several fail-closed paths were tightened. PR review uses trusted action code, issue decomposition has a narrower write boundary, plugin zip extraction is hardened, release attestation is enforced, and lineage/audit checks bind more verification to bytes on disk.
Install
pipx install --upgrade bernstein
Python packages and GitHub Release assets are published for 2.7.0.
The npm wrapper is a convenience distribution path and may lag the Python release while registry permissions are repaired.
Full changelog: https://github.com/sipyourdrink-ltd/bernstein/compare/v2.6.0...v2.7.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About chernistry/bernstein
Deterministic multi-agent orchestrator for 18 CLI coding agents (Claude Code, Codex, Cursor, Aider, Gemini CLI, OpenAI Agents SDK, and more). MCP server mode (stdio + HTTP/SSE) exposes the orchestrator to any MCP client. Git worktree isolation per agent, HMAC-chained audit trail, cost-aware model routing via contextual bandit. ~11K monthly PyPI downloads, Apache 2.0.
Related context
Related tools
Beta — feedback welcome: [email protected]