Update agent-sh/agnix action to v0.37.5#78
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
yegor256
approved these changes
Jul 3, 2026
Member
|
@rultor please, try to merge, since 9 checks have passed |
e0db621 to
378e566
Compare
378e566 to
8539886
Compare
8539886 to
ee64795
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.36.2→v0.37.5Release Notes
agent-sh/agnix (agent-sh/agnix)
v0.37.5Compare Source
Fixed
agnix-coreand mirror it fromknowledge-base/removed-rules.json, so publishedagnix-coretarballs verify outside the workspace and downstream crates can publish cleanly.v0.37.4Compare Source
Added
--format githubemits GitHub Actions annotations. Addedagnix explain <RULE>with text/JSON output..agnix.tomlnow supportsextend,[rules.severity]per-rule overrides, and inline suppressions (agnix: noqa,agnix-disable-next-line). Rule lifecycle policy is documented, removedAS-*rule IDs warn in config, and 37 security-facing rules now carry CWE/OWASP/vulnerability-class metadata that SARIF exports as taxonomies.v0.37.3Compare Source
Added
Fixed
@importreferences from large non-code spans, keeping dense-at-sign inputs linear while preserving UTF-8 behavior..agnix.tomlvalidation, avoiding spuriouscore.config.unknown_rulewarnings when disabling valid rules.serde_yamldependency fromrust-i18n..agnix.tomlcannot be parsed instead of validating with defaults, skill frontmatter now reports duplicate top-level YAML keys instead of silently applying last-wins parsing, telemetry storage failures are logged at debug level,agnix-lspinitializes stderr tracing for startup/config-load visibility, bareagnix --fix/--dry-runnow apply or preview only safe fixes unless--fix-unsafeis explicitly selected, and the rule-doc parity test now catches stale inline/table rule IDs such as the removedAS-010andAS-014references.v0.37.2Compare Source
Fixed
cargo auditignores for advisories whose crates are no longer inCargo.lock, realigned the audit andcargo-denyadvisory policies withdocs/RUSTSEC-ADVISORIES.md, and moved agnix's direct YAML/frontmatter parser dependency to the maintainedserde_norwayfork while keeping the internalserde_yamlcrate alias stable. Added regression coverage so the advisory lists and YAML parser package cannot drift silently.syncing_filesdeployment failures.validate_fileandvalidate_projecttools now reject client-supplied paths that canonicalize outside the server working directory. Completion helpers clamp raw byte offsets to UTF-8 character boundaries before slicing, project validation converts per-file validator panics into diagnostics, and release builds keep unwinding enabled so one bad file cannot abort an entire scan.agnix/agnix-lspartifacts. Release tags now run fmt, clippy, and workspace tests before GitHub releases, crates.io publish, or VS Code Marketplace publish can proceed.v0.37.1Compare Source
Fixed
.agnix.tomlunknown-key rejection with explicit legacy no-op compatibility, character-based skill length checks, lossy non-ASCII AS-004 fix suppression, deterministic diagnostic ordering, and i18n tests that no longer mutate global locale state. Regenerated.agnix.tomlschemas, added schema/rule-count CI gates, corrected stale rule/version/package/config docs, updated plugin contact metadata, and maderules.json/VALIDATION-RULES.mdparity bidirectional.agnix-lsp.exeand tells users to provide the full absolute executable path, so locked-down Windows users do not silently fall back to the blocked auto-downloaded binary.v0.37.0Compare Source
Added
UserPromptExpansion,PermissionDenied, andPostToolBatch; treatsPermissionDeniedas a tool/matcher event; supports the current prompt/agent hook event matrix; and validates documented event-specific matcher values.Notificationmatchers now accept the newagent_needs_inputandagent_completedvalues. Agent hooks use the current 60-second default timeout threshold, while prompt hooks keep the 30-second threshold. Rule count remains 432.Changed
ampcustom-agents->read-bigger-threads,claude-codev2.1.195->v2.1.198,clinecli-v3.0.31->v4.0.6,codexrust-v0.142.3->rust-v0.142.5,cursor3.9.8->3.9.16, andopencodev1.17.11->v1.17.13(closes #1104, #1105, #1107, #1108, #1109). Aside from the Claude hook schema changes above, the releases were triaged as model/runtime/UI/provider/news changes outside agnix's current validated config surfaces..github/tool-release-baselines.json,knowledge-base/RESEARCH-TRACKING.md, hook rule metadata, generated rule docs, and locales were updated.Fixed
https://agent-sh.github.io/agnix/(HTTP 200), but several user-facing rule-doc links still hard-coded the pre-migrationhttps://avifenesh.github.io/agnixhost, which now returns 404. Updated the live host in the LSP diagnosticcode_description(clickable rule links in IDEs), the SARIFhelpUriemitted for every rule (CI integrations), the VS CodeshowRules/showRuleDocactions, the NeovimAgnixShowRuleDoccommand and rule pickers, the npm/VS Code/agnix-rulesREADMEs, and the Docusaurusurl/organizationName/JSON-LD androbots.txtsitemap. Historicalwebsite/versioned_docs/**snapshots and past changelog entries are intentionally left untouched. This is the same broken-doc-link class as the JetBrains Marketplace Documentation resource link in #1099 (that link is corrected in the Marketplace web admin, not in-repo).agnix-lspexecution (refs #1102). On locked-down/managed Windows (AppLocker, Windows Defender Application Control, EDR, or antivirus), the OS can refuse to execute the auto-downloadedagnix-lsp.exefrom its user-writable plugin directory, surfacing asCreateProcess error=5, Access is denied. Previously this appeared only as a rawCannotStartProcessExceptionstack trace. The plugin now detects access-denied launch failures (locale-independent: matches the Win32error=5/ POSIXerrno=13/EACCEScodes, not localized text) and shows an explanatory notification with "Set Binary Path" and "Troubleshooting" actions, since upgrading the IDE does not resolve an OS-level execution block. The original exception is re-thrown so LSP4IJ's lifecycle handling is unchanged. Documented the workaround ineditors/jetbrains/README.mdanddocs/EDITOR-SETUP.md.Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.