v0.65.1

What's Changed

• chore: release v0.65.1 by @SequeI in #1240

Full Changelog: v0.65.0...v0.65.1

v0.65.0

What's Changed

• refactor(credentials): require explicit activation for custom credentials by @lukehinds in #1215
• chore(release): v0.64.1 by @lukehinds in #1217
• chore(docs): improve profile documentation by @SequeI in #1212
• chore(docs): update README with curl installation method by @lukehinds in #1219
• feat(sandbox): tool sandbox by @lukehinds in #1105
• fix(docs): replace broken link in readme by @tiymat in #1221
• Update README.md by @Salkimmich in #1223
• chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in #1226
• chore(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1 by @dependabot[bot] in #1227
• chore(deps): bump sigstore-verify from 0.8.0 to 0.9.0 by @dependabot[bot] in #1228
• chore(deps): bump regex from 1.12.3 to 1.12.4 by @dependabot[bot] in #1231
• chore(deps): bump syn from 2.0.117 to 2.0.118 by @dependabot[bot] in #1230
• fix(sandbox): exempt IPC fd from sendmsg trapping to resolve af_unix_mediation deadlock by @SequeI in #1210
• chore: release v0.65.0 by @SequeI in #1237
• fix(deps): bump quinn-proto by @SequeI in #1238
• fix(sandbox): use syscall() for execveat to avoid glibc 2.34 linker dependency by @SequeI in #1239

New Contributors

• @tiymat made their first contribution in #1221
• @Salkimmich made their first contribution in #1223

Full Changelog: v0.64.0...v0.65.0

v0.64.1

What's Changed

• refactor(credentials): require explicit activation for custom credentials by @lukehinds in #1215

Full Changelog: v0.64.0...v0.64.1

v0.64.0

What's Changed

• chore: symlink claude.md to agents.md by @SequeI in #1153
• fix(proxy): return 403 + audit for denied non-CONNECT requests by @caiocdcs in #1077
• fix(docs): fix broken profiles link in quickstart by @connrg in #1168
• docs(install): add version check and COPR fallback note by @connrg in #1169
• fix(diagnostic): replace deprecated nono learn with nono run by @connrg in #1170
• docs(networking): lead with the common cases by @connrg in #1174
• docs(credential-injection): fix broken Proxy Overrides anchor by @connrg in #1177
• chore(deps): add 3-day Dependabot cooldown for cargo and github-actions by @SequeI in #1163
• docs(allow-cwd): clarify access level is profile-driven by @connrg in #1180
• chore(deps): bump which from 8.0.2 to 8.0.3 by @dependabot[bot] in #1181
• chore(deps): bump cbindgen from 0.29.3 to 0.29.4 by @dependabot[bot] in #1182
• fix(policy): allow go_runtime to readwrite go-build cache by @rnestler in #1173
• fix(proxy): respect upstream_proxy in TLS CONNECT intercept path (#1048) by @caiocdcs in #1091
• fix(proxy): stop allow_domain endpoint route from shadowing credential catch-all by @panga in #1132
• refactor(audit): move attestation logic to core library by @lukehinds in #1148
• feat(output): show blocked macos grants in capability summary by @lukehinds in #1178
• ci: run integration tests on ubuntu runner by @SequeI in #1185
• fix(cli): use XDG config paths consistently by @SequeI in #1179
• feat: [aws] implement aws_auth config by @intentionally-left-nil in #1166
• refactor: forward_inner_request has too many responsibilities by @intentionally-left-nil in #1192
• fix: proxy should activate with customCredentials set by @intentionally-left-nil in #1197
• feat(update-check): discover ci environments on update by @lukehinds in #1113
• feat(diagnostics): expose structured diagnostics for library and FFI clients by @SequeI in #1171
• fix(pty): ctrl-z hangs when running with a PTY by @caiocdcs in #1135
• refactor(proxy): separate proxy intent from activation by @SequeI in #1199
• chore: release v0.64.0 by @SequeI in #1201

New Contributors

• @connrg made their first contribution in #1168

Full Changelog: v0.63.0...v0.64.0

v0.63.0

What's Changed

• build: add copr source rpm packaging by @Doooooo0o in #1075
• chore(deps): bump x509-parser from 0.16.0 to 0.18.1 by @dependabot[bot] in #1070
• chore(deps): bump cbindgen from 0.29.2 to 0.29.3 by @dependabot[bot] in #1068
• chore(deps): bump hyper from 1.9.0 to 1.10.1 by @dependabot[bot] in #1071
• fix: remove env_clear from the session_hook subprocess by @intentionally-left-nil in #1079
• fix: write cargo vendor config for copr srpms by @Doooooo0o in #1104
• chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in #1106
• docs: add copr installation instructions by @Doooooo0o in #1110
• fix(aur): skip ssh-keyscan banner lines in host key check by @sarovin in #1093
• ci: use actions/attest by @SequeI in #1117
• fix: --detached (Linux): sandboxed process denied access to /dev/null by @scp7 in #1108
• test(wsl2): fix has_landlock_network V4+ detection in test_wsl2.sh by @scp7 in #1112
• fix: replace stale nono.dev schema domains with nono.sh by @mvanhorn in #1121
• (docs): replace incorrect former profiles and improve quickstart by @lukehinds in #1123
• refactor(audit-ledger): move audit ledger logic to library crate by @lukehinds in #1120
• feat(environment): add set_vars for static env injection by @panga in #1134
• Improve readme, which is underselling and not showing value by @lukehinds in #1141
• docs(readme): update agent package publishing link by @lukehinds in #1142
• docs(readme): refine project description and history by @lukehinds in #1143
• feat(keyring): add NONO_KEYRING_TIMEOUT_SECS for keychain access by @caiocdcs in #977
• docs(readme): update agent commands and enhance feature descriptions by @lukehinds in #1145
• docs: document diagnostics.suppress_system_services for macOS (#1076) by @SequeI in #1138
• refactor(pull_ui): remove sigstore provenance display by @lukehinds in #1144
• feat: add $PACK_DIR support to session_hooks for store pack support by @intentionally-left-nil in #1073
• fix(cli): accept truthy env values for bool flags by @SequeI in #1136
• fix(linux): trap sendto/sendmsg to prevent AF_UNIX datagram bypass by @caiocdcs in #1096
• chore(project): add new issue template for agent package requests by @lukehinds in #1081
• fix: report the actual blocked operation instead of the readable target path in sandbox denial diagnostics by @mvanhorn in #1150
• chore(deps): bump typify from 0.6.2 to 0.7.0 by @dependabot[bot] in #1156
• chore(deps): bump zeroize from 1.8.2 to 1.9.0 by @dependabot[bot] in #1157
• chore(deps): bump time from 0.3.47 to 0.3.49 by @dependabot[bot] in #1158
• chore(deps): bump chrono from 0.4.44 to 0.4.45 by @dependabot[bot] in #1159
• chore(deps): bump ignore from 0.4.25 to 0.4.26 by @dependabot[bot] in #1160
• fix(proxy): keep connection open for reactive proxy auth on CONNECT by @anugrahsinghal in #1151
• feat(cli): move runtime state to XDG state dirs by @SequeI in #1152
• refactor(diagnostic): move diagnostic UX out of core nono crate by @SequeI in #1155
• chore: release v0.63.0 by @SequeI in #1161

New Contributors

• @intentionally-left-nil made their first contribution in #1079
• @mvanhorn made their first contribution in #1121
• @anugrahsinghal made their first contribution in #1151

Full Changelog: v0.62.0...v0.63.0

v0.62.0

What's Changed

• feat(packaging): add automated AUR package publishing (#917) by @sarovin in #1083

Full Changelog: v0.61.2...v0.62.0

v0.61.2

What's Changed

• chore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 by @dependabot[bot] in #1066
• chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in #1067
• chore(deps): bump jsonschema from 0.46.4 to 0.46.5 by @dependabot[bot] in #1069
• chore(deps): bump rustls-native-certs from 0.8.3 to 0.8.4 by @dependabot[bot] in #1072
• fix(proxy): deny-by-default when network.block is set by @caiocdcs in #1082

Full Changelog: v0.61.1...v0.61.2

v0.61.1

What's Changed

• feat(profile): allow registry refs in profile extends by @lukehinds in #1061

Full Changelog: v0.61.0...v0.61.1

v0.61.0

What's Changed

• refactor(network-policy): do not enable credentials by default in profiles by @lukehinds in #1057
• feat(diagnostic): add profile option to suppress system service diagnostics by @lukehinds in #1059

Full Changelog: v0.60.0...v0.61.0

v0.60.0

What's Changed

• chore(deps): bump shlex from 1.3.0 to 2.0.1 by @dependabot[bot] in #963
• fix: correct Quick Start profile reference in README by @guzalv in #1020
• refactor(profile): extract opencode profile from built-ins by @lukehinds in #1024
• feat: annotate suppressed denials and style save prompt paths by @AnnaXH in #985
• feat(cli): centralize timeout constants and make user-facing timeouts configurable by @SequeI in #981
• feat: support fine-grained method+path restrictions in allow_domain by @panga in #997
• feat(wiring): support jsonc in wiring directives by @lukehinds in #1029
• feat: add --trust-proxy-ca for macos system trust store integration by @panga in #978
• build(rpm): add rpm release artifacts by @Doooooo0o in #1039
• feat(cli): introduce interactive denied path selector by @lukehinds in #1038
• docs(cli): update credential injection with bitwarden and custom keyring by @lukehinds in #1032
• feat: remove libdbus dependency on linux by @lukehinds in #1049
• fix(cli): accept cap file under any known temp root for why --self by @panga in #1055

New Contributors

• @guzalv made their first contribution in #1020
• @Doooooo0o made their first contribution in #1039

Full Changelog: v0.58.0...v0.60.0