Releases: peg/rampart
Releases · peg/rampart
v0.4.5
Changelog
- b36e5cb feat(setup): rampart setup codex — proper Codex LD_PRELOAD integration
- 54f75cf fix(policy): log → watch (deprecated action name)
- ba0cfff fix(setup codex): --remove showed self-referential path
- febc427 fix(upgrade): remove single-file archive constraint
- 17a68c9 test(upgrade): fix archive path — goreleaser layout is flat not subdirectoried
- 40b44f7 test(upgrade): regression test for goreleaser multi-file archive layout
v0.4.4
Changelog
- 94b7949 ci: add goreleaser snapshot to staging CI + run on staging branches
- e8d1349 ci: update goreleaser-action SHA to v6.4.0
- 0a3add7 feat(dashboard): SSE live updates — no more 30s denial lag
- 7dae6fb feat(engine): add command_contains condition for substring matching
- 177b8b7 feat(policy): macOS hardening — keychain, Gatekeeper, persistence, osascript
- b5e6d83 feat: case-insensitive command_contains, policy upgrade, custom.yaml template
- ab825dd fix(audit): write resolution events for expiry and bulk-resolve
- c2bf3b5 fix(dashboard): hide require_approval from History, show only outcomes
- 30b27d3 fix(dashboard): history ordering, dedup, and auto-block visibility
- fd9a9f3 fix(engine): command_contains must be evaluated in the real matchCondition
- a9629c5 fix(policy): catch-all patterns for /etc sensitive files
- 78aa0a5 fix(policy): catch-all patterns for SSH key and AWS cred access via any command
- d186142 fix(policy): don't block .pub files in block-credential-commands
- 08627c2 fix(security): YAML billion-laughs protection via safeUnmarshal
- a363a3c fix(security): audit findings — uppercase bypass, encoding pipes, demo.yaml upgrade
- 3809934 fix(setup): use embedded policies.Profile() instead of hardcoded const
- ef1ddb0 fix(sse): batch audit events for bulk-resolve, add bypass policies and tests
- cfe791d fix(sse): broadcast audit event after single-approval resolve
- 056a0c1 fix(sse): debounce bulk-resolve broadcast — one event per batch not per item
- eb54c33 fix(watch): hide require_approval from live feed, show only outcomes
- 803936c fix(watch): proper icons/colors/stats for resolution and watch events
- ab8e32c policies: expand standard policy coverage
v0.4.3
Changelog
- a0174bc feat(agent-teams): map Task tool → 'agent' type, enrich description as command
- 760131b feat(serve): --background flag, serve stop, silent reload on no-change
- 7dbbfa5 feat(upgrade): rampart upgrade command
- b009cc4 fix(build): Windows cross-compilation — Setsid and EACCES platform split
- bb2dd88 fix(policy): require_approval for sudo/privileged commands (was: watch)