Release notes: v2.2.1

Why this release

v2.2.1 is a reliability and security hardening release for the trust core introduced in v2.2.0. It closes a decompression-bomb vector on bundle reads, caps several unbounded stream-reassembly buffers, fixes a crash on non-ASCII provider error text, makes the git tool's subprocess handling actually timeout-safe, unifies akmon bundle verify and agef-verify onto one shared pass/fail implementation so the two verifiers cannot silently diverge, and resolves three supply-chain advisories. No new features, no format changes, no breaking changes.

Top fixes

  • Decompression-bomb guard on bundle reads. A malicious or oversized .akmon archive could previously expand without bound during read_bundle, exhausting memory on the machine verifying it. Reading now caps total decompressed bytes and fails closed with a new BundleError::BundleTooLarge.
  • Unbounded provider stream buffers capped. The Anthropic, OpenAI-compatible, and Ollama streaming readers, and the Bedrock event-stream frame reader, now cap how much they buffer while waiting for a delimiter, instead of growing without bound against a broken or hostile endpoint.
  • Crash on non-ASCII provider error text fixed. Error-body truncation panicked when a byte offset landed inside a multi-byte UTF-8 codepoint; truncation is now always character-boundary-safe.
  • Git tool subprocess reliability. Git subcommands now share a single async, timeout-guarded runner that actually kills the child process on timeout, instead of leaking a process and a runtime thread.
  • akmon bundle verify and agef-verify unified. Both binaries now call one shared implementation of the report shape and pass/fail policy, eliminating duplicated trust-decision logic that could previously drift between them. Output is unchanged.
  • Supply-chain advisories resolved. Updated bitstream-io, anyhow, and crossbeam-epoch to clear a yanked transitive dependency and two RUSTSEC advisories. No manifest changes.

See CHANGELOG.md for the complete list.

Upgrade notes

  • Safe upgrade from v2.2.0. AGEF stays at v0.1.3; no bundle format, journal format, or CLI flag changes.
  • All fixes are additive hardening; existing journals and bundles remain readable and byte-identical on write.

Verification checklist

akmon --version        # should report 2.2.1
agef-verify --version  # should report 2.2.1

sha256sum --check SHA256SUMS