GitPedia
Home/Eilen6316/LinuxAgent/Changelog
Eilen6316

Eilen6316/LinuxAgent

LLM-driven Linux operations assistant CLI with mandatory HITL safety, policy engine, runbooks, SSH guards, and audit trails.

2 Releases
Latest: 1mo ago
v4.1.0Latest
github-actions[bot]github-actions[bot]ยท1mo agoยทMay 7, 2026
GitHub

๐Ÿ“ฆ Highlights

  • Red-team policy harness with 24 adversarial command-agent cases.
  • Shell-structure policy analysis for pipelines, subshells, command
  • substitution, redirects, and nested shell execution.
  • Deterministic LOLBin and interpreter-escape detection for network-to-shell
  • pipelines, `find -exec`, `xargs`, `awk system()`, editor escapes, and inline
  • interpreter execution.
  • Hypothesis fuzzing for shell-structure parsing.
  • Policy benchmark report with P50/P95/P99 latency numbers.
  • + 7 more

๐Ÿ“ฆ Safety Boundary

  • The MCP prototype is intentionally read-only. It does not expose command
  • execution, file patch application, SSH fan-out, or secrets. Future execution
  • support must go through the same CommandPlan, policy, HITL, sandbox metadata,
  • audit, and telemetry path as the CLI.
  • The Landlock work in this release is design-only. The default sandbox runner
  • behavior does not change.

๐Ÿ“ฆ Verification

  • The release gate includes:
  • `make lint`
  • `make type`
  • `make security`
  • `make red-team`
  • `make test`
  • `make sandbox`
  • `make harness`
  • + 4 more

๐Ÿ“ Documentation

  • [Red Team Baseline](../en/red-team.md)
  • [Policy Benchmark](../../benchmarks/policy-benchmark.md)
  • [Landlock Sandbox Design](../design/sandbox-landlock.md)
  • [MCP Server Design](../design/mcp-server.md)
  • [Threat Model](../en/threat-model.md)
  • [Production Readiness](../en/production-readiness.md)
v4.0.0
github-actions[bot]github-actions[bot]ยท1mo agoยทMay 5, 2026
GitHub

๐Ÿ“ฆ Highlights

  • LangGraph state machine with explicit HITL confirmation nodes.
  • Capability-based policy engine with `SAFE`, `CONFIRM`, `BLOCK`, risk scores,
  • capabilities, and matched rules.
  • Structured JSON `CommandPlan` validation before policy evaluation.
  • Eleven built-in YAML runbooks supplied as advisory planner guidance.
  • Multi-step planner output with policy checks on each step.
  • SSH cluster execution with `RejectPolicy`, known-host verification, and
  • remote shell-syntax guards.
  • + 4 more

๐Ÿ“ฆ Compatibility

  • This is a breaking release from v3 and earlier. See
  • [Migration Guide: v3 to v4.0.0](../en/migration-v3-to-v4.md).

๐Ÿ“ฆ Verification

  • The release gate includes:
  • `make lint`
  • `make type`
  • `make test`
  • `make security`
  • `make harness`
  • `make integration`
  • `make optional-anthropic`
  • + 5 more

๐Ÿ“ Documentation

  • [Security Policy](../../SECURITY.md)
  • [Threat Model](../en/threat-model.md)
  • [Production Readiness](../en/production-readiness.md)
  • [Contributing](../../CONTRIBUTING.md)
  • [Release Guide](../en/release.md)
โ† Back to LinuxAgent wiki