Releases: dkmnx/kairo
Releases · dkmnx/kairo
v2.3.6
v2.3.5
Changed
- Z.AI default model updated from
glm-4.7toglm-5.1
v2.3.4
Fixed
- Update command now correctly looks up script names in checksum verification
v2.3.3
Fixed
- Update command now properly includes scripts checksums file in release artifacts
v2.3.2
Added
- Completion command restored with automatic shell completion file saving
Changed
- Banner now uses middle dot separator with improved spacing
Fixed
- Config validation now clears invalid
DefaultProviderreferences to prevent runtime errors
v2.3.1
Changed
- Error handling performance optimized with strings.Builder
- CLI state management consolidated for better maintainability
- Test infrastructure improved with PromptUI adapter for testable prompts
Security
- Update command now verifies SHA256 checksums before installing downloaded binaries
v2.3.0
Added
--yolo/-yflag for direct provider execution to skip harness permission prompts- Passes
--dangerously-skip-permissionsto Claude Code - Passes
--yoloto Qwen Code
- Passes
Security
- Custom provider URL validation now blocks private IPv6 addresses in addition to localhost, private IPv4, and link-local addresses
v2.2.1
Changed
- MiniMax: Updated default model from MiniMax-M2.5 to MiniMax-M2.7
v2.2.0
Changed
- YAML Config: Config file parsing now rejects unknown fields with helpful error messages instead of silently ignoring them, helping users catch typos and ensuring forward compatibility with newer config versions
- Security: Malformed secret entries now log only line number and issue type (e.g., "empty key", "empty value") instead of the raw line content, preventing potential exposure of secret values in logs
- Durability: Config file writes now use atomic write pattern (temp file + rename) to prevent partial writes on interruption, matching the pattern used for secrets and key files
Security
- ParseSecrets no longer logs raw malformed secret entries that could contain sensitive values
- Provider environment no longer includes decrypted secrets - secrets are now passed exclusively via secure wrapper script mechanism, preventing credentials from appearing in
/proc/<pid>/environ
v2.1.1
Added
- SecretsMap type: New secure map type for API key storage with memory safety
- Zeroes memory on delete/clear to prevent key remnants in memory
- Provides Get, Set, Delete, Range, Len, Clear, Close methods
- Added
ParseSecretsToSecureMapandFormatSecretsMapfunctions
- Cache metrics: Exposed cache hit/miss/eviction counts via
GetMetrics() - Secrets recovery helper: New
printSecretsRecoveryHelp()in cmd/util.go
Changed
- Config cache: Return deep copies to prevent mutation of cached values
- API key validation: Compile regex patterns once and cache for performance
- Error message format: Standardized validation errors to use colon separator (e.g., "provider: message")
- pkg/env merge: Consolidated pkg/env into internal/config for better encapsulation
- Go version: Updated requirement from 1.25+ to 1.26+ in documentation
Fixed
- Race condition: Fixed race condition in config cache with atomic metrics
- Config mutation: Prevent accidental mutation of cached config values
- Cache error handling: Improved error wrapping in cache Get method
- Documentation: Fixed stale references in architecture documentation