Hollow

v1.3.2 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Token‑bucket rate limiting per agent/resource and a circuit breaker for high anomaly z‑scores are introduced, fixing audit baseline persistence after restarts.

Full changelog

What's in this release

Token-bucket rate limiting per agent per resource, a circuit breaker that fires on anomaly detection, and a bug fix in the audit kernel that prevented anomaly checks from running across server restarts.

New primitive: `agents/ratelimit.py`

TokenBucket — thread-safe token bucket with monotonic refill.

RateLimiter — per-agent, per-resource rate limiting with role defaults:

| Role | tokens/min | shell/min | task submits/min |
|---|---|---|---|
| root | unlimited | unlimited | unlimited |
| orchestrator | 100k | 300 | 60 |
| worker | 20k | 60 | 10 |
| coder | 50k | 120 | 20 |
| reasoner | 50k | 10 | 5 |
| custom | 5k | 10 | 5 |

Per-agent and per-role overrides. Invalidates buckets on reconfigure.

Circuit breaker: when anomaly z-score exceeds 5.0 (vs. 3.0 for a regular alert):

Agent suspended in registry
Rate limits reduced to 10% for 5 minutes
security.circuit_break event emitted
Root inbox receives decision_type: circuit_break_review message with options ["restore", "terminate"]

Bug fix: audit baseline persistence

After a server restart, baselines loaded from disk were missing internal tracking fields (_count, _samples). The _update_baseline call would crash silently (caught by the audit wrapper), which prevented all anomaly checks from ever running post-restart. Fixed in _load_baselines and _update_baseline.

API changes

GET /agents/{id}/rate-limits — bucket depth, capacity, refill rate, time until full, circuit_broken flag.

POST /agents/{id}/rate-limits — configure limits for agent or role (admin only).

/shell, /ollama/chat, /tasks/submit — all check rate limits, return 429 with Retry-After header when exceeded.

New MCP tools

rate_limit_status — per-agent rate limit state across all resources.

rate_limit_configure — override limits for a specific agent or role (root only).

Tests

6 new integration tests in tests/integration/test_ratelimit.py, all passing:

Burst rejection — 10-token bucket, 12 calls, last 2 return 429 + Retry-After
Refill over time — drain, wait 3s, bucket grows ≥ 20 tokens
Circuit breaker — 55 ops, z_score >> 5.0, agent suspended, circuit_broken=true, inbox message
Backpressure — 10 concurrent workers, no crashes, no 500s
Retry-After correctness — wait advertised time, next call succeeds
Role inheritance — role limit applies to new agents; per-agent override isolated

Built on

Audit Kernel (v1.1.0): anomaly detection triggers circuit break
Event Kernel (v0.7.0): security.circuit_break event propagated to subscribers
Agent Registry (v0.7.0): suspend() wired into circuit break path

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Hollow

Get notified when new releases ship.

About Hollow

All releases →

Related context

Related tools

Earlier breaking changes

v5.7.32 Web dashboard removed; operator panel is canonical UI