Skip to content

v0.4.0

Choose a tag to compare

View all tags
@clauster-ci clauster-ci released this 04 Jun 17:29
Immutable release. Only release title and notes can be modified.
v0.4.0
59b8625
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed in v0.4.0

Highlights: signed releases (Sigstore-signed wheels/sdists on every GitHub Release), a per-launch standard / pty resume-mode picker, reboot-orphan bridge recovery, a cost-badge privacy toggle, and a broad UTF-8 file-I/O hardening pass.

Features

  • Per-launch resume-mode picker — choose standard or pty true-resume per bridge from the spawn controls (#103)
  • Resume UX — "Restart" renamed to Resume, plus a warned "Start new session" action (#101)
  • Reboot-orphan recovery — after a host reboot, a discovered-but-dead bridge is resurfaced as a resumable stopped card instead of being silently dropped (#110)
  • Cost-badge privacy toggleusage.show_cost: false hides the per-project cost badge and skips the usage fetch (screen-share / demos); cost-figure provenance now documented (#121)

Bug Fixes

  • Bridge mode is an instance property — editing claude.resume_mode no longer silently re-modes an already-running/stopped bridge; stop/resume honor the mode it launched with (#100)
  • UTF-8 file I/O — explicit encoding="utf-8" on all file reads/writes, and a fix for an uncaught UnicodeDecodeError (it's a ValueError, not caught by except OSError) that could drop bridge-log markers or break malformed-input handling across several readers (#122)
  • PID-reuse window tightened in is_live_bridge so a stop signal can't reach an unrelated reused PID (#104)
  • Recap prompt-injection hardening — the recap boundary is now un-forgeable (SENTINEL-anchored) (#105)
  • ~/.claude.json lost-update guard — the read-modify-write is flock-serialized so concurrent writers can't clobber each other's trust/remote-control state (#108)

Performance

  • Test suite ~48s → ~14s on CI via pytest-xdist parallelism (#111)

Supply chain & CI

  • Signed Releases (OpenSSF Scorecard) — release sdist/wheel are now Sigstore-signed and attached to the GitHub Release via an immutable draft→sign→publish flow (#114)
  • PR-review setup: CodeRabbit as the automatic reviewer, Claude as an on-demand @claude backup; calibrated .coderabbit.yaml (#113, #116, #117, #119, #120)
  • codecov.yml tuned to best practice; Codecov upload skipped on release PRs (#115, #109)
  • Trivy image scan moved to main-push + cron (faster PRs) (#112)

Tests

  • End-to-end clone-pipeline test (POST → background task → WebSocket progress) (#106)
  • win32 pty-mode guard coverage (#107)

Full Changelog: v0.3.0...v0.4.0

Assets 7
Loading