First patch release after v3.3.0 stable. Ships 10 PRs over 35 days, focused on security hardening and provider / installer reliability.
Features
- feat(permissions): gate local-agent tool calls through PermissionDialog 🔒
- PR: #165
- feat(loop-guard): tool-call loop detection (PR #175 maintainer rescue)
- PR: #225
Bug Fixes
- fix(security): close path traversal bypass in Lima/WSL sandbox 🔒
- PR: #136
- fix(agent-runner): preserve thinking blocks when rebuilding cold-start history
- PR: #224
- fix: preserve DeepSeek V4 thinking replay
- PR: #186
- fix(mcp): sanitize MCP tool names for OpenAI-compatible providers
- PR: #176
- fix: extend MCP timeouts for complex servers (10s → 5min, parallel discovery, shared callTool deadline)
- PR: #177
- fix(installer): bundle npm package so npm.cmd / npx shims work on Windows
- PR: #222
- fix(renderer): prevent React #185 when switching chat history tabs
- PR: #223
Other Changes
- chore: replace legacy sdk/sandbox naming with Open Cowork canonical names
- PR: #202
- fix(ci): apply patch-package in release.yml lint-and-test job
- PR: #226
Full Changelog: v3.3.0...v3.3.1