This release includes 1 security fix for security teams reviewing exposed deployments.
Published 1mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
agent-orchestration
agentic-ai
ai-agents
ai-automation
autonomous-agents
claude
+14 more
crewai-alternative
langgraph-alternative
laravel
livewire
llm-workflow
mcp-server
model-context-protocol
multi-agent
n8n-alternative
ollama
openai
php
self-hosted
workflow-automation
Affected surfaces
auth
breaking_upgrade
Summary
AI summaryPublic widget endpoint adds team‑key authentication without CORS setup.
Full changelog
What's changed
- chore: release v1.20.0 — public widget endpoint + changelog (34c078a)
- feat: public widget endpoint with team key auth — no CORS per-domain setup required (e3726d1)
- fix: replace raw Tailwind v3 inputs with standard form components on bug report pages (24f5396)
- feat: bug report signal system v1.19.0 (836dbee)
- fix: invalidate web sessions immediately on team member removal (0ed9a34)
- fix: security hardening for enterprise governance features (81715ee)
- feat: enterprise governance — model allowlist, member cleanup, session TTL, per-user cost, personal agents (4971338)
- fix: cap crew blackboard at 1000 entries per execution (security) (b97b200)
- feat: crew blackboard + mesh_llm provider (mesh-llm inspired) (a362519)
- feat: add CONTEXT_COMPACTION_ANTHROPIC_API_KEY for platform-level compaction (f39597f)
- feat: add crew_execution_pause/resume tools + extend crew_update with coordinator/QA/process_type (0a6e25b)
- fix: guard jsonb_set against array-typed metadata in ConversationCompactor (182ab72)
- fix: use --system-prompt-file to avoid ARG_MAX with large tool lists (f003a8e)
- fix: remove ->minimum()->maximum() calls on IntegerType in SupabaseProvisionMemoryTool (2be2a3f)
- fix: make bridgedMcpTools protected so CloudAssistantToolRegistry can call it (cbc871a)
- feat: annotate 230 MCP tools with #[AssistantTool] for assistant registry (db30165)
- feat: expose crew_update, crew_execution_status, crew_executions_list to assistant (3c6f850)
- feat: Approach 2 — MCP→Assistant bridge via #[AssistantTool] attribute (f8e0f7b)
- feat(mcp): add crew_delete tool (9d629df)
- feat(mcp): add 25 missing MCP tools across 11 domains (9ba824c)
- feat(git): implement SandboxGitClient + HtmlSanitizer label[for] fix (8c42da4)
- fix(assistant): prevent empty reply when model stops after tool calls (c1f65af)
- fix(memory): address QA issues in topic namespace feature (c6482f2)
- feat: memory topic namespace pre-filter + hall taxonomy + auto-save (3351791)
- fix(browser-use-cloud): recognise v2 'finished' terminal status (2d9a0c3)
- fix(tools): 500 on detail page + add browser_use_cloud tool kind (62f99c9)
- fix(assistant): claude-code-vps artifact parsing + progressive streaming (c015fff)
- fix(assistant): enable tool loop for claude-code-vps (bb33618)
- fix(claude-code-vps): add --verbose to claude CLI flags (43ecca6)
- fix(claude-code-vps): set IS_SANDBOX=1 so the CLI runs in root container (4c9cc91)
- fix(ai-gateway): widen FallbackAiGateway localGateway type to interface (004c536)
- fix(ai-gateway): keep LocalAgentGateway reachable for VPS Claude Code (1560d47)
- fix(assistant): preserve claude-code-vps provider in relay-mode rewrite (14c6263)
- feat(assistant): enable UI artifacts by default for all teams (dd1716e)
- feat(assistant): pop-out modal + Show all N + mobile force-collapse (Gap 2 phase 8c) (4de1568)
- feat(assistant): harden artifact click handlers — role gating + rate limit + audit (Gap 2 phase 8b) (5954127)
- test(assistant): security corpus + fuzz for UI artifacts (Gap 2 phase 8a) (3508d40)
- feat(assistant): click handlers for interactive artifacts (Gap 2 phase 6) (68cb400)
- feat(assistant): wire UI artifacts into SendAssistantMessageAction + panel (Gap 2 phase 5b) (1f22b6a)
- feat(assistant): 9 Blade renderers for UI artifacts (Gap 2 phase 4) (e9c7d67)
- feat(assistant): parser + persister for UI artifacts (Gap 2 phase 5a) (e64b21f)
- feat(assistant): feature flag for UI artifacts (Gap 2 phase 3) (2462663)
- feat(assistant): 9 artifact Value Objects + sanitizers (Gap 2 phase 2) (dfb493f)
- feat(assistant): data model for UI artifacts (Gap 2 phase 1) (e1835b9)
- feat(agent): LLM-generated clarification forms (Gap 1 ephemeral UI) (3d5ff93)
- fix(ai): decouple VPS Claude Code from global local_agents.enabled flag (30408c1)
- chore: land pending assistant + website builder accumulated changes (613337d)
- feat(seo): default og:image to /og-image.png with absolute URL resolution (90d65c6)
- feat(docker): install claude binary for VPS provider (545df91)
- feat(ai): super-admin-gated Claude Code on VPS (ce17aee)
- fix(queue): use atomic redis SET NX for per-agent serial execution (393bbe5)
- docs: major docs refresh — add Website Builder, Evaluation, Voice Agents pages (c770dc0)
- docs(mcp): correct tool counts and endpoint architecture (467315c)
- docs(mcp): add Troubleshooting section to docs/mcp-server (0c046c1)
- fix(mcp): remove duplicate SearxngSearchTool registration (44b9bc7)
- feat(mcp): annotate all 454 tools with readOnlyHint / destructiveHint (77c9884)
- docs(changelog): add v1.18.0 entry — website builder feature complete (7417bad)
Upgrade
git fetch --tags origin
git checkout tags/v1.20.0
composer install --no-dev --optimize-autoloader
php artisan migrate --force
php artisan optimize
Docker users: Pull the latest image and restart your containers.
Security Fixes
- Cap crew blackboard at 1000 entries per execution (security mitigation)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About escapeboy/agent-fleet-o
AI Agent Mission Control with 200+ MCP tools. Manage agents, experiments, workflows, crews, skills, and more via stdio + HTTP/SSE. Self-hosted, open-source (AGPL-3.0)
Related context
Related tools
Beta — feedback welcome: [email protected]