agentsys 5.11.0 → 5.12.0

package/.claude-plugin/marketplace.json

@@ -1,7 +1,7 @@
 {
   "name": "agentsys",
   "description": "20 specialized plugins for AI workflow automation - task orchestration, PR workflow, slop detection, code review, drift detection, enhancement analysis, documentation sync, unified static analysis, perf investigations, topic research, agent config linting, cross-tool AI consultation, structured AI debate, workflow pattern learning, codebase onboarding, contributor guidance, and Zig language support",
-  "version": "5.11.0",
+  "version": "5.12.0",
   "owner": {
     "name": "Avi Fenesh",
     "url": "https://github.com/avifenesh"
@@ -40,11 +40,11 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/prepare-delivery.git",
-        "commit": "693d7649501608da49aea8efe610a7029100b8f2",
-        "ref": "v0.1.1"
+        "commit": "0e9685fe0e93e058af5ca9a0374f4f97e1db878c",
+        "ref": "v0.1.2"
       },
       "description": "Pre-ship quality gates: deslop, simplify, agnix, enhance, review loop, delivery validation, docs sync",
-      "version": "0.1.1",
+      "version": "0.1.2",
       "category": "productivity",
       "homepage": "https://github.com/agent-sh/prepare-delivery"
     },
@@ -78,7 +78,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/deslop.git",
-        "commit": "dc49a5309a104a011439f87b346d1c3b47375db2"
+        "commit": "00301b9ce81d12caa38063e4a65b535ba5b011b2"
       },
       "description": "3-phase AI slop detection: regex patterns (HIGH), multi-pass analyzers (MEDIUM), CLI tools (LOW)",
       "version": "1.0.0",
@@ -90,11 +90,11 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/audit-project.git",
-        "commit": "2c961a84ab5945670be44d6c54eb496099effe48",
-        "ref": "v1.0.1"
+        "commit": "f703facec38765b6fd8cb5a2076c98bf14e5998e",
+        "ref": "v1.0.2"
       },
       "description": "Multi-agent iterative code review until zero issues remain",
-      "version": "1.0.1",
+      "version": "1.0.2",
       "category": "development",
       "homepage": "https://github.com/agent-sh/audit-project"
     },
@@ -103,7 +103,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/drift-detect.git",
-        "commit": "e7edd602a0e24ae2bff8e262c58e481aae448944"
+        "commit": "576aca37402068aef175c8a6002584e19cb6ea74"
       },
       "description": "Deep repository analysis to realign project plans with code reality - detects drift, gaps, and creates prioritized reconstruction plans",
       "version": "1.0.0",
@@ -115,7 +115,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/enhance.git",
-        "commit": "31e7d3861afb20b3d910be957387de23dc3ae854"
+        "commit": "93f299e494a3a9ea74e82bd2d15bc1c517ce8f0c"
       },
       "description": "Master enhancement orchestrator: parallel analyzer execution for plugins, agents, docs, CLAUDE.md, and prompts with unified reporting",
       "version": "1.0.0",
@@ -127,7 +127,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/sync-docs.git",
-        "commit": "961f5e67b583f70a4e0ad3ad83503ab90decc11d"
+        "commit": "410e06739da101583b7238669f4acad7f5aea7ab"
       },
       "description": "Standalone documentation sync: find outdated refs, update CHANGELOG, flag stale examples based on code changes",
       "version": "1.0.0",
@@ -165,7 +165,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/learn.git",
-        "commit": "e28ea11f4622509d1ae7425fa97f7dd719d43716"
+        "commit": "b3025d376a83841078f3ab5cf53b62c6960e46c3"
       },
       "description": "Research topics online and create comprehensive learning guides with RAG-optimized indexes",
       "version": "1.0.0",
@@ -190,7 +190,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/agent-sh/consult.git",
-        "commit": "3115688a7c6079a04e8caa0183c1ca020e3d413d"
+        "commit": "8ce96f86c0ae67f732383a8b45c9994a7cd64d2a"
       },
       "description": "Cross-tool AI consultation: get second opinions from Gemini CLI, Codex CLI, Claude Code, OpenCode, or Copilot CLI with model and thinking effort control",
       "version": "1.0.0",

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "agentsys",
-  "version": "5.11.0",
+  "version": "5.12.0",
   "description": "Professional-grade slash commands for Claude Code with cross-platform support",
   "keywords": [
     "workflow",

package/CHANGELOG.md

@@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.12.0] - 2026-04-26
+
+### Propagated upstream releases
+- agent-core v0.4.4 (fixer.js symlink + TOCTOU) -> v0.4.5 (client-side SLSA verification + sync allowlist) synced into all 13 consumers.
+- agent-analyzer v0.8.0 -> v0.8.1 (cargo-deny CI).
+- prepare-delivery v0.1.2, audit-project v1.0.2 (reviewer-contract markers + orchestrator blocked handling).
+
 ## [5.11.0] - 2026-04-26
 
 ### Changed

package/lib/binary/index.js

@@ -19,6 +19,22 @@
  *     script validates every zip entry before extracting it and rejects
  *     absolute, UNC, and parent-traversal entries.
  *
+ * Verification chain (in order, each gate must pass to proceed):
+ *   1. TLS - https.get() pins the GitHub CA chain at the OS level.
+ *   2. SHA-256 sidecar - `<asset>.sha256` fetched from the same release and
+ *      verified against the downloaded bytes. Closes basic tampering.
+ *   3. SLSA build provenance (optional / required) - `gh attestation verify`
+ *      checks the Sigstore-signed attestation that agent-analyzer's release
+ *      workflow publishes via `actions/attest-build-provenance`. This closes
+ *      the "stolen release token uploads attacker binary + attacker sha256"
+ *      hole that steps 1 and 2 cannot see.
+ *
+ *      SLSA verification is SOFT by default: if `gh` is not on PATH we log
+ *      a warning and proceed with just SHA-256. Set env var
+ *      `AGENT_ANALYZER_REQUIRE_ATTESTATION=1` to make a missing `gh` a hard
+ *      failure (recommended for CI). A present `gh` that reports a failed
+ *      verification is ALWAYS a hard failure regardless of the env var.
+ *
  * @module lib/binary
  */
 
@@ -572,6 +588,117 @@ function findBinaryInScratch(scratch, binaryBaseName) {
   return null;
 }
 
+// ---------------------------------------------------------------------------
+// SLSA build provenance verification
+// ---------------------------------------------------------------------------
+
+/**
+ * Result of an attempted SLSA attestation verification.
+ * @typedef {Object} SlsaResult
+ * @property {'verified'|'skipped'|'failed'} status
+ * @property {string} [reason]   human-readable detail (for skipped/failed)
+ * @property {string} [stderr]   captured stderr from `gh` (failed only)
+ */
+
+/**
+ * Default runner: spawn `gh attestation verify` and return the captured
+ * exit code, stdout, and stderr. Injectable for tests.
+ * @param {string} filePath
+ * @param {string} repo e.g. `agent-sh/agent-analyzer`
+ * @returns {{ status: number|null, stdout: string, stderr: string }}
+ */
+function defaultGhRunner(filePath, repo) {
+  try {
+    const stdout = cp.execFileSync(
+      'gh',
+      ['attestation', 'verify', filePath, '--repo', repo, '--format', 'json'],
+      {
+        encoding: 'utf8',
+        stdio: ['ignore', 'pipe', 'pipe'],
+        timeout: 60000,
+        windowsHide: true
+      }
+    );
+    return { status: 0, stdout: stdout || '', stderr: '' };
+  } catch (err) {
+    return {
+      status: typeof err.status === 'number' ? err.status : null,
+      stdout: err.stdout ? String(err.stdout) : '',
+      stderr: err.stderr ? String(err.stderr) : (err.message || '')
+    };
+  }
+}
+
+/**
+ * Returns true if the `gh` CLI is on PATH. Uses a short, non-privileged probe.
+ * @param {function} [runner] optional probe; defaults to real `gh --version`
+ * @returns {boolean}
+ */
+function isGhAvailable(runner) {
+  if (typeof runner === 'function') {
+    try { return !!runner(); } catch (e) { return false; }
+  }
+  try {
+    cp.execFileSync('gh', ['--version'], {
+      stdio: 'ignore',
+      timeout: 5000,
+      windowsHide: true
+    });
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+
+/**
+ * Verify a downloaded asset's SLSA build provenance attestation via the
+ * GitHub CLI. The check is SOFT by default: if `gh` is not installed the
+ * function returns { status: 'skipped' } and the caller logs a warning. Set
+ * `requireAttestation` (or the env var) to make a missing `gh` a failure.
+ *
+ * A present `gh` that reports verification failure ALWAYS returns
+ * { status: 'failed' } regardless of `requireAttestation`; the caller is
+ * expected to abort in that case.
+ *
+ * @param {string} filePath absolute path to the downloaded archive
+ * @param {Object} [options]
+ * @param {string} [options.repo] e.g. `agent-sh/agent-analyzer`
+ * @param {boolean} [options.requireAttestation] defaults to env
+ *   `AGENT_ANALYZER_REQUIRE_ATTESTATION === '1'`
+ * @param {function} [options.ghRunner] injectable runner for tests. Receives
+ *   (filePath, repo), returns { status, stdout, stderr }.
+ * @param {function} [options.ghProbe] injectable gh-on-PATH probe for tests.
+ * @returns {SlsaResult}
+ */
+function verifySlsaAttestation(filePath, options) {
+  const opts = options || {};
+  const repo = opts.repo || GITHUB_REPO;
+  const runner = typeof opts.ghRunner === 'function' ? opts.ghRunner : defaultGhRunner;
+  const require_ = typeof opts.requireAttestation === 'boolean'
+    ? opts.requireAttestation
+    : process.env.AGENT_ANALYZER_REQUIRE_ATTESTATION === '1';
+
+  const ghPresent = isGhAvailable(opts.ghProbe);
+  if (!ghPresent) {
+    const reason = '`gh` CLI not found on PATH';
+    if (require_) {
+      return { status: 'failed', reason: reason + ' (AGENT_ANALYZER_REQUIRE_ATTESTATION=1)' };
+    }
+    return { status: 'skipped', reason: reason };
+  }
+
+  const result = runner(filePath, repo);
+  if (result && result.status === 0) {
+    return { status: 'verified' };
+  }
+  return {
+    status: 'failed',
+    reason: 'gh attestation verify exited with status ' +
+      (result && result.status !== null ? result.status : 'unknown'),
+    stderr: (result && result.stderr) || ''
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Download + install
 // ---------------------------------------------------------------------------
@@ -582,11 +709,19 @@ function findBinaryInScratch(scratch, binaryBaseName) {
  * @param {Object} [options]
  * @param {boolean} [options.skipChecksum=false] LOCAL DEV ONLY. Skips the
  *   `.sha256` sidecar fetch and verification. NEVER set this in production.
+ * @param {boolean} [options.skipAttestation=false] LOCAL DEV ONLY. Skips the
+ *   SLSA attestation check entirely.
+ * @param {boolean} [options.requireAttestation] when true, a missing `gh`
+ *   CLI becomes a hard failure. Defaults to
+ *   `process.env.AGENT_ANALYZER_REQUIRE_ATTESTATION === '1'`.
+ * @param {function} [options.ghRunner] injectable runner for tests.
+ * @param {function} [options.ghProbe] injectable gh-on-PATH probe for tests.
  * @returns {Promise<string>} path to the installed binary
  */
 async function downloadBinary(ver, options) {
   const opts = options || {};
   const skipChecksum = opts.skipChecksum === true;
+  const skipAttestation = opts.skipAttestation === true;
 
   const platformKey = getPlatformKey();
   if (!platformKey) {
@@ -643,6 +778,47 @@ async function downloadBinary(ver, options) {
     verifySha256(buf, expected, filename);
   }
 
+  // --- 2b. Verify SLSA build provenance (optional / required) ------------
+  if (skipAttestation) {
+    process.stderr.write(
+      '[WARN] skipAttestation=true - SLSA verification disabled. ' +
+      'This is LOCAL DEV ONLY and MUST NOT be used in production.\n'
+    );
+  } else {
+    // `gh attestation verify` needs a real file. Persist buf to a tmp path,
+    // verify, then drop it. Extraction continues from the in-memory buf so
+    // we don't need the tmp file beyond the verify call.
+    const attestDir = fs.mkdtempSync(path.join(os.tmpdir(), 'agent-analyzer-slsa-'));
+    const attestFile = path.join(attestDir, filename);
+    try {
+      fs.writeFileSync(attestFile, buf);
+      const result = verifySlsaAttestation(attestFile, {
+        repo: GITHUB_REPO,
+        requireAttestation: opts.requireAttestation,
+        ghRunner: opts.ghRunner,
+        ghProbe: opts.ghProbe
+      });
+      if (result.status === 'verified') {
+        process.stderr.write('[OK] SLSA attestation verified for ' + filename + '\n');
+      } else if (result.status === 'skipped') {
+        process.stderr.write(
+          '[WARN] SLSA attestation check skipped: ' + result.reason + '. ' +
+          'Install the GitHub CLI (`gh`) to enable provenance verification. ' +
+          'Set AGENT_ANALYZER_REQUIRE_ATTESTATION=1 to require it.\n'
+        );
+      } else {
+        // 'failed'
+        throw new Error(
+          'SLSA attestation verification failed for ' + filename + ': ' +
+          result.reason + '. Refusing to execute binary.' +
+          (result.stderr ? '\n--- gh stderr ---\n' + result.stderr : '')
+        );
+      }
+    } finally {
+      rmrf(attestDir);
+    }
+  }
+
   // --- 3. Extract to isolated scratch dir + validate entries -------------
   const binaryBaseName = path.basename(binPath);
   let scratch;
@@ -707,7 +883,13 @@ async function ensureBinary(options) {
     }
   }
 
-  return downloadBinary(targetVer, { skipChecksum: opts.skipChecksum === true });
+  return downloadBinary(targetVer, {
+    skipChecksum: opts.skipChecksum === true,
+    skipAttestation: opts.skipAttestation === true,
+    requireAttestation: opts.requireAttestation,
+    ghRunner: opts.ghRunner,
+    ghProbe: opts.ghProbe
+  });
 }
 
 /**
@@ -730,11 +912,27 @@ function ensureBinarySync(options) {
 
   const targetVer = (options && options.version) || ANALYZER_MIN_VERSION;
   const skipChecksum = !!(options && options.skipChecksum);
+  const skipAttestation = !!(options && options.skipAttestation);
+  // Forward requireAttestation when explicitly set (tri-state: undefined
+  // lets the child fall back to the AGENT_ANALYZER_REQUIRE_ATTESTATION
+  // env var, matching ensureBinary()). Without this forwarding, a sync
+  // caller with requireAttestation:true would silently lose the hard-fail
+  // intent when gh is missing.
+  const requireAttestation = options && typeof options.requireAttestation === 'boolean'
+    ? options.requireAttestation
+    : undefined;
   const selfPath = __filename;
+  const ensureOpts = {
+    version: targetVer,
+    skipChecksum: skipChecksum,
+    skipAttestation: skipAttestation
+  };
+  if (requireAttestation !== undefined) {
+    ensureOpts.requireAttestation = requireAttestation;
+  }
   const helperLines = [
     'var b = require(' + JSON.stringify(selfPath) + ');',
-    'b.ensureBinary({ version: ' + JSON.stringify(targetVer) +
-      ', skipChecksum: ' + JSON.stringify(skipChecksum) + ' })',
+    'b.ensureBinary(' + JSON.stringify(ensureOpts) + ')',
     '  .then(function(p) { process.stdout.write(p); })',
     '  .catch(function(e) { process.stderr.write(e.message); process.exit(1); });'
   ];
@@ -798,6 +996,8 @@ module.exports = {
   assertSafeArchiveEntry,
   assertInsideRoot,
   downloadBinary,
+  verifySlsaAttestation,
+  isGhAvailable,
   // Exported for tests only
   extractTarGzToScratch,
   extractZipToScratch,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentsys",
-  "version": "5.11.0",
+  "version": "5.12.0",
   "description": "A modular runtime and orchestration system for AI agents - works with Claude Code, OpenCode, and Codex CLI",
   "main": "lib/platform/detect-platform.js",
   "type": "commonjs",

package/site/content.json

@@ -5,7 +5,7 @@
     "url": "https://agent-sh.github.io/agentsys",
     "repo": "https://github.com/agent-sh/agentsys",
     "npm": "https://www.npmjs.com/package/agentsys",
-    "version": "5.11.0",
+    "version": "5.12.0",
     "author": "Avi Fenesh",
     "author_url": "https://github.com/avifenesh"
   },