Skip to content

Crenel v0.4.2 — trust hardening

Choose a tag to compare

@in8Lab in8Lab released this 05 Jul 02:40

Trust-hardening release.

  • CI: GitHub Actions running go test -race, vet, build, and gitleaks on every push, with a status badge.
  • F2 verify-honesty gate: a mutating write on a file-based edge (nginx/Traefik) with no runtime probe is now refused and rolled back unless --allow-unverified, so 'written' is never silently reported as 'verified'. Caddy's live admin-API read-back is unaffected.
  • ack marker: acknowledge an intentionally-unmodeled route via a marker in the live config, so audit/status certify it as acknowledged instead of a recurring UNKNOWN — without ever making it reachable. Read-side across Caddy/Traefik/nginx; write-side (crenel ack/unack) Caddy-only for now.
  • Concurrency file-lock so overlapping mutating runs can't collide.
  • Docs: STATE-OF-CRENEL refreshed, CODE_OF_CONDUCT added, CHANGELOG caught up.

Full details in CHANGELOG.md.