Skip to content

Releases: RNT56/CrustCore

v0.4.0 — first tagged release

Choose a tag to compare

@RNT56 RNT56 released this 21 Jun 10:31
840210f

First tagged release of CrustCore — a sub-800 kB Rust verifier kernel for autonomous coding agents. A patch ships because your verify command passed in a clean sandbox, not because a model said it was done. Runs on Linux and macOS.

Highlights

  • Verifier-owned completion — a task completes only via a type-sealed VerifiedPatch minted by re-running your verify command in a sandbox; the model's "done" is advisory only.
  • Cross-platform sandbox — sandboxed execution on Linux (bubblewrap) and macOS (sandbox-exec/Seatbelt), with the same deny-all-egress, writes-confined-to-the-worktree posture; if no backend is present, execution is refused.
  • Tiny trusted corecrustcore-nano is 412.0 KiB stripped (Linux), std-only, with no async runtime / network / database linked in. A CI size gate keeps it that way, and the nano build is reproducible on both platforms (cargo xtask reproduce).
  • Replayable, tamper-evident audit — an append-only hash-chained event log + per-tool MAC receipts; crustcore inspect proves what happened.
  • Typed safety — secrets can't be Debug/Serialize/model-visible, paths can't escape the worktree, irreversible actions need an approval token — enforced by the compiler.
  • Capability packs — model transport, secret broker + vault, Telegram, GitHub REST + webhooks, MCP gateway/client/server, subagent supervision, repo & semantic memory.
  • Higher-level packs — a typed workflow graph, a session/artifact service, the #[crust_tool] authoring macro, RAG + vector stores, OpenTelemetry/GenAI export, and a loopback developer UI.
  • 663 tests green, plus red-team fixtures for prompt-injection, path-escape, fake tool results, secret-leak, hidden-MCP-instructions, memory-as-authority, and forged/replayed webhooks.

Verify the build

cargo xtask verify       # fmt + clippy -D warnings + tests + forbidden-deps + size gate
cargo xtask reproduce    # builds nano twice and asserts the SHA-256 matches (Linux & macOS)
cargo xtask size-check   # crustcore-nano: 412.0 KiB (Linux)

Artifacts

The reproducible, signed release binaries + SHA256SUMS are produced and signed by the maintainer-owned release workflow (signing keys are maintainer-held; docs/releasing.md). GitHub attaches the source archives below.

Full detail: CHANGELOG.md ([0.4.0]).