sgx-labs/statelessagent

v0.6.0 — Reliability, Privacy & Polish

Self-diagnosing retrieval, pinned notes, keyword fallback, vault privacy structure, RAG chat, interactive demo, write-side MCP tools, security hardening, and a full polish pass.

Install

curl -fsSL statelessagent.com/install.sh | bash
same demo

Or download a binary below.

Added

• Write-side MCP tools — 5 new MCP tools bring the total to 11. Your AI can now save notes, log decisions, and create session handoffs — not just read:
  • save_note — create or update markdown notes (auto-indexed, dot-dir protected, 100KB limit)
  • save_decision — log structured decisions with status and date
  • create_handoff — session handoffs with summary, pending items, and blockers
  • get_session_context — one-call orientation: pinned notes + latest handoff + recent activity + stats
  • recent_activity — recently modified notes (clamped to 50)
• same ask — ask questions, get answers FROM your notes with source citations. Uses a local Ollama LLM to synthesize answers from semantically relevant notes. 100% local, no cloud APIs.
• same demo — interactive demo with sample notes. See SAME in action in under 60 seconds. Works without Ollama.
• same tutorial — 6 hands-on lessons: search, decisions, pinning, privacy, RAG, and session handoffs.
• SAME Lite — works without Ollama. Keyword search via SQLite FTS5 powers all features. Install Ollama later and same reindex upgrades to full semantic mode.
• Project-aware init — detects existing docs (README.md, docs/, ARCHITECTURE.md, CLAUDE.md, .cursorrules, ADR/) and indexes them automatically.
• same pin — pin important notes so they're always included in every session.
• same repair — one-command database recovery: backs up and force-rebuilds.
• same feedback — thumbs-up/down for notes to improve retrieval over time.
• FTS5 keyword fallback — when Ollama is down, context surfacing falls back to keyword search instead of failing.
• Doctor retrieval diagnostics — 8 new checks: embedding mismatch, PRAGMA integrity, utilization rate, config validity, and more.
• Schema migration system — auto-migrates between schema versions.
• Embedding mismatch guard — detects provider/model changes without reindexing.
• MCP directory manifests — server.json and smithery.yaml for directory submissions.
• 45+ new tests — store, search, indexer, config, and MCP packages.

Security

11 fixes from 6 rounds of pre-release security auditing:

• Dot-path blocking — MCP writes can no longer touch .git/, .same/, .env, etc.
• MCP error sanitization — all error messages are static strings; no internal paths leak to AI
• find_similar_notes path validation through safeVaultPath
• Write size limits — 100KB max on decisions and handoffs
• Config file permissions — 0o644 → 0o600 across all config writes
• OLLAMA_URL scheme validation — blocks file://, ftp://
• Empty input validation on same search, same ask, same feedback
• DB path PII fix — index_stats returns filename only, not full path
• Plugin timeout safety — nil check before Kill()

Fixed

• Replaced all panics with errors
• TOML skip_dirs now applied correctly
• Noise path filter uses HasPrefix instead of Contains

Changed

• Go 1.25 standardized everywhere
• README restructured for launch — same demo above the fold, MCP tools table, numbers, SAME Lite callout
• Intel Mac install — uses ARM binary + Rosetta
• Error messages rewritten for clarity

Full Changelog: https://github.com/sgx-labs/statelessagent/compare/v0.5.4...v0.6.0