Release 0.4.0
Install
go install github.com/jedwards1230/labctl@0.4.0Or download a static binary for your platform below.
labctl v0.4.0
This release focuses on reliability, correctness, and security hardening — introducing a secrets-provider interface, fixing several behavioral bugs, and significantly expanding test and CI coverage.
Features
Scheme-Dispatched Secrets Provider Interface
A new secret subsystem introduces a pluggable, scheme-dispatched interface for resolving secrets at runtime. The first provider targets 1Password, allowing manifest values to reference secrets via a URI scheme (e.g., op://vault/item/field) rather than embedding credentials in plain text. Additional providers can be registered following the same interface contract.
Breaking Changes
None in this release.
Bug Fixes
- Sensitive value redaction — secret material is now masked in log output and error messages, preventing accidental credential leakage.
- Dry-run mode — dry-run no longer executes side-effecting operations; behavior is now consistent across all command paths.
- Exit codes — error conditions that previously exited with code
0now return non-zero exit codes, making labctl safer to use in scripts and CI pipelines. - Context propagation —
context.Contextis now threaded correctly through async and batched operations, enabling proper cancellation and timeout handling. - Lint violations — a batch of static-analysis findings (shadowed variables, unchecked errors, improper error wrapping) have been resolved.
Improvements
- Expanded test coverage — new tests cover dispatch logic, paginated responses, JSON-RPC over WebSocket, and example manifests.
- golangci-lint in CI — linting is now enforced on every pull request via GitHub Actions, preventing regression of the correctness fixes above.
Commits
- Merge pull request #9 from jedwards1230/feat/test-ci-hardening (fb285fb)
- Merge pull request #8 from jedwards1230/feat/correctness-batch (29caed2)
Full Changelog: v0.3.0...v0.4.0