Releases: tiagosilva07/zyrax-guard
Release list
v0.9.1
What's Changed
- docs: simpler install + honest README (drop inactive maintainer-change claim) by @tiagosilva07 in #71
- feat: MCP tool-description normalization + --require-signature upgrade flag by @tiagosilva07 in #72
- release: v0.9.1 by @tiagosilva07 in #74
Full Changelog: v0.9.0...v0.9.1
v0.9.0
What's Changed
- docs(readme): drop waitlist CTA (site no longer has a waitlist) by @tiagosilva07 in #61
- docs: sync README waitlist-CTA fix to main by @tiagosilva07 in #62
- feat: update detection + one-step MCP install by @tiagosilva07 in #63
- fix(P0): fail closed on undetermined verdict (ERROR) by @tiagosilva07 in #64
- feat(P1): retries/backoff + MCP panic recovery by @tiagosilva07 in #65
- feat(P1): security hardening (cosign upgrade, redirect scheme, version validation, zip-bomb cap) by @tiagosilva07 in #66
- chore(P2): CI gates + docs hardening by @tiagosilva07 in #67
- feat: deterministic agentsec detection hardening (Tier 1-3) by @tiagosilva07 in #68
- docs(roadmap): expand v0.9.0 for the upcoming release by @tiagosilva07 in #69
- release: v0.9.0 by @tiagosilva07 in #70
Full Changelog: v0.8.2...v0.9.0
v0.8.2
What's Changed
- fix(ci): idempotent npm publish + ./ path for main package by @tiagosilva07 in #57
- release(ci): idempotent npm publish + ./ main path by @tiagosilva07 in #58
- docs(npm): README on each platform package by @tiagosilva07 in #59
- release: v0.8.2 — platform package READMEs by @tiagosilva07 in #60
Full Changelog: v0.8.1...v0.8.2
v0.8.1
What's Changed
- fix(ci): publish/homebrew via workflow_run + workflow_dispatch by @tiagosilva07 in #53
- release(ci): fix publish triggers (workflow_run + dispatch) by @tiagosilva07 in #54
- fix(npm): scope platform packages to @tiagosilva07 (avoid spam filter) by @tiagosilva07 in #55
- release: v0.8.1 — scoped npm platform packages by @tiagosilva07 in #56
Full Changelog: v0.8.0...v0.8.1
v0.8.0
What's Changed
- docs: re-point headline to agent-config auditing by @tiagosilva07 in #47
- feat: audit agent configs in CI (scan-agents SARIF + Action) by @tiagosilva07 in #48
- feat: npm wrapper + official MCP registry listing by @tiagosilva07 in #49
- feat: Homebrew tap (formula generator + gated auto-bump) by @tiagosilva07 in #50
- fix(npm): unscoped platform packages (no npm org required) by @tiagosilva07 in #51
- release: v0.8.0 — agent-config pivot + scan-agents CI + npm/MCP/Homebrew by @tiagosilva07 in #52
Full Changelog: v0...v0.8.0
v0.7.2
What's Changed
- docs: bump example action versions off Node-20 majors by @tiagosilva07 in #45
- release: v0.7.2 — refresh example action versions in docs by @tiagosilva07 in #46
Full Changelog: v0.7.1...v0.7.2
v0.7.1
What's Changed
- chore(ci): bump actions to Node-24 majors + disable no-op Go cache by @tiagosilva07 in #42
- docs(readme): split MCP-setup & CI recipes into docs/, slim README 659→482 by @tiagosilva07 in #43
- release: v0.7.1 — CI action bumps + README restructure by @tiagosilva07 in #44
Full Changelog: v0.7.0...v0.7.1
v0.7.0
What's Changed
- Feature/scan agents release by @tiagosilva07 in #36
- Feature/scan agents release (#36) by @tiagosilva07 in #37
- docs(readme): document Phase 2 scan-agents detections by @tiagosilva07 in #38
- docs(readme): refresh roadmap to real versions + v0.8 plan by @tiagosilva07 in #40
- docs(readme): precise per-version roadmap + Configuration section by @tiagosilva07 in #41
- release: v0.7.0 — scan-agents Phase 2 detections + docs by @tiagosilva07 in #39
Full Changelog: v0.6.1...v0.7.0
v0.6.1: GitHub Action and one-line install
What's new
Zyrax Guard now plugs straight into CI and installs in one line.
GitHub Action
Gate every pull request. Drop Guard into a workflow and it checks the dependencies a PR adds. If one is a typosquat, known malware, a hallucinated name, or ships a risky install script, the check fails before it merges. Works with npm, PyPI, and crates.io.
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: tiagosilva07/zyrax-guard@v0
with:
ecosystem: npm # npm | pypi | cratesOne-line install (Linux / macOS)
curl -fsSL https://raw.githubusercontent.com/tiagosilva07/zyrax-guard/main/scripts/install.sh | shDownloads the signed binary for your OS/arch and verifies its SHA-256 (and the cosign signature when cosign is on your PATH).
Verify
Every binary is signed with keyless cosign and SLSA build provenance, and an SPDX SBOM is attached:
cosign verify-blob --bundle zyrax-guard-linux-amd64.cosign.bundle zyrax-guard-linux-amd64Supersedes v0.6.0 (action description shortened to meet the Marketplace 125-character limit; no CLI behavior change).
v0.6.0
What's Changed
- docs: add zyrax.io website link by @tiagosilva07 in #25
- refactor(check): cut installBody cyclomatic complexity (20 → 4) by @tiagosilva07 in #26
- release: website link + complexity fix by @tiagosilva07 in #27
- feat: GitHub Action + curl|sh installer by @tiagosilva07 in #28
- style: trim narration comments from install.sh by @tiagosilva07 in #29
- docs: pin Action examples to @v0.6.0 by @tiagosilva07 in #30
- release: v0.6.0 — GitHub Action + curl|sh installer by @tiagosilva07 in #31
Full Changelog: https://github.com/tiagosilva07/zyrax-guard/commits/v0.6.0