Skip to content

Release v.19.0

Latest

Choose a tag to compare

@aancw aancw released this 08 Jun 06:30
d1f14fd

PentLog v0.19.1 Release Notes

PentLog v0.19.1 focuses on archive integrity, safer session handling, evidence-first reporting, and stronger web exposure guardrails.

✨ Added

Archive Integrity

  • Archives now include manifest.json with deterministic hashes and file sizes.
  • Imports verify archive manifests when present to detect tampering.
  • Archived sessions now persist archive metadata in SQLite: archived_at, archive_path, archive_manifest_sha256

Safer Session & Shell Workflow

  • Sessions now store lifecycle/runtime metadata such as recorder PID, hostname, host fingerprint, start/end time, and resume count.
  • Added explicit legacy sync command pentlog sessions sync
  • Added shell review workflow before recording: pentlog shell review

The review step shows client, engagement, phase, target/IP, context age, and recent context changes before evidence capture starts.

Web Search Triage

  • Search results now include transcript context lines and note timestamps.
  • Search result cards can drill down directly into the matching session and hit.
  • Session detail now highlights the selected transcript line or operator note.

Explicit Web Exposure Modes

  • pentlog web now requires an explicit decision before binding beyond loopback.
  • Added: --public, --auth-token, --basic-auth

🔄 Changed

Safer Web Defaults

  • pentlog web now uses existing built assets by default.
  • Assets are rebuilt only when --rebuild is used or when assets are missing.
  • UI/API routes now fail closed on non-loopback binds unless public mode or authentication is configured.

Evidence-First Report Exports

  • Markdown and HTML exports now default to curated report sections instead of transcript-heavy dumps.

Session Recovery Improvements

  • Stale/crash detection now uses lifecycle review instead of a fixed 5-minute heartbeat cutoff.
  • Default stale timeout is now 30 minutes.
  • Timeout can be overridden with:
PENTLOG_STALE_TIMEOUT_MIN=60
pentlog recover --timeout 60
  • pentlog recover now separates likely-live, paused, review-needed, definitely stale, and crashed sessions.

Archive Secret Handling

  • archive and import now prefer interactive password prompts or:
--password-stdin
  • Legacy --password remains available but is deprecated.

Search State & API

  • Web search filters are now URL-driven and bookmarkable.
  • Search pagination now uses stable limit / offset semantics.
  • Search responses now include real total_matches, context windows, and note timestamps.

🛠 Fixed

  • archive --delete now updates database state correctly instead of creating later orphan drift.
  • recover --clean-orphans is now reserved for genuine inconsistencies.
  • Sensitive evidence/config writes now use stricter file permissions.
  • Archive imports now validate manifest-backed archives.
  • Search and session pages now preserve context better when jumping between hits.
  • pentlog web --bind 0.0.0.0 no longer exposes engagement data with warning-only behavior.

🧪 Quality

Added and updated tests for:

  • Search pagination
  • Context-line search responses
  • Web search metadata
  • Archive integrity/import behavior
  • Session lifecycle and archive-state handling