Skip to content

v0.1.2 - full security rescan fixes

Choose a tag to compare

View all tags
@rtonf rtonf released this 10 Jun 16:15
· 30 commits to main since this release
v0.1.2
d09832a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.1.2 Release Notes

MaintainerOps AI v0.1.2 packages the full Codex Security rescan fixes and stronger publication checks.

Security

  • Added persist-credentials: false to the active and documented GitHub Actions workflows so PR-controlled npm install/build code cannot read persisted checkout credentials.
  • Expanded redaction coverage for unquoted colon-form credentials such as api_key: secret, access_token: secret, and aws_secret_access_key: secret.
  • Minimized JSON output so raw body, diff, comments, metadata, and file patches are not serialized by default.
  • Added an explicit reusable Action authorized input so GitHub Actions usage does not bypass the CLI authorization UX.

Evidence

  • Published full Codex Security repository-wide rescan report:
    • docs/codex-security/full-rescan-2026-06-11.md
    • docs/codex-security/full-rescan-2026-06-11.html
  • Added package publication checks to npm run verify:
    • npm pack --dry-run
    • publint

Verification

npm run verify

The verification gate passes locally with 8 unit tests, 5 eval cases, 1 UI smoke test, package dry-run, publint, and npm audit --audit-level=moderate.

Assets 2
Loading