This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+11 more
Affected surfaces
ReleasePort's take
Moderate signalMureo v0.9.5 introduces a web extensions API enabling plugins to register tabs and routes in the configure wizard. The feature includes built-in security controls (CSP, HTML validation, path traversal prevention) and maintains full backward compatibility.
Why it matters: Plugin developers can now extend the UI; security controls mitigate web attack vectors. Install as routine upgrade with zero breaking changes vs v0.9.4.
Summary
AI summaryAdded extensible web extensions API for registering tabs and routes in the mureo configure wizard.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Catches handler exceptions, returns generic 500 error; logs details server‑side only. Catches handler exceptions, returns generic 500 error; logs details server‑side only. Source: granite4.1:30b@2026-05-21-audit Confidence: low |
— |
| Security | Medium |
Static asset bodies in-memory; dispatcher never reads disk, filesystem traversal impossible. Static asset bodies in-memory; dispatcher never reads disk, filesystem traversal impossible. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Applies CSP (script-src/style-src 'self') and inherited CSRF protection to handlers. Applies CSP (script-src/style-src 'self') and inherited CSRF protection to handlers. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Handler exceptions surfaced as generic 500; details logged server-side, not exposed client. Handler exceptions surfaced as generic 500; details logged server-side, not exposed client. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Security | Medium |
Regex-validates subpaths and filenames preventing path traversal via .., //, ?, #. Regex-validates subpaths and filenames preventing path traversal via .., //, ?, #. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Security | Medium |
Rejects html_fragment if containing <script>, <style>, event handlers, javascript: URLs. Rejects html_fragment if containing <script>, <style>, event handlers, javascript: URLs. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Adds entry-point group mureo.web_extensions for plugin-registered tabs and routes. Adds entry-point group mureo.web_extensions for plugin-registered tabs and routes. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Introduces WebExtension Protocol and RouteContribution, ViewContribution, StaticAsset dataclasses. Introduces WebExtension Protocol and RouteContribution, ViewContribution, StaticAsset dataclasses. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Adds HTTP endpoints: GET /api/extensions, GET/POST /api/ext/<name>/<subpath>, GET /static/ext/<name>/<filename>. Adds HTTP endpoints: GET /api/extensions, GET/POST /api/ext/<name>/<subpath>, GET /static/ext/<name>/<filename>. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Adds plugin-authoring guide documenting web-extensions contract and security model. Adds plugin-authoring guide documenting web-extensions contract and security model. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
When no extensions installed, configure UI byte-identical to v0.9.4, zero breaking changes. When no extensions installed, configure UI byte-identical to v0.9.4, zero breaking changes. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Performance | Medium |
Front-end lazy-loads extension tabs, zero page-weight cost for unvisited tabs. Front-end lazy-loads extension tabs, zero page-weight cost for unvisited tabs. Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Added — Web extensions: third-party tabs and API routes for mureo configure (#127)
A new entry-point group mureo.web_extensions lets a plugin register additional tabs and API routes inside the mureo configure wizard without each surface having to know about the plugin. The mechanism mirrors the existing mureo.providers / mureo.runtime_context_factory entry-point patterns: discovery iterates the group exactly once at startup, isolates per-plugin faults (WebExtensionWarning), and exposes survivors as frozen WebExtensionEntry records consumed by mureo.web.handlers.
mureo.web.extensions— public surface:WebExtensionProtocol (name,display_name,routes(),view()), frozen dataclassesRouteContribution(method, subpath, handler),ViewContribution(html_fragment, scripts, styles),StaticAsset(filename, content_type, body), plusdiscover_web_extensions()/reset_web_extensions()and the regex constants (NAME_PATTERN,SUBPATH_PATTERN,FILENAME_PATTERN) shared with the dispatch layer.- HTTP surface in
mureo.web.handlers:GET /api/extensions— index for the front-end renderer (one entry per extension;viewisnullfor headless / route-only plugins).GET /api/ext/<name>/<subpath>— extension GET route; payload is the flattened query string (first-value-wins).POST /api/ext/<name>/<subpath>— extension POST route, gated by the existing Host + body-cap + CSRF pipeline (the plugin author inherits CSRF protection for free).GET /static/ext/<name>/<filename>— extension-shipped static asset served from in-memory bytes with the same Content-Security-Policy + X-Frame-Options + Cache-Control header stack as the bundled static files.
- Front-end (
mureo/_data/web/extensions.js): the configure UI fetches/api/extensionsonce when the dashboard opens, renders one nav tab per extension, and lazy-loads each extension'shtml_fragment/ scripts / styles on first tab activation. Operators who never visit a given tab pay zero added page weight. - Plugin author guide:
docs/plugin-authoring.md§13 documents the contract end-to-end (entry-point setup, sampleWebExtension, URL surface, CSP / CSRF / fault-isolation model, lazy-load behaviour, debugging recipe). - Security: subpaths and filenames are regex-validated at both registration and dispatch so
.., double-slash, trailing slash,?,#, and directory separators cannot smuggle the dispatcher outside/api/ext/<name>/or/static/ext/<name>/. Static asset bodies stay in memory; the dispatcher never reads from disk so filesystem traversal is impossible by construction.html_fragmentis rejected at registration if it contains<script>,<style>,on*=event handlers, orjavascript:URLs — the CSP (script-src 'self'; style-src 'self') is the runtime enforcement, the regex is the explicit author-feedback signal. Handler exceptions are caught by the dispatcher and surfaced as a generic{"error": "extension_handler_error"}500 envelope; exception details are logged server-side only (they may carry secrets the handler touched).
Backward compatibility: when no third-party mureo.web_extensions entry points are installed, discover_web_extensions() returns an empty tuple, /api/extensions returns [], the renderer creates zero DOM nodes, and the configure UI is byte-identical to v0.9.4.
Install
pip install --upgrade mureo
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About logly/mureo
Framework for AI agents (Claude Code, Cursor, Codex, Gemini) to operate Google Ads, Meta Ads, and Search Console. Grounded in a local STRATEGY.md — not metric-chasing. Defense-in-depth security, local-first. Apache 2.0.
Related context
Related tools
Beta — feedback welcome: [email protected]