Codeep

v2.1.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 12d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai ai-agent ai-agents ai-tools cli-app

Affected surfaces

rce_ssrf

ReleasePort's take

Light signal

editorial:auto 12d

Inline code execution via eval flags is now blocked in agent mode.

Why it matters: Security: prevents arbitrary code execution; requires no action beyond upgrading to v2.1.4.

Summary

AI summary

Inline code execution flags are now rejected in agent mode to prevent arbitrary code execution.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Inline code execution blocked in agent mode via eval flags. Inline code execution blocked in agent mode via eval flags. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Auto-summarized history added for overflow context budget. Auto-summarized history added for overflow context budget. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

Long agent runs no longer silently forget how they started — when prior chat history overflows the context budget, the dropped older messages are summarized instead of just truncated. Plus a command-whitelist hardening.

Security

Inline code execution is blocked in agent mode. The command whitelist
allowed interpreters like node/python/php, but their eval flags
(node -e, python -c, php -r, deno eval, …) turned a whitelisted
runtime into arbitrary code execution. Those flags are now rejected (including
combined short clusters like -pe). Running a file (node app.js,
python script.py) is unaffected. Defense-in-depth — the manual-mode
permission prompt is still the primary gate.

Added

Auto-summarized history. When the prior conversation exceeds the agent's
context budget, Codeep now condenses the dropped (oldest) messages into a
short recap — preserving early decisions, constraints, and unfinished threads
— and injects it before the recent verbatim history. Previously those older
messages were silently truncated. The recap is one cheap LLM call, made only
on overflow and cached per session. Opt out with
autoSummarizeHistory: false (falls back to plain truncation, no extra call).

Security Fixes

Reject eval flags (e.g., node -e, python -c) in agent-mode command whitelist to prevent arbitrary code execution

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Codeep

Get notified when new releases ship.

About Codeep

All releases →

Related context

Related tools

Earlier breaking changes

v2.4.1 MiniMax M3 replaces MiniMax-M2.7 as default model across all providers.
v2.0.0 McpServer protocol now optional fields `command`, `args`, plus new `url` and `headers`; version bumped to 2.0.0.