Skip to content

Releases: arenzana/arca

v0.3.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 14:49
Immutable release. Only release title and notes can be modified.

Changelog

  • 92acbb4 feat(tier3): edit and rename commands
  • af23a12 feat(tier2/3): generate command, Scoop publishing, go-install version
  • b513996 release: publish a Homebrew cask on release (arenzana/tap/arca)
  • 1e121d1 ci(scorecard): use SCORECARD_TOKEN for the Branch-Protection check
  • ed34bb9 feat: store schema-migration framework + CHANGELOG
  • 334dfc9 feat(tier1): store-level locking to prevent lost updates
  • 7cc0342 test: guard Unix-only assertions for the Windows CI matrix
  • 4da3899 fix(tier1): Windows-portable approval prompt + cross-OS CI matrix

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 13:08
Immutable release. Only release title and notes can be modified.

Changelog

  • 085307c release: revert egress to audit mode (block broke on the syft download host)
  • 7923b16 ci: add explicit contents:read to codeql/scorecard jobs
  • 03a70d4 security: L5 + supply-chain hardening, lint in CI, durability
  • 5a84fc3 security: address remaining audit items (M1-M4, L1-L4, hardening)
  • fb3c2e5 test: expand error-path + branch coverage; gate at 90%
  • 5981ddb security: validate secret names (H1) + block agent self-approval (H2)
  • ba804f3 feat: JSON output, shell completion, and multi-recipient/teams
  • 318505d feat: TTL / ephemeral secrets (--ttl, --expires-at)
  • ff32422 release: draft → publish flow for immutable releases
  • 78a1a34 release: upload cosign certificate (.pem) alongside checksums signature
  • be99037 ci(scorecard): add workflow_dispatch for on-demand runs

v0.1.0

Choose a tag to compare

@github-actions github-actions released this 29 Jun 21:26
77a83df

Changelog

  • 77a83df release: attest build-provenance for windows .zip archives too
  • 6db9eec test(e2e): black-box suite + CI e2e/crossbuild jobs; release: add Windows; docs: ToC
  • 22ed7d3 feat: arca mcp — MCP server exposing audited, policy-respecting tools (stdio)
  • 875a235 test/ci: make approverWho coverage deterministic; gate at 88% (CI-reproducible ~90%)
  • da7d0d2 feat: approval gates (--require-approval) + comprehensive README
  • 28f8a73 feat: fail-closed auditing by default (ARCA_STRICT_AUDIT)
  • 784533e test: 92% coverage + fuzz; Scorecard fixes (token-perms, pinned tools, gate)
  • 37263bc feat: arca:// references + inject + --no-print policy; richly comment all code/tests
  • 2e5324c Security CI hardening: Scorecard, CodeQL, SHA-pinned actions, harden-runner
  • 1172329 feat(audit): auto-detect AI agent name/version/session
  • 0f94552 CI: run govulncheck directly (stale action's bundled checkout broke); bump goreleaser-action v6->v7
  • 6daeba9 CI: fix SBOM job; bump GitHub Actions and Go deps to latest
  • b7ead44 Harden supply chain: reproducible builds, govulncheck, SBOM, signed releases
  • bb9a9d4 Add rotate + stale, actor-attributed audit, tests, CI, and logo
  • cb1f798 Initial commit: arca — age-encrypted secrets with metadata + audit log