Releases: avivsinai/agent-message-queue
Releases · avivsinai/agent-message-queue
Release list
v0.40.0
[0.40.0] - 2026-07-05
Added
amq coop init --no-gitignorenow leaves.gitignoreunchanged, for users
who manage ignore rules globally or manually (#173, closes #172).amq coop exec --no-gitignorepasses the gitignore opt-out through auto-init,
socoop execcan start a session without modifying.gitignore(#192,
closes #179).- Contributor workflow: pull requests now require a
CHANGELOG.mdUnreleased
entry unless skipped by Dependabot, release branches, or theno-changelog,
docs, orchorelabels (#182).
Changed
amq wake --helpno longer lists internal readiness-coordination flags;
managed wake startup flows can still pass them (#189).- Bump
github.com/coder/websocketfrom 1.8.14 to 1.8.15 (#169) - Bump
actions/checkoutfrom 6.0.3 to 7.0.0 (#170)
Fixed
- Hardened message, DLQ-envelope, and receipt parsing by rejecting queue files
that are themselves symlinks or non-regular files before reading them (#186). - Inbox and DLQ operations now reject malformed or non-canonical
.mdqueue
filenames at queue boundaries (#185). - Wake metadata and readiness writes now refuse symlinked destination files and
install atomically with fsync (#187). - Wake identity mismatches now stay
unverifiedunless AMQ can prove the
recorded PID is not anamq wakeprocess (#187). amq wake --inject-vianow accepts symlinked executables, such as
Homebrew-installed injectors, by resolving them before validation; validation,
persistence, and execution all use the resolved physical path (closes #197).- On Windows, atomic file writes now replace existing files atomically instead
of temporarily deleting the destination during rename retries (#188). - Atomic queue-file writes now fail with
io.ErrShortWriteif the filesystem
reports success after writing only part of the file (#184). - Contributor workflow: pre-push smoke tests no longer write synthetic release
refs into the caller repository when run from a git hook (#196, closes #195). - Test-only: wake tests now create their sandboxes under the physical
repository path, so symlink-spelled checkouts no longer fail loop/inject-via
assertions (#194, closes #193). - Test-only: made inject-via wake notification tests deterministic by replacing
shell-redirection capture with a helper process (#183).
Compatibility
The stricter queue validation above applies to queue files themselves, not to
how their directories are reached. A message, receipt, DLQ envelope, or wake
metadata file that is itself a symlink (or any non-regular file) is now
rejected; queue roots reached through symlinked parent directories — for
example a symlinked checkout or home layout — are unaffected. Files created by
the AMQ CLI are always regular files, so only hand-placed symlinks inside queue
directories are impacted.
v0.39.0
[0.39.0] - 2026-06-30
Fixed
amq drainand drain-modeamq monitornow claim inbox messages before
parsing them, preventing duplicate consumption under concurrent drains.- DLQ moves and retries now claim or update queue state before redelivery, and
reject tampered original filenames before restoring messages. - Multi-recipient delivery now preserves already committed inbox messages when
a later recipient fails, andamq send --projectnow rejects multiple
recipients instead of applying undefined cross-project partial semantics. - AMQ-owned
--inject-viawake processes started bycoop execor
wake repairnow exit when their recorded owner process is gone or no
longer matches, preventing stale terminal injectors from blocking session
reopen recovery.
v0.38.0
[0.38.0] - 2026-06-22
Added
amq env --exportnow prints eval-safe shell exports for opt-in terminal
pinning, includingAM_BASE_ROOTonly when the resolved root is a session
root (#149).
Fixed
amq who,amq presence list, andamq doctor --opsnow present the
reservedusermailbox as a human operator gate instead of a stale agent
process (#139).- The human operator handle
useris now reserved for configured projects, and
amq coop initseedsclaude,codex,userby default so strict operator gates
no longer require custom coop setup (#139). - Release publishing now detects release commits inside normally merged release
PRs while ordinary feature merge commits no-op before tag, artifact, or skill
publishing jobs (#163).
v0.37.1
[0.37.1] - 2026-06-22
Fixed
- Hardened general stale
.wake.lockcleanup paths soamq wakeacquisition
anddoctor --ops --fix-wake-locksrefuse to remove locks whose live wake PID
only appears stale because boot-id or process-start metadata was tampered or
mismatched (#156). amq send --root <path>now shows the root basename as the session label for
root-only local sends that are not routed by project, session, or
from-session flags (#150).
v0.37.0
[0.37.0] - 2026-06-22
Added
- Document operator-gate conventions in the
amq-cliandamq-specskills,
covering structural human handoffs, initialized human handles, and spec
approval gates (#136). - Report and optionally fix identity-verified stale
.wake.lockfiles from
amq doctor --ops, including roots whose config is missing or corrupt (#151). - Add
amq wake repairpluscoop exec --wake-inject-viasupport so managed
launchers can restart a dead external-injector wake for a still-running agent
session from a digest-bound, private saved target (#154).
Fixed
amq coop exec --require-wakecan reuse an existing usable wake process, while
still failing closed when the existing wake cannot safely inject (#153).
v0.36.0
[0.36.0] - 2026-06-13
Changed
amq sendnow refuses an explicit--rootthat targets a different base tree
than the caller's active session (AM_ROOT/AM_BASE_ROOT) when no routing
dimension (--project/--session/--from-session) is given. A direct--root
is root selection, not federation routing: such a message carried no
sender-origin metadata, so the recipient could not reply and a naive reply
looped back into their own tree. Replyable cross-tree messaging must use
--project/--session. Bare-root sends with no session env set are
unaffected (#144).amq sendno longer stampsreply_toon ordinary same-session sends; it is
stamped only for actual cross-session/cross-project routes. The stray
same-sessionreply_tois what made a direct cross-root send look replyable
while looping into the replier's own tree (#144).
v0.35.0
[0.35.0] - 2026-06-13
Added
amq sendandamq replyaccept--allow-emptyto deliver an intentionally
blank body (for example when the subject carries the full message) (#143).
Changed
amq sendandamq replynow treat--body -(and--body @-or an omitted
--body) as stdin per the standard CLI convention, and fail closed when the
resolved body is empty or whitespace-only instead of silently delivering a
blank message. Previously--body -shipped a literal hyphen, so a dropped or
mistyped body could reach the recipient blank with no warning. Pass
--allow-emptyto send a blank body deliberately (#143).- Bumped the Go toolchain directive to 1.25.11 so CI and release checks pick up
the standard-library fixes for GO-2026-5039 (net/textproto) and GO-2026-5037
(crypto/x509) thatgovulnchecknow flags.
v0.34.1
[0.34.1] - 2026-05-11
Added
amq coop exec --require-wakenow refuses to launch the agent command unless
the background wake process starts and confirms it acquired the wake lock,
giving managed launchers a safe mode for wake health enforcement (#120).
Changed
- Bumped the Go toolchain directive to 1.25.10 so CI and release checks use the
standard-library vulnerability fixes required bygovulncheck.
v0.34.0
[0.34.0] - 2026-04-28
Added
amq wakenow supports an explicit external injection transport via--inject-via <executable>, repeatable--inject-arg <arg>, and bounded--inject-timeout(default5s), letting orchestrators and no-controlling-TTY environments receive wake notifications without TIOCSTI. AMQ appends the sanitized notification payload as the final argv element and does not run the command through a shell.--bellis honored on the inject-via path, and a one-time fallback warning is emitted before writing to stderr when the external injector fails (#99, closes #98).
Fixed
- Release tooling preserves CHANGELOG compare links when preparing release PRs (#116).
v0.33.0
[0.33.0] - 2026-04-28
Added
amq env --jsonnow emits the documented v1 machine-readable contract withschema_version,amq_version,base_root,in_session,root_source, always-present string fields, and{}for unconfiguredpeers(#101).- Reserved extension metadata namespaces under
<AM_ROOT>/extensions/<layer>/and<AM_ROOT>/agents/<handle>/extensions/<layer>/;amq doctor --jsonnow reports passive root extension manifests and malformed extension metadata diagnostics without executing extension code (#102). amq route explain --jsonnow reports canonical route resolution with routability, structuredargv, display command, source/delivery roots, project, and session metadata for same-session, cross-session, and cross-project sends (#103).amq send --from-session <source-session>supports setup-terminal cross-session sends from a base root, writing the sender outbox in the source session and stampingreply_tofor replies back to that session (#104).
Fixed
- Explicit
--root/--from-rootproject lookups no longer fall back to the current working directory's.amqrc, and global~/.amqrcno longer infers project identity from the home directory basename. amq env --jsonnow emits.amqrcpeer paths as resolved absolute paths so consumers do not need to reimplement AMQ's peer path resolution.- Extension layer names now reject
..substrings, andamq doctor --jsononly reads passive extension manifests that are regular files below the size cap.