Skip to content

Releases: Luvion1/naru

v0.7.0

Choose a tag to compare

@github-actions github-actions released this 18 Mar 10:12

Changelog

All notable changes to this project will be documented in this file.

[0.6.6] - 2026-03-16

Added

  • Doctor Command: New naru doctor command for diagnosing common setup issues

    • Checks Naru directory existence
    • Validates configuration file integrity
    • Verifies schema file validity
    • Checks encryption key configuration and strength
    • Inspects audit log status
    • Analyzes file permissions (Unix systems)
    • Verifies project integrity and file locks
    • Provides actionable recommendations for issues found
  • Statistics Command: New naru stats command for project analytics

    • Project information overview
    • Environment statistics with entry counts
    • Value type distribution analysis
    • Security statistics (secrets vs non-secrets)
    • Schema field analysis
    • Audit log metrics
    • Beautiful formatted output with color-coded sections

Tests

  • Added comprehensive unit tests for Doctor command (4 tests)
  • Added comprehensive unit tests for Stats command (3 tests)
  • All tests passing with 100% success rate

[0.6.5] - 2026-03-16

Added

  • FileStorage Module: New FileStorage struct in src/core/storage.rs with full CRUD operations:
    • new(), ensure_dir(), exists(), read(), write(), delete()
    • list_files(), copy(), move_file(), get_size()
    • Includes comprehensive unit tests (6 tests)
  • EnvVarGuard: Safe pattern for managing environment variables in tests (replaces unsafe { env::set_var })

Bug Fixes

  • Export Error Handling: Fixed missing error return for unsupported export formats in src/commands/export.rs
  • Persistence Tests: Replaced 3 instances of unsafe env var manipulation with safe EnvVarGuard pattern

Improvements

  • Removed duplicate derive_key_secure function in src/core/crypto.rs
  • Updated dependencies in Cargo.toml

[0.6.4] - 2026-03-16

Fixed

  • Duplicate code in crypto.rs - removed redundant derive_key_secure function

[0.6.3] - 2026-03-15

Added

  • Search Command: New naru search <query> command to find configuration keys and values across environments
    • Filter by environment with --env <name>
    • Show values in results with --values flag

Bug Fixes

  • FileLock Cleanup: Fixed lock file not being deleted after release in Drop implementation
  • FileLock Access: Made path field private with getter method for better encapsulation
  • Unused Imports: Cleaned up unused imports across command modules
  • Deprecated Functions: Added #[allow(dead_code)] to suppress warnings for deprecated save_json/load_json

Improvements

  • Clean build with zero warnings
  • Enhanced atomic operations for concurrent safety

[0.6.2] - 2026-03-15

Bug Fixes

  • Race Condition: Fixed data loss during concurrent writes by adding global mutex lock in locking.rs
  • Audit Log Integrity: Fixed audit verification failure after concurrent operations by properly scoping file locks
  • Config File Creation: Auto-create config file if not exists before locking to prevent "No such file" errors
  • Secret Encryption Hang: Removed blocking rate limiter from key derivation (Argon2 provides sufficient protection)
  • Backup Extension: Fixed misleading .tar.gz extension - now correctly uses .json with warning

Improvements

  • Added retry logic with exponential backoff for file locking
  • Enhanced error messages for better debugging

[0.6.1] - 2026-03-15

Security Fixes

  • Race Condition Prevention: Added deprecation warnings to save_json() and load_json() in favor of atomic operations (atomic_update_config(), lock_file())
  • Key Zeroization: Implemented secure memory zeroization for encryption keys using zeroize crate in derive_key(), derive_key_secure(), encrypt_data(), and decrypt_data()
  • Weak Key Detection: Enhanced is_key_too_weak() with comprehensive checks for sequential patterns, alternating patterns, and low entropy keys
  • Secure Memory Allocation: Added Zeroizing wrapper for plaintext buffers during encryption/decryption operations
  • Unicode Normalization: Added early null byte detection before Unicode normalization in validate_config_key() and validate_environment_name()
  • Helper Functions: Added normalize_config_key() and normalize_environment_name() for consistent Unicode storage

Fixed

  • Integer overflow test setup issue in penetration tests
  • All 257 tests passing (100% test suite success rate)

Deprecated

  • save_json(): Use atomic_update_config() for config files to prevent race conditions
  • load_json(): Use atomic_read_config() or lock_file() for safer concurrent access

[0.6.0] - 2026-03-15

Added

  • Path traversal protection with Unicode normalization
  • Argon2 key derivation for enhanced security
  • Rate limiting for decryption operations
  • Internal sanitize_file_path_internal for test compatibility
  • Comprehensive penetration testing suite (8 exploit scenarios)
  • Deep security analysis tests (race conditions, DoS, info leaks)

Fixed

  • CRITICAL: Fixed 10 failing tests in penetration and security test suites
  • Removed unused TooManyAttempts variant from RateLimitError
  • Dead code cleanup in test files
  • Clippy warnings and formatting issues
  • Race condition test failures with proper error handling
  • Directory traversal test false positives
  • Schema test edge cases with many fields

Test Improvements

  • Replaced binary command calls with direct API calls for reliability
  • Added proper NARU_ENCRYPTION_KEY setup for integration tests
  • Fixed directory cleanup to prevent use-after-move errors
  • Implemented safe option chaining pattern across all tests
  • Test result: 257 passed, 0 failed (was: 247 passed, 10 failed)

[0.5.0] - 2026-03-13

Security

  • Enhanced path sanitization to prevent directory traversal attacks
  • Improved error handling for security-critical operations

[0.4.0] - 2026-01-29

Added

  • Advanced validation rules for configuration values
  • Tamper-evident audit logging system with integrity checks
  • Sensitive value masking in audit logs

Fixed

  • Test race conditions in concurrent environments
  • Core module stability and error handling improvements

[0.3.0] - 2026-01-29

Added

  • New brand identity with a modern SVG logo and mascot
  • Comprehensive documentation suite (Guides, Components, Reference)

[0.2.0] - 2026-01-25

Added

  • Advanced validation rules for configuration values.
  • Tamper-evident audit logging system with integrity checks.
  • Sensitive value masking in audit logs.
  • New brand identity with a modern SVG logo and mascot.
  • Comprehensive documentation suite (Guides, Components, Reference).

Fixed

  • Test race conditions in concurrent environments.
  • Core module stability and error handling improvements.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.

v0.6.5

Choose a tag to compare

@Luvion1 Luvion1 released this 16 Mar 07:43

What's New

  • Added FileStorage module with full CRUD operations
  • Added EnvVarGuard for safe environment variable handling in tests
  • Fixed export error handling for unsupported formats
  • Fixed unsafe env var usage in persistence tests
  • Removed duplicate derive_key_secure function
  • Updated dependencies

v0.6.4 Release

Choose a tag to compare

@Luvion1 Luvion1 released this 16 Mar 04:51

Release v0.6.4

Changes:

  • Fix duplicate code in crypto.rs (remove derive_key_secure)
  • Implement storage.rs module with FileStorage
  • Fix unsafe env var handling in tests with EnvVarGuard
  • Fix error handling in export.rs for unsupported format
  • Update dependencies: anyhow, clap, thiserror, chrono, zeroize, tempfile

v0.6.1 - Security Hardening Patch

Choose a tag to compare

@Luvion1 Luvion1 released this 15 Mar 07:03

Security Improvements

Race Condition Prevention

  • Added deprecation warnings to save_json() and load_json()
  • Recommend using atomic_update_config(), atomic_read_config(), or lock_file() for safer concurrent access

Key Zeroization

  • Implemented secure memory zeroization for encryption keys using zeroize crate
  • Applied to derive_key(), derive_key_secure(), encrypt_data(), and decrypt_data()

Weak Key Detection

  • Enhanced is_key_too_weak() with comprehensive checks:
    • Sequential patterns (ascending/descending)
    • Alternating patterns (0xAA, 0x55...)
    • Low entropy keys (< 8 unique bytes)
    • Half zeros or half 0xFF (> 24 bytes)

Secure Memory Allocation

  • Added Zeroizing wrapper for plaintext buffers during encryption/decryption

Unicode Normalization

  • Early null byte detection before Unicode normalization
  • Added normalize_config_key() and normalize_environment_name() helpers

Test Results

  • ✅ All 257 tests passing (100% success rate)

Installation

cargo install naru-config

Deprecated APIs

  • save_json() → use atomic_update_config() instead
  • load_json() → use atomic_read_config() or lock_file() instead

v0.6.0 - Security & Features Release

Choose a tag to compare

@Luvion1 Luvion1 released this 13 Mar 15:41

Changelog

All notable changes to this project will be documented in this file.

[0.2.0] - 2026-01-29

Added

  • Advanced validation rules for configuration values.
  • Tamper-evident audit logging system with integrity checks.
  • Sensitive value masking in audit logs.
  • New brand identity with a modern SVG logo and mascot.
  • Comprehensive documentation suite (Guides, Components, Reference).

Fixed

  • Test race conditions in concurrent environments.
  • Core module stability and error handling improvements.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.

v0.5.0 - Security Hardening Release

Choose a tag to compare

@Luvion1 Luvion1 released this 14 Feb 17:10

Changelog

All notable changes to this project will be documented in this file.

[0.2.0] - 2026-01-29

Added

  • Advanced validation rules for configuration values.
  • Tamper-evident audit logging system with integrity checks.
  • Sensitive value masking in audit logs.
  • New brand identity with a modern SVG logo and mascot.
  • Comprehensive documentation suite (Guides, Components, Reference).

Fixed

  • Test race conditions in concurrent environments.
  • Core module stability and error handling improvements.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 29 Jan 16:54

Changelog

All notable changes to this project will be documented in this file.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.

v0.2

Choose a tag to compare

@github-actions github-actions released this 29 Jan 17:04

Changelog

All notable changes to this project will be documented in this file.

[0.2.0] - 2026-01-29

Added

  • Advanced validation rules for configuration values.
  • Tamper-evident audit logging system with integrity checks.
  • Sensitive value masking in audit logs.
  • New brand identity with a modern SVG logo and mascot.
  • Comprehensive documentation suite (Guides, Components, Reference).

Fixed

  • Test race conditions in concurrent environments.
  • Core module stability and error handling improvements.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.

v0.1.0 - Initial Stable Release

Choose a tag to compare

@Luvion1 Luvion1 released this 25 Jan 11:56

Changelog

All notable changes to this project will be documented in this file.

[0.1.0] - 2026-01-25

Added

  • Initial release of Naru.
  • AES-256-GCM encryption for secret values.
  • Schema validation support (String, Integer, Boolean).
  • Multi-environment support (dev, staging, prod).
  • Audit logging system with sensitive value masking.
  • Import/Export functionality for .env, JSON, and YAML.
  • Interactive schema wizard.
  • Professional GitHub CI/CD workflows and documentation.