Releases · phalus-sh/phalus

What's New

Schema-enforced Clean Room Specification Pack (CSP)

All 10 CSP documents now use prescribed JSON schemas with structured fields, replacing the previous unstructured format.

Changes

Analyzer prompt rewrite: 8 gap-category directives ensure Agent A covers merge algorithms, type-detection cascades, serialization semantics, interface contracts, default behaviors, security mechanisms, enum values, and sentinel values
All-JSON format: Every CSP document uses .json extension with a prescribed schema — no more JSON-in-markdown
02-api-surface schema: Structured exports array with name, kind, signature, parameters, return_type, static_methods, instance_methods fields
09-test-scenarios schema: Concrete input/output pairs with assertion_type, replacing prose descriptions
check_completeness fix: Now correctly parses the structured exports array (with static_methods/instance_methods recursion), with fallback to legacy format for cached CSPs

Breaking Changes

CSP documents previously using .md or .d.ts extensions are now .json
Existing cached CSPs continue to work but won't benefit from the new schema until cache is refreshed

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate phalus-*.pem --signature phalus-*.sig phalus-*.tar.gz \
  --certificate-identity-regexp="https://github.com/phalus-sh/phalus" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

Patch release fixing the crates.io build dependency issue.

Changes from v0.6.0

Upgraded symbi-runtime to 1.9.1 with default-features = false
Removes lancedb and protoc build requirement entirely
cargo install phalus now works without any system dependencies beyond a Rust toolchain

See v0.6.0 release notes for the full feature changelog.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate phalus-*.pem --signature phalus-*.sig phalus-*.tar.gz \
  --certificate-identity-regexp="https://github.com/phalus-sh/phalus" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

What's New

Symbiont-Powered Agent B

Agent B now uses a symbi-runtime 1.9.1 reasoning loop (ORGA: Observe-Reason-Gate-Act) instead of a single-shot LLM call
Iteratively generates complete implementations with automatic completeness and import checking
ORGA iteration progress visible in web UI and CLI
Configurable agent_a_max_tokens / agent_b_max_tokens per provider

License Scan Improvements

Crates.io: Partial versions like 1.0 now resolved via listing endpoint (was returning unknown)
PyPI: Falls back to trove classifiers when license field is empty or contains full license text
Compound SPDX: MIT OR Apache-2.0, MIT/Apache-2.0, Apache-2.0 AND ISC now properly classified
Clear History: New button to delete all scan history

Web UI

Larger default font sizes
Resume checkbox to skip completed packages
Error messages shown in result cards
Output path with copy button after job completion
Missing API key validation for both agents
Download button hidden when all packages fail

Fixes

Default LLM timeout increased to 600s (was 120s, causing Agent B timeouts)
--resume CLI flag to skip packages with existing output

Dependencies

symbi-runtime 1.9.1 (with default-features = false — no lancedb/protoc required)
async-trait 0.1

What's New

License Scanning & SBOM Support

New phalus scan command to audit dependency licenses before reimplementing
Reads manifests (package.json, requirements.txt, Cargo.toml, go.mod) and SBOMs (CycloneDX JSON, SPDX JSON)
Resolves license metadata from registries, normalizes to SPDX identifiers
Classifies licenses into risk buckets: permissive, copyleft-weak, copyleft-strong, proprietary, unknown
REST API endpoints: POST /api/scans, GET /api/scans, GET /api/scans/{id}, GET /api/licenses

Multi-Provider LLM Support

OpenAI-compatible API support: use OpenAI, OpenRouter, Ollama, vLLM, LiteLLM, or any compatible endpoint
Each agent can use a different provider and model independently
Set agent_a_provider / agent_b_provider to any value other than "anthropic" for OpenAI wire protocol

Security Hardening

Cache path traversal prevention: sanitize package names in cache filenames
Atomic cache writes (write-then-rename) to prevent partial reads
Container firewall: direct process execution instead of shell invocation to prevent injection
UUID-based temp filenames in firewall crossing

Documentation

Full scan command reference in CLI docs
OpenAI-compatible provider setup guide with examples for OpenAI, OpenRouter, Ollama, vLLM, mixed providers
Scan API endpoints documented in API reference
Security hardening details in security docs

Install

cargo install phalus

Or download a pre-built binary below.

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate phalus-*.pem --signature phalus-*.sig phalus-*.tar.gz \
  --certificate-identity-regexp="https://github.com/phalus-sh/phalus" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

What's New

LLM Retry Logic (PHA-4)

Exponential backoff with configurable max_retries, initial_backoff_ms, and timeout_secs
Retries on 429 (rate limit) and 5xx errors; fails immediately on non-retryable 4xx
Per-request timeout via tokio::time::timeout
New RetriesExhausted and Timeout error variants

Container Isolation for Agent B (PHA-6)

Full Docker container lifecycle in the firewall layer
Per-run UUID temp directories with read-only input / writable output volumes
Resource limits: --memory, --cpus, --pids-limit
Network isolation: --network defaults to none
Hard timeout with graceful fallback to process-level isolation
Configurable via [isolation] in config.toml or PHALUS_ISOLATION__* env vars

E2E Tests & `--license-file` Flag (PHA-9)

End-to-end tests for is-odd and chalk packages
New --license-file <path> flag on run, run-one, and build commands
Reads full license text from file, overrides --license

Docs

Fixed phalus-project → phalus-sh across all documentation
Updated download URLs to v0.4.0
Documented retry config, container isolation settings, and --license-file flag

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate phalus-*.pem --signature phalus-*.sig phalus-*.tar.gz \
  --certificate-identity-regexp="https://github.com/phalus-sh/phalus" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

What's New

phalus build command — Run Agent B from an existing CSP without re-running Agent A. Enables split pipeline workflows where you can review, edit, or programmatically modify the specification before implementation.
Cookbook documentation — New recipes for split pipeline workflows, CSP modification, injecting custom security constraints, and automation scripts.
Improved --dry-run documentation with cross-references to the build command.

Split Pipeline Workflow

# Generate CSP only (Agent A)
phalus run-one npm/[email protected] --dry-run

# Review or modify the spec
$EDITOR ./phalus-output/lodash/.cleanroom/csp/03-behavior-spec.md

# Build from the CSP (Agent B)
phalus build ./phalus-output/lodash/.cleanroom/csp/

See the Cookbook for more examples.

Full Changelog: v0.2.0...v0.3.0

Verification

Each binary is signed with Sigstore cosign. Verify with:

cosign verify-blob --certificate phalus-*.pem --signature phalus-*.sig phalus-*.tar.gz \
  --certificate-identity-regexp="https://github.com/phalus-sh/phalus" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com"

SHA256 checksums are in checksums.txt (also signed).

PHALUS v0.2.0

New Features

Real similarity scoring — validator now fetches original npm source code (post-build, never shown to agents) for actual token/string/name comparison
Structural similarity — new code-shape metric comparing structural patterns between original and generated code
DefinitelyTyped support — automatically fetches @types/{package} .d.ts files from DefinitelyTyped, giving Agent A richer type information
Package API endpoints — GET /api/packages/{name}/csp, /audit, /code for inspecting completed packages via the web UI
Builder delimiter format — switched Agent B output to ===FILE:=== delimiters, fixing generation failures on large packages (express, lodash)
Version constraint handling — ^4.17.21, ~2.0, >=1.0, ==2.31.0 now resolved correctly across all 4 registries

Security

Path traversal protection — validates all output paths stay within output directory
API key redaction — phalus config and Debug output now redact secrets as ***
XSS protection — escapeHtml() on all user-controlled innerHTML in web UI
Source guard hardened — case-insensitive matching, added .jsx, .tsx, .mjs, .cjs, .mts, .cts

Fixes

Fixed UTF-8 panic in HTML stripper on multi-byte characters
Fixed web UI job execution — now runs real pipeline with SSE streaming
Fixed audit error handling — failures logged via tracing instead of silently discarded
Removed unused dependencies (indicatif, tower-http), slimmed tokio features
Reduced config.rs boilerplate (removed 20 standalone default functions)
Converted firewall to async I/O

Infrastructure

Dockerfile with multi-stage build, cargo-chef caching, non-root user
CI workflows: test, Docker build + push to ghcr.io, multi-arch release binaries
Published to crates.io: cargo install phalus

Install

# crates.io
cargo install phalus

# Docker
docker run -p 3000:3000 \
  -e PHALUS_LLM__AGENT_A_API_KEY=sk-ant-... \
  -e PHALUS_LLM__AGENT_B_API_KEY=sk-ant-... \
  ghcr.io/phalus-sh/phalus:latest

License

0BSD

PHALUS v0.1.0

First release — Private Headless Automated License Uncoupling System.

Features

Full clean room reimplementation pipeline: manifest parsing, doc fetching, Agent A (analyzer), isolation firewall, Agent B (builder), validation
4 ecosystem support: npm, PyPI, Cargo, Go
CLI with 7 commands: plan, run, run-one, inspect, validate, config, serve
Local web UI with SSE progress streaming and ZIP download
Docker-based sandboxed test execution
Process and container isolation modes
JSONL audit trail with SHA-256 tamper detection
CSP caching with content-hash invalidation
7 output license templates (MIT, Apache-2.0, BSD-2, BSD-3, ISC, Unlicense, CC0)
Cross-language reimplementation support (--target-lang rust/go/python/typescript)

Security

Source code guard: hard filter blocking 19+ source extensions
Path traversal protection on all file output
API key redaction in config display and Debug output
XSS protection in web UI
Non-root Docker container

License

0BSD

Releases: phalus-sh/phalus

v0.7.0: Schema-Enforced CSP Format

What's New

Changes

Breaking Changes

Verification

Uh oh!

v0.6.1

Changes from v0.6.0

Verification

Uh oh!

v0.6.0

What's New

Symbiont-Powered Agent B

License Scan Improvements

Web UI

Fixes

Dependencies

Uh oh!

v0.5.0

What's New

License Scanning & SBOM Support

Multi-Provider LLM Support

Security Hardening

Documentation

Install

Verification

Uh oh!

v0.4.0

What's New

LLM Retry Logic (PHA-4)

Container Isolation for Agent B (PHA-6)

E2E Tests & --license-file Flag (PHA-9)

Docs

Verification

Uh oh!

v0.3.0

What's New

Split Pipeline Workflow

Verification

Uh oh!

v0.2.0

PHALUS v0.2.0

New Features

Security

Fixes

Infrastructure

Install

License

Uh oh!

v0.1.0

PHALUS v0.1.0

Features

Security

License

Uh oh!

E2E Tests & `--license-file` Flag (PHA-9)