openagents

vgo-v0.2.8 scope: go Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 15d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agents ai collaboration llm network

Affected surfaces

auth rce_ssrf

Summary

AI summary

Workspace images now load in agent-emitted HTML and long files scroll to the end.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Content-Security-Policy explicitly locks script-src to none for agent HTML. Content-Security-Policy explicitly locks script-src to none for agent HTML. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Feature
Feature	Medium	Workspace images now load inside agent-emitted HTML via oafile: URL scheme. Workspace images now load inside agent-emitted HTML via oafile: URL scheme. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Feature	Medium	Long HTML files now scroll to the end in the Content sidebar. Long HTML files now scroll to the end in the Content sidebar. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Feature	Medium	Full-screen HTML viewer added with expand button for inline blocks and file viewer. Full-screen HTML viewer added with expand button for inline blocks and file viewer. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—

Full changelog

What's new in 0.2.8

HTML rendering fixes for the macOS + iOS app:

Workspace images now load inside agent-emitted HTML. WKWebView can't attach the workspace token, so <img src=".../v1/files/<id>..."> was failing with 401. A private oafile: URL scheme handler now fetches via the authorized request path; src attributes referencing /v1/files/<id> are rewritten transparently before the document loads.
Long HTML files now scroll to the end in the Content sidebar. The previous wrapper clamped the WebView frame to an early body.scrollHeight reading, so late image / font loads pushed content past the measured height and the outer scroller refused to follow. WKWebView now owns scrolling natively for the file-viewer case.
Full-screen HTML viewer. New expand button on both inline ```html blocks in chat bubbles and HTML files in the Content sidebar. Opens a modal viewer where the WebView fills the sheet (960×720 ideal on macOS) and scrolls natively.

Tighter sandbox while we're here: explicit Content-Security-Policy locks script-src to none for agent HTML — only our internal height-observer shim runs.

See PR #389 for full details.

Full Changelog: https://github.com/openagents-org/openagents/compare/go-v0.2.7...go-v0.2.8

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track openagents

Get notified when new releases ship.

About openagents

OpenAgents - AI Agent Networks for Open Collaboration

All releases →

Related context

Related tools

Earlier breaking changes

vgo-v0.4.0 Google Sign-In becomes mandatory for all workspaces; unauthenticated access removed.
vgo-v0.3.0 Requires backend supporting new `browser_enabled` field on PATCH /v1/workspaces/{id}.