v0.7.0

Changelog

• afff95b feat: add AIUC-1 compliance report (rampart report compliance) (#163)
• 44fc2c9 feat: add community policy registry (rampart policy fetch/list) (#162)
• 3261979 feat: add git-based policy sync (rampart policy sync) (#161)
• 36bc115 feat: add research-agent and mcp-server built-in profiles (#159)
• ac739f9 feat: surface deny reason in PostToolUseFailure message (#156)
• 6f28ceb fix: UX improvements from v0.7.0 pre-release review
• b75f13f fix: narrow source <( pattern to avoid FP on shell completions (#158)
• 994a30c fix: prevent DoS via device files in report compliance --config
• 3aef864 fix: serve policy registry from main repo instead of separate repo
• 0c0c311 release: v0.7.0
• 83b2fcf security: fix red-team bypass gaps (absolute paths, versioned binaries, curl flags)

v0.6.10

Changelog

• ff3aa96 fix: remove emoji from Windows installer, use ASCII-safe output (#157)
• 16e2137 release: v0.6.10 (#160)

v0.6.9

Changelog

• 7b1c29f Revert "hook: fail closed for ask in bypassPermissions mode"
• 0548a36 add Windows PowerShell installer
• ed1f288 ci: add macOS and Windows test runners
• fb5658b ci: skip benchmarks on Windows (PowerShell parsing issues)
• 95fb2b3 engine: add expect ask policy test case
• 7797412 engine: lint misplaced top-level policy action
• 73ca0aa feat(bench): rampart bench v2 — OS-aware corpus, MITRE mapping, weighted coverage (#137)
• 51002c5 feat(engine): add ActionAsk for native Claude Code permission prompt
• 08d5e7e feat(hook): integrate ActionAsk with session state tracking
• 7ff4ea0 feat(hook): smart require_approval fallback + Windows path fixes
• cbb331f feat(session): add session state package for ask prompt tracking
• 8ee2225 feat: Windows installer detects upgrade and offers to refresh hooks
• ae051bb feat: add POST /v1/policy/reload endpoint with rate limiting
• 7bb4f2c feat: add cross-platform uninstall command
• bcf8eef feat: add denial suggestions with safe wildcard generation
• 891198f feat: add headless_only flag to ask action — restores serve-blocking for CI workflows (#134)
• 8f66833 feat: add policy generate presets + rules tests
• 182731e feat: add rampart allow/block commands
• 08d3dc2 feat: add rampart setup cursor and rampart setup windsurf
• b0970bb feat: audit:true for action:ask — require_approval becomes alias
• ab3c054 feat: block agent self-modification of policy
• 261740b feat: cross-platform path matching for Windows Claude Code support
• 1a72fbd feat: e2e test suite + policy hardening
• cb33b63 feat: use wildcard matcher to intercept ALL Claude Code tools
• f0c7135 feat: v0.5.0 - add allow/block/rules commands + denial suggestions + reload API
• 049bd12 feat: visual polish for status, doctor, upgrade, and serve commands
• 67ef69d fix(bench): embed corpus in binary, use it when --corpus not specified
• cee5213 fix(hook): don't print to stderr for ask decisions
• 9efd8b2 fix(hook): remove slog.Warn calls that bypass logger config
• 0bdc162 fix(hook): use Debug instead of Warn for RecordAsk failures
• 87ba32d fix(init): add --defaults as alias for --force (#146)
• b376aec fix(init): create policies even when config exists
• e20fdad fix(lint): add call_count to valid condition fields
• 8fa71c1 fix(review): scope interpreter patterns with ** glob, fix FPs
• e9baa22 fix(serve): read and persist token across restarts
• c6104d4 fix(session): downgrade all Warn logs to Debug for Claude Code compatibility
• 20fff79 fix(setup): convert Windows paths to Git Bash format for Claude Code hooks
• c5dd06a fix(tests): update integration tests for policy v2 behavior
• 563a9b1 fix(upgrade): improve require_approval migration warning and lint deprecation
• 61a8443 fix(upgrade): refresh policies even when already on latest version
• eae995c fix(windows): normalize path separators in require_approval migration paths
• 1c9bbd1 fix: SSH key policy edge cases + e2e tests
• 00a52fc fix: URL detection, --tool override, atomic file writes
• 0fd708b fix: Windows installer UX improvements
• c956763 fix: Windows installer polish
• ea20c91 fix: Windows path detection in upgrade regex and hook matcher
• c3c5fd7 fix: Windows test isolation with testSetHome helper
• 4be4ef3 fix: add 200ms delay on Windows shutdown for file handle release
• b59f4c2 fix: add closed flag to sseHub + race-safe tests
• 717771b fix: add rate limiting to reload endpoint (1s cooldown)
• 7125d7d fix: address Opus review findings
• 6572fd9 fix: address all review feedback for v0.5.0
• c6beca1 fix: address all v0.5.0 review bugs
• fd9e8f2 fix: address remaining Opus review findings
• d598ec1 fix: address review agent findings (UX + security)
• fbf2d3a fix: address review findings for v0.6.0 Windows release
• 6436d5d fix: better error handling for Windows permission issues
• e7f395c fix: clean up policy rules and e2e tests
• eaec03e fix: clear existing install dir before extraction
• d9e8cd0 fix: close policy bypass gaps and add security hardening
• d0209dc fix: critical bugs found in codebase audit
• 2c3ab93 fix: four bugs found in post-release testing
• c1cf253 fix: graceful shutdown closes SSE connections first
• dcce913 fix: handle sudo/env wrappers in dangerous command detection
• 88e7dbf fix: harden SSH key policy (reviewer feedback)
• 6339d26 fix: improve command vs path detection for patterns like 'go build ./...'
• 8074c20 fix: installer stops rampart processes before upgrade
• c9c2b74 fix: maintain global indices when filtering rules list
• 1df88dd fix: more Windows test isolation fixes
• 6ab27ef fix: quote coverprofile flag for Windows PowerShell
• e993ffb fix: remove hardcoded config path from Cline hooks
• e7375ee fix: skip Unix path tests in internal/ packages on Windows
• 075bf0b fix: skip Unix-specific tests on Windows
• b5b4780 fix: skip remaining upgrade tests on Windows
• ba0dca6 fix: stop running rampart serve process during uninstall
• a87cfde fix: sync docs/install.ps1 with root
• 61356fa fix: upgrade tests use dynamic platform, disable Windows CI temporarily
• 4ad2b14 fix: use strconv.Atoi for strict int parsing, add flag mutual exclusion
• f965a00 hook: fail closed for ask in bypassPermissions mode
• 9a39869 implement Windows ACLs for token file security
• 900e6fa merge: resolve CHANGELOG conflict, add full v0.4.12 notes
• ec44e05 merge: resolve conflicts with main
• f86a814 merge: resolve conflicts with main
• a3cafef merge: resolve conflicts with main (keep staging security fixes)
• 310f249 merge: resolve conflicts with main (v0.5.0 squash merge)
• d9ef6d6 policy: Windows policy parity — deny and require_approval rules (300+ patterns)
• d8f992c policy: revise standard.yaml for dev UX, add ci.yaml strict preset (#145)
• 598d2eb release: v0.6.9 — security audit fixes, ci.yaml preset, engine hardening
• 566dd63 remove cursor/windsurf setup commands (MCP-only = false security)
• d578ce1 security: fix audit findings from PR #119 review
• 7ad3c2c security: fix path traversal and trim loop in session state
• 91775a7 security: remove hardcoded token from openclaw-shim example
• b38cd56 security: replace unsafe Windows ACL syscalls with icacls
• ea353cf ux: improve error messages and add denial suggestions to test command

v0.6.8

Changelog

• 51a50f2 fix: update integration tests for ask-based persistence/hosts policy
• 1720532 release: v0.6.8 — developer-tuned policies, ci.yaml preset, --defaults flag

v0.6.7

Changelog

• 3abfb6c fix: normalize require_approval path display for Windows
• e1dce09 release: v0.6.7 — rampart bench v2, require_approval migration safety net

v0.6.6

Changelog

• 77ea339 release: v0.6.6 — Windows policy parity, policy test suite, audit:true convergence (#135)

v0.6.5

Changelog

• 9be540a release: v0.6.5 — action:ask native prompt + Windows fixes (#125)
• af61d79 security: remove hardcoded token from openclaw-shim (#123)

v0.6.4

Changelog

• 3eb5f54 fix: installer auto-stops rampart + 200ms Windows shutdown delay (#121)

v0.6.3

Changelog

• cb0d2ed fix: graceful shutdown for Windows (closes SSE first) (#120)

v0.6.2

Changelog

• 14b0094 feat: wildcard matcher + Windows security fixes (#119)