github vellum-ai/vellum-assistant v0.1.23
on GitHub

latest releases: v0.10.0, v0.10.0-staging.3, v0.10.0-staging.2...
4 months ago

Release Notes - v0.1.23

Features

  • Sidebar Redesign: Complete redesign of the sidebar interface with improved organization of threads, apps, and Control Center
  • Skill Includes System: New skill dependency system allowing skills to include and validate other skills with cycle detection and metadata tracking
  • Browser Tool Enhancements:
    • Added rich annotations with element highlights and action text overlays
    • Implemented floating picture-in-picture panel for browser sessions
    • Added tab bar support for multiple pages in PiP panel
    • Auto-start screencast functionality for browser tools
  • Archive Management: Replaced modal confirmation dialogs with streamlined inline confirm buttons
  • Development Tools: Automatic TCC permissions setup with development certificate configuration
  • Skill Management: Enhanced scaffold_managed_skill tool with includes support and improved metadata handling

Fixes

  • Security Improvements:

    • Hardened Content Security Policy for app page rendering
    • Increased share link token entropy from 72 to 128 bits
    • Enforced strict file permissions (0o600) on trust.json
    • Fixed path traversal vulnerabilities through improved symlink validation
    • Enhanced PII detection with refined credit card regex patterns

  • Authentication & Authorization:

    • Fixed gateway authentication with proper HTTP bearer token handling
    • Corrected runtime bearer token transmission on all API calls
    • Improved authorization header handling when gateway auth is enabled

  • Browser & UI Stability:

    • Fixed coordinate normalization for browser highlights
    • Improved CDP session management to prevent memory leaks
    • Enhanced screencast error recovery and session cleanup
    • Fixed browser surface dismissal and frame decode serialization
    • Resolved UI alignment issues with conversation elements

  • File & Path Handling:

    • Added existence checks before path resolution to prevent ENOENT errors
    • Improved symlink cycle detection using ancestor-path validation
    • Enhanced file upload validation with proper byte length checks
    • Fixed app store file path validation against directory traversal

  • Tool & Skill Management:

    • Corrected tool manifest inclusion for computer-use, ui-surface, and app tools
    • Fixed pre-registered test tool exclusion from core snapshots
    • Improved skill auto-enable functionality using canonical skill IDs
    • Enhanced include validation with fail-closed behavior for errors

  • Data Handling:

    • Fixed attachment upload error handling to prevent conversation interruptions
    • Improved share link expiration handling for legacy links
    • Enhanced one-time credential delivery in standalone publish flows
    • Better error handling in Sentry initialization timing
Check out latest releases or
releases around vellum-ai/vellum-assistant v0.1.23

Don't miss a new vellum-assistant release

NewReleases is sending notifications on new releases.

Get notifications