knewstimek/agent-tool

v0.8.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs

Topics

ai-coding automation claude-code cli codex cross-platform

+13 more

cursor developer-tools dns encoding file-tools go mcp mcp-server mysql redis sftp ssh tls

Affected surfaces

deps rce_ssrf

Summary

AI summary

Security fixes for traversal and call‑tree handling are included.

Full changelog

Quick Start

Download the binary for your OS below
Run agent-tool install (or agent-tool install claude)
Restart your IDE
Done -- all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode:

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New in v0.8.2

codegraph -- 4 new operations + find fuzzy matching

stats: Project index statistics -- file/class/function/method/call counts with per-language breakdown
importers: Reverse import lookup -- find all files that import/include a given file (e.g. importers(name="player.h"))
unused: Dead code detection -- find functions/methods defined but never called anywhere in the codebase
call_tree: Recursive call hierarchy -- direction="up" traces callers of callers, direction="down" traces callees of callees. Configurable depth (default 3, max 10). Circular references detected, output capped at 500 nodes
find fuzzy matching: Use * glob patterns -- find(name="Get*"), find(name="*Engine*"), find(name="op*"). Exact match preserved when no * in name

codegraph -- .gitignore improvements

** doublestar patterns: Now correctly handles patterns like **/build, src/**/test, **/*.o
Nested .gitignore: Reads .gitignore from all subdirectories, not just project root. Patterns scoped to their directory
Walk filtering: .gitignore loader itself now skips node_modules, venv, vendor etc. during directory traversal

Orphan process cleanup

MCP server processes now monitor their parent process (IDE/CLI). If the parent dies, the server auto-exits within 30 seconds instead of lingering as an orphan consuming memory. Platform-specific: OpenProcess on Windows, kill(0) on Unix.

Security fixes (audit)

opStats: Added langRows.Err() check after iteration
loadGitignore: Skip symlink directories in Walk to prevent traversal outside project root
buildCallTree: Removed visited defer-unset that could cause exponential blowup in DAG structures. Added maxCallTreeNodes=500 output cap
loadGitignore: Added isSkippedDir check in Walk to avoid traversing huge non-source directories

Stats

52 tools, 11 codegraph operations
Binary size: ~52MB (6 language WASM grammars embedded)

Security Fixes

loadGitignore: skip symlink directories to prevent directory traversal outside project root
buildCallTree: removed visited‑defer bug that could cause exponential blowup in DAG structures; added max node cap of 500

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track knewstimek/agent-tool

Get notified when new releases ship.

About knewstimek/agent-tool

Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.

All releases →