Skip to content

Releases: vouchdev/vouch

v0.1.0

26 May 15:55
@plind-junior plind-junior
v0.1.0
cc1e48f

Choose a tag to compare

View all tags
v0.1.0 Pre-release
Pre-release

[0.1.0] — 2026-05-26

Packaging

  • Published to PyPI as vouch-kb (the vouch name was already taken by an
    unrelated project); the installed command is still vouch. Install with
    pipx install vouch-kb. A tag-triggered release workflow publishes via PyPI
    Trusted Publishing (OIDC).

Added

  • Seed a cited starter source and claim during vouch init, print first-run
    next steps, and document a 30-second onboarding tour (#54).

Fixed

  • Add put_relation_idempotent() to KBStore and use it in supersede() and contradict() so retrying after a partial failure converges to a consistent state instead of raising ValueError.
  • Raise ProposalError("forbidden_self_approval") in proposals.approve() when approved_by == proposal.proposed_by, enforcing the review-gate guarantee documented in the README and CONTRIBUTING.
  • crystallize() now sets review.approver_role: trusted-agent context so single-agent sessions can be crystallized without hitting the forbidden_self_approval guard (#47).
  • Bundle import rejects tar members whose path escapes kb_dir (CVE-2007-4559, #9). Previously a crafted .tar.gz with a member named ../../evil.txt could write outside .vouch/; the manifest allow-list did not prevent this because the manifest lives inside the same tarball. import_apply, import_check, and export_check now validate every member path and raise on unsafe names.
  • Fix vouch search CLI: assign backend label per code path so substring fallback results are no longer mislabelled as fts5; update stale docstring to reflect multi-backend search surface (#52).
  • vouch crystallize now indexes its session-summary page into FTS5 so it surfaces from vouch search / kb.search / kb.context without a vouch index rebuild (#60).
  • Bundle export uses POSIX / separators in manifest.json and tar member names on every platform (Windows previously produced self-invalid bundles). Windows bundles produced before this fix should be re-exported.
  • bundle.import_check and bundle.import_apply now verify each tar member's sha256 against manifest.json (#74), so a tampered tarball with an unchanged manifest can no longer land attacker-controlled content; import_apply re-verifies at write time and refuses to record a bundle.import audit event on mismatch.
Loading