v1.12.0 — Sandbox tier selection (all OSS), .symbi extension, SecurityTier::Hosted

Highlights

This release ships selectable host-isolation tiers — all OSS (no Enterprise gating), promotes .symbi as the canonical agent file extension, and reshapes the security model so E2B is correctly classified as a hosted backend rather than a peer of the on-host tiers.

Sandbox tier selection — all OSS

Operators now pick the sandbox tier per agent via the DSL with { sandbox = ... } block, or set a project default via [sandbox] tier = "..." in symbiont.toml. All three host-isolation tiers ship in the OSS runtime:

Tier	Backend	Selection	Prerequisites
tier1	Docker	default	docker daemon
tier2	gVisor (runsc)	with { sandbox = "gvisor" }	runsc registered as Docker runtime
tier3	Firecracker microVM	with { sandbox = "firecracker" }	firecracker binary + operator-supplied vmlinux + rootfs.ext4

New runtime modules: crates/runtime/src/sandbox/gvisor.rs and crates/runtime/src/sandbox/firecracker.rs. symbi doctor now reports reachability of runsc and firecracker in addition to docker.

.symbi canonical agent file extension

Agent definitions now use .symbi. Legacy .dsl continues to be recognized indefinitely for backward compatibility — no migration is required. New helpers dsl::is_symbi_file / dsl::strip_symbi_extension. The 14 example agents in agents/ were renamed.

Tier 3 symbi init flags

symbi init --profile assistant --sandbox tier3 \
  --firecracker-kernel /var/lib/firecracker/vmlinux \
  --firecracker-rootfs /var/lib/firecracker/rootfs.ext4

Both paths are validated before scaffolding [sandbox.firecracker] into symbiont.toml. The new docs/firecracker-setup.md covers prerequisites, a quickstart recipe (prebuilt vmlinux + minimal Alpine rootfs), the in-VM init contract, transport patterns for /work (vsock vs. second block device), a hardening checklist, and troubleshooting.

SecurityTier::Hosted — E2B is not a tier

E2B is no longer modeled as a peer of Tier 1/2/3 — it is a separate hosted-cloud backend with no on-host isolation. E2B → SecurityTier::Hosted sorts below Tier1 for ordering, so policies requiring host isolation (tier >= Tier1) now correctly reject hosted execution. E2B remains opt-in only via DSL (with { sandbox = "e2b" }); it is intentionally not exposed as an [sandbox] tier value or a --sandbox flag.

Migration notes

• No breaking changes. Existing .dsl files continue to work without modification.
• Operators using E2B should review any policies that relied on E2B → SecurityTier::Tier1 parity — those policies will now correctly fail on hosted execution unless re-scoped.

Documentation

All English docs and five translations (zh-cn, es, pt, ja, de) updated in lockstep:

• docs/security-model.md — three-tier ladder + Hosted-execution sidebar
• docs/firecracker-setup.md — new (translated to all five languages)
• docs/getting-started.md, docs/runtime-architecture.md, docs/index.md — three-tier coverage
• docs/api-reference.md, docs/docker.md, docs/http-input.md, docs/native-execution-guide.md — .symbi callouts

Verification

cargo fmt --check, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace --no-fail-fast all pass (~1300 tests across the workspace).

Full Changelog: https://github.com/ThirdKeyAI/Symbiont/blob/main/CHANGELOG.md

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.11.0 — symbi shell (Beta), /deploy stack, init Docker ergonomics, approval relay, cross-instance messaging

[1.11.0] - 2026-04-24

Added

• symbi init Docker ergonomics: init now accepts --dir <PATH> for targeting a mounted volume from inside a container (docker run -v $(pwd):/workspace ... init --dir /workspace), generates a ready-to-run docker-compose.yml with correct volume mounts and env wiring, and writes a .env with a freshly generated SYMBIONT_MASTER_KEY (0600 perms) plus a safe-to-commit .env.example. Opt out with --no-docker-compose. symbi up in an empty directory now points the user at symbi init instead of silently starting with no agents. init is promoted to the first subcommand in symbi --help. See docs/docker.md for the new 2-command Docker quickstart.
• symbi shell — interactive TUI: New first-class subcommand providing a ratatui-based terminal UI for building, orchestrating, and operating agents. Inline viewport with live-streaming tool-call cards, async throbber during LLM calls, markdown + diff renderers, toggleable project-structure sidebar, agent-card widget, diff view, and ORGA-phase-colored trace timeline. Command registry with /help, /clear, /quit, /dsl toggle, /model, /cost, /status, input history, and session UUIDs. Agent lifecycle: /agents, /debug, /stop, /pause, /destroy. AI-assisted authoring: /spawn, /policy, /tool, /behavior (artifacts are persisted to disk). Orchestration: async orchestrator wired for conversational mode, /audit command wired to the ORGA journal, automatic context compaction with /compact and /context. Ops: /deploy, /ask, /send, /memory, /run, /chain, /debate, /tools, /skills, /doctor, /logs, /new. Remote attach: /attach, /detach, /cron over HTTP; /channels via remote attach; /secrets via local encrypted store. Session persistence: /snapshot, /resume, /export. Fuzzy @mention + /command completion with grouped popup, auto-trigger on / and @, arrow navigation, @path completion, DSL-aware completion, in-process DSL evaluation in /dsl mode. /init with deterministic profiles and conversational mode. Tree-sitter syntax highlighting for the Symbiont DSL plus Cedar and ToolClad. Artifact validation pipeline: constraint loader, DSL validator, Cedar and ToolClad validators. Theme system, OSC-8 hyperlinks, resize handling, transient-retry, Zellij detection with inline-viewport warning, --yes, --profile.
• Agent deployment stack: /deploy local via Docker with a hardened sandbox runner, /deploy cloudrun for Google Cloud Run (OSS single-agent), and /deploy aws for AWS App Runner (OSS single-agent).
• Cross-instance agent messaging: RemoteCommunicationBus with HTTP messaging endpoints wired into RuntimeBridge's default context. Cron + heartbeat architecture documented in the spec.
• symbi-approval-relay crate: Dual-channel human approval relay.
• symbi schemapin and symbi policy CLI subcommands.
• symbi-invis-strip crate: Zero-dependency Unicode invisible-stripping helper (ASCII C0/DEL, C1, zero-width, bidi overrides, word-joiner/invisible-operator block, BOM, variation selectors, Unicode Tag block, supplementary variation selectors). Opt-in sanitize_field_with_markup variant additionally strips <!-- ... --> HTML comments and triple-backtick fenced blocks for surfaces where renderer-hidden markup has no legitimate use.
• Cedar policy linter (scripts/lint-cedar-policies.py): Detects homoglyph identifiers and invisible control chars in .cedar files. Wired to the repo pre-commit hook and CI test job.
• AgentPin fully wired; SchemaPin enforcement hardened.
• symbi-e2e end-to-end test crate: Covers AgentPin messaging, API auth scope, cross-runtime bus, Docker volumes, messaging ingress, rate limit, and webhook signature verification.
• Opt-in OpenRouter app attribution: Runtime now sets the OpenRouter app-name headers when enabled.
• symbi repl shim subcommand forwards to the repl-cli binary (mirrors the existing symbi shell shim) so the command every docs page has referenced is now a first-class subcommand rather than a separately-built binary.

Changed

• OSS vs Enterprise licensing: Documented in the spec and plan.
• Docs rewrite: docs/index.md, docs/getting-started.md, docs/docker.md lead with a 2-command Docker init flow. New docs/symbi-shell.md covers the Beta interactive TUI end-to-end. docs/repl-guide.md cross-links to the shell. docs/api-reference.md gains a CLI subcommands section covering symbi schemapin, symbi policy, and symbi agents-md. docs/runtime-architecture.md gains a Cross-instance agent messaging subsection. docs/security-model.md gains Invisible-Character Sanitization (symbi-invis-strip), Cedar Policy Linter, and Human Approval Relay (symbi-approval-relay) sections. All five translations (zh-cn, es, pt, ja, de) synced.
• Staleness sweep: Fixed broken copy-paste commands across all language variants — symbiont-runtime → symbi-runtime package name, rewrote the Runtime HTTP API quickstart to use symbi up --http-bind 0.0.0.0 + $SYMBI_HTTP_TOKEN (not the non-existent symbiont-runtime --http-api), docker build -f runtime/Dockerfile . → docker build ., and symbi-runtime = { version = "1.6" } snippet → "1.11". Documented the previously-undocumented symbi new templates (webhook-min, webscraper-agent, slm-first, rag-lite) and the OPENROUTER_REFERER / OPENROUTER_TITLE env vars.
• /attach scheme policy: Documentation clarified that /attach accepts HTTP or HTTPS; https:// is required for any remote or production target.

Fixed

• symbi-shell: /spawn, /policy, /tool, /behavior now actually persist their artifacts; Enter submits on first press even when the completion popup is visible; content scroll fix with all warnings eliminated; batched UX fixes.
• CI: Unblocked minimal build and Docker build, added 4 missing fuzz targets, normalised cargo fmt across the workspace, silenced approx_constant lint, fixed three release-workflow + test issues exposed by v1.10.0.
• OSS sync: Include tests/e2e workspace member in the OSS allowlist and Docker context.

Security

• 2026-04-18 audit remediation: Closed H-2/H-3/H-4 (reasoning policy gate, SchemaPin SSRF/TLS, parallel-cap enforcement). Hardened medium-severity findings (M-2..M-11 subset) and low-severity findings (L-1, L-3, L-5, L-6).
• SystemTime overflow DoS in the remote envelope parser fixed; Docker proto dependencies and fuzz-target tokio runtime aligned.
• Agent scope enforcement: Applied to every /api/v1 agent, schedule, and channel route.
• Bus signature verification enforced; ToolClad custom parsers gated.
• 4 new fuzz targets for the messaging attack surface.
• Dependency CVE patches; remote-bus env var unified; env-touching tests serialised to prevent cross-test interference.

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.10.0 — HTTP Input LLM invocation with ToolClad

HTTP Input LLM invocation with ToolClad ORGA loop

When the target agent is not Running on the runtime communication bus, the webhook handler now falls through to an on-demand LLM invocation path that runs an ORGA-style tool-calling loop against ToolClad manifests. This enables webhook endpoints to execute agents that live as DSL definitions without requiring them to be long-running listeners.

Added

• HTTP Input LLM invocation with ToolClad: Falls back to LLM + ToolClad when the target agent is not Running. Tools execute on a blocking thread pool with a 120-second per-tool timeout. Duplicate (tool, input) pairs within a single iteration are deduplicated. Provider auto-detected from OPENROUTER_API_KEY, OPENAI_API_KEY, or ANTHROPIC_API_KEY.
• Normalized LLM tool-calling client: LlmClient::chat_with_tools returns a unified content-block shape across Anthropic (native tool_use) and OpenAI/OpenRouter (function calling normalized to the same format).
• Webhook response metadata: LLM-invoked responses include response, tool_runs, model, provider, latency_ms, and status: completed.

Fixed

• Agent state check before communication bus dispatch: invoke_agent now verifies the target agent is in the Running state via scheduler.get_agent_status() before sending a message. Previously send_message returned Ok for unregistered agents and delivery failed silently, producing a false "execution_started" response.
• UTF-8 safe string truncation: Tool output previews and caller-supplied system_prompt values are truncated on UTF-8 character boundaries to prevent panics on multi-byte output.
• system_prompt length cap: Caller-supplied system_prompt is now capped at 4096 bytes and logged; remains a prompt-injection surface when exposed to untrusted callers.

Docs

Updated docs/http-input.md with a new "LLM Invocation with ToolClad Tools" section, updated response shapes, real audit log examples, and translations for de, es, ja, pt, zh-cn.

Tests

• 4 new tests for LlmClient tool/message normalization
• 8 new tests for UTF-8 safe truncation covering ASCII, emoji, CJK, boundary conditions

Full Changelog: v1.9.1...v1.10.0

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.9.1

What's Changed

Optional LanceDB build feature

LanceDB, arrow-array, and arrow-schema are now optional dependencies gated behind the vector-lancedb feature flag. LanceDB remains in the default feature set so existing builds are unaffected.

Build without vector backends for lighter binaries:

cargo build --no-default-features

Build with only Qdrant:

cargo build --no-default-features --features vector-qdrant

When no vector backend is enabled, the runtime gracefully falls back to NoOpVectorDatabase.

Documentation overhaul

• README restructured around "policy-governed agent runtime" positioning
• Core capabilities table trimmed from 17 to 8 rows
• DSL example simplified to show allow/deny/audit pattern
• Performance claims linked to benchmark harness instead of inline numbers
• Community vs Enterprise editions clearly delineated
• All 5 translations (zh-cn, es, pt, ja, de) updated to match
• Docs index rewritten to match README messaging
• SECURITY.md support matrix updated to 1.9.x/1.8.x

Fixes

• Rust version requirement: 1.88+ → 1.82+ across all docs (matches workspace MSRV)
• Dockerfile port comment: 8080 is Runtime API/MCP, not gRPC
• Removed dead enterprise/README.md link from public READMEs
• Removed speculative Risk Assessment Algorithm from security and architecture docs

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.9.0

What's New in v1.9.0

ToolClad Integration

• Declarative .clad.toml tool contracts with manifest loading, argument validation, and command execution
• HTTP backend and MCP proxy backend with secrets injection
• SessionExecutor and BrowserExecutor for ToolClad v0.4.0+ spec
• Built-in tool manifests for whois, nmap, dig, and curl

symbi tools CLI

• Scope enforcement, Cedar policy generation, and hot-reload file watcher

Production Hardening

• Bounded channels, health probes, secrets TTL
• Cedar policy reload, audit export, and rate limiting
• W3C traceparent propagation for distributed tracing

Security Fixes

• Critical DoS vector mitigation
• JWT validation hardening
• Environment variable leakage prevention
• Sandbox guard improvements

Other

• A2UI v0.2.0 update
• BrowserDef v0.5.1 with connect, extract_mode, default engine
• Concurrency, resource exhaustion, and memory efficiency fixes

Crate Versions

Crate	Version
symbi	1.9.0
symbi-dsl	1.9.0
symbi-runtime	1.9.0
symbi-channel-adapter	0.1.2
repl-core	1.9.0
repl-proto	1.9.0
repl-cli	1.9.0
repl-lsp	1.9.0

Full Changelog: https://github.com/ThirdKeyAI/Symbiont/blob/main/CHANGELOG.md

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.8.1

What's New in v1.8.1

symbi run — Single Agent Execution

Run any agent directly from the CLI without starting the full runtime:

symbi run recon --input '{"target": "10.0.1.5"}'
symbi run assistant -i 'Summarize this document' --max-iterations 5

Resolves agent names from agents/ directory, sets up cloud inference from env vars, runs the ORGA loop, and exits.

Usability Fixes

• Auth clarity at startup: Shows which token applies to which port (Runtime API :8080 (auth: SYMBIONT_API_TOKEN), HTTP Input :8081 (auth: --http.token))
• SYMBIONT_MASTER_KEY warning: Startup warns if missing instead of silently failing
• DSL # comments: Hash-style comments now supported alongside //
• Agent names in API: GET /api/v1/agents returns {id, name, state} instead of bare UUIDs
• Multi-agent auto-routing: All loaded agents get /webhook/<name> routes
• Top-level cedar feature flag: cargo build --features cedar works directly
• protoc documented: Added to prerequisites in getting-started docs
• rust-version = "1.82": MSRV now explicit in Cargo.toml

Bug Fixes

• Fix default Anthropic model name (claude-sonnet-4-20250514)
• Fix cargo fmt formatting

Full Changelog: v1.8.0...v1.8.1

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.8.0

What's New in v1.8.0

symbi init — Project Initialization

Interactive project scaffolding with profile-based templates. Choose from minimal, assistant, dev-agent, or multi-agent profiles with configurable SchemaPin verification and sandbox tiers. Includes a built-in agent catalog for importing pre-built governed agents.

symbi init                          # interactive wizard
symbi init --profile dev-agent --no-interact  # CI/scripted
symbi init --catalog list           # browse agent catalog

Inter-Agent Communication Governance

All inter-agent builtins (ask, delegate, send_to, parallel, race) are now routed through the CommunicationBus with policy evaluation via the new CommunicationPolicyGate. Cedar-style rules control which agents can communicate, with priority-based evaluation and hard deny on policy violations. Messages are cryptographically signed (Ed25519), encrypted (AES-256-GCM), and audited.

Other Changes

• CI: Replace deprecated arduino/setup-protoc with native package managers for Node.js 24 compatibility
• Documentation updates and translations (zh-cn, es, pt, ja, de)

Full Changelog: v1.7.1...v1.8.0

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.7.1

What's Changed

Added

• AI Assistant Plugin docs: Document symbi-claude-code and symbi-gemini-cli governance plugins in README, getting-started, and index docs
• SchemaPin discovery JSON: Support SchemaPin discovery JSON format in fetch_public_key
• Cosign binary signing: Release workflow now signs binaries with cosign

Changed

• Drop Intel macOS builds: Remove x86_64-apple-darwin target from release workflow; install script provides source/Homebrew guidance
• Cross-build optimization: Use thin LTO and 4 codegen units for cross builds to avoid OOM during linking
• README images: Use absolute GitHub URLs for logo images

Fixed

• Release workflow: Multiple fixes for cross-compilation (protoc in cross container, vcpkg OpenSSL on Windows, NASM for Windows builds)
• Publish workflow: Improved reliability for crates.io publishing

Crate Versions

Crate	Version
symbi	1.7.1
symbi-dsl	1.7.1
symbi-runtime	1.7.1
symbi-channel-adapter	0.1.2
repl-core	1.7.1
repl-proto	1.7.1
repl-cli	1.7.1
repl-lsp	1.7.1

Full Changelog: v1.7.0...v1.7.1

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Symbiont v1.7.0

Symbiont v1.7.0

Standalone Agent SDK

• symbi_runtime::prelude — one-import module for standalone agents
• ReasoningLoopRunner::builder() — typestate builder
• ToolFilterPolicyGate — tool-name whitelisting
• cloud-llm and standalone-agent feature flags

External Agent Integration

• External execution mode, heartbeat/event endpoints, unreachable detection

Pre-Built Binary Releases

• Cross-platform: linux x86_64/aarch64, macOS x86_64/aarch64, Windows x86_64
• brew tap thirdkeyai/tap && brew install symbi
• curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Pre-built binaries are tested but considered less reliable than cargo install symbi or Docker.

Other

• Advanced reasoning primitives (orga-adaptive), coordinator chat, production safety fixes, Apache 2.0 relicense

Crate	Version
symbi	1.7.0
symbi-dsl	1.7.0
symbi-runtime	1.7.0
symbi-channel-adapter	0.1.2
repl-core	1.7.0
repl-proto	1.7.0
repl-cli	1.7.0
repl-lsp	1.7.0

Full Changelog: v1.6.1...v1.7.0

Pre-Built Binaries

Note: Pre-built binaries are tested but considered less reliable than installing via cargo install symbi or Docker (ghcr.io/thirdkeyai/symbi). If you encounter issues, please try those methods first.

Quick Install

macOS / Linux:

curl -fsSL https://raw.githubusercontent.com/thirdkeyai/symbiont/main/scripts/install.sh | bash

Homebrew (macOS):

brew tap thirdkeyai/tap
brew install symbi

Manual download:
Download the appropriate binary for your platform from the assets below. Verify checksums with checksums.txt.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate symbi-*.pem --signature symbi-*.sig symbi-*.tar.gz \
  --certificate-identity-regexp="https://github.com/ThirdKeyAI/Symbiont" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

v1.6.1

Pin qdrant-client to >=1.14.0, <1.16.0 to fix cargo install symbi breakage caused by breaking API changes in qdrant-client 1.16+.