Skip to content

Releases: Wintersta7e/agentdeck

v4.8.2

01 Apr 16:54
@Wintersta7e Wintersta7e
v4.8.2
a5b2b52

Choose a tag to compare

View all tags
v4.8.2 Latest
Latest

Deep Code Review — 6 rounds, 82 issues fixed

Fixed

  • Cost tracking silently broken for all sessions — $HOME inside single quotes prevented bash expansion
  • Workflow deadlock reported as false success instead of error
  • Startup commands && chain silently prevented agent launch on setup failure
  • Implicit PTY exit force-discarded isolated worktrees (data loss)
  • Project deletion with active sessions orphaned worktrees
  • Loop counter reset affected sibling loop edges
  • Agent updater hardcoded .js bin entry suffix
  • Timer TOCTOU race in CostTracker, registry leak for deleted worktrees
  • 10+ additional memory leak, state cleanup, and UI fixes

Security

  • SAFE_ID_RE validated consistently across all 53 IPC channels
  • Shell injection hardening (shellQuote, path traversal normalization)
  • Renderer log data bounded, agentFlags validated, wsl.exe -- separators

Performance

  • Titlebar narrow selector (prevents re-renders at PTY data rate)
  • Concurrent workflow file reads, async worktree registry I/O
  • O(1) isDone() in edge-scheduler, O(1) agent metadata lookup
  • Cached accent RGB, static position arrays, filename-based prune sort

611 tests, 0 lint warnings. Full changelog in CHANGELOG.md.

Assets 3
Loading

v4.8.1

31 Mar 22:33
@Wintersta7e Wintersta7e
v4.8.1
1c330cd

Choose a tag to compare

View all tags
v4.8.1

Critical Fix

Agent updater: fix bin symlink repair that caused agent "uninstall" on update

When updating npm-based agents (e.g. Codex), npm install -g can remove the bin symlink without recreating it — a known npm bug with platform-specific optional dependencies. The previous repair mechanism used npm prefix -g to locate the package, but this returns /usr (system npm) when nvm fails to activate in non-interactive login shells (bash -lc), making the repair silently fail.

Changes

  • Use node -e with process.execPath to derive the correct nvm prefix — always resolves correctly regardless of shell PATH state
  • Attempt bin link repair after rollback — previously only attempted after the initial failed install, missing the common case where rollback also loses the symlink
  • Promote repair failure logging from debug to warn — failures are now visible in production logs

Impact

Without this fix, updating any nvm-managed agent could permanently remove it. The previous repair code was a no-op due to the wrong npm prefix.

Loading