v1.3.0 — power_core package, security hardening, CI/CD
What's New in v1.3.0
Critical Security Fixes
- Path Traversal vulnerability fixed in MCP server
vault_pathparameter - YAML injection prevention via Pydantic validation and string escaping
- Input validation for all MCP tool parameters
Architecture
- New
power_core/package — shared library with Pydantic v2 schemas, safe YAML parser, atomic writes - Eliminated code duplication — MCP server and CLI scripts now use
power_core - Atomic writes prevent data corruption from interrupted writes
Testing & CI/CD
- 79 pytest tests with fixtures for comprehensive coverage
- GitHub Actions CI — automated pytest, ruff lint, mypy type check
- GitHub Actions Release — auto-release on tag push
New Scripts
scripts/sync-brain.sh— Cron auto-sync with GPG signing supportscripts/cleanup_branches.py— Automated merged branch cleanup via GitHub API
Infrastructure
pyproject.toml— Dependencies, tool configs, package metadata.gitignore— Security rules (secrets, caches, DBs)LICENSE— MIT LicenseCONTRIBUTING.md— Development workflowCHANGELOG.md— Version history
Validation
- 79/79 tests passed
- ruff: all checks passed
- mypy: no issues found
- GPG-signed commits
What's Changed
- feat: v1.3.0 — power_core package, security hardening, CI/CD by @weby-homelab in #1
New Contributors
- @weby-homelab made their first contribution in #1
Full Changelog: v1.2.2...v1.3.0