Releases: docker/cagent-action
Releases · docker/cagent-action
v1.0.3
Immutable
release. Only release title and notes can be modified.
What's Changed
- Update default cagent version in the README.md by @derekmisler in #15
- feat: add macOS and Windows GHA runners support by @gabolaev in #16
New Contributors
Full Changelog: v1.0.2...v1.0.3
Contributors
derekmisler and gabolaev
Assets 3
v1.0.2
Immutable
release. Only release title and notes can be modified.
What's Changed
- Added a GH workflow as an example by @derekmisler in #12
- Automatically generate a PR description with a
/describecomment
- Automatically generate a PR description with a
- Update cagent version and replace 'cagent run --tui=false' with 'cagent exec' (which disables the tui by default) by @derekmisler in #11
Full Changelog: v1.0.1...v1.0.2
Contributors
derekmisler
Assets 3
v1.0.1
Immutable
release. Only release title and notes can be modified.
What's Changed
- Add a GH workflow as an example by @derekmisler in #12
- Update cagent version and replace 'run --tui=false' with 'exec' by @derekmisler in #11
Full Changelog: v1.0.0...v1.0.1
Contributors
derekmisler
Assets 3
🎉 cagent-action v1.0.0 - Initial Public Release
Immutable
release. Only release title and notes can be modified.
We're excited to announce the first public release of cagent-action, a GitHub Action for running CAgent AI agents in your CI/CD workflows with enterprise-grade security.
🚀 What is cagent-action?
Run AI agents directly in your GitHub workflows to automate code reviews, security scanning, documentation generation, and more. Built on CAgent's multi-agent architecture with comprehensive prompt injection protection.
✨ Key Features
Agent Execution
- Download & Run: Automatically fetches CAgent binary and executes agents from Docker Hub or local paths
- Multi-Provider Support: Works with Anthropic (Claude), OpenAI (GPT-4), Google (Gemini)
- MCP Gateway Integration: Optional containerized MCP server support for extended tool capabilities
- Interactive TUI Mode: Test agents locally with interactive approval prompts
- YOLO Mode: Auto-approve all agent actions for fully automated workflows
- Binary Caching: Smart caching reduces workflow execution time
Security Hardening
- Input Sanitization: Detects and blocks 45 HIGH-RISK prompt injection patterns
- Instruction override attempts ("ignore previous instructions")
- Direct secret extraction (
echo $API_KEY,console.log(process.env)) - System prompt manipulation
- Jailbreak attempts
- Encoding/obfuscation (base64, hex)
- Comment Removal: Strips code comments from PR diffs to prevent hidden injection vectors
- Output Scanning: Scans all agent responses for leaked API keys and tokens
- Automatic Incident Response: Creates security issues and fails workflows when threats detected
- Authorization Checks: Validates PR author permissions before execution
Developer Experience
- Simple YAML Configuration: Easy-to-use action inputs
- Comprehensive Outputs: Access exit codes, output files, and security flags
- Extensive Testing: 13 security tests + 6 exploit simulation tests
- Complete Documentation: Security guides, examples, and best practices
📦 Installation
Add to your workflow:
- name: Run AI Agent
uses: docker/cagent-action@v1.0.0
with:
agent: agentcatalog/code-reviewer
prompt: "Review these changes for bugs and security issues"
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}🔒 Security Features
This action is designed with security-first principles:
| Layer | Protection | Action |
|---|---|---|
| Input | 45 HIGH-RISK patterns detected | Blocks execution |
| Input | 4 MEDIUM-RISK patterns detected | Warns but continues |
| Execution | Isolated CAgent runtime | Sandboxed environment |
| Output | Secret pattern scanning | Blocks & creates incident |
See our complete security documentation here.
📝 Example Workflows
Code Review Agent
name: AI Code Review
on: pull_request
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: docker/cagent-action@v1.0.0
with:
agent: agentcatalog/code-reviewer
prompt: "Review this PR for bugs, security issues, and best practices"
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}Security Scanner
- uses: docker/cagent-action@v1.0.0
with:
agent: docker/github-action-security-scanner
prompt: "Scan for vulnerabilities and security issues"
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}Documentation Generator
- uses: docker/cagent-action@v1.0.0
with:
agent: agentcatalog/doc-generator
prompt: "Generate API documentation from source code"
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}📚 Documentation
- Getting started guide
- Security architecture and testing
- Example workflow configurations
- Contribution guidelines
🧪 Testing
All releases pass comprehensive security testing:
- ✅ 13 security hardening tests
- ✅ 6 exploit simulation tests
- ✅ Authorization and authentication checks
- ✅ Secret leak detection validation
Run tests locally:
cd tests
./test-security.sh
./test-exploits.sh
🙏 Contributors
Special thanks to the original contributors:
🐛 Known Issues
None at this time. Please submit an issue if you encounter any problems.
📖 Resources
- Learn more about
cagent. - Browse our agent catalog at Docker Hub.
🚦 What's Next?
We're actively working on:
- Additional pre-built agents for common workflows
- Enhanced MCP server integrations
- Performance optimizations
- Extended language model support