Skip to content

RiskKernel

v0.1.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 18d MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agent-governance ai-agents go guardrails-ai llmops llms
+8 more
mcp observability opentelemetry python reliability self-hosted sre typescript

Affected surfaces

deps rce_ssrf

Summary

AI summary

Updates ci, f7e1e79c5248a255a27472499ad9586220995b01, and c5865608c5bcdf3202383607fb2e08dae9e4c4dc across a mixed release.

Full changelog

Changelog

  • f7e1e79c5248a255a27472499ad9586220995b01: chore(ci): bump actions/checkout from 4 to 6 (#2) (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
  • 9976b14552aed0fd391e35c24111a6162a6a0337: chore(ci): bump actions/setup-go from 5 to 6 (#1) (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
  • 045c9cb87a980ef50edc65771f317aec54ab7243: feat: MCP gateway — govern tools/call (allowlist + approval + audit) (#7) (Adarsh Prashar [email protected])
  • 371ff49a9beb6a7a20256a6f7ecfd827833fe97e: feat: OpenAI/Anthropic-compatible proxy wired through the governor (Adarsh Prashar [email protected])
  • 76e3c98ebf2d37b270e4602c08ed98e5a5a415e1: feat: OpenTelemetry GenAI export (Surface 3) (Adarsh Prashar [email protected])
  • 93afabf30361b78800330bd267a0993b220eaa02: feat: Python SDK (Surface 2) + run-control API + framework adapters (#6) (Adarsh Prashar [email protected])
  • c5865608c5bcdf3202383607fb2e08dae9e4c4dc: feat: SQLite state + auditable cost ledger behind the Store interface (Adarsh Prashar [email protected])
  • 0f7de61f68d7234479f7ed519de71edef22f2385: feat: add a Docker HEALTHCHECK for the daemon (#18) (Adarsh Prashar [email protected])
  • 61547c4a110ad3482b5a69ddcf5c9b2a907c20d1: feat: crash-resume — reload runs on startup + checkpoints (Adarsh Prashar [email protected])
  • a6a76d7ab72a346c081134b9103be0cbaaeb7146: feat: deterministic governor + cost pricing (headline feature) (Adarsh Prashar [email protected])
  • cae4e534e3ad405f7ff055a0f8a76fb69abd9eff: feat: git-native memory layer (md/yaml reader + episodic facts) (#8) (Adarsh Prashar [email protected])
  • 11e59640ae92577e76c55c63baf1ed1d1f0c19a8: feat: human-in-the-loop approval gate (#3) (Adarsh Prashar [email protected])
  • 8f823eab3fdaf675a977cba84238f10b4dc4f846: feat: native OpenAI provider (#19) (Adarsh Prashar [email protected])
  • c984fcf942eecafe9fb1ed27615b0d975fe57a43: feat: packaging + signed release pipeline; v0.1.0 quickstart (#9) (Adarsh Prashar [email protected])
  • 07e07947200de03f2940e8883ef03a4dce0219fb: feat: skeleton + provider abstraction (Anthropic native) (Adarsh Prashar [email protected])
  • d3ca7458d48956968a3f9db183153fc897c145e2: fix(ci): grant id-token: write to the Claude workflows (#16) (Adarsh Prashar [email protected])
  • 230731f263cb0c4134f8896974a3091f59a4916b: fix: align Dockerfile Go version with go.mod (release blocker) (#21) (Adarsh Prashar [email protected])
  • cb299c8adc0446208b185488070c882e4b0d3946: fix: close CodeQL path-injection and integer-overflow alerts (#17) (Adarsh Prashar [email protected])

Self-hosted. Your keys. No telemetry. See SECURITY.md to verify.

Security Fixes

  • Fix: close CodeQL path‑injection and integer‑overflow alerts
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track RiskKernel

Get notified when new releases ship.

Sign up free

About RiskKernel

All releases →

Related context

Beta — feedback welcome: [email protected]