Releases: iicky/murk
Releases · iicky/murk
v0.5.8
v0.5.7
[0.5.7] - 2026-04-06
Changed
- bump version to 0.5.7
Fixed
- fix npm publish: commit index files, remove prepublishOnly
v0.5.6
[0.5.6] - 2026-04-06
Added
- add completion install subcommand
- add tests for completion install subcommand
Changed
- bump version to 0.5.6
Fixed
- fix npm publish: use napi-rs v3 pre-publish command
v0.5.5
[0.5.5] - 2026-04-05
Changed
- bump version to 0.5.5
Fixed
- fix npm publish: use OIDC auth, remove broken NPM_TOKEN references
- fix clippy for python feature, expand CI to lint and test all features
- fix biome lint: break chained calls onto separate lines
- fix remaining biome lint, add multi-language pre-commit hook
- fix musl build: install Node 22 for napi-rs/cli v3 compatibility
- fix musl build: install xz for node tarball extraction
Other
- combine install+publish into single step to preserve npm auth context
- integrity-protect schema in MAC, shell-escape .env/.envrc output
- make integration tests hermetic: isolate HOME, strip quotes from .env paths
- harden install script: fail on missing hash tool, verify attestation when gh available
- strip shell quotes from .env values in Python test fixture
- upgrade napi and napi-derive to v3
- upgrade @napi-rs/cli to v3 to match napi crate v3
- migrate napi config to v3 format: binaryName, explicit targets
- strip shell quotes from .env values in Node test fixture
v0.5.4
[0.5.4] - 2026-03-30
Added
- add 40+ tests: edit parse/diff, error display, vault lock/write, env symlink/perms, tarpaulin binary coverage
- add github key parsing tests, Debug for MurkRecipient, cache tarpaulin/audit installs
- add merge, recovery, info, env tests; fix duplicate test names; total 383 tests
- add 20 adversarial tests: malformed vaults, symlink attacks, permission checks, tampered integrity, hostile imports, merge driver abuse
- add TOFU pinning for github:username key fetch
Changed
- extract scan logic to lib, add scan unit tests, fix npm publish lifecycle scripts
- extract edit parse/diff logic to lib, configure tarpaulin for binary coverage
- bump to v0.5.4
Fixed
- fix npm publish: skip lifecycle scripts during ci, add GITHUB_TOKEN for napi
- fix tarpaulin: use --run-types Tests (Bins is not a valid option)
Other
- switch from tarpaulin to cargo-llvm-cov for binary + library coverage
- expand adversarial tests: invalid keys, edge cases, revoke/authorize abuse, import collisions (31 total)
v0.5.3
[0.5.3] - 2026-03-29
Added
- add CodeQL scanning for actions, python, and JS/TS
- add OpenSSF Scorecard workflow and cargo-audit to lint job
- add fuzz targets, symlink checks on all write paths, sharpen security docs
- add community standards files, prefer tmpfs for edit, warn on ssh-rsa authorize
- add permissions: read-all to all workflows, pin codeql-action to SHA
- add LICENSE pointer file for OpenSSF badge detection
- add OpenSSF Best Practices badge to README
- add SLSA Level 2 badge and document provenance in THREAT_MODEL
- add DCO reference to CONTRIBUTING.md
- add public roadmap
- add per-key timestamps, murk scan, exec --only/--clean-env, quick-start guide
Changed
- use npm ci instead of npm install in node workflow (pinned dependencies)
- bump to v0.5.3
Fixed
- fix scorecard action SHA
Other
- soften absolute claims in README and THREAT_MODEL, fix BIP39 key derivation docs
- rename hmac_key to mac_key (BLAKE3 keyed hash, not HMAC); accept old field via serde alias
- ignore RUSTSEC-2023-0071 in cargo-audit (already suppressed in deny.toml)
- race-safe lock opens via O_NOFOLLOW, reject world-readable key files, deprecate inline .env keys
- extend vulnerability response SLA to 14 days
- require tests for new features (was should, now must)
- make LICENSE a valid MIT license file (fixes GitHub unknown detection)
- scope dependabot permissions to job level, dismiss CodeQL test false positives
v0.5.1
[0.5.1] - 2026-03-29
Changed
- use OIDC trusted publishing for npm
- update deny.toml RSA advisory comment to reflect actual ssh-rsa usage
- bump to v0.5.1
Fixed
- fix scoped-only secret persistence, import overwrite, export --json escaping, merge driver stale meta, info spec divergences, vault-aware key resolution; add skeleton command and AI agent safety guide
- fix diff ignoring scoped values, reorder MAC check before decryption, fix revoke exposed keys overstatement
- fix merge driver stale-meta check bypassing conflict detection
- fix diff missing scoped overrides, reject symlink lock files, document ssh-rsa advisory
Other
- consolidate fmt, clippy, deny into single lint job
v0.5.0
[0.5.0] - 2026-03-28
Added
- add Node/TypeScript SDK via napi-rs (workspace + bindings)
- add Node CI workflow and tests
- add biome linting for Node SDK
- add pre-commit hook: cargo fmt, ruff, biome
Changed
- bump to v0.5.0
Fixed
- fix setup-node action hash
- fix Docker builds: install stable Rust, add biome lint to CI
- fix musl Docker build: use PATH instead of source for rustup
Other
- merge main, resolve Cargo.lock conflicts
- regenerate Cargo.lock after merge
- install curl in alpine container for rustup
v0.4.1
[0.4.1] - 2026-03-28
Added
- add QEMU setup for aarch64 Linux wheel builds
- add target to wheel build job names for clarity
- add PyPI badge to Python README
Changed
- bump to v0.4.1
- use manylinux_2_28 for aarch64 to fix ring cross-compilation
Fixed
- fix aarch64 wheel build: add --find-interpreter, disable fail-fast
Other
- run wheel builds on PRs, keep publish tag-gated
- trigger python workflow on workflow file changes
- trigger CI
- pass PYO3_USE_ABI3_FORWARD_COMPATIBILITY into Docker for aarch64 builds
- pin python3.12 interpreter for wheel builds instead of auto-detect
v0.4.0
[0.4.0] - 2026-03-28
Added
- add ssh: shorthand for authorizing recipients from key files
- add SSH demo tape and Makefile test
- add murk edit command for editing secrets in $EDITOR
- add edit and ssh:path to README command table
- add Python SDK bindings via PyO3 behind python feature flag
- add Python SDK: README, tests, type stubs, ruff config
- add Python CI: lint, test, wheel build, PyPI publish
Changed
- bump to v0.4.0
Fixed
- fix action commit hashes in python workflow
- fix deny license for pyo3 dep, fix edit tests on Windows
Other
- rename workflow files from .yml to .yaml
- clarify that murk CLI is required for Python package
- skip edit tests on Windows (editor scripts require Unix)