Skip to content

v0.0.1-rc1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Jun 22:42
· 14 commits to main since this release
v0.0.1-rc1
9136b28
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog

Features

  • 4ee6d44 feat: add --require-audit=strict fail-closed audit gate (#833) (#1011)

Bug Fixes

  • 135f5f8 fix: JWT null shorthand, JWKS cache clock injection, and pinned-only description recording (#815)
  • 2956ab3 fix: Redis killswitch Stop waits for background goroutines (#750) (#756)
  • 0dc5eab fix: address code-review findings (kill-switch wiretap gap, nil-check traps, dispatch projection) (#1005)
  • c24a744 fix: align gateway JSON Schema to the config loader and strengthen parity test (#937)
  • 1704e99 fix: bound JWKS refreshes, fix co-signature model, tighten token-cache expiry (#812)
  • 51bf112 fix: concurrent session shutdown, pipe-FD cleanup, kill-timer stop, decideInner fail-closed (#779) (#799)
  • fcbc9be fix: guard empty-name tools/call per transport and document remote-upstream server-initiated limitation (#935)
  • 2dbb846 fix: join Redis kill-switch goroutines and bound idle SSE sessions (#936)
  • 6cda638 fix: nil-safe AuditOnlyCount matching HasMaxCalls contract (#953)
  • d42c51b fix: preserve envelope fields in */list filtering and forward upstream instructions (#954)
  • 8f616f1 fix: resolve open automated-review bugs (sessions rev-20260620T0310Z–T0610Z) (#964)
  • a88932a fix: static make build binary and guard Docker VERSION sentinel (#934)
  • c03c69c fix: suggest must not reject observed-allowed calls (#809)
  • 344f9b0 fix: triage safe code-review findings (#902 CR-1..CR-4, PO-1..PO-3) (#939)
  • 96323a4 fix: validate --live fails on FM-3 and excludes warned tools from COVERED (#751, #752) (#757)

Security

  • 7fbba3f sec: fire --jwt-allow-any-audience warning on the flag, not empty audience (#776) (#784)
  • 5afa964 sec: fix large-integer precision loss in policy enforcement (#811)
  • efe9459 sec: reject all-zero audit HMAC key and document audit-trail posture (#938)
  • af8aab0 sec: tighten JWKSClient.VerifyToken expiry leeway to 10s default (#775) (#783)

Others

  • 31c4d88 Address code-review #732 findings and fix six MCP proxy defects (#803)
  • 9c1c48d Fix automated-review bugs (sessions rev-20260620T0710Z–T1510Z) (#1001)
  • 3b5a41b Fix automated-review bugs (sessions rev-20260620T1505Z–T1910Z) (#1010)
  • ad7b63c Fix automated-review session bugs (64dd5e, be6961, 0b4ba9) (#733)
  • b48e667 Fix batch of automated-review bugs (rev-sessions 20260618T22Z–20260619T23Z) (#932)
  • e20ea96 Fix batch of automated-review bugs (sessions rev-20260618T16/17/18Z) (#832)
  • b6e49d9 Fix email addresses
  • eaec26a Fix review-session bugs (07e43b, 37e71f, f73824, 9d6c2a, 174fa2) (#813)
  • f04905b Fix review-session bugs (e06470, 24cd12, eb1ff4, e865e5, d471e5) (#933)
  • 15a6c31 Fix session rev-20260617T1544Z-795679 bugs (#753)
  • b2fa7f4 Fix session rev-20260618T0010Z-563cce bugs (#754)
  • 1cbf9c8 Fix session rev-20260618T0031Z-ae92e4 bugs (#755)
  • 656565e Fix session rev-20260618T0042Z-a22505 bugs (#758)
  • e9b7943 Fix session rev-20260618T0543Z-99bf89 bugs (#780)
  • 5097581 Fix session rev-20260618T0557Z-f858a5 bugs (#794)
  • e01e4a6 Fix session rev-20260618T0559Z-6d8b6c bugs (#793)
  • 5fc4304 Fix session rev-20260618T0601Z-11f66b bugs (#782)
  • 6824022 Remove issue references from comments (#963)
  • 8fbcb5b refactor(audit): decouple the audit sink from the JWT/PDP layer (#882)
  • 38d31a7 refactor(audit): relocate the audit subsystem into internal/audit (Phase 5) (#885)
  • b7b0951 refactor(audit): split audit.go into writer/rotator/verifier files (#865)
  • d5f8055 refactor(config): promote the config/manifest layer to internal/config (#916)
  • eda8228 refactor(drift): extract the manifest-drift policy to internal/drift, delete the test mirror (#925)
  • ba2d723 refactor(mcp): promote the JSON-RPC envelope/framing layer to internal/mcp (#918)
  • 1e02b85 refactor(mcp): promote the MCP protocol types to internal/mcp (#909)
  • 20f9428 refactor(pdp): decouple the PDP layer from package main for extraction (#910)
  • a595e46 refactor(pdp): fold ListFilterer and SamplingAuthorizer into the PDP contract (#871)
  • cc8b139 refactor(pdp): relocate the PDP layer into internal/pdp (Phase 5) (#913)
  • d9112c3 refactor(transport): break the drift-check cycle for transport extraction (#917)
  • 75606b1 refactor(transport): extract shared dispatchRequest, finishing audit phase 2 (#864)
  • 42bc761 refactor(transport): finish relocation prep — opaque routes, config-owned manifest helpers (#920)
  • 8a2a192 refactor(transport): relocate the transport runtime to internal/transport (Phase 5 finale) (#923)
  • 884549c refactor(transport): share the upstream request/response correlation (#858)
  • 957d7c1 refactor(transport): split http.go into server/security/session/handlers files (#860)
  • ec5d66a refactor(transport): unify tools/call and sampling onto shared cores + typed audit API (audit phase 2) (#851)
  • ca5faa9 refactor: collapse findConstraint two-tier loop into a shared selection helper (#823)
  • 690a253 refactor: complexity guardrails + quick-win dedups (code-quality audit, phases 0-1) (#844)
  • a517b76 refactor: decompose verifyAuditLog and cmdProxy (finishes Phase 3) (#869)
  • 41b69db refactor: finish Phase 4 interface cleanup (counter fold, registry freeze, circuitbreaker trim) (#878)
  • 33641cf removed prerelease mentions
  • 9136b28 tidy usage (#1013)
Assets 22
Loading