This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+12 more
Affected surfaces
Summary
AI summaryMCP go-sdk v1.4.1 patches a null Unicode JSON parsing vulnerability (GHSA-q382-vc8q-7jhj).
Full changelog
What's New
Smarter setup. same init now auto-detects your Ollama models, configures the best embedding and chat models for your hardware, and sets up graph extraction automatically. New interactive provider picker supports Ollama, OpenAI, LM Studio, llama.cpp, OpenRouter, and any OpenAI-compatible endpoint.
same add command. Create notes from the CLI with frontmatter, type classification, and tags — without opening a file. Path validation blocks writes to .same/, .git/, and private directories.
same guide / same guide --agent. Get tailored configuration recommendations based on your vault size, hardware, and installed models. --agent mode outputs structured guidance for AI consumption.
Categorized seed vaults. The seed picker now shows recommended seeds first with a clean grouped layout instead of a flat list of 17 items.
Security
- MCP go-sdk v1.4.1 — patches null Unicode JSON parsing vulnerability (GHSA-q382-vc8q-7jhj)
- Plugin trust gate — plugins require explicit trust before loading, with hash verification on every load
- Path hardening — canonicalized symlink validation across add, indexer, and provenance
- XSS prevention — textarea-based entity decode + DOM URL parsing + attribute allowlist in the web dashboard
- Search filter enforcement — all metadata filters enforced server-side in HybridSearch
- Consolidation sanitization — LLM-generated output sanitized via
neutralizeTags()before MCP response and disk write
Init UX Improvements
- Inline prompts for API keys and base URLs (no more "set env var and run again" errors)
- Selectable endpoint picker for OpenAI-compatible providers
- API key prompt for remote endpoints (OpenRouter, etc.)
- Auto-sets
text-embedding-3-smallwhen OpenAI is selected - Stale lockfile recovery — detects dead PIDs instead of blocking forever
- HTML error responses truncated to readable messages
Also
same vault prune— clean stale/missing vault paths from the registry- Dashboard:
/api/trust/summaryendpoint, trust and confidence fields in note responses - Graph tip in demo mentions 7B+ model recommendation
- Doctor box URL no longer truncated
text-embedding-3-largeadded as OpenAI model option
Testing
- New test coverage:
same add(path traversal, symlinks, frontmatter injection),same guide, plugin trust gate, consolidation sanitization, vault prune, init lockfile recovery - 10K note scale test, cross-tool handoff integration test, v0.12.0→v0.12.1 upgrade path test
Full changelog: CHANGELOG.md
Install:
# npm
npx -y @sgx-labs/[email protected] mcp
# curl
curl -fsSL https://statelessagent.com/install.sh | bash
# Build from source
git clone https://github.com/sgx-labs/statelessagent && cd statelessagent && make build
Security Fixes
- MCP go-sdk v1.4.1 — patches null Unicode JSON parsing vulnerability (GHSA-q382-vc8q-7jhj)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About sgx-labs/statelessagent
Memory with provenance tracking — records where agent knowledge originated and detects when sources change. 17 MCP tools for session handoffs, decisions, semantic search, and knowledge graph. Works across Claude Code, Cursor, Windsurf, Codex CLI, and Gemini CLI. Single Go binary, SQLite + vector search, fully local.
Related context
Beta — feedback welcome: [email protected]