ChatGPT CLI v1.10.10

This release focuses on safer persistence and file permissions, more reliable config writes, and bounded agent transcript/prompt logging to prevent unbounded memory/log growth while improving debuggability.

New Features

Capped in-memory transcript and prompt history (with truncation banner)
- Introduced a new TranscriptBuffer utility to store agent transcripts and prompt history with a strict maximum size and a visible …(truncated) banner when older content is dropped.
- Integrated into BaseAgent as Transcript and PromptHistory, enabled by default with conservative limits and configurable via:
  - core.WithTranscriptMaxBytes(n)
  - core.WithPromptHistoryMaxBytes(n)
- Code references:
  - agent/core/transcript_buffer.go (new)
  - agent/core/base_agent.go
Cross-platform config write locking
- Added an OS-specific file lock implementation to prevent concurrent config writes from corrupting the config file.
- Code references:
  - config/file_lock_unix.go (new)
  - config/file_lock_windows.go (new)
  - config/store.go
Secure API key file reader
- Centralized API key file loading with validation:
  - must be a regular file
  - must not be empty
  - size capped at 10KB
  - path is cleaned
- Code references:
  - config/read_api_key_file.go (new)
  - cmd/chatgpt/main.go

Improvements

Agent runs now capture structured transcripts for easier debugging
- Both Plan-and-Execute and ReAct agents now:
  - reset transcript/history at the start of each run
  - record key lifecycle events (goal, plan steps, prompts, raw LLM output, actions, outcomes, final result)
- This provides consistent, machine-readable traces while keeping memory usage bounded.
- Code references:
  - agent/planexec/plan_execute_agent.go
  - agent/react/react_agent.go
HTTP client now uses a default timeout
- Adds a 60-second timeout to avoid indefinite hangs on network calls.
- Maintains SkipTLSVerify support while reusing a cloned default transport.
- Code reference: api/http/http.go
Safer “workdir escape” detection
- Workdir and resolved target paths now evaluate symlinks before containment checks, improving correctness when symlinks are involved.
- Code reference: agent/core/policy.go

Bug Fixes

Prevent transcript/prompt history accumulation across agent runs
- Agents explicitly reset buffers at the start of RunAgentGoal, eliminating “leftover” content leaking into subsequent runs.
- Tests added to prevent regressions.
- Code references:
  - agent/planexec/plan_execute_agent.go, agent/planexec/plan_execute_agent_test.go
  - agent/react/react_agent.go, agent/react/react_agent_test.go
Hardened config persistence to reduce risk of partial/corrupted writes
- Config writes are now:
  - protected by a lock
  - written via an atomic temp-file + rename strategy
  - synced to disk (best-effort)
  - permissions preserved when possible
- Code reference: config/store.go

Other Changes

Tighter default filesystem permissions for sensitive data
- Log dir permissions: 0700 (was 0755)
  - agent/core/log.go
- Config file writes: 0600 (was 0644)
  - cmd/chatgpt/main.go (config save)
  - config/store.go (atomic write defaults/preserve)
- CLI interactive history file: 0600 (was 0644)
  - cmd/chatgpt/utils/utils.go
- Stored conversation history directory and files:
  - directory 0700 and files 0600
  - history/store.go
Reduced plan logging output
- Removed writing the raw plan JSON artifact (keeps normalized plan logging).
- Code reference: agent/planexec/plan.go
Dependency updates
- Updated testing/dependency versions (e.g., gomega, ginkgo, and related golang.org/x/* tooling updates reflected in go.sum).
- Code references: go.mod, go.sum

Upgrade Notes

Homebrew (recommended):
- Run:
```
brew upgrade chatgpt-cli
```
Direct download:
- Download the prebuilt binary for your specific OS/architecture from the project’s release artifacts, then replace your existing chatgpt-cli binary with the new one (ensure it is executable and on your PATH).

chatgpt-cli

Related Projects

mapbox-navigation-android

ToastFish

barcodelib

haze