This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
ai
ai-agent
ai-agents
ai-tools
cli-app
Affected surfaces
auth
Summary
AI summaryUpdates What's new, New features, and Developer experience across a mixed release.
Full changelog
What's new
Security
- Fixed unauthenticated access to
/api/tasks— now requiresx-sync-tokenheader - Added rate limiting to all API endpoints (stats, tasks, progress, sync, keys, cleanup)
New features
- Token budget warning — agent warns at 80% and 95% of model's context window, using accurate per-model context sizes
/synccommand — sync learning preferences and profiles across machines- Auto-sync on startup — learning preferences are automatically pulled from cloud if newer than local
Reliability
- Retry logic for all cloud sync calls (exponential backoff, up to 2 retries on network errors and 5xx)
Developer experience
- Debug logging now writes to
~/.codeep/logs/— useCODEEP_DEBUG=1to enable,tail -fto follow without breaking the UI - Updated TypeScript 5.3 → 6.0 and minimum Node.js 18 → 20
Data & accuracy
- Fixed model context window sizes (Claude Opus/Sonnet: 200k → 1M, DeepSeek: 64k → 128k, MiniMax corrected)
- Updated model pricing across all providers
Bug fixes
- Fixed 23 failing tests
Breaking Changes
- Minimum Node.js version increased from 18 to 20
- TypeScript upgraded from 5.3 to 6.0
Security Fixes
- Fixed unauthenticated access to `/api/tasks`; now requires `x-sync-token` header
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Codeep
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]