github manuelschipper/nah v0.9.1
on GitHub

7 hours ago

Changed

  • Codex apply_patch friction — safe project-local same-path
    delete/add patches now behave like whole-file replacements instead of always
    requiring native approval, and safe edit auto-approval now uses the project
    boundary instead of Codex's current subdirectory.
  • LLM write review prompt — write-like tool review now focuses on
    observable risk instead of requiring an exact user-intent match for ordinary
    project-local source and test edits. It still escalates command-injection
    risks, persistence/auth boundary changes, credential exposure, and conflicting
    safety scope.
  • LLM risk taxonomy — LLM prompt surfaces now render from one canonical
    code-owned safety risk list, keeping write review, clean script veto,
    provenance review, agent ask-refinement, and terminal guard prompts aligned.
    The LLM docs now describe the shared review scope in human-readable terms.
    (nah-968)
  • LLM ask-refinement prompt — Claude and Codex agent ask-refinement now uses
    a product-neutral prompt with operation metadata, deterministic breakdown,
    recent user intent, and the shared review scope. It no longer reads
    CLAUDE.md / AGENTS.md instruction context or embeds action-specific prompt
    snippets. (nah-971)
  • Claude Code demo simplification/nah-demo now uses a dedicated
    25-case curated demo file instead of the former 90-case plus variant test
    battery. The slash command is a short product demo; pytest remains the
    regression suite. (nah-962)
  • LLM ask refinement defaults — default LLM eligibility now includes
    process signals and safe local read-to-filter pipelines with inline visible
    exec payloads, while file-backed scripts, sensitive reads, remote/decode
    chains, destructive actions, and bypass paths remain human-gated. (nah-963)
  • Plain Git push LLM review — default LLM eligibility now includes
    git_remote_write, so an agent told to "commit and push" can auto-approve a
    normal git push when recent intent is clear. Force pushes, history
    rewrites, branch/tag deletion, mirror/all pushes, and release-looking pushes
    remain human-gated.

Fixed

  • Bash line continuations after operators — commands such as
    git add file && \ followed by git commit now remove the shell
    line-continuation syntax before classification, so the continued stage is
    recognized deterministically instead of falling to unknown. (nah-974)
  • Codex transcript context — LLM ask refinement now reads Codex
    response_item transcript messages and falls back past large ignored tool
    output lines before reporting recent conversation context as unavailable.
  • nah test LLM parity — Bash dry runs now mirror the live clean-script
    LLM veto path for inline and project-local lang_exec commands.
  • tee stream sink false positives — bare tee and tee targets such as
    /dev/null, /dev/stderr, /dev/stdout, and /dev/fd/* now allow
    deterministically, while mixed real file/device targets still resolve through
    filesystem context. (nah-854)
Check out latest releases or
releases around manuelschipper/nah v0.9.1

Don't miss a new nah release

NewReleases is sending notifications on new releases.

Get notifications