Skip to content

knewstimek/agent-tool

v0.7.7 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-coding automation claude-code cli codex cross-platform
+13 more
cursor developer-tools dns encoding file-tools go mcp mcp-server mysql redis sftp ssh tls

Summary

AI summary

New call_graph operation, integer overflow fixes in xref and call_graph analysis, and panic recovery for all tool handlers.

Full changelog

Quick Start

  1. Download the binary for your OS below
  2. Run agent-tool install (or agent-tool install claude)
  3. Restart your IDE
  4. Done -- all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download -> install -> restart flow automatically.

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode:

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New

New: call_graph operation (analyze tool)

Static call graph analysis from a root function address. BFS traversal through .pdata function boundaries with E8 direct CALL and FF 15 indirect CALL (IAT) scanning.

  • Root function discovery: Finds the function containing the given VA via .pdata
  • BFS expansion: Follows direct CALLs into callee functions with depth/node limits
  • IAT import display: Shows external DLL function names (e.g., [IAT] kernel32.dll!CreateFileW)
  • Dual protection: max_depth (default 3) + max_nodes (default 50) prevent runaway analysis
  • Parameters: va (root address), max_depth, max_nodes

Fix: integer overflow in xref scanning

Fixed 8 sites in xref.go where int32(instrRVA) could overflow for addresses >= 0x80000000. Now uses int64 for all RVA arithmetic, consistent with the call_graph implementation.

Fix: integer overflow in call_graph arithmetic

Fixed uint32 wrap-around in section end calculation (sec.rva + len(data)) and .pdata table parsing. All RVA arithmetic now uses uint64/int64 to prevent silent corruption on large binaries.

New: panic recovery for all tool handlers

Added common.SafeAddTool wrapper with defer recover() around every tool handler. The Go MCP SDK (go-sdk) does not recover panics in handler goroutines -- an unrecovered panic crashes the entire server process. Now panics are caught, logged to stderr (with full stack trace), and returned as an isError: true result to the client. The panic value is not exposed to the client to prevent sensitive information leakage.

Improved: copy tool description

Added Windows locked file hint -- agents now know to use overwrite=true when updating running binaries (auto-renames locked file aside before replacing).

Full Changelog: https://github.com/knewstimek/agent-tool/compare/v0.7.6...v0.7.7

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track knewstimek/agent-tool

Get notified when new releases ship.

Sign up free

About knewstimek/agent-tool

Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.

All releases →

Related context

Beta — feedback welcome: [email protected]