Skip to content

knewstimek/agent-tool

v0.7.12 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

ai-coding automation claude-code cli codex cross-platform
+13 more
cursor developer-tools dns encoding file-tools go mcp mcp-server mysql redis sftp ssh tls

Summary

AI summary

Added TCP-based IPC with DoS protection and console window typing support.

Full changelog

Quick Start

  1. Download the binary for your OS below
  2. Run agent-tool install (or agent-tool install claude)
  3. Restart your IDE
  4. Done - all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download -> install -> restart flow automatically.

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode:

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New in v0.7.12

IPC - Inter-Process Communication

  • TCP-based 1:1 message passing between AI agent sessions
  • Works across machines (same PC via localhost, different PCs via IP)
  • Protocol: [2-byte type][4-byte length][payload] - PING/PONG/MESSAGE
  • Blocking receive with timeout - no tokens consumed while waiting
  • Session pooling with idle timeout and background sweeper
  • Operations: send, receive, ping

wintool type - Console Window Support

  • Auto-detects ConsoleWindowClass and uses WriteConsoleInput
  • Types text directly into cmd.exe, PowerShell, and other console windows
  • Works even when the console is minimized or in the background
  • Combined with send(WM_KEYDOWN, VK_RETURN), can inject commands into terminals and IDEs (including Electron/VSCode)

Security

  • IPC: PING flood DoS protection (max 100 non-message packets)
  • IPC: Context cancellation support for all operations
  • IPC: Default bind 127.0.0.1 (local-only, opt-in for remote)
  • Console type: mutex for process-global console safety
  • Console type: console state restore after AttachConsole/FreeConsole

Security Fixes

  • IPC includes PING flood DoS protection (max 100 non‑message packets)
  • Console typing uses a mutex for process‑global safety and restores console state after use
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track knewstimek/agent-tool

Get notified when new releases ship.

Sign up free

About knewstimek/agent-tool

Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.

All releases →

Related context

Beta — feedback welcome: [email protected]