Skip to content

v0.3.0

Choose a tag to compare

View all tags
@major major released this 11 Jun 19:38
· 73 commits to main since this release
v0.3.0
96058ce
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • (firewall) read masquerade and add runtime toggle
  • (firewall) add masquerade on|off CLI action
  • (firewall) guard masquerade disable behind --force
  • (firewall) register capability descriptors
  • (firewall) read commands and runtime-only mutations
  • (firewall) add CLI surface, module, and dispatch route
  • (firewall) add pure protected-op guards in safety
  • (network) add read-only NetworkManager capability
  • (protocol) drive transparent superuser mechanism fallback
  • (protocol) add internal-bus dbus access for cockpit.Superuser
  • (packages) unify list payloads on the columnar table shape
  • (packages) add dnf5daemon-backed package management capability (#23)
  • LLM-optimized JSON output (#21)
  • (services) default bare unit names to .service (#19)

Fixed

  • (e2e) cap ssh probes so a stalled connection can't hang the job
  • (firewall) call getZones on the zone interface and escalate the drift read
  • (protocol) unwrap variant envelope when reading Superuser.Bridges
  • (protocol) complete handshake on bridge init, not superuser-init-done
  • (protocol) diagnose superuser escalation failures with exit 11
  • (packages) variant-wrap dnf5daemon a{sv} option arguments
  • (cli) reset SIGPIPE to SIG_DFL so piped output exits cleanly (#22)

Other

  • (e2e) drop auto issue-filing, surface failures inline
  • (firewall) split force guard cases, add remove-port coverage
  • (firewall) document masquerade in registry and AGENTS.md
  • (firewall) cover masquerade read, toggle, guard, escalation
  • (firewall) model masquerade in the fake bridge
  • (e2e) address review feedback on harness scripts
  • (e2e) hoist LOG_DIR before re-exec guard
  • (e2e) surface forensics inline, poweroff before destroy, ensure e2e label
  • (e2e) fan out parallel per-os matrix orchestrator
  • (e2e) add isolated per-os provisioning + capability job
  • (e2e) add github issue dedupe and redaction helpers
  • (e2e) add per-capability test functions for all four capabilities
  • (e2e) silence SC2001 on per-line sed indent
  • (e2e) add shared bash+jq assertion helpers
  • (e2e) install full capability surface, branch sudoers by os
  • (e2e) derive ssh_user and ami_name from locals
  • (e2e) select RHEL 10 or Fedora AMI by var.os
  • (e2e) add os/rhel terraform variables
  • extract shared integration test support into tests/common
  • (firewall) document capability, fake bridge, and env knobs
  • (firewall) integration tests against fake bridge
  • (firewall) add firewalld reply arm to fake bridge
  • pin stateless invariant in AGENTS.md, ignore local specs/plans
  • document transparent escalation env vars and fake-bridge surface
  • (escalation) cover transparent mechanism fallback (cases 1-6)
  • (fake-bridge) model cockpit.Superuser Bridges/Start surface
  • Merge pull request #24 from major/fix/dnf5daemon-server-remediation
  • (agents) note compact envelope JSON for test assertions
  • use buildless CodeQL extraction for Rust
  • add supply-chain, MSRV, and CodeQL gates (#17)
Assets 4
Loading