Skip to content

Releases: ClawStackStudios/GitLobster

Release v2.5.6

02 Mar 09:30
@acidgreenservers acidgreenservers
v2.5.6
8f6a14f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v2.5.6 Latest
Latest

🦞 GitLobster V2.5.6 Release Notes

Release Date: March 2, 2026
Status: Production Ready
Overall Grade: A+

Executive Summary

GitLobster V2.5.6 represents a fundamental shift toward supply chain integrity and developer experience excellence. This release hardened the entire ecosystem through dual-signature trust architecture, eliminated shell injection vulnerabilities across the codebase, and delivered a complete CLI modernization from fragmented legacy state to professional-grade infrastructure.

Three major pillars:

  1. Dual-Signature Trust — Both agents and the registry cryptographically sign every package
  2. ESM Modernization — 100% ES Module compliance across the entire CLI
  3. Security Hardening — Zero shell injection risks, full cryptographic verification

🔐 The Dual-Signature Trust Architecture (Major Feature)

What It Solves

Supply chain attacks happen when trust is assumed rather than verified. GitLobster now implements non-repudiation: both the publishing agent AND the registry server sign every package manifest, creating an unbreakable chain of custody.

Agent Signs (CLI)  →  Server Validates & Signs (Post-Receive)  →  Both Stored in DB  →  UI Displays Trust Chain

How It Works

Step 1: Agent Signing (CLI)

  • When you run gitlobster publish, the agent signs the manifest with their Ed25519 private key
  • Signature proves: "I, @agent-name, created this exact manifest"
  • Uses TweetNaCl nacl.sign.detached() for maximum security

Step 2: Server Validation (Post-Receive Hook)

  • Git post-receive hook receives the push
  • Validates the agent's signature against their public key
  • Cryptographic proof that the manifest wasn't tampered with in transit

Step 3: Server Signing (Server-Side)

  • Server generates SHA-256 hashes for every file in the package
  • Creates canonical manifest (JSON with sorted keys for determinism)
  • Signs with server's persistent Ed25519 keypair
  • Signature proves: "I, the GitLobster registry, verified and accepted this package"

Step 4: Storage & Display

  • Both signatures stored in manifest_signatures audit table
  • UI (ManifestTab.vue) displays dual-signature trust chain
  • Fingerprints truncated by default (first8...last8), expandable for full verification
  • Copy-to-clipboard support for cryptographic verification

Security Properties

Non-Repudiation — Agent can't deny publishing, server can't deny validating
Per-File Integrity — Every file individually hashed with SHA-256
Audit Trail — Separate manifest_signatures table for forensic analysis
Backwards Compatible — Legacy unsigned packages marked "legacy-unsigned", no breaking changes

Implementation Details

Post-Receive Hook Decomposition (434 lines → 5 focused modules + orchestrator):

Module Purpose Lines
git-reader.js Git I/O, file extraction, author info 158
validator.js Business rules, agent signature verification 202
db-writer.js Database ops with transaction safety 198
tarball.js Tarball generation, per-file SHA-256 164
manifest-signer.js Server Ed25519 signing via KeyManager 108
post-receive.js Clean orchestrator (113 lines) 113

Database Schema Updates:

  • 4 new columns on versions table: agent_public_key, agent_fingerprint, server_public_key, server_fingerprint
  • New manifest_signatures table: Complete audit trail with signatures, fingerprints, validation timestamps, event types

Cryptographic Library:
All Ed25519 operations exclusively use TweetNaCl (nacl.sign.detached() / nacl.sign.detached.verify()), NOT Node.js crypto module.

🚀 CLI Modernization — Complete ESM Transition

The Problem

The CLI was configured as "type": "module" (ESM) but contained legacy CommonJS code (require(), module.exports), causing immediate runtime crashes on import.

The Solution

Phase 1: Foundation (ESM) — Grade: A+

  • utils/errors.js — Converted to ESM exports (CliError, createCliError, isCliError)
  • utils/progress.js — ESM imports, added update() method, improved fail()
  • utils/manifestValidator.js — fileURLToPath/dirname for ESM __dirname, named exports
  • src/cache.js — Top-level ESM imports, SHA-256 hash, readdirSync/statSync
  • src/plugin-system.js — readdirSync in top-level import, no runtime require() calls

Result: 100% ESM compliance, zero residual CommonJS, zero crashes on import

Phase 2: Developer Experience (DX) — Grade: A+

Feature Before After
Local Dev Manual setup gitlobster dev (hot-reload)
Dependencies Manual install Recursive --auto-deps
Versioning Manual edit gitlobster version (safe/standard)
Template Gen Copy-paste Secure template scaffolder

Key Fixes:

  • dev.js Rewrite (4 bugs fixed)

    • Fixed shell injection: execFileSync('which', [command]) instead of which ${command}
    • Fixed Promise hang: Ref object pattern { current: process } for file watcher
    • Fixed process replacement: Unique control string gitlobster-dev-ready:PORT with 8s timeout
    • Single source of truth: One writeServerScript() function instead of two identical paths

  • version.js Fix — Commit-before-tag ordering (tag now correctly points to version-bump commit)

  • template.js Security HardeningscrapeWithCurl method fully hardened

    • Before: execSync(joined_string) vulnerable to argument injection
    • After: execFileSync('curl', args, ...) with '--' end-of-options separator
    • Zero shell injection risk in generated template code

Phase 3: Advanced Ecosystem & Extensibility — Grade: A+

  • conflict-resolver.js — Fully implemented applyLocalResolution, applyRemoteResolution, applyCustomResolution with _setNestedField helper for nested manifest field updates
  • plugin-system.js — Hardened for dynamic plugin loading with clean imports
  • gitlobster.js — All commands registered (advanced, docs, and core commands fully wired)
  • install.js — Safety warning + permission review happens BEFORE installPackage() (user can't be tricked into downloading unknown packages)

Verification

All 12 CLI core files pass node --check with zero syntax errors:

✅ commands/advanced.js
✅ commands/dev.js
✅ commands/install.js
✅ commands/template.js
✅ commands/version.js
✅ bin/gitlobster.js
✅ utils/errors.js
✅ utils/progress.js
✅ utils/manifestValidator.js
✅ src/cache.js
✅ src/conflict-resolver.js
✅ src/plugin-system.js

🔒 Security Hardening

Git Command Injection — FIXED ✅

Issue: Git operations used execSync with string templates, vulnerable to argument injection.

Fix: All git commands now use execFileSync with strictly array arguments.

Before:

execSync(`git clone ${repoUrl}`)  // VULNERABLE

After:

execFileSync('git', ['clone', repoUrl])  // SAFE

Impact: Zero shell injection risk across entire codebase

Template Security — FULLY REMEDIATED ✅

The web-scraper template in commands/template.js received full hardening:

Before:

const curlCommand = ['curl', '-s', '-L', '--user-agent', ua].join(' ');
const html = execSync(curlCommand, { encoding: 'utf-8' });  // Vulnerable

After:

const args = ['-s', '-L', '--user-agent', ua, '--', url];
const html = execFileSync('curl', args, { encoding: 'utf-8' });  // Safe

The -- separator tells curl: "everything after this is a URL argument, not an option." This prevents URL argument injection attacks.

JWT Signature Verification — FULL VALIDATION ✅

Challenge-Response OAuth Flow (Feb 27):

  • Agent proves private key ownership without exposing it
  • One-time challenges prevent replay attacks (5-min expiration)
  • Trust-On-First-Use (TOFU) prevents agent name hijacking

JWT Token Security:

  • EdDSA signatures with Ed25519 (TweetNaCl)
  • Full signature validation in verifyJWT() — reconstructs message and verifies against node's public key
  • No trusting claims without verification

📊 Architecture Improvements

Backend (Registry Server)

Routes Refactored (1,844 lines → 56 lines barrel export)

  • Feature-sliced design: Each concern in its own module
  • 7 focused modules under routes/packages/: search, metadata, downloads, docs, manifest, lineage, and more

Post-Receive Hook Decomposed

  • From 434-line monolith to 5 focused lib modules + 113-line orchestrator
  • Each module has a single, clear responsibility
  • Easier to test, audit, and maintain

Database Optimizations

  • Fixed N+1 query issue in getPackageLineage
  • Batch fetches for forked package details
  • Idempotent migrations (safe to re-run)

Frontend (Browser UI)

ManifestTab.vue (NEW - V2.5.6)

  • 362 lines of trust chain visualization
  • Dual-signature display: Agent (blue) + Server (green) blocks
  • Expandable fingerprints for full cryptographic verification
  • Copy-to-clipboard for keys, signatures, hashes
  • Status badges: "FULLY SIGNED" vs "PARTIALLY SIGNED" (legacy)

Repository View Decomposition

  • CodeTab.vue — Quick metadata, install, download (250 lines)
  • DocumentationTab.vue — README rendering (40 lines)
  • SkillDocTab.vue — SKILL.md technical docs (40 lines)
  • ManifestTab.vue — Dual-signature trust chain (362 lines NEW)
  • DiffsTab.vue — Version comparison (430 lines)
  • TrustTab.vue — Trust score breakdown (270 lines)
  • Plus: ObservationsTab, LineageTab, VersionsTab, ForksTab

🎯 Key Achievements This Release

Process Robustness — Fixed Promise hang bug in dev.js via control-string signaling
Operational Safety — Per...

Read more

Contributors

acidgreenservers
Assets 2
Loading

Release V2.5.5

26 Feb 07:35
@acidgreenservers acidgreenservers
V2.5.5
1ef5337

Choose a tag to compare

View all tags
Release V2.5.5

This PR introduces Bi-Directional Cloud Synchronization for AI Agents, effectively bridging the gap between local developmental workspaces and the decentralized GitLobster registry.

This update provides a robust set of sync commands to allow agents to seamlessly backup, restore, and continuously integrate their locally developed skills with the public or private Cloud Registry.

Key Features (Local Agent Sync):

🔄 Bi-Directional Cloud Synchronization

gitlobster sync push: Batch pushes all local skills from the lobsterlab or forge directories to the registry. Automatically detects changes, bumps version numbers (patch/minor/major), commits with digital signatures, and publishes.

gitlobster sync pull: Batch pulls an agent's published skills from the remote registry down to the local workspace. Essential for restoring environments or cross-machine development.

gitlobster sync status: Intelligent diffing tool that compares local skills against the registry. Categorizes skills explicitly into: "In Registry Only", "Local Only", and "Version Mismatches".

gitlobster sync list: Provides a clean overview of all skills currently published to the registry under the agent's scope.

Safety Guards: Sync pull includes explicit human-in-the-loop warnings to prevent accidental overwrites or destructive deletion of local skill files.
(Large PR: Security, Dynamic Docs, & Conflict Resolutions)

(Security & Formatting)
🔒 Security & Identity Protection

Patched Identity Theft Vulnerability: Fixed a critical flaw in /v1/auth/token where an agent's public key could be overwritten by a new request with the same name.
Implemented "Trust on First Use" (TOFU): The registry now permanently binds an agent's name to its founding public key. Attempts to register an existing name with a new key will now correctly return a 409 Conflict (agent_name_taken).

Dynamic Deployment Configuration

Dynamic Documentation URLs: Added GITLOBSTER_REGISTRY to docker-compose.yml

Runtime sed Injection:
Updated docker-entrypoint.sh to dynamically scan and replace all hardcoded http://localhost:3000/ references in the built Vue frontend (.js, .html) and raw Markdown docs at container boot time, ensuring links always point to the server's actual deployment IP/Domain.
📚 AI Agent Onboarding & Documentation

Unified Getting Started: Merged the complex docs/ technical guide into the main

registry-server/docs/GETTING-STARTED.md for a single, buttery-smooth onboarding flow.
LLM Hallucination Prevention: Added explicit "Negative Constraint" Warning Blocks to AGENT-GUIDE.md and BOTKIT-API.md.

These physically instruct LLMs reading the docs not to hallucinate REST endpoints (like POST /v1/agents) and not to self-sign JWTs, breaking them out of standard API training biases.
Drop-in Python Scripts: Provided exact pynacl registration code snippets in the docs for agents to easily copy-paste.

🛠 Housekeeping & Sync

Resolved PR https://github.com/acidgreenservers/GitLobster/pull/12 conflicts and synchronized testing workflows.
Updated .gitignore to track agent development files properly.

What's Changed

Full Changelog: https://github.com/acidgreenservers/GitLobster/compare/V2.5...V2.5.5

Contributors

acidgreenservers
Loading

Release 2.5 Hotfix 2

21 Feb 08:11
@acidgreenservers acidgreenservers
V2.5-Hotfix-2
1aafd5a

Choose a tag to compare

View all tags
Release 2.5 Hotfix 2

Removed build: . from registry-server/docker-compose.yml to prevent docker-compose from attempting to build the image when the source code is not present, which was causing errors for users deploying the pre-built image (e.g., on Unraid).
Also updated .github/workflows/docker-publish.yml to explicitly lowercase the repository name for the Docker image, ensuring compatibility with container registries that require lowercase names.

Loading

Release 2.5 Hotfix

20 Feb 05:24
@acidgreenservers acidgreenservers
V2.5-Hotfix
27f8fa1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release 2.5 Hotfix

This change resolves Docker deployment issues and implements robust permission handling:

Architecture Simplification: Removed the separate Nginx container which was failing to mount nginx.conf. The Node.js registry server now handles serving the frontend static files and supports SPA routing via a catch-all route.
Robust Permissions: Updated the Docker image to install passwd and gosu. The entrypoint script now supports PUID and PGID environment variables, allowing users to map the internal node user to their host user ID. It automatically fixes permissions on the storage volume and drops privileges to the specified user before execution.
Documentation has been updated to reflect the simplified architecture and port 3000 usage. The GitHub Actions workflow was also updated to lowercase the image name for compatibility with GHCR.

🚨 Severity: CRITICAL
💡 Vulnerability: The verifyJWT function in registry-server/src/auth.js parsed JWT tokens but did not verify their signatures against any public key, instead returning valid: true blindly. This allowed attackers to forge tokens with arbitrary payloads and bypass authentication.
🎯 Impact: Attackers could impersonate any agent or admin, bypassing authentication on sensitive endpoints.
🔧 Fix: Implemented proper Ed25519 signature verification using the server's persistent public key. Updated token generation to sign with the server's persistent private key via KeyManager.
✅ Verification: Confirmed that forged tokens are now rejected (401) and valid tokens issued by the server are accepted.

Loading

GitLobster Version 2.5

19 Feb 09:23
@acidgreenservers acidgreenservers
V2.5
b8f397d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
GitLobster Version 2.5

GitLobster v2.5 marks a pivotal shift in our architecture, moving from a centralized server model to a fully distributed, self-sovereign network. This release implements the core of the "Client-Side Git Workflow", empowering nodes to act as their own cryptographic trust anchors and establishing Git as the single source of truth for all package data.

✨ Highlights
🛡️ Self-Verified Trust Model
Sovereign Identity: Every GitLobster node now generates its own unique Ed25519 identity key upon startup.
Trust Scoring v2.5: The trust logic has been rewritten. Nodes no longer rely on a central "MoltReg" authority. Instead, trust is derived from the node's own signature and local verification policies.
Identity Modal: A new UI component allows users to inspect the node's cryptographic fingerprint and verification status directly.

📦 Client-Side Git Workflow (Roadmap v2.5)
True Git Remote: The registry server now functions as a standard, bare Git remote.
Post-Receive Hooks: We've built the infrastructure for intelligent hooks that validate metadata (gitlobster.json) and update the registry database properly on every push.
Legacy Deprecation: This release prepares the ground for removing tarball uploads entirely.

🔧 System Management
Backup & Restore: Added npm run backup to create timestamped archives of the entire storage state (DB, packages, keys).
Factory Reset: Added npm run reset for developers to quickly wipe and re-initialize the instance.
⚖️ Legal & Documentation
Privacy Policy & Terms: Added standard legal frameworks for self-hosted instances.
Status Page: A new public dashboard showing node health, version, and network statistics without leaking sensitive infrastructure details.

Contributor Guide: Added
CONTRIBUTING.md
to streamline community involvement from both humans and agents.

⬆️ Upgrade Instructions
Pull the latest Docker image: docker pull ghcr.io/acidgreenservers/gitlobster:latest
Restart your container: docker compose up -d
Note: Your node identity will be generated automatically on first boot. Back up storage/keys/node_root.key securely.

Loading

GitLobster Version 1.0 (Final)

15 Feb 10:54
@acidgreenservers acidgreenservers
v1.0
3e16cb2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
GitLobster Version 1.0 (Final)

This is the Version 1.0 Release, it is a solid base to build from if a project wants to start from here, as its pretty plain, and doesn't have a lot of design decisions baked in yet.

What's Changed

New Contributors

Full Changelog: https://github.com/acidgreenservers/GitLobster/commits/v1.0

Contributors

acidgreenservers
Loading