Skip to content

chore: release v0.14.0#21

Merged
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-08T09-50-05Z
Mar 8, 2026
Merged

chore: release v0.14.0#21
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-08T09-50-05Z

Conversation

@Destynova2
Copy link
Copy Markdown
Contributor

@Destynova2 Destynova2 commented Mar 8, 2026

🤖 New release

  • grob: 0.13.2 -> 0.14.0 (⚠ API breaking changes)

grob breaking changes

--- failure enum_struct_variant_field_added: pub enum struct variant field added ---

Description:
An enum's exhaustive struct variant has a new field, which has to be included when constructing or matching on this variant.
        ref: https://doc.rust-lang.org/reference/attributes/type_system.html#the-non_exhaustive-attribute
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/enum_struct_variant_field_added.ron

Failed in:
  field reload of variant PresetAction::Apply in /tmp/.tmphmCncI/grob/src/cli/args.rs:200

--- failure function_parameter_count_changed: pub fn parameter count changed ---

Description:
A publicly-visible function now takes a different number of parameters.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#fn-change-arity
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/function_parameter_count_changed.ron

Failed in:
  grob::commands::preset::cmd_preset_apply now takes 4 parameters instead of 2, in /tmp/.tmphmCncI/grob/src/commands/preset.rs:41
Changelog

0.14.0 - 2026-03-08

Added

  • add --reload flag to grob preset apply

This PR was generated with release-plz.

@Destynova2 Destynova2 merged commit 4e75963 into develop Mar 8, 2026
15 checks passed
Destynova2 added a commit that referenced this pull request Mar 16, 2026
@Destynova2 @claude
fix(security): resolve 21 CodeQL alerts (2 critical, 18 high, 1 medium)
7035f68 
Critical:
- #9 #10: Replace hard-coded HMAC key with random session key when
  GROB_DLP_SECRET is unset (unpredictable pseudonyms by default)

High:
- #11 #12: Cap Vec::with_capacity to 1024 in OpenAI transform
  (prevents uncontrolled allocation from malicious input)
- #17 #18 #19: Add path traversal check in token_store persist()
  (reject ".." in file path)
- #6 #7 #8: Stop logging full response bodies in OpenAI provider
  (log length instead, truncate to 200 chars on parse error)
- #13 #14: Warn at construction if OAuth token_url uses plaintext HTTP
- #15 #16: Warn at construction if Gemini base_url uses plaintext HTTP
  (new warn_if_cleartext() helper in providers/mod.rs)
- #20 #21 #22: Annotate benchmark TLS cert bypass with lgtm comment
  (intentional: benchmarks use self-signed certs)
- #3: Avoid flowing API key through format string in preset info
- #4 #5: Remove secret values from test assertion messages

Medium:
- #1: Add explicit permissions block to release-plz workflow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Destynova2 Destynova2 deleted the release-plz-2026-03-08T09-50-05Z branch March 30, 2026 19:52
@Destynova2 Destynova2 mentioned this pull request Apr 1, 2026
Closed
38 tasks
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
3 tasks
Destynova2 added a commit that referenced this pull request Apr 21, 2026
@Destynova2 @claude
feat(mcp): wizard config/doctor MCP surface per ADR-0011 (#21) (#249)
40d117b 
Exposes the three wizard primitives described in ADR-0011 as MCP
tools so AI agents can drive grob setup/diagnostics without shelling
out to the CLI:

* `wizard_get_config` — returns a safe JSON view of the current config
  (all sections or a named one). No secrets ever cross the wire.
* `wizard_set_section` — applies a batch of key/value updates to one
  section and triggers hot-reload. Reuses the existing denylist
  (`is_key_denied`) and update pipeline (`apply_config_update` +
  `persist_and_reload`) so the safety policy matches `grob_configure`.
* `wizard_run_doctor` — runs the programmatic health checks
  (providers/models/storage/missing env vars) and returns JSON with
  an overall `severity` flag.

Tools are advertised through `tools/list`. Unit tests cover the
section-parser helper and the updated builtin-tools count.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Destynova2