Releases: rtonf/maintainerops-ai
v0.1.6 - Action runtime hardening
v0.1.6 Action Runtime Hardening
Date: 2026-06-15
Summary
This GitHub Action release publishes the post-application hardening work that landed after v0.1.5.
The npm package remains maintainerops-ai@0.1.4; this release is for the GitHub Action and Marketplace channel.
Changes
- Run the GitHub Action from the prebuilt
dist-action/index.jsbundle. - Remove response bodies from GitHub API exception messages.
- Cap pull request changed-file pagination at 3,000 files to avoid unbounded API calls.
- Add runtime validation for model assessment packets:
riskLevelrecommendedAction- confidence range
- string array fields
- evidence entries
- Add unit tests for GitHub API error redaction, pagination cap behavior, and assessment enum validation.
- Sanitize public Codex Security reports so local Windows user paths are not exposed.
- Refresh README and Marketplace examples to point at
v0.1.6.
Verification
npm run verify- GitHub Actions manual run:
https://github.com/rtonf/maintainerops-ai/actions/runs/27464546983 - Local path search against
docs/codex-security/: no local user path matches.
Publication Note
After creating the GitHub Release, publish v0.1.6 to GitHub Marketplace from the Release UI so the Marketplace listing moves from v0.1.5 to v0.1.6.
v0.1.5 - Marketplace README refresh
v0.1.5 Marketplace README Refresh
Date: 2026-06-13
Summary
This GitHub Action release prepares a Marketplace-facing README refresh and records post-application maintenance evidence after the Codex for Open Source submission.
The npm package remains maintainerops-ai@0.1.4; this release updates the GitHub Action/Marketplace channel.
Changes
- Update Marketplace-facing README evidence to show npm
0.1.4as published. - Keep the Marketplace Action usage example on the latest Action tag.
- Record post-application maintenance checks and publication status.
- Add a 2026-06-13 maintenance log.
Verification
npm run verifynpm view maintainerops-ai version dist-tags time --json- GitHub Marketplace page check:
https://github.com/marketplace/actions/maintainerops-ai
Publication Note
The GitHub Release exists at v0.1.5. If the Marketplace page still displays v0.1.4, publish this release to Marketplace from the GitHub Release UI.
Feedback
Marketplace and external users are asked to leave feedback on Issue #6:
v0.1.4 - Action hardening and Marketplace feedback path
v0.1.4 Hardening Release
Date: 2026-06-12
Summary
This release publishes the hardening work merged in PR #10 and prepares the GitHub Action for Marketplace feedback collection.
Changes
- Paginate GitHub pull request files so review packets include files beyond the first 100 changed files.
- Fail fast when the GitHub Action receives an unsupported mode or missing required inputs.
- Move web UI dependencies out of runtime npm dependencies.
- Update repository workflows and examples to Node 24 and first-party GitHub Actions v6.
- Narrow public wording around security/release inputs so it matches the current implementation.
- Add Codex Security diff scan evidence for the hardening patch.
Verification
npm run verify- PR-triggered GitHub Actions run for PR #10
- Codex Security diff scan:
docs/codex-security/action-hardening-diff-scan-2026-06-12.md
Feedback
Marketplace and external users are asked to leave feedback on Issue #6:
v0.1.3 - Marketplace cleanup and package hygiene
v0.1.3 Release Notes
MaintainerOps AI v0.1.3 prepares the project for GitHub Marketplace publication and trims public/package noise.
Changes
- Converted
action.ymlto a composite Action so Marketplace users can run the Action from a GitHub tag without committing generateddist/files to the repository. - Added an
offlineAction input and updated README/Marketplace examples to useoffline: truefor no-secret public triage. - Removed public cleanup candidates:
design/security-review-workbench-reference.pngdesign-qa.mddocs/application-draft.md
- Narrowed npm package contents so generated tests, eval runner output, and source maps are excluded from the package tarball.
- Added publication audit and exposure scan evidence.
Verification
git diff --check
npm run verify
npm pack --dry-run --jsonnpm run verify passes with typecheck, lint, format check, unit tests, Playwright UI smoke test, evals, package dry run, publint, and npm audit.
v0.1.2 - full security rescan fixes
v0.1.2 Release Notes
MaintainerOps AI v0.1.2 packages the full Codex Security rescan fixes and stronger publication checks.
Security
- Added
persist-credentials: falseto the active and documented GitHub Actions workflows so PR-controlled npm install/build code cannot read persisted checkout credentials. - Expanded redaction coverage for unquoted colon-form credentials such as
api_key: secret,access_token: secret, andaws_secret_access_key: secret. - Minimized JSON output so raw body, diff, comments, metadata, and file patches are not serialized by default.
- Added an explicit reusable Action
authorizedinput so GitHub Actions usage does not bypass the CLI authorization UX.
Evidence
- Published full Codex Security repository-wide rescan report:
docs/codex-security/full-rescan-2026-06-11.mddocs/codex-security/full-rescan-2026-06-11.html
- Added package publication checks to
npm run verify:npm pack --dry-runpublint
Verification
npm run verifyThe verification gate passes locally with 8 unit tests, 5 eval cases, 1 UI smoke test, package dry-run, publint, and npm audit --audit-level=moderate.
v0.1.1 - npm publication evidence
MaintainerOps AI v0.1.1
Patch release after npm publication.
Changes
- Documents npm installation and package URL in README.
- Removes accidental local npm authentication helper dependency from the package manifest.
- Keeps the published package lean: CLI dist, examples, README, license, security policy, eval docs, and action metadata.
Verification
npm run verifypassed.npm publish --dry-run --access publicpassed.maintainerops-ai@0.1.1is published as the npm latest version.
v0.1.0 - Initial MaintainerOps AI release
MaintainerOps AI v0.1.0
Initial public release for the Codex for Open Source application.
Highlights
- GitHub-aware CLI for PR and issue review packets.
- OpenAI Responses API structured output with JSON Schema.
- Offline heuristic fallback for deterministic demos and CI.
- React/Vite Security Review Workbench prototype with README GIF demo.
- Public triage example issues: #1, #2, and #3.
- Usage log and improvement history for application evidence.
- Codex Security scan report and focused fix report published in
docs/codex-security/. - Verification tooling:
npm run verifyruns type checks, lint, format check, unit tests, UI smoke tests, evals, and npm audit.
Safety posture
- Human-in-the-loop by default.
- No auto-merge, auto-close, release publishing, or unauthorized scanning.
- Pull request CI example runs without
OPENAI_API_KEY. - Structured secret redaction and GitHub Actions stdout command neutralization.
npm status
The package name maintainerops-ai is available, but npm publication is pending npm account authentication on the local machine.