v0.0.52

What's Changed

• fix(tls-terminate): pass non-TLS CONNECT through as opaque tunnel by @dylan-conway in #276

Full Changelog: v0.0.51...v0.0.52

v0.0.51

What's Changed

• feat(terminating-tls): Add opt-in configuration for providing CA cert and key by @shawnm-anthropic in #247
• feat(terminating-tls): per-host leaf cert minting by @shawnm-anthropic in #248
• feat(terminating-tls): in-process TLS termination by @shawnm-anthropic in #254
• fix(sandbox): make reset() resilient to missed bridge 'exit' events by @dylan-conway in #255
• feat(terminating-tls): inject CA-trust env vars into the sandboxed child by @shawnm-anthropic in #256
• feat(terminating-tls): filterRequest callback for full-request filtering by @shawnm-anthropic in #258
• feat(terminating-tls): generate ephemeral CA when caCertPath/caKeyPath omitted by @shawnm-anthropic in #259
• fix: two end-to-end bugs blocking filterRequest + ephemeral CA by @shawnm-anthropic in #260
• chore: bump version to 0.0.51 by @dylan-conway in #262

New Contributors

• @shawnm-anthropic made their first contribution in #247

Full Changelog: v0.0.50...v0.0.51

v0.0.50

What's Changed

• fix(sandbox): deny file-write-create on protected ancestors in Seatbelt profile by @OctavianGuzu in #226
• Invoke sandbox-exec by absolute path by @ant-kurt in #233
• Add bwrapPath and socatPath config overrides for Linux sandbox by @ant-kurt in #232
• chore: bump version to 0.0.50 by @OctavianGuzu in #235
• test(integration): swap allowedDomains via updateConfig instead of reset+initialize by @dylan-conway in #242
• test(integration): use async spawn so the in-process proxy can respond; bump bun to 1.3.13 by @dylan-conway in #243
• fix(sandbox): read CLAUDE_CODE_TMPDIR for TMPDIR (in addition to CLAUDE_TMPDIR) by @dylan-conway in #240
• fix(cli): shell-quote positional args instead of join(" ") by @dylan-conway in #239
• fix(sandbox): only require ripgrep on Linux in checkDependencies() by @dylan-conway in #241
• fix(cli): make --debug flag set SRT_DEBUG (was setting DEBUG) by @dylan-conway in #238
• fix(sandbox): set CLOUDSDK_PROXY_TYPE=http (was invalid "https") by @dylan-conway in #237
• docs(README): fix typo in section concerning security limitations by @xty in #167

New Contributors

• @OctavianGuzu made their first contribution in #226
• @ant-kurt made their first contribution in #233
• @xty made their first contribution in #167

Full Changelog: v0.0.49...v0.0.50

v0.0.49

What's Changed

• Remove lodash-es dependency by @dylan-conway in #206

Full Changelog: v0.0.48...v0.0.49

v0.0.48

What's Changed

• Bump to 0.0.48 and fix npm audit vulnerabilities by @dylan-conway in #205

Full Changelog: v0.0.47...v0.0.48

v0.0.47

What's Changed

• Run full test suite in CI and migrate platform skips to describe.if by @dylan-conway in #197
• fix ordering for allow read within deny by @carderne in #170
• test: verify rm in allowWrite under denyRead ancestor (follow-up to #170) by @poteat in #198
• Bake BPF filter into apply-seccomp, build in CI by @dylan-conway in #199
• Add seccomp argv0 mode for multicall-binary invocation by @dylan-conway in #203
• Add allowMachLookup config for additional macOS XPC services by @dylan-conway in #204

Full Changelog: v0.0.46...v0.0.47

v0.0.46

What's Changed

• Fix enableWeakerNestedSandbox after apply-seccomp namespace changes by @dylan-conway in #196

Full Changelog: v0.0.45...v0.0.46

v0.0.45

Includes #184 (deferred bwrap mount cleanup for concurrent sandboxes), #190 (denyRead '/' carve-outs + denyWrite dedup), and #195 (denyWrite unmasking regression fix + iteration-order independence).

v0.0.44

Includes #190 (denyRead '/' carve-outs + denyWrite dedup) and #187 (upstream HTTP proxy support).

v0.0.43

What's Changed

• Sandbox hardening: TMPDIR write scope and seccomp arg comparison by @ddworken in #182
• Add upstream/parent HTTP proxy support to sandbox by @MarshallOfSound in #187

Full Changelog: v0.0.42...v0.0.43