Aller au contenu
Toutes les versions

v0.3.9

Sortie le .

Paneflow v0.3.9

This release rebuilds the native terminal engine on upstream alacritty_terminal and lands a deep hardening pass over the whole codebase: two full security and correctness audits remediated, a hardened self-update path, bounded IPC and subprocesses, and blocking work moved off the render thread.

Terminal

  • Native terminal engine rebuilt on upstream alacritty_terminal with rendering parity: OSC 8 hyperlinks, configurable cursor shapes, and a live scrollbar.
  • Faithful cursor and alt-screen input handling, with PTY teardown and exit-status reporting so a closed shell reports how it ended.
  • A new Terminal settings tab plus a terminal block in the config schema and loader.
  • Golden snapshot tests lock terminal rendering against regressions.

Self-update and trust

  • The self-update path is hardened end to end: the downloaded candidate is verified before it can replace the live binary, updates swap in atomically with crash recovery, and integrity diagnostics are surfaced instead of swallowed.
  • Per-platform verification was added: macOS codesign and spctl gating with Team ID pinning, Windows Authenticode through WinVerifyTrust, hardened tar.gz and AppImage extraction, and native host architecture detection for Rosetta and WOW64.
  • The release pipeline gained an in-CI minisign signing step and a dual-key rotation runbook, so artifacts can be verified against a public key embedded in the binary once the key is provisioned.

Reliability and security

  • Panics on untrusted input are eliminated across session restore, config parsing, IPC, date handling, and layout, with fail-safe accessors replacing defensive indexing.
  • Every external surface is bounded against resource exhaustion: the IPC server caps line size, concurrency, and idle time; external subprocesses run under a timeout with a watchdog; ingress and DoS caps live in one module.
  • Untrusted content is sanitized: markdown strips bidi and zero-width characters, git refs lose control bytes before they reach agent prompts, and session ids are validated to block argument injection.
  • Persisted config and session input is validated and clamped, with atomic write-and-rename for paneflow.json and symmetric bounds across session, IPC, and the schema.
  • Terminal and shim lifecycle hardening: PID-reuse guards, an environment deny-list and scrollback sanitization on restore, codex flock serialization, and correct orphan cleanup under systemd.

Performance

  • Blocking work moved off the render thread: session saves, git diff stats, config loads, font enumeration, and the recursive file watcher run in the background, with a cached config feeding every frame.
  • Lower per-frame allocations in terminal paint, sidebar recompute, and layout, with memoized derivations and zero-allocation leaf lookups.

Cross-platform

  • Windows portability work in the code: portable shell launches, correct LOCALAPPDATA casing, Git for Windows PATH augmentation, and dirs-based home resolution.
  • Non-US keyboard input fixed, Alt-on-arrows decoupled from the option-as-meta setting, and the keybindings editor reworked to be action-indexed with collision detection.

Install

  • macOS (Homebrew, Apple Silicon): brew install --cask paneflow (the cask auto-updates to 0.3.9). The .dmg is Developer ID signed and notarized.
  • Linux (.deb / .rpm / AppImage / .tar.gz, x86_64 and aarch64) and macOS Apple Silicon (.dmg) direct downloads are attached below, each with a SHA-256 sidecar.

Full Changelog: https://github.com/ArthurDEV44/paneflow/compare/v0.3.8...v0.3.9

Notes synchronisées en direct depuis la release GitHub.