Skip to content

OACB v0.2.1 (beta)

Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 08 Jun 18:23
8ed8d1d

Beta release. OACB is under active development. Interfaces may change before v1.0.0. Pin a specific tag (v0.2.1) in fleet deployments.

Hotfix from v0.2.0

This release fixes a critical regression in v0.2.0: unbound oacb apply --agent claude-code (CLI install path) failed open silently on every Bash tool call because oacb-enforce.sh sourced its shared core from /usr/local/share/oacb/shared (MDM-only path) that CLI installs don't populate. The hook errored exit 1, which Claude Code treats as a soft error — the command proceeded.

What changed:

  • baseline/claude-code/hooks/oacb-enforce.sh now falls back to the directory containing the hook script itself when the MDM default is unavailable. MDM deployments retain existing behavior.
  • A diagnostic audit-log entry (rule: OACB-MDM-FALLBACK) + stderr breadcrumb fires when the fallback triggers, so fleet operators can detect mis-configured MDM paths. Suppress with OACB_DISABLE_FALLBACK_WARN=1.
  • All hook OACB_VERSION strings + managed-settings _oacb.version fields bumped 0.2.00.2.1 for forensic consistency.

A companion unbound-cli PR (#44) installs the shared core for claude-code and sets OACB_SHARED_DIR in the settings.json env block — belt-and-suspenders coverage for both old and new hook code paths.

Upgrade path: unbound oacb apply --agent claude-code --tier <your-tier> will fetch v0.2.1 hooks once unbound-cli is bumped to consume the new tag (or set OACB_PINNED_REF=v0.2.1 explicitly).


What's Changed

Full Changelog: v0.2.0...v0.2.1