Releases: Luvion1/naru
Releases · Luvion1/naru
Release list
v0.7.0
Changelog
All notable changes to this project will be documented in this file.
[0.6.6] - 2026-03-16
Added
-
Doctor Command: New
naru doctorcommand for diagnosing common setup issues- Checks Naru directory existence
- Validates configuration file integrity
- Verifies schema file validity
- Checks encryption key configuration and strength
- Inspects audit log status
- Analyzes file permissions (Unix systems)
- Verifies project integrity and file locks
- Provides actionable recommendations for issues found
-
Statistics Command: New
naru statscommand for project analytics- Project information overview
- Environment statistics with entry counts
- Value type distribution analysis
- Security statistics (secrets vs non-secrets)
- Schema field analysis
- Audit log metrics
- Beautiful formatted output with color-coded sections
Tests
- Added comprehensive unit tests for Doctor command (4 tests)
- Added comprehensive unit tests for Stats command (3 tests)
- All tests passing with 100% success rate
[0.6.5] - 2026-03-16
Added
- FileStorage Module: New
FileStoragestruct insrc/core/storage.rswith full CRUD operations:new(),ensure_dir(),exists(),read(),write(),delete()list_files(),copy(),move_file(),get_size()- Includes comprehensive unit tests (6 tests)
- EnvVarGuard: Safe pattern for managing environment variables in tests (replaces
unsafe { env::set_var })
Bug Fixes
- Export Error Handling: Fixed missing error return for unsupported export formats in
src/commands/export.rs - Persistence Tests: Replaced 3 instances of unsafe env var manipulation with safe
EnvVarGuardpattern
Improvements
- Removed duplicate
derive_key_securefunction insrc/core/crypto.rs - Updated dependencies in Cargo.toml
[0.6.4] - 2026-03-16
Fixed
- Duplicate code in crypto.rs - removed redundant
derive_key_securefunction
[0.6.3] - 2026-03-15
Added
- Search Command: New
naru search <query>command to find configuration keys and values across environments- Filter by environment with
--env <name> - Show values in results with
--valuesflag
- Filter by environment with
Bug Fixes
- FileLock Cleanup: Fixed lock file not being deleted after release in
Dropimplementation - FileLock Access: Made
pathfield private with getter method for better encapsulation - Unused Imports: Cleaned up unused imports across command modules
- Deprecated Functions: Added
#[allow(dead_code)]to suppress warnings for deprecatedsave_json/load_json
Improvements
- Clean build with zero warnings
- Enhanced atomic operations for concurrent safety
[0.6.2] - 2026-03-15
Bug Fixes
- Race Condition: Fixed data loss during concurrent writes by adding global mutex lock in
locking.rs - Audit Log Integrity: Fixed audit verification failure after concurrent operations by properly scoping file locks
- Config File Creation: Auto-create config file if not exists before locking to prevent "No such file" errors
- Secret Encryption Hang: Removed blocking rate limiter from key derivation (Argon2 provides sufficient protection)
- Backup Extension: Fixed misleading
.tar.gzextension - now correctly uses.jsonwith warning
Improvements
- Added retry logic with exponential backoff for file locking
- Enhanced error messages for better debugging
[0.6.1] - 2026-03-15
Security Fixes
- Race Condition Prevention: Added deprecation warnings to
save_json()andload_json()in favor of atomic operations (atomic_update_config(),lock_file()) - Key Zeroization: Implemented secure memory zeroization for encryption keys using
zeroizecrate inderive_key(),derive_key_secure(),encrypt_data(), anddecrypt_data() - Weak Key Detection: Enhanced
is_key_too_weak()with comprehensive checks for sequential patterns, alternating patterns, and low entropy keys - Secure Memory Allocation: Added
Zeroizingwrapper for plaintext buffers during encryption/decryption operations - Unicode Normalization: Added early null byte detection before Unicode normalization in
validate_config_key()andvalidate_environment_name() - Helper Functions: Added
normalize_config_key()andnormalize_environment_name()for consistent Unicode storage
Fixed
- Integer overflow test setup issue in penetration tests
- All 257 tests passing (100% test suite success rate)
Deprecated
save_json(): Useatomic_update_config()for config files to prevent race conditionsload_json(): Useatomic_read_config()orlock_file()for safer concurrent access
[0.6.0] - 2026-03-15
Added
- Path traversal protection with Unicode normalization
- Argon2 key derivation for enhanced security
- Rate limiting for decryption operations
- Internal
sanitize_file_path_internalfor test compatibility - Comprehensive penetration testing suite (8 exploit scenarios)
- Deep security analysis tests (race conditions, DoS, info leaks)
Fixed
- CRITICAL: Fixed 10 failing tests in penetration and security test suites
- Removed unused
TooManyAttemptsvariant fromRateLimitError - Dead code cleanup in test files
- Clippy warnings and formatting issues
- Race condition test failures with proper error handling
- Directory traversal test false positives
- Schema test edge cases with many fields
Test Improvements
- Replaced binary command calls with direct API calls for reliability
- Added proper
NARU_ENCRYPTION_KEYsetup for integration tests - Fixed directory cleanup to prevent use-after-move errors
- Implemented safe option chaining pattern across all tests
- Test result: 257 passed, 0 failed (was: 247 passed, 10 failed)
[0.5.0] - 2026-03-13
Security
- Enhanced path sanitization to prevent directory traversal attacks
- Improved error handling for security-critical operations
[0.4.0] - 2026-01-29
Added
- Advanced validation rules for configuration values
- Tamper-evident audit logging system with integrity checks
- Sensitive value masking in audit logs
Fixed
- Test race conditions in concurrent environments
- Core module stability and error handling improvements
[0.3.0] - 2026-01-29
Added
- New brand identity with a modern SVG logo and mascot
- Comprehensive documentation suite (Guides, Components, Reference)
[0.2.0] - 2026-01-25
Added
- Advanced validation rules for configuration values.
- Tamper-evident audit logging system with integrity checks.
- Sensitive value masking in audit logs.
- New brand identity with a modern SVG logo and mascot.
- Comprehensive documentation suite (Guides, Components, Reference).
Fixed
- Test race conditions in concurrent environments.
- Core module stability and error handling improvements.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.
v0.6.5
What's New
- Added FileStorage module with full CRUD operations
- Added EnvVarGuard for safe environment variable handling in tests
- Fixed export error handling for unsupported formats
- Fixed unsafe env var usage in persistence tests
- Removed duplicate derive_key_secure function
- Updated dependencies
v0.6.4 Release
Release v0.6.4
Changes:
- Fix duplicate code in crypto.rs (remove derive_key_secure)
- Implement storage.rs module with FileStorage
- Fix unsafe env var handling in tests with EnvVarGuard
- Fix error handling in export.rs for unsupported format
- Update dependencies: anyhow, clap, thiserror, chrono, zeroize, tempfile
v0.6.1 - Security Hardening Patch
Security Improvements
Race Condition Prevention
- Added deprecation warnings to
save_json()andload_json() - Recommend using
atomic_update_config(),atomic_read_config(), orlock_file()for safer concurrent access
Key Zeroization
- Implemented secure memory zeroization for encryption keys using
zeroizecrate - Applied to
derive_key(),derive_key_secure(),encrypt_data(), anddecrypt_data()
Weak Key Detection
- Enhanced
is_key_too_weak()with comprehensive checks:- Sequential patterns (ascending/descending)
- Alternating patterns (0xAA, 0x55...)
- Low entropy keys (< 8 unique bytes)
- Half zeros or half 0xFF (> 24 bytes)
Secure Memory Allocation
- Added
Zeroizingwrapper for plaintext buffers during encryption/decryption
Unicode Normalization
- Early null byte detection before Unicode normalization
- Added
normalize_config_key()andnormalize_environment_name()helpers
Test Results
- ✅ All 257 tests passing (100% success rate)
Installation
cargo install naru-configDeprecated APIs
save_json()→ useatomic_update_config()insteadload_json()→ useatomic_read_config()orlock_file()instead
v0.6.0 - Security & Features Release
Changelog
All notable changes to this project will be documented in this file.
[0.2.0] - 2026-01-29
Added
- Advanced validation rules for configuration values.
- Tamper-evident audit logging system with integrity checks.
- Sensitive value masking in audit logs.
- New brand identity with a modern SVG logo and mascot.
- Comprehensive documentation suite (Guides, Components, Reference).
Fixed
- Test race conditions in concurrent environments.
- Core module stability and error handling improvements.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.
v0.5.0 - Security Hardening Release
Changelog
All notable changes to this project will be documented in this file.
[0.2.0] - 2026-01-29
Added
- Advanced validation rules for configuration values.
- Tamper-evident audit logging system with integrity checks.
- Sensitive value masking in audit logs.
- New brand identity with a modern SVG logo and mascot.
- Comprehensive documentation suite (Guides, Components, Reference).
Fixed
- Test race conditions in concurrent environments.
- Core module stability and error handling improvements.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.
v0.2.0
Changelog
All notable changes to this project will be documented in this file.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.
v0.2
Changelog
All notable changes to this project will be documented in this file.
[0.2.0] - 2026-01-29
Added
- Advanced validation rules for configuration values.
- Tamper-evident audit logging system with integrity checks.
- Sensitive value masking in audit logs.
- New brand identity with a modern SVG logo and mascot.
- Comprehensive documentation suite (Guides, Components, Reference).
Fixed
- Test race conditions in concurrent environments.
- Core module stability and error handling improvements.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.
v0.1.0 - Initial Stable Release
Changelog
All notable changes to this project will be documented in this file.
[0.1.0] - 2026-01-25
Added
- Initial release of Naru.
- AES-256-GCM encryption for secret values.
- Schema validation support (String, Integer, Boolean).
- Multi-environment support (dev, staging, prod).
- Audit logging system with sensitive value masking.
- Import/Export functionality for .env, JSON, and YAML.
- Interactive schema wizard.
- Professional GitHub CI/CD workflows and documentation.