You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
symbi init Docker ergonomics: init now accepts --dir <PATH> for targeting a mounted volume from inside a container (docker run -v $(pwd):/workspace ... init --dir /workspace), generates a ready-to-run docker-compose.yml with correct volume mounts and env wiring, and writes a .env with a freshly generated SYMBIONT_MASTER_KEY (0600 perms) plus a safe-to-commit .env.example. Opt out with --no-docker-compose. symbi up in an empty directory now points the user at symbi init instead of silently starting with no agents. init is promoted to the first subcommand in symbi --help. See docs/docker.md for the new 2-command Docker quickstart.
symbi shell — interactive TUI: New first-class subcommand providing a ratatui-based terminal UI for building, orchestrating, and operating agents. Inline viewport with live-streaming tool-call cards, async throbber during LLM calls, markdown + diff renderers, toggleable project-structure sidebar, agent-card widget, diff view, and ORGA-phase-colored trace timeline. Command registry with /help, /clear, /quit, /dsl toggle, /model, /cost, /status, input history, and session UUIDs. Agent lifecycle: /agents, /debug, /stop, /pause, /destroy. AI-assisted authoring: /spawn, /policy, /tool, /behavior (artifacts are persisted to disk). Orchestration: async orchestrator wired for conversational mode, /audit command wired to the ORGA journal, automatic context compaction with /compact and /context. Ops: /deploy, /ask, /send, /memory, /run, /chain, /debate, /tools, /skills, /doctor, /logs, /new. Remote attach: /attach, /detach, /cron over HTTP; /channels via remote attach; /secrets via local encrypted store. Session persistence: /snapshot, /resume, /export. Fuzzy @mention + /command completion with grouped popup, auto-trigger on / and @, arrow navigation, @path completion, DSL-aware completion, in-process DSL evaluation in /dsl mode. /init with deterministic profiles and conversational mode. Tree-sitter syntax highlighting for the Symbiont DSL plus Cedar and ToolClad. Artifact validation pipeline: constraint loader, DSL validator, Cedar and ToolClad validators. Theme system, OSC-8 hyperlinks, resize handling, transient-retry, Zellij detection with inline-viewport warning, --yes, --profile.
Agent deployment stack: /deploy local via Docker with a hardened sandbox runner, /deploy cloudrun for Google Cloud Run (OSS single-agent), and /deploy aws for AWS App Runner (OSS single-agent).
Cross-instance agent messaging: RemoteCommunicationBus with HTTP messaging endpoints wired into RuntimeBridge's default context. Cron + heartbeat architecture documented in the spec.
symbi-approval-relay crate: Dual-channel human approval relay.
symbi schemapin and symbi policy CLI subcommands.
symbi-invis-strip crate: Zero-dependency Unicode invisible-stripping helper (ASCII C0/DEL, C1, zero-width, bidi overrides, word-joiner/invisible-operator block, BOM, variation selectors, Unicode Tag block, supplementary variation selectors). Opt-in sanitize_field_with_markup variant additionally strips <!-- ... --> HTML comments and triple-backtick fenced blocks for surfaces where renderer-hidden markup has no legitimate use.
Cedar policy linter (scripts/lint-cedar-policies.py): Detects homoglyph identifiers and invisible control chars in .cedar files. Wired to the repo pre-commit hook and CI test job.
symbi-e2e end-to-end test crate: Covers AgentPin messaging, API auth scope, cross-runtime bus, Docker volumes, messaging ingress, rate limit, and webhook signature verification.
Opt-in OpenRouter app attribution: Runtime now sets the OpenRouter app-name headers when enabled.
symbi repl shim subcommand forwards to the repl-cli binary (mirrors the existing symbi shell shim) so the command every docs page has referenced is now a first-class subcommand rather than a separately-built binary.
Changed
OSS vs Enterprise licensing: Documented in the spec and plan.
Docs rewrite: docs/index.md, docs/getting-started.md, docs/docker.md lead with a 2-command Docker init flow. New docs/symbi-shell.md covers the Beta interactive TUI end-to-end. docs/repl-guide.md cross-links to the shell. docs/api-reference.md gains a CLI subcommands section covering symbi schemapin, symbi policy, and symbi agents-md. docs/runtime-architecture.md gains a Cross-instance agent messaging subsection. docs/security-model.md gains Invisible-Character Sanitization (symbi-invis-strip), Cedar Policy Linter, and Human Approval Relay (symbi-approval-relay) sections. All five translations (zh-cn, es, pt, ja, de) synced.
Staleness sweep: Fixed broken copy-paste commands across all language variants — symbiont-runtime → symbi-runtime package name, rewrote the Runtime HTTP API quickstart to use symbi up --http-bind 0.0.0.0 + $SYMBI_HTTP_TOKEN (not the non-existent symbiont-runtime --http-api), docker build -f runtime/Dockerfile . → docker build ., and symbi-runtime = { version = "1.6" } snippet → "1.11". Documented the previously-undocumented symbi new templates (webhook-min, webscraper-agent, slm-first, rag-lite) and the OPENROUTER_REFERER / OPENROUTER_TITLE env vars.
/attach scheme policy: Documentation clarified that /attach accepts HTTP or HTTPS; https:// is required for any remote or production target.
Fixed
symbi-shell: /spawn, /policy, /tool, /behavior now actually persist their artifacts; Enter submits on first press even when the completion popup is visible; content scroll fix with all warnings eliminated; batched UX fixes.
CI: Unblocked minimal build and Docker build, added 4 missing fuzz targets, normalised cargo fmt across the workspace, silenced approx_constant lint, fixed three release-workflow + test issues exposed by v1.10.0.
OSS sync: Include tests/e2e workspace member in the OSS allowlist and Docker context.
SystemTime overflow DoS in the remote envelope parser fixed; Docker proto dependencies and fuzz-target tokio runtime aligned.
Agent scope enforcement: Applied to every /api/v1 agent, schedule, and channel route.
Bus signature verification enforced; ToolClad custom parsers gated.
4 new fuzz targets for the messaging attack surface.
Dependency CVE patches; remote-bus env var unified; env-touching tests serialised to prevent cross-test interference.
[1.10.0] - 2026-04-13
Added
HTTP Input LLM invocation with ToolClad: When the target agent is not Running on the communication bus, the webhook handler now falls back to an on-demand LLM invocation path that runs an ORGA-style tool-calling loop against ToolClad manifests. Tools execute on a blocking thread pool with a 120-second per-tool timeout. Duplicate (tool, input) pairs within a single iteration are deduplicated. Provider auto-detected from OPENROUTER_API_KEY, OPENAI_API_KEY, or ANTHROPIC_API_KEY.
Normalized LLM tool-calling client: LlmClient::chat_with_tools returns a unified content-block shape across Anthropic (native tool_use) and OpenAI/OpenRouter (function calling normalized to the same format).
Webhook response metadata: LLM-invoked responses include response, tool_runs, model, provider, latency_ms, and status: completed.
Fixed
HTTP Input: agent state check before communication bus dispatch: invoke_agent now verifies the target agent is in the Running state via scheduler.get_agent_status() before sending a message. Previously send_message returned Ok for unregistered agents and delivery failed silently, producing a false "execution_started" response.
HTTP Input: UTF-8 safe string truncation: Tool output previews and caller-supplied system_prompt values are truncated on UTF-8 character boundaries to prevent panics on multi-byte output.
HTTP Input: system_prompt length cap: Caller-supplied system_prompt is now capped at 4096 bytes and logged; remains a prompt-injection surface when exposed to untrusted callers.
[1.9.1] - 2026-04-01
Changed
LanceDB is now an optional build feature: The lancedb, arrow-array, and arrow-schema dependencies are gated behind the vector-lancedb feature flag. LanceDB remains in the default feature set so existing builds are unaffected. Build without vector backends using --no-default-features for lighter binaries.
Fixed
README restructured: Tighter positioning as "policy-governed agent runtime", trimmed capabilities table, simplified DSL example, softened benchmark claims, clarified Community/Enterprise editions
Documentation alignment: Docs index, SECURITY.md support matrix, Dockerfile port comments, and all translations updated to match
Version consistency: Fixed Rust version mismatch (1.88 → 1.82) across all docs and READMEs
Dead link: Removed enterprise/README.md reference from public READMEs
Speculative docs: Removed planned Risk Assessment Algorithm sections from security-model and runtime-architecture docs
[1.9.0] - 2026-03-29
Added
ToolClad runtime integration: Manifest loading, argument validation, and command execution for declarative tool contracts
Agent catalog: Built-in catalog with list and import for pre-built governed agents
Inter-agent communication bus: CommunicationBus with policy evaluation for all builtins (ask, delegate, send_to, parallel, race)
CommunicationPolicyGate: Cedar-style rule enforcement for inter-agent calls with priority-based evaluation and hard deny
Changed
CI workflow: Replace arduino/setup-protoc with native package managers (Node.js 20 deprecation)
Crate Versions
Crate
Version
symbi
1.8.0
symbi-dsl
1.8.0
symbi-runtime
1.8.0
symbi-channel-adapter
0.1.2
repl-core
1.8.0
repl-proto
1.8.0
repl-cli
1.8.0
repl-lsp
1.8.0
[1.7.1] - 2026-03-11
Added
AI Assistant Plugin docs: Document symbi-claude-code and symbi-gemini-cli governance plugins in README, getting-started, and index docs
SchemaPin discovery JSON: Support SchemaPin discovery JSON format in fetch_public_key
Cosign binary signing: Release workflow now signs binaries with cosign
Changed
Drop Intel macOS builds: Remove x86_64-apple-darwin target from release workflow; install script provides source/Homebrew guidance
Cross-build optimization: Use thin LTO and 4 codegen units for cross builds to avoid OOM during linking
README images: Use absolute GitHub URLs for logo images
Fixed
Release workflow: Multiple fixes for cross-compilation (protoc in cross container, vcpkg OpenSSL on Windows, NASM for Windows builds)
Publish workflow: Improved reliability for crates.io publishing
Crate Versions
Crate
Version
symbi
1.7.1
symbi-dsl
1.7.1
symbi-runtime
1.7.1
symbi-channel-adapter
0.1.2
repl-core
1.7.1
repl-proto
1.7.1
repl-cli
1.7.1
repl-lsp
1.7.1
[1.7.0] - 2026-03-08
Added
Standalone Agent SDK (Phase 1)
symbi_runtime::prelude: One-import module for standalone agent development — re-exports reasoning loop, executors, providers, policy gates, and types
ReasoningLoopRunner::builder(): Typestate builder pattern with compile-time enforcement of required fields (provider → executor → build)
ToolFilterPolicyGate: Tool-name whitelisting gate — restricts which tools an agent can invoke without requiring full Cedar policies
tool_definitions() on ActionExecutor trait: Enables executors to self-describe available tools for LLM function-calling
cloud-llm and standalone-agent feature flags: Lighter builds for agents that don't need the full runtime
External Agent Integration (Phase 2)
External execution mode: New ExecutionMode::External for agents running outside the coordinator
Unreachable agent state: Detects when external agents stop sending heartbeats
Heartbeat and push-event HTTP endpoints: /agents/{id}/heartbeat and /agents/{id}/events for external agent liveness and event reporting
Scheduler support: External agents register with the scheduler but skip the execution queue — coordinator tracks their status without managing their lifecycle
Extended CreateAgentRequest: DSL field now optional for external agents; AgentStatusResponse includes new fields for external agent metadata
Formatting: Fixed cargo fmt issues in context_manager, conversation, and phases modules
Production safety: Fixed path traversal, panic-on-unwrap, and potential secret leaks
Async I/O: Replaced blocking std::fs calls with async equivalents in async contexts
Changed
Feature flag rename: symbi-dev → orga-adaptive for advanced reasoning primitives
Apache 2.0 license: Project relicensed from MIT to Apache 2.0
Copyright update: 2024-2026 Jascha Wanger / ThirdKey AI
Crate Versions
Crate
Version
symbi
1.7.0
symbi-dsl
1.7.0
symbi-runtime
1.7.0
symbi-channel-adapter
0.1.2
repl-core
1.7.0
repl-proto
1.7.0
repl-cli
1.7.0
repl-lsp
1.7.0
[1.6.1] - 2026-02-27
Fixed
qdrant-client version pin: Pin qdrant-client to >=1.14.0, <1.16.0 to prevent API breakage from v1.16+ (fields added to CreateCollection, UpsertPoints, DeletePoints, CreateFieldIndexCollection)
Crate Versions
Crate
Version
symbi
1.6.1
symbi-dsl
1.6.1
symbi-runtime
1.6.1
symbi-channel-adapter
0.1.1
repl-core
1.6.1
repl-proto
1.6.1
repl-cli
1.6.1
repl-lsp
1.6.1
[1.6.0] - 2026-02-27 [YANKED]
Yanked from crates.io: All 7 crates at v1.6.0 have been yanked due to a
qdrant-client semver breakage that caused cargo install to fail. Use v1.6.1 instead.
Added
ClawHavoc Scanner Expansion
30 new detection rules across 7 attack categories: reverse shells (7 rules), credential harvesting (6), network exfiltration (3), process injection (4), privilege escalation (5), symlink/path traversal (2), downloader chains (3)
5-level severity model: Critical, High, Medium, Warning, Info — scans fail on Critical or High findings (previously only Critical)
Debug/release threshold split: Relaxed thresholds for debug builds (unoptimized crypto) while preserving real claims for release
Fuzzing Expansion
6 new fuzz targets: dsl_evaluator, mattermost_signature_verification, crypto_roundtrip, webhook_verify_generic, api_key_store, policy_evaluation — total now 18 targets
Agentic Reasoning Loop (Phases 1–5)
Typestate-enforced ORGA cycle: Observe-Reason-Gate-Act loop with compile-time phase transition safety (AgentLoop<Reasoning> → PolicyCheck → ToolDispatching → Observing). Invalid transitions are caught at compile time via zero-sized type markers
Unified inference providers: InferenceProvider trait with CloudInferenceProvider (OpenRouter, OpenAI, Anthropic) and local SLM support. Model auto-detection from OPENROUTER_API_KEY / OPENROUTER_MODEL environment variables
Policy-gated reasoning: Every proposed action evaluated by ReasoningPolicyGate before execution — deny, allow, or modify. Cedar policy engine integration via CedarGate
Action executor with circuit breakers: Parallel tool dispatch via FuturesUnordered, per-tool timeouts, and CircuitBreakerRegistry with configurable failure thresholds and recovery windows
Durable execution journal: BufferedJournal with sequenced JournalEntry events for loop replay and debugging. Replaces NoOpJournal
Human-in-the-loop critic: HumanCritic integration for approval workflows within the reasoning loop
Multi-agent patterns: AgentRegistry for persistent agent metadata, Saga pattern for multi-step distributed operations with checkpoints
Structured output validation: OutputSchema + ValidationPipeline for schema-validated LLM responses
Context token budget enforcement: In-loop ContextManager with sliding window, observation masking, and anchored summary strategies
DSL reasoning builtins: reason, llm_call, parse_json, tool_call, and delegate builtins wired into the REPL
Live integration tests: Full loop tests with real LLM inference via OpenRouter
Knowledge-Reasoning Bridge
KnowledgeBridge: Opt-in bridge between context::ContextManager (agent memory/knowledge) and the reasoning loop. Configurable via KnowledgeConfig (max items, relevance threshold, auto-persist)
Context injection: Retrieves relevant knowledge via query_context() + search_knowledge() and injects as a replaceable system message before each reasoning step
recall_knowledge tool: LLM-callable tool that searches the agent's knowledge base with configurable result limits
store_knowledge tool: LLM-callable tool that stores new facts (subject/predicate/object triples) into the agent's knowledge base
KnowledgeAwareExecutor: Wraps the inner ActionExecutor, intercepts knowledge tool calls locally, delegates all others to the real executor
Post-loop persistence: Automatically stores conversation learnings as episodic memory after loop completion (when auto_persist is enabled)
Backward compatible: ReasoningLoopRunner works identically without a knowledge bridge (knowledge_bridge: None)
v1.6.0 roadmap: Agent discovery, remote transport, and DSL A2A primitives planned across 5 phases
Fixed
cargo-chef cook: Create stub for [[example]] entries not handled by cargo-chef
ECDSA benchmark threshold: Debug builds no longer fail due to unoptimized crypto exceeding release-only 5ms threshold
SchemaPin verification threshold: Same debug/release split applied to pinned-key verification benchmark
Crate Versions
Crate
Version
symbi
1.6.0
symbi-dsl
1.6.0
symbi-runtime
1.6.0
symbi-channel-adapter
0.1.1
repl-core
1.6.0
repl-proto
1.6.0
repl-cli
1.6.0
repl-lsp
1.6.0
[1.5.0] - 2026-02-22
Added
LanceDB Embedded Vector Backend
VectorDb trait abstraction: Backend-agnostic async trait (initialize, store, store_batch, search, delete, count, drop_collection, health_check) with unified VectorSearchResult and typed VectorDbError
LanceDB as default embedded backend: Zero-config vector search using Arrow-based lancedb crate — no Docker, no external services required. Default data path: ./data/vector_db/
Qdrant moved to optional backend: Existing Qdrant support preserved behind vector-qdrant feature flag (qdrant-client dep gated on #[cfg(feature = "vector-qdrant")])
Backend factory: resolve_vector_config() and create_vector_backend() select backend via SYMBIONT_VECTOR_BACKEND env var, config file, or default to LanceDB
Consumer updates: StandardRAGEngine and StandardContextManager now accept Arc<dyn VectorDb> instead of concrete QdrantClientWrapper
Context Compaction Pipeline
TokenCounter trait: Pluggable token counting with TiktokenCounter (model-aware via tiktoken-rs) and HeuristicTokenCounter fallback
create_token_counter factory: Tiered resolution — tiktoken for known models, heuristic for unknown
Tier 1 Summarize: LLM-driven condensation of oldest conversation items when context exceeds threshold
Tier 4 Truncate: Drop oldest conversation items as last-resort when budget is critically exceeded
Enterprise tier stubs: Tier 2 (episodic compression) and Tier 3 (archive to memory) gated behind enterprise-compaction feature
select_tier pipeline orchestrator: Evaluates tiers in order, returns first applicable CompactionResult
check_and_compact integration: Wired into StandardContextManager for automatic compaction on context operations
CompactionMetrics: Token counts and tier usage exposed in runtime metrics snapshot
Composio MCP Integration
Feature-gated composio module: SSE-based connection to Composio MCP server for external tool access (uses existing reqwest dependency)
Security Hardening
Structure-aware fuzz targets: 5 new fuzz targets for DSL parsing, SSE/JSON-RPC protocol, SchemaPin verification, Slack signature validation, and TOFU key substitution
Audit TOCTOU fix: Eliminated time-of-check/time-of-use race in audit trail writes
Vault secret heuristic: Improved detection of secret values in Vault backend responses
Changed
Default vector backend is now LanceDB (previously Qdrant was required)
Docker Compose examples no longer include Qdrant by default
Development setup no longer requires docker-compose up -d qdrant
RoutingStatistics: Replaced Arc<RwLock<RoutingStatistics>> with lock-free AtomicU64 counters — eliminates write-lock contention on every routed request
SlmExecutor trait: Extracted from inline mock — enables dependency injection for SLM execution
LLMClient trait + LLMClientPool: Public trait and registry pattern replace hardcoded MockLLMClient — empty pool by default, consumers call register()
Fallback tracking: Consolidated duplicate fallback counting into single fallback_to_llm helper
Relaxed base64ct pin: Changed from =1.6.0 to ^1 to allow compatible upgrades
Removed
SchemaPinCliWrapper: Deleted legacy Go CLI binary wrapper (516 lines) — native Rust schemapin crate handles all operations
ConfidenceMonitor stub: Removed dead ConfidenceConfig, ConfidenceStatistics, and ConfidenceMonitor types — trait + NoOpConfidenceMonitor retained
MockLLMClient from public API: Moved behind #[cfg(test)] — use LLMClientPool::register() for production clients
execute_slm_mock: Deleted — replaced by SlmExecutor trait injection
Enterprise dead code: Removed commented-out enterprise module stubs and unused re-exports from OSS build
Crate Versions
Crate
Version
symbi
1.5.0
symbi-dsl
1.5.0
symbi-runtime
1.5.0
symbi-channel-adapter
0.1.1
repl-core
1.5.0
repl-proto
1.5.0
repl-cli
1.5.0
repl-lsp
1.5.0
[1.4.0] - 2026-02-16
Added
HTTP Input Security Hardening
Loopback-only default binding: bind_address defaults to 127.0.0.1 instead of 0.0.0.0
Explicit CORS origin allow-lists: Replaced cors_enabled boolean with cors_origins: Vec<String>
JWT EdDSA validation: Full Ed25519 public key loading and JWT verification in auth middleware
Health endpoint separation: /health exempt from authentication for load balancers
PathPrefix route matching: Implement RouteMatch::PathPrefix in HTTP input routing
Runtime agent execution: Replace invoke_agent stub with real runtime dispatch
API Reference: Complete HTTP API documentation with examples
OpenAPI-compatible endpoint specifications
Authentication and authorization guides
Integration examples for common use cases
Improved
Runtime Stability & Performance
Memory Management: Optimized memory usage with configurable limits
Error Handling: Enhanced error propagation and recovery mechanisms
Async Performance: Improved async runtime efficiency and task scheduling
Resource Utilization: Better CPU and memory resource management
Configuration & Deployment
Feature Flags: Granular feature control for different deployment scenarios
http-api: HTTP server and API endpoints
http-input: Webhook input processing
vector-db: Vector database integration
embedding-models: Local embedding model support
Directory Structure: Standardized data directory layout
Separate directories for state, logs, prompts, and vector data
Automatic directory creation and permission management
Legacy migration utilities for existing deployments
Developer Experience
Examples: Comprehensive example implementations for all major features
Testing: Enhanced test coverage with integration tests
Logging: Structured logging with configurable verbosity levels
Debugging: Improved debugging capabilities with detailed metrics
Fixed
Scheduler Deadlocks: Resolved potential deadlock conditions in agent scheduling
Memory Leaks: Fixed memory leaks in context management and vector operations
Graceful Shutdown: Improved shutdown reliability under high load
Configuration Validation: Enhanced validation of configuration parameters
Error Recovery: Better error recovery in network and storage operations
Dependencies
Added: Axum 0.7 for HTTP server implementation
Added: Tower and Tower-HTTP for middleware and CORS support
Added: Governor for rate limiting capabilities
Added: Qdrant-client 1.14.0 for vector database operations
Updated: Tokio async runtime optimizations
Updated: Enhanced serialization with serde improvements
Breaking Changes
Context API: Updated context management API with hierarchical memory model
Scheduler Interface: New scheduler trait with enhanced lifecycle management
Configuration Format: Updated configuration structure for directory management
Performance Improvements
Scheduler Throughput: Up to 10x improvement in agent scheduling performance
Memory Efficiency: 40% reduction in memory usage for large context operations
Vector Search: Optimized vector database operations with batch processing
HTTP Response Time: Sub-100ms response times for standard API operations
Security Enhancements
Authentication: Multi-factor authentication support for HTTP API
Encryption: Enhanced encryption for data at rest and in transit
Access Control: Improved permission management for context operations
Data Protection: Secure handling of sensitive agent data and configurations
Installation
Docker
docker pull ghcr.io/thirdkeyai/symbi:v0.3.0
Cargo (with all features)
cargo install symbi-runtime --features full
Cargo (minimal installation)
cargo install symbi-runtime --features minimal
From Source
git clone https://github.com/thirdkeyai/symbiont.git
cd symbiont
git checkout v0.3.0
cargo build --release --features full
Quick Start - HTTP API
use symbi_runtime::api::{HttpApiServer,HttpApiConfig};let config = HttpApiConfig{bind_address:"0.0.0.0".to_string(),port:8080,enable_cors:true,enable_tracing:true,};let server = HttpApiServer::new(config);
server.start().await?;