Releases: arenzana/arca
Releases · arenzana/arca
Release list
v0.3.0
Immutable
release. Only release title and notes can be modified.
Changelog
- 92acbb4 feat(tier3): edit and rename commands
- af23a12 feat(tier2/3): generate command, Scoop publishing, go-install version
- b513996 release: publish a Homebrew cask on release (arenzana/tap/arca)
- 1e121d1 ci(scorecard): use SCORECARD_TOKEN for the Branch-Protection check
- ed34bb9 feat: store schema-migration framework + CHANGELOG
- 334dfc9 feat(tier1): store-level locking to prevent lost updates
- 7cc0342 test: guard Unix-only assertions for the Windows CI matrix
- 4da3899 fix(tier1): Windows-portable approval prompt + cross-OS CI matrix
v0.2.0
Immutable
release. Only release title and notes can be modified.
Changelog
- 085307c release: revert egress to audit mode (block broke on the syft download host)
- 7923b16 ci: add explicit contents:read to codeql/scorecard jobs
- 03a70d4 security: L5 + supply-chain hardening, lint in CI, durability
- 5a84fc3 security: address remaining audit items (M1-M4, L1-L4, hardening)
- fb3c2e5 test: expand error-path + branch coverage; gate at 90%
- 5981ddb security: validate secret names (H1) + block agent self-approval (H2)
- ba804f3 feat: JSON output, shell completion, and multi-recipient/teams
- 318505d feat: TTL / ephemeral secrets (--ttl, --expires-at)
- ff32422 release: draft → publish flow for immutable releases
- 78a1a34 release: upload cosign certificate (.pem) alongside checksums signature
- be99037 ci(scorecard): add workflow_dispatch for on-demand runs
v0.1.0
Changelog
- 77a83df release: attest build-provenance for windows .zip archives too
- 6db9eec test(e2e): black-box suite + CI e2e/crossbuild jobs; release: add Windows; docs: ToC
- 22ed7d3 feat: arca mcp — MCP server exposing audited, policy-respecting tools (stdio)
- 875a235 test/ci: make approverWho coverage deterministic; gate at 88% (CI-reproducible ~90%)
- da7d0d2 feat: approval gates (--require-approval) + comprehensive README
- 28f8a73 feat: fail-closed auditing by default (ARCA_STRICT_AUDIT)
- 784533e test: 92% coverage + fuzz; Scorecard fixes (token-perms, pinned tools, gate)
- 37263bc feat: arca:// references + inject + --no-print policy; richly comment all code/tests
- 2e5324c Security CI hardening: Scorecard, CodeQL, SHA-pinned actions, harden-runner
- 1172329 feat(audit): auto-detect AI agent name/version/session
- 0f94552 CI: run govulncheck directly (stale action's bundled checkout broke); bump goreleaser-action v6->v7
- 6daeba9 CI: fix SBOM job; bump GitHub Actions and Go deps to latest
- b7ead44 Harden supply chain: reproducible builds, govulncheck, SBOM, signed releases
- bb9a9d4 Add rotate + stale, actor-attributed audit, tests, CI, and logo
- cb1f798 Initial commit: arca — age-encrypted secrets with metadata + audit log