Official binary release for zy 1.0.46.
What's changed in 1.0.46
Added
-
An interactive
auditbrowser with analytics. Runningauditon a
terminal opens a full-screen, mouse-driven viewer of the command ledger.
A List view: scrollable rows with risk badges and exit codes, a detail
strip, live/search, risk and failed-only filters, in-place chain
verification that jumps to any broken sequence, and JSON export of the current
view. An Analysis dashboard: totals, failure rate, risk breakdown bars,
top programs, and per-day activity. Enter (or a second click) opens a
deep-detail overlay with every field and the full entry/prev hashes. Mouse
wheel scrolls, clicks select and switch tabs. Scripts andzy -c auditstill
print the text status. -
audit listand pipeable audit output.audit list [N],audit search,
andaudit risknow emit a structured table instead of plain text, so the
ledger flows through the pipeline:audit list 500 | where exit != 0,
audit list | where risk == destructive,audit list 50 | to csv.auditis
now a data-aware builtin, so it stays in-process across a pipe. -
audit pruneand automatic retention with a size cap.audit prune [--days N] [--vacuum]trims old entries and optionally reclaims disk space;
the oldest contiguous prefix is removed so the surviving chain still verifies
from its new genesis. The shell auto-prunes once a day to[audit] retention_days(default 30) and[audit] max_entries(default 50000),
whichever is stricter, so the database stays bounded even under heavy use
(0 disables either limit). -
policyrules now persist, and there's a manager TUI. Rules added with
policy addare saved to~/.zy/policy.confand auto-load at startup, so they
survive a restart (previously they vanished unless you passed--policy FILE
every launch). New subcommands:policy remove/enable/disable <n>,
policy save,policy test <cmd>(shows whether a command is allowed and
which rule matched), andaddnow takesrate:N/priority:N.policy list
emits a table, sopolicy list | where action == denyworks. Runningpolicy
on a terminal opens a full-screen manager: a live test field (type a command,
see allow/deny against the rules), action badges, toggle/remove, a
restricted-mode switch, mouse + keyboard. -
z/zinow learn the directory a terminal opens in. Before, a directory
only entered the frecency database when you activelycdinto it, so a shell
started directly inside a project (an IDE or file manager "open terminal here",
a new tmux or split pane) was invisible tozandziuntil you navigated
somewhere and back. The interactive shell now records its startup directory on
launch.zy -cand scripts still do not touch the database.
Changed
- Audit logging is now opt-in (off by default). It used to run for everyone
and grow silently (multi-hundred-MB ledgers were common). It is a
team/server/compliance feature, so it now stays off until you set[audit] enabled = truein~/.zy/config.toml. A ledger you already collected stays
readable, verifiable, and prunable after you disable it;auditwith nothing
to show points you at the switch. (--no-auditstill force-disables.) audit statusnow shows the DB size and retention window, andaudit verifypinpoints the break. Verification used to just say pass/fail; it now
reports the exact sequence number and reason (hash mismatch vs broken link)
when the chain is bad.audit.sqlite-walis also truncated on a clean exit so
it stops accumulating across many shells.customize's pill-shape pickers now preview the full prompt, and honor your
merge setting. The Library and Mix & Match tabs used to show a fixed two-pill
mock that always looked un-merged, no matter how your prompt was actually set
up. They now render the same three-pill sample prompt the main menu shows, using
the highlighted shape and your live "Merge pills" setting, so a merged ribbon
previews as a connected ribbon and separate caps preview as separate caps.
Fixed
- A
cdvisit could be silently dropped under concurrent-shell contention.
The frecency write-through ignored SQLite's return code, so if a write lost the
WAL lock past the busy timeout (common when several zy shells run at once), the
visit vanished with no error. It now retries the write a few times before
giving up. jump.sqlite-walno longer creeps up to its 4MB checkpoint threshold and
stays there. With many long-lived shells the default passive auto-checkpoint
kept losing the race to a concurrent reader, leaving a multi-megabyte WAL over a
table of a dozen rows. The shell now truncates the WAL back into the main
database on a clean exit.
Verify your download
curl -LO https://github.com/iskandarputra/zyshell/releases/download/v1.0.46/zy_1.0.46_amd64.deb
curl -LO https://github.com/iskandarputra/zyshell/releases/download/v1.0.46/SHA256SUMS
curl -LO https://github.com/iskandarputra/zyshell/releases/download/v1.0.46/SHA256SUMS.minisig
curl -LO https://github.com/iskandarputra/zyshell/releases/download/v1.0.46/zy-release.pub
minisign -Vm SHA256SUMS -p zy-release.pub # confirms maintainer signature
sha256sum -c SHA256SUMS --ignore-missing # confirms the .deb hash matchesFull signing policy: docs/ops/RELEASE_SIGNING.md
VirusTotal scan
This release was uploaded to VirusTotal at publish time. Click through to see the live verdict from 65+ AV engines:
(Scans run within ~5 minutes of upload. If the page shows "Item not found", wait a moment and refresh.)
Try without installing
docker run --rm -it ghcr.io/iskandarputra/zyshell:1.0.46Install (Debian / Ubuntu)
Download zy_1.0.46_amd64.deb from the assets below, then:
sudo dpkg -i zy_1.0.46_amd64.deb
sudo apt-get install -f