sgx-labs/statelessagent

v0.12.0 Security

This release includes 6 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 6 known CVEs

Topics

ai-agent ai-memory claude-code context-surfacing cursor go

+12 more

llm-memory local-first mcp mcp-server model-context-protocol obsidian llm semantic-search sqlite sqlite-vec vector-db windsurf

Affected surfaces

auth rce_ssrf

Summary

AI summary

Provenance tracking records note origins and flags stale entries, improving trust-aware search.

Full changelog

Memory Integrity

SAME now tracks where your notes came from and whether they're still accurate.

Every saved note records its provenance — the files and notes it was derived from, with SHA256 hashes at capture time. When source files change, SAME detects the divergence and flags affected notes as stale. Stale notes rank lower in search automatically, so your AI gets trustworthy context first.

Highlights

Provenance tracking — note_sources table records what each note was derived from
Trust-aware retrieval — stale notes rank 25% lower, contradicted notes 60% lower in search results. trust_state field on all search results lets agents caveat answers.
Graph 1-hop expansion — top search results are expanded through knowledge graph edges to surface related decisions, references, and dependencies
same kaizen — log friction, bugs, and improvement ideas as you work. Provenance tracking detects when source files change, hinting that items may be addressed.
same health — vault health score with trust analysis: validated/stale/unknown counts, stale source detection, actionable recommendations
Crash resilience — PreCompact hook saves checkpoint handoffs before context compaction, not just on session stop
5 new MCP tools — save_kaizen, mem_consolidate, mem_brief, mem_health, mem_forget (17 total)

Also new

same tips — vault hygiene, security, and model selection guidance
same graph enable/disable — toggle graph mode without editing config
same consolidate / same brief — LLM-powered knowledge management [experimental]
Container environment detection (Docker, Kubernetes, Codespaces, Gitpod)
Graceful Ctrl+C cancellation during reindex and init
Thinking model compatibility (DeepSeek-R1, QwQ, etc.)
Windows ARM64 binary
Human-readable error messages for embedding failures

Fixed

Windows self-update stale .old backup file handling
Migration failure upgrading from v0.9.1 to v0.10.0
Graph stats config reading
URL redirect vulnerability in web dashboard
MCP SDK bumped to v1.4.0 (security fix)

Security

Path traversal validation in provenance source recording
Prompt injection protection for staleness/divergence context tags
YAML frontmatter injection prevention in kaizen notes
Path validation in source divergence checks

Full changelog: https://github.com/sgx-labs/statelessagent/blob/main/CHANGELOG.md

Full Changelog: https://github.com/sgx-labs/statelessagent/compare/v0.10.0...v0.12.0

Security Fixes

Fixed URL redirect vulnerability in web dashboard
MCP SDK bumped to v1.4.0 (includes security fix)
Path traversal validation added for provenance source recording
Prompt injection protection for staleness/divergence context tags
YAML frontmatter injection prevention in kaizen notes
Path validation added to source divergence checks

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track sgx-labs/statelessagent

Get notified when new releases ship.

About sgx-labs/statelessagent

Memory with provenance tracking — records where agent knowledge originated and detects when sources change. 17 MCP tools for session handoffs, decisions, semantic search, and knowledge graph. Works across Claude Code, Cursor, Windsurf, Codex CLI, and Gemini CLI. Single Go binary, SQLite + vector search, fully local.

All releases →