Releases: zaks-io/agent-paste
Release list
agent-paste CLI cli-v0.1.10
What's changed
- chore(cli): bump version to 0.1.10 (#582)
- feat(agent-auth): add anonymous claimed flow (#581)
- Fix ephemeral publish links and claim-code attribution (#580)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.9
What's changed
- chore(cli): bump version to 0.1.9 (#579)
- Apex demo prompt, claim-code docs, and CSP-safe support link (#578)
- refactor: break runtime import cycles, promote no-circular to error (#565)
- test: add StrykerJS mutation-testing pilot for high-value packages (#563)
- fix(mcp): widen idempotency args hash to 128-bit to stop silent edit replay (#560)
- Track claim-code activation funnel events (#556)
- feat(apex): unlisted-first ephemeral docs + combined prompt-copy funnel (#552)
- fix(ephemeral): return unlisted publish URL (#549)
- fix(content): allow Tailwind CDN in CSP
- docs(mcp): clarify agent publish recovery flow (#542)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.8
What's changed
- Release CLI title-preserve fix and refresh CLI docs (#541)
- fix(jobs,cli): repair production agent smoke failures (#539)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.7
What's changed
- feat(cli,mcp): standardize unlisted visibility (#537)
- fix(deps): unblock security audit gate (#535)
- fix(api): allow API keys to create Share Links (#534)
- Harden MCP recovery docs and secret rotation (#533)
- feat(cli,mcp): add literal edit surfaces
- Shared revise engine (revise-core) + member private_url + render_mode inheritance (#530)
- feat: git-like revision model — commit chain, server-reconstructed delta, agent read-back (ADR 0088/0089/0090) (#529)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.6
What's changed
- chore(cli): bump to 0.1.6 to ship private_url publish contract (#526)
- Private-first publish: one permanent private link, explicit make_public, unified scopes (#525)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.5
What's changed
- ci(cli-release): scope release notes to bundle closure + bump CLI to 0.1.5 (#523)
- fix(cli): route subcommand --help, unify publish JSON on viewer_url (#521)
- Teach CLI + MCP agents the publish→revise→live-update lifecycle (#520)
- refactor(mcp,contracts): rewire MCP publish onto shared module, return viewer_url (#517)
- fix(api,mcp,contracts): fix list_artifacts 500 on drafts + stop share-link leak (#514)
- refactor(cli,api-client): extract shared runPublish module, rewire CLI onto it (#515)
- test(AP-285): round-trip encrypt→store→read fidelity for artifact-byte consumers (#512)
- fix(contracts): hide operator APIs from public OpenAPI (#513)
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
agent-paste CLI cli-v0.1.4
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
What's Changed
- Docs: route agents to CLI and MCP publish surfaces by @isuttell in #491
- docs: rewrite root and CLI READMEs for first impressions and accuracy by @isuttell in #494
- ci(AP-284): gate PR Validate on pnpm smoke:local by @isuttell in #496
- docs(specs): fix claim semantics drift in ephemeral-publish spec by @isuttell in #499
- feat(cli): lead ephemeral publish output with claim link (AP-315) by @isuttell in #495
- fix(api): preserve persisted render_mode in live updates (AP-288) by @isuttell in #498
- fix(cli): channel-correct signed-out and auth handoff hints by @isuttell in #500
- chore(cli): bump to 0.1.4 and refresh README for release by @isuttell in #501
- fix(web): stabilize route-proxy smoke test Start context under parallel vitest by @isuttell in #502
- Update brand mark assets to transparent orange variants by @isuttell in #505
- fix(jobs): pin byte-purge env-scoped prefixes to worker env (AP-290) by @isuttell in #504
- Fix claimed artifact 404 by migrating workspace blobs on claim reparent (AP-313) by @isuttell in #497
- docs(specs): reconcile data-model.md with revisions schema (AP-293) by @isuttell in #503
- fix(security): unblock attestation on ignored esbuild GHSAs by @isuttell in #507
- Publish security.txt contact metadata on apex by @isuttell in #506
- docs(AP-294): amend stale ADR key-shape claims and add spec sections by @isuttell in #508
Full Changelog: cli-v0.1.3...cli-v0.1.4
agent-paste CLI cli-v0.1.3
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste) and an attached SLSA provenance sidecar (*.intoto.jsonl). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft - review and publish manually. Verify downloads against SHA256SUMS.
What's Changed
- chore(ci): gate code formatting in verify (local + CI) by @isuttell in #451
- Redact internal system/platform actors from tenant audit log by @isuttell in #453
- Unify apex + web on one shared @agent-paste/ui design system by @isuttell in #454
- CLI: skip upgrade download when already on the latest version by @isuttell in #455
- fix(mcp): accept reserved _meta on tools/call envelope by @isuttell in #456
- Rewrite + de-dupe the apex landing page; truthful CLI-output demo by @isuttell in #458
- Turbo-native deploy: one command to deploy any Worker to preview by @isuttell in #457
- Add hot reload workflow for local apex preview by @isuttell in #459
- Make Artifact URL the default live publish handoff by @isuttell in #460
- fix(mcp): align OAuth resource discovery for Codex by @isuttell in #461
- Clarify agent-facing ephemeral publish guidance by @isuttell in #462
- fix(cli): align publish contract and auth retryability by @isuttell in #463
- fix(mcp): return artifact url from publish tools by @isuttell in #464
- fix(web): encode live-proxy path params, reject control chars in auth return path by @isuttell in #465
- Define Artifact State glossary by @isuttell in #473
- fix(viewer): restore live updates and sibling assets by @isuttell in #474
- fix(scripts): smoke-secret provisioning scope, fileURLToPath, spawn error handling, local harness client IP by @isuttell in #468
- fix(mcp,auth): session-scoped idempotency keys, auth challenges, notification handling, working edge cache, retryable WorkOS errors by @isuttell in #470
- fix(cli,contracts,db): make --render-mode real — shared inference map, stored render_mode honored at finalize by @isuttell in #472
- fix(billing): authoritative webhook supersession, orphan adoption, drift normalization, override re-apply by @isuttell in #466
- fix(jobs): decrypt bytes before safety scan, purge bundle objects, retry on kill switch by @isuttell in #467
- fix(db,api): exempt pinned artifacts from expiry/purge, align dashboard token TTL with artifact expiry by @isuttell in #471
- fix(publish): nested-path routing, guard order, idempotency peek contract, allowance key hashing, upload TOCTOU + real put-url expiry by @isuttell in #469
- feat(upload): dedupe publish blobs by workspace by @isuttell in #476
- Make Access Link Signed URL the default live handoff by @isuttell in #475
- fix(content): force PDFs to download, reconcile media disposition with spec by @isuttell in #477
- CLI: rich/plain/json output modes with schema_version + exit codes by @isuttell in #478
- CI-local Postgres smoke for PR preview burn-in by @isuttell in #481
- docs: reconcile launch status by @isuttell in #482
- Make artifact sharing explicit by default by @isuttell in #483
- chore(skills): refresh workflow skills from zaks-io/skills (AP-298) by @isuttell in #480
- Fix Access Link viewer CSP nonce for hydration by @isuttell in #484
- Fix deploy Turbo cache reuse across hosted deploy workflows by @isuttell in #485
- Reframe apex demo around agent-paste.sh prompt by @isuttell in #486
- feat(web): add floating Access Link brand bar by @isuttell in #487
- fix(ci): cache security scanner CLIs and vulnerability DBs by @isuttell in #488
- fix(web): cache the wrangler deploy-config redirect with the build by @isuttell in #489
- fix(cli): stop buffering files in walkLocalPath for unused sha256 (AP-292) by @isuttell in #479
- fix(api): make ephemeral PoW difficulty env-tunable; lower it in the local harness by @isuttell in #490
- docs(cli): align README with shipped CLI surface before 0.1.3 release by @isuttell in #492
- docs(apex): teach agents to check whoami JSON, not its exit code by @isuttell in #493
Full Changelog: cli-v0.1.2...cli-v0.1.3
agent-paste CLI cli-v0.1.2
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft — review and publish manually. Verify downloads against SHA256SUMS.
What's Changed
- fix(cli): detect bun standalone binaries by @isuttell in #448
- fix(release): attach cli provenance sidecars by @isuttell in #450
Full Changelog: cli-v0.1.1...cli-v0.1.2
agent-paste CLI cli-v0.1.1
Standalone CLI binaries cross-compiled with bun build --compile. macOS binary is codesigned + notarized. Each binary carries a GitHub build-provenance attestation (verify: gh attestation verify <binary> --repo zaks-io/agent-paste). A CycloneDX SBOM of exactly what is compiled into the binary (agent-paste-cli.sbom.cdx.json), a blocking grype scan report (agent-paste-cli.grype.json), scanner/DB versions (scan-metadata.json), and repo security attestation bundle (repo-security-attestation.tgz) are attached. Draft — review and publish manually. Verify downloads against SHA256SUMS.
What's Changed
Full Changelog: cli-v0.1.0...cli-v0.1.1