Skip to content

v0.11.1 — trust-approve hardening + correct trust guidance

Latest

Choose a tag to compare

@Mickdownunder Mickdownunder released this 10 Jul 20:51
50e7610

Security

  • safeinstall trust approve now refuses Codex sessions. The human-approval gate blocked CI, CLAUDECODE, and CURSOR_AGENT but had no Codex marker — a Codex session could approve its own trust-surface changes. CODEX_SHELL joins the refusal list, with the first direct tests of the marker path.

Fixed

  • Guard setup gives the correct Trust Surface next step — fresh projects are pointed at trust lock, already-locked projects at trust status/trust approve; idempotent re-runs stay silent.

Changed

  • Declared mcpName for the official MCP registry.
  • release:check builds before testing (stale-dist e2e trap).

Published with Sigstore provenance from CI; the tarball reproduces byte-identically from the v0.11.1 tag.