Skip to content

Releases: Eilen6316/LinuxAgent

v4.1.0

07 May 14:12
@github-actions github-actions
v4.1.0
2085666

Choose a tag to compare

View all tags
v4.1.0 Latest
Latest

LinuxAgent v4.1.0

LinuxAgent v4.1.0 is a security-depth release. It turns the v4 command safety
boundary into something easier to attack, measure, verify, and reuse from other
agent clients.

Highlights

  • Red-team policy harness with 24 adversarial command-agent cases.
  • Shell-structure policy analysis for pipelines, subshells, command
    substitution, redirects, and nested shell execution.
  • Deterministic LOLBin and interpreter-escape detection for network-to-shell
    pipelines, find -exec, xargs, awk system(), editor escapes, and inline
    interpreter execution.
  • Hypothesis fuzzing for shell-structure parsing.
  • Policy benchmark report with P50/P95/P99 latency numbers.
  • Optional HTTP audit sink with local append-first behavior and local sink
    failure records.
  • Telemetry exporter modes for local JSONL, console, OTLP HTTP JSON, and none.
  • Landlock sandbox design covering capability probes, fallback order,
    compatibility limits, and implementation slices.
  • Read-only stdio MCP server prototype with policy classification and audit
    verification tools.

Safety Boundary

The MCP prototype is intentionally read-only. It does not expose command
execution, file patch application, SSH fan-out, or secrets. Future execution
support must go through the same CommandPlan, policy, HITL, sandbox metadata,
audit, and telemetry path as the CLI.

The Landlock work in this release is design-only. The default sandbox runner
behavior does not change.

Verification

The release gate includes:

  • make lint
  • make type
  • make security
  • make red-team
  • make test
  • make sandbox
  • make harness
  • make integration
  • make verify-build

Current documented verification baseline: 639 unit tests, 24 red-team cases,
10 integration smoke tests, and 86.40% unit-test coverage.

Documentation

Assets 4
Loading

v4.0.0

05 May 07:25
@github-actions github-actions
v4.0.0
1ac6eeb

Choose a tag to compare

View all tags
v4.0.0

LinuxAgent v4.0.0

LinuxAgent v4.0.0 is the first formal release of the rewritten Linux operations
assistant. It replaces the earlier prototype with a LangGraph-based, audited,
policy-driven CLI focused on human-approved command execution.

Highlights

  • LangGraph state machine with explicit HITL confirmation nodes.
  • Capability-based policy engine with SAFE, CONFIRM, BLOCK, risk scores,
    capabilities, and matched rules.
  • Structured JSON CommandPlan validation before policy evaluation.
  • Eleven built-in YAML runbooks supplied as advisory planner guidance.
  • Multi-step planner output with policy checks on each step.
  • SSH cluster execution with RejectPolicy, known-host verification, and
    remote shell-syntax guards.
  • Hash-chained audit log with linuxagent audit verify.
  • Output redaction and guarded tool results before LLM-facing analysis.
  • Local telemetry spans with trace IDs.
  • Reproducible release constraints and wheel data verification.

Compatibility

This is a breaking release from v3 and earlier. See
Migration Guide: v3 to v4.0.0.

Verification

The release gate includes:

  • make lint
  • make type
  • make test
  • make security
  • make harness
  • make integration
  • make optional-anthropic
  • python -m pip check
  • make verify-build

Current documented verification baseline: 522 unit tests, optional Anthropic
compatibility verification when the extra is installed, HITL harness scenarios,
8 integration smoke tests, and 86.94% unit-test coverage.

Documentation

Loading