Skip to content

VikingOwl91/gnoma

v0.1.0 Maintenance

This release keeps dependencies and maintenance posture current for teams operating this tool.

Published 15d AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agentic ai-agent ai-coding-assistant anthropic cli coding-agent
+13 more
gemini go llama-cpp llm local-llm mcp mistral model-context-protocol multi-armed-bandit ollama openai self-hosted tui

Affected surfaces

auth rbac breaking_upgrade

Summary

AI summary

Broad release touches router, skill, slm, and engine.

Full changelog

Changelog

  • d5958203cb262e155dcccc285cef45de0965c9ff Merge pull request 'chore(todo): mark post-audit security work complete' (#5) from chore/todo-post-audit-cleanup into main
  • 9b9a009f68cb76eb32a94304af4d3a57baf66233 Merge pull request 'docs(security): ADR-004 PostToolUse hook ordering + invariant test' (#4) from docs/adr-posttooluse-hook-ordering into main
  • 2132b265a1b14de43295118d58047de0a91e0812 Merge pull request 'feat(security): SafeProvider boundary wrapper (Wave 1)' (#1) from feat/security-wave1-safeprovider into main
  • c7eb14ee31c22aed52c6d5e763fc4cf5eb95ce1e Merge pull request 'feat(security): incognito coherence (Wave 2)' (#2) from feat/security-wave2-incognito into main
  • dd16c1502917615339a2a72d7a9893c978af8ff7 build(release): publish multi-arch Docker images to GHCR
  • bb7892c0c2e27532221006da5dd6c7021f30d037 chore(audit): polish remaining audit findings (M2, H1, H3)
  • 13b2f5e14d3e3b5190b357748496086dc455e6d9 chore(lint): clear dead code and tighten lifecycle errcheck
  • ec9433d783ea8595f58236e84b87899245f7dca9 chore(lint): clear remaining errcheck and staticcheck findings
  • c4fde583f5f045ca5a601b28e63a8fe4421f10a2 chore(lint): gofmt sweep + errcheck cleanups in router discovery
  • 343b0fb94ab19c696476c32733ef460326254ca1 chore(todo): mark post-audit security work complete
  • 21da29e73e530abc8fe17e9048a9c497638b8682 docs(plan): capture post-SLM-unlock outstanding work
  • f8c85a26e9108a3cf10b098384418c1f947d8e34 docs(security): ADR-004 PostToolUse hook ordering + invariant test
  • 3ae40083f19e55c661bf47f890dea1e260369f03 docs(security): Wave 2 plan — incognito coherence
  • 3a638cc9a4edbc0df659a2a6dfcfa889d45145b8 docs(todo): add stream-error failover to backlog
  • 7c6291ab7eb05a1a7a87f3bd36bbd79dcb7a7d2c docs(todo): mark Phase C complete in post-SLM plan summary
  • 8b2202e8ec0ac5f7438d7587cb2795faaafcd489 feat(classifier): Wave A — TaskClassifier interface + HeuristicClassifier
  • 71f31559c2bf99248ccc94f90549b4f2e1dd7096 feat(cli): add 'gnoma providers' subcommand
  • 8450005b31e64471cc730b8610ed105f3df671eb feat(cli): gnoma profile list/show subcommands (Phase C-2)
  • 635dad660cfb1a00aaea9706693e0b6cf7f814df feat(config): per-profile config layering with --profile flag (Phase C-1)
  • 9fb520fba626c1fab03832f5948f9c80bfdf9e71 feat(engine): M8 cleanup — Wave A wiring gaps
  • 176926924c5d2da82e86fd67b6a570abefd90c4e feat(engine): M8 cleanup — Wave B skill enforcement
  • aca830e7dbc181d6a66733740b618cce6950abf7 feat(engine): consumption-time stream-error failover
  • 397a39250cc1cacbb8b9f8a395018a376b015727 feat(engine): early-stop detection for runaway agent loops
  • 43ea2e562d98ab1da8fffa295d53cde34ed11228 feat(engine): two-stage tool routing for small local arms
  • b60aa02bfdfc942a6a75f800565c29b4661bebfb feat(fs): enforce workspace boundary on fs tools
  • 6c47f8643b76c1ea3b73349f13ebff53d75c381c feat(m8): MCP client, tool replaceability, and plugin system
  • 9388479b03e608f1fb866a3adf8a5aa374c7d103 feat(openai): lexical repair for malformed tool-call arguments
  • dc438ea1814bb9a92075fb9c1c3e59c67798e9ce feat(plugin): trust-on-first-use manifest pinning
  • 44d0bdc032a1ed80a41c236f2d727e975a16f412 feat(provider): subprocess CLI provider for claude, gemini, vibe
  • 0b1392cf6be90caf19dceea53674b7e67c9e30bd feat(pty): Phase 2 — interactive shell and bash interactive detection
  • 58beb7ce3cc01ec5251d6c2f9c5eba3299498592 feat(router): classifier-source telemetry + router stats command
  • 7fbb5454ee00e0c16c518400ed89e0bb1705fb32 feat(router): normalize effort/thinking abstraction across providers
  • 0aabd199068247e95ab4e41a140c883b18f9346e feat(router): per-arm strengths + cost weight (Phase D)
  • 6883c2a041fa1b885462eba8cd3664927ba9d530 feat(router): tier-based routing — CLI > local > API, disabled arms
  • 8dcca64e41d5beaba923aa278115d9551a8c2776 feat(security): add SafeProvider boundary wrapper (W1-1)
  • 3c875276c9d1b0e89f3106faf58f1a28d5b7f464 feat(security): implement multi-wave audit remediation and agy provider support
  • 34f6f1c786bf9f8b7df784779b1a843d65c3adbe feat(security): incognito coherence across firewall/router/persist (Wave 2)
  • dc084d5a82763de44b0b84f58a9a12c6a44078e2 feat(security): wire SafeProvider into all provider sites (W1-2/3/4)
  • d6614545a9d26ffb00c44f160f9a8eb199684e96 feat(security): wrap engine.Config.Provider + SetProvider doc (W1 follow-up)
  • 893880039b4892f01b5e79b2bf94b5a8ca41155f feat(skill): TUI integration — /skillname invokes skills, /skills lists them
  • 61adb24773fae8b36bfdbc187ad439f526af7f72 feat(skill): bundled /batch skill with go:embed
  • edc0e97efc2c7c2cb3dafa867d034a6e925249e4 feat(skill): core Skill type and YAML frontmatter parser
  • c07ec63419f17f3983e2df21c3fc30920756eebd feat(skill): enhanced coordinator prompt with fan-out and concurrency guidance
  • 48c7b7aad4333146ba7f995185f2820fce863e76 feat(skill): pipe mode support and main.go wiring
  • b60daf99407e2cdfb67431e26cc3434262a7fafe feat(skill): registry with multi-directory loading and precedence
  • ead91e6ccf6fda8064699fb7f64c95fa49f2c7b1 feat(skill): template rendering with Go text/template
  • d1a5c79fa4c382ccc8f55601b9951dff1a8b64c8 feat(slm): Wave B — Manager, Manifest, download, subprocess lifecycle
  • a9213ec3827db55455ff280eda12bf7e8d36a481 feat(slm): Wave C — SLM classifier, MaxComplexity routing, CLI subcommands, TUI status
  • a14fe8b5043e6511512b9589b6ee32d9a3ee08dd feat(slm): pluggable backends + trivial-prompt routing
  • b331dcd61a8952197b4ad461d1820bffdc178720 feat(subprocess): per-agent binary override via [cli_agents] config
  • f8867f5d7866973d9e12c1c648d089a36ced096c feat(tui): /config opens interactive settings panel
  • d84b295da22c503b7bffaa093df86c4c7f00bd3f feat(tui): /profile slash command + status-bar profile badge (Phase C-3)
  • 48e63a9bc08afde3c841234a7ac6324680443905 feat(tui): Tier 1-2 UX improvements — completions, usage, provider status
  • ce5f9d3dc95a781e90e0c34d10273ded0c6774e1 feat(tui): Tier 3-4 UX improvements — split, routing, session naming, context bar
  • befcbdcfefcae2dc84a4e62e384b0d04ce2091a2 feat(tui): suggestion box above input, input mode indicator, ! execute
  • 0b4de6054d91c0dfd2969a62e385d004d282e97f feat(tui): surface SLM backend + per-turn classifier in status bar
  • 7a417b9011d6d719dfce996f2ba5e0a1e7d23b32 feat: /config, /model listing, /shell stub, /help update
  • 167db19bfbd89f316381d8ff1cc207b14dd66798 feat: /resume TUI command + SessionStore in tui.Config
  • 50bb5f2f6b3d029d88657e166ce1bfb5f5d75a4a feat: AgentExecutor — elf-based hook evaluation via elf.Manager
  • 54df0f2f08f7f425d0b6aa3dbd02f4f3e5837d4b feat: CommandExecutor — shell hook execution with stdin/stdout protocol
  • 47ae6775f3b91662b18c4765a36f0edcb7e787fd feat: Dispatcher — handler chain dispatch, filtering, transform chaining
  • b421439087c081122c7cbe88fdf7a1be0d8a03a2 feat: Engine.SetHistory/SetUsage/SetActivatedTools for session restore
  • 3c5aa3639aed52f48ba869592e7eb72d1bbef809 feat: JSON serialization for Message and Content (session persistence blocker)
  • 2f60bd9f0a8bb374fdb5a1cae5d3178baa7e7378 feat: LocalConfig + auto-save hook in session.Local
  • 11363f3b976fce2ea2e246f51a0ffa8eccce0144 feat: M1-M7 gap audit phase 2 — security, TUI, context, router feedback
  • 95dfd0cf0ceac1c02fa0e17e066b3481e6b3b98b feat: M1-M7 gap audit phase 3 — context prefix, deferred tools, compact hooks
  • 63f4c1389e82977ab47291eceeb6746b7ca797fd feat: M6 complete — summarize strategy + tool result persistence
  • 704f3a7302762200f2f187f7a73382ef49e50d05 feat: M6 context intelligence — token tracker + truncation compaction
  • 13db7521b112478ac6bdf3955544e0dcbce5628b feat: M7 Elfs — sub-agents with router-integrated spawning
  • 4f1e0cf567a8593b5e60c5adf4ee96ebdabe5ced feat: Ollama/gemma4 compat — /init flow, stream filter, safety fixes
  • 685e3b97f22427bb613be78433930ebfccd94a8d feat: ParseHookDefs — config to HookDef conversion with validation
  • 45c0d0c43e0f537997523f8996e654793d3c76fe feat: PromptExecutor — LLM-based hook evaluation via router
  • 64ee385039a88bda43491d15056419b490163041 feat: QualityTracker — EMA router feedback from elf outcomes, ResultFilePaths tracking
  • 39181168b69971d95059107d0777a7454ad4a94d feat: QualityTracker.Snapshot/Restore + Router.QualityTracker() for cross-session persistence
  • 9d18f1179a353aa1d6f1476382149968355069af feat: SessionStore — save/load/list/prune session snapshots to .gnoma/sessions/
  • 96a336aa0e32938373fec25b1994e7af19111f47 feat: TUI slash commands, incognito toggle, model switching
  • 350b7bbe05fa3a39583323c556a0962823546244 feat: accurate context window sizing from arm capabilities + prefix token baseline + tokenizer wiring
  • 9e7caf2467646911b356322f860f394457986a14 feat: add Anthropic provider adapter
  • f3ca791122903bbb2c4a3d78baf1f0ca37215efe feat: add Bubble Tea TUI with interactive chat
  • dccb5fe65a0cb2815f77f0196d82ab77406670c3 feat: add Google GenAI provider adapter
  • 261c19f90f5d6f21118ff953ff3607b160933f03 feat: add OpenAI provider adapter
  • 9608436b52ce5ca1d1b0dbc7ff6b768b00f00e47 feat: add OpenAI-compat adapter for Ollama and llama.cpp
  • a7d86054de4774875497284370568dc9746cdf34 feat: add Session config section (max_keep for session retention)
  • 291ed3534134a8d8cb5ad7c0dbf6c530f2def5e6 feat: add TOML config system with layered loading
  • 17d83f2e2abf77f2b2795f8bb0902ddb15ad7e83 feat: add agy CLI provider and support structured output via prompt augmentation
  • 0d2d825e5278ae59094657c15c922cc8c7bbd30d feat: add dynamic model discovery within providers
  • 788bd8ec24b3a6648d8ed5cf6c886e6d83f6aac5 feat: add foundation types, streaming, and provider interface
  • 03c470bf651f7dc6f883631ff35a5eeb49bd559c feat: add permission system with 6 modes and compound command parsing
  • 847735a9f7ee594470fbfe76b4246227913de4f0 feat: add router foundation with task classification and arm selection
  • 09f102bdec9427235d662e603d6a7f2296b2d37a feat: add security firewall with secret scanning and incognito mode
  • 0f93ee18e415efa7f53b25c74209a142ec0cb5a2 feat: add session interface with channel-based local implementation
  • 60883521c72a730ea90488283233b2de0459d337 feat: auto permission mode, edit diffs, truncated tool output
  • 76916846aaa39bb5345160f485b3fe4d9aa3312f feat: auto-discover local models from ollama + llama.cpp
  • 8f4a4672e7cfd4b7d947191dcf4b5c6178c72adf feat: colored permission mode indicators on separator lines
  • 6cfe35620dc07dd7f6be417b758e760385dfc1ef feat: compact system inventory with queryable system_info tool
  • 46505a1f71b1fd8ead79794a42180c1706d3d5ff feat: complete 7/7 bash security checks
  • 69f5dba0916a67b25d0d41f7ef1004d077559af8 feat: complete M1 — core engine with Mistral provider
  • ebfbefc73d81f72fb49c020d6427d37f379550ee feat: configurable max_turns for elfs — LLM sets via agent tool param
  • f7a22287657282a700995f767f3b3e80b2fd5762 feat: coordinator mode — system prompt injection for orchestration tasks
  • 26666e6d2ca3a592e2362c3490910954baa4bb80 feat: coordinator mode — system prompt injection for orchestration tasks
  • bb93317fb610ac11e443850b837768caf7db0214 feat: ctrl+o toggles tool output expand, fix auto default
  • 1ec90b0ad746713a2f12d6aad8a7145bff4e33b6 feat: engine hook integration — PreToolUse, PostToolUse, Stop
  • 1f620d2725601d75731f775806415baf972c1bbd feat: hook config schema with user+project merge ordering
  • ea7ec98d76c3b4210dfa7c5b4f395ed70256d622 feat: hook core types — EventType, Action, CommandType, HookDef, Executor
  • 0297f56d8f65cd16f42d867cb6e27a72ad47868f feat: hook payload marshal/unmarshal helpers
  • 8e5ddb20cb7964233bc72f38ac94efa38763ca81 feat: hybrid system inventory — dynamic PATH scan + runtime probing
  • 9a78af7b059f3305f60db3eaf57335b2b4ac6541 feat: inject mode changes into engine conversation history
  • c0631728f697a6c64b18a56413b0fa2aa8c7e4e7 feat: interactive permission prompts in TUI
  • 12ace89e31a84724ae3d0836a1b8ad7e3e7277e5 feat: interactive session picker for /resume and --resume
  • 745b27e5db7b8008744ddeb3062eca66c3a0d18a feat: list_results + read_result tools for coordinator artifact discovery
  • f4fda8346b41ce209a942c8f80fc5a34d2c6834b feat: list_results + read_result tools for coordinator artifact discovery
  • c01069164e9d39b05a118f301c30800be8ca58c6 feat: live elf progress in TUI
  • d71bd942c4464d14274ffaf7bd99cf3633c2c3f6 feat: local model reliability — SDK retries, capability probing, init skill, context compaction
  • 7c96f6a29185bf809212bf62451833da3dd383f6 feat: markdown rendering in chat via glamour
  • 84d9e636b741f553e3e2970eeb997b6254ad76b5 feat: multiline input with auto-expanding textarea
  • 4ca7eadd38296b35e1576ff07a0542972a4aa23d feat: permission mode switching in TUI
  • 6fa9df5613341388c989c7106e3df44dfe5eaa94 feat: persist.Store — session-scoped /tmp tool result persistence
  • e1a47a762089fc4a0bf0b2c87b6b3d146bf0b40b feat: rate limit pools, elf tree view, permission prompts, dep updates
  • abb3e3ca90698d317fc2680c5843bf5624f5cfa8 feat: spawn_elfs batch tool for guaranteed parallel elf execution
  • 6a0a6543346a5a107f85450b8428ddfcc31fdd7a feat: tiktoken tokenizer — accurate BPE token counting with provider-aware encoding
  • 9a0e02e1c6b263bcb1d01d1f0da56e4f65c836a4 feat: tokenizer-aware Tracker.CountTokens/CountMessages replaces EstimateMessages in compaction
  • 135c8afe8057e8d433ce9cd2fab6fccba7ef0275 feat: various improvements to engine, router, and TUI
  • 4596ea21562a9870f81ac9bd5efd77872736b1fd feat: wire --resume/-r CLI flags, SessionStore, quality persistence
  • 86aabd4946238bbbc58e9ee30f0d6cd1f315255b feat: wire config system into main — TOML config now active
  • 8d9c521f7a46776de80e5aa1fe320fbd9e26a8d5 feat: wire hook dispatcher in main.go — SessionStart, SessionEnd, PreCompact
  • 24b5126d66f58621078d7c79fd675171dcc182e6 feat: wire permission checker into engine tool execution
  • dae2c488e5b5820558c6ee20f6b9515dcf8ac1dd feat: wire persist.Store into engine, elf manager, and agent tools
  • 062566a23de1a861bb0b33f8ae42b656d047cdef fix(cli): three UX issues — help output, TUI startup, setup command
  • 5cd3ccd9318d2f69606bb1d6b550383ab0712c2e fix(engine): guard mutable state with a mutex
  • c44db99b41dc07c5e827f9a9b81c0c40edeaaead fix(hook): execute hook Exec as a binary, not via sh -c
  • 6bb9c33d04bf427e2c39cd1ff642ec27b67cb767 fix(m8): replace_default map, error UX, benchmarks, and launch prep
  • 67948df8cb998575f8ff2bf37737746d5b18e544 fix(mcp): make transport cross-compile on Windows
  • 59d7e2fa43d614338da6b11a3e0341d26f0c0744 fix(release): target GitHub mirror; provider-neutral README; correct NOTICE
  • 0caab0fed12417cb56801e3a4762d7f43b35fff1 fix(router): discovery loop removes forced arm, breaking routing
  • 8539426a467c37d1ebbe08a12c1b7be4da55b3c5 fix(router): restore Ollama cache prune + provider-specific context defaults
  • f6f8801040177f51d377e0a1b9b5de35e1216c85 fix(router): restore llama.cpp model enumeration; keep /props for n_ctx
  • eb0583f606d052b1db0f5a0713c55e1117557e07 fix(router): unpin config-default provider + complexity floor by task type
  • 8f13ed78a9e8cc8e7f334c483559a9be7a85953d fix(security): redact truncated private keys via header-fallback pattern
  • 329610209a239ac32be314e3ce2438f45b5a729c fix(slm): invoke llamafile via sh to bypass Wine binfmt_misc
  • 9037a0d195614128aceca78ce566862f414ba530 fix(slm): skip re-download when already set up
  • adb4f5db5d7b58b31775649ba371c79c311ff945 fix(slm): start llamafile in background; use lazyClassifier
  • c8813768d5dc9b44d94cd1c3cd46d3f355558364 fix(subprocess): harden agy CLI integration
  • 07a976c32a10d4526c4bde1e1816dc48c5d84767 fix: ClassifyTask priority ordering — orchestration below operational types
  • de1798ff5cd93023e153ef6796e18cdecf22b7f8 fix: M1-M7 gap audit phase 1 — bug fix + 5 quick wins
  • 5b14b0ac84127898f250f6a1aee097618a2267dc fix: TUI overflow, scrollable header, tool output, git branch
  • 90f1fc872b5e4e5345855e830737debb40059441 fix: TUI spacebar + improved design
  • e04cacc21557dde17f0154b08d879813cf3ccbc5 fix: append mutation, pipe-mode hang, Mistral regex false positives
  • 92d2921ea170d3331271356a9d9b5f3778473b84 fix: consistent indentation and AI icon in chat
  • 302dd2ac1d98e417a32df1eb55a54e1c624b1a8f fix: default permission mode, incognito shortcut + display
  • 2093beea5886dcbd8957676b677fa3dbe98586a0 fix: deterministic 500 retry, OpenAI error wrapping, local /init prompt
  • 086a4622fdb77cb1d337da53576279fc8226bf8f fix: elf progress — proper last-2-lines tracking, 70 char truncation
  • 8138bd69f8bc94ea1bbd57c5ca0d893b41a59490 fix: live elf progress shows tool calls + results, not just text
  • 0f8bf7dbdd1230e57ff6001500c94b39125a4cd4 fix: mode change messages tell model to retry
  • 88e76cddb0fcc769d15387d8772b4dcdd4819c8a fix: persist.Store — sanitize callID, log save errors, document List filter semantics
  • 0a1730943f1696796ab9cff2ed6cbc48117b8954 fix: provider-agnostic startup + slm setup auto-config
  • 3bdd9cec7e7e00c65bc6a32be3a93f0171d6390e fix: raw text during streaming, glamour only on completed messages
  • 801036a793495fc7e6b841cb769d67057e29c136 fix: restore import order in main.go
  • 6aea2a9e3a95ba0f43c78450e4dac568a22ec227 fix: retry with exponential backoff on 429, stagger elf spawns
  • ae9683818ba08de34fede52f8499c3e91fe66ba2 fix: session security and correctness — path traversal, turn count restore, incognito quality leak
  • aaf3c1e42cee4fdcb2f886fa0f74e05556e70385 fix: strings.Builder panic — use pointer to avoid copy-by-value
  • d2139c6f0c2cb488f4a70e7f90916eaf649e1373 perf+feat: parallel startup discovery + slash-command suggestion dropdown
  • 99fa0ff08eb3d73ea45de1b7391b3a2ded720d18 refactor(providers): refresh defaults to current 2026 model lineup
  • 9853a522e6f85703570d34df81d2de80eda38054 refactor(security): consolidate TOCTOU-safe path canonicalization
  • fb422028349ce19adfefd8d7a0cec436907993a2 refactor(security): seal SecureProvider via unexported marker method
  • c54471a37be131b9f21485662bb7d192154b82d0 refactor: migrate mistral sdk to github.com/VikingOwl91/mistral-go-sdk
  • 2bf700eec2ffe3b3f4bec909ec72a6013f7dca4b test(elf): make mockProvider.calls atomic
  • beaa09a154684325800de969c14f8ef86a31ea8a test(permission): lock in elf safety-pattern inheritance
  • 342b3903e1c5d74ae33f746628b2e2ee81054e14 test(slm): align HappyPath with task-type complexity floor
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track VikingOwl91/gnoma

Get notified when new releases ship.

Sign up free

About VikingOwl91/gnoma

All releases →

Related context

Beta — feedback welcome: [email protected]