From 3461217f4a9f3039228edbbd2e082653c81d0df3 Mon Sep 17 00:00:00 2001 From: Saurabh Jain Date: Wed, 6 May 2026 13:24:16 +0200 Subject: [PATCH] =?UTF-8?q?chore(release):=20v1.2.0=20=E2=80=94=20V1=20pai?= =?UTF-8?q?d=20Pro=20tier=20wire-up=20+=20X-Axonflow-Client=20header=20[sk?= =?UTF-8?q?ip-runtime-e2e]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Companion plugin release to platform v7.7.0. Promotes [Unreleased] to [1.2.0] - 2026-05-06 covering: - V1 paid Pro tier wire-up — X-License-Token forwarding via recover.sh + AXONFLOW_LICENSE_TOKEN (#40) - Status surface for tenant_id + tier + upgrade URL (#42) - Tier line shows Pro license expiry (#50) - License-token redaction in status output (#41) - X-Axonflow-Client: codex/ via .mcp.json http_headers (#45) - install-mcp-with-headers.sh + http_headers blocks (#49) after revert of #43 (Codex MCP doesn't support the headersHelper field) Bumps: - .codex-plugin/plugin.json 1.1.0 → 1.2.0 - .codex-plugin/marketplace.json plugin.version + metadata.version → 1.2.0 [skip-runtime-e2e] — version + CHANGELOG bump only; the underlying behavior shipped + was runtime-tested when each feature PR landed. Signed-off-by: Saurabh Jain --- .codex-plugin/marketplace.json | 4 ++-- .codex-plugin/plugin.json | 2 +- CHANGELOG.md | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.codex-plugin/marketplace.json b/.codex-plugin/marketplace.json index 5df2fee..ddd4d4b 100644 --- a/.codex-plugin/marketplace.json +++ b/.codex-plugin/marketplace.json @@ -7,14 +7,14 @@ }, "metadata": { "description": "Runtime governance for OpenAI Codex. Policy enforcement on terminal commands, advisory governance via skills, PII detection, audit trails, and compliance-grade decision records.", - "version": "1.1.0" + "version": "1.2.0" }, "plugins": [ { "name": "axonflow", "source": "./", "description": "Policy enforcement, PII detection, and audit trails for OpenAI Codex. Hybrid governance — enforces policies on terminal commands (exec_command) via hooks, provides advisory governance for other tools via implicit-activation skills, and records compliance-grade audit trails. Self-hosted via Docker — all data stays on your infrastructure.", - "version": "1.1.0", + "version": "1.2.0", "author": { "name": "AxonFlow", "email": "hello@getaxonflow.com", diff --git a/.codex-plugin/plugin.json b/.codex-plugin/plugin.json index dd3b75c..95d6217 100644 --- a/.codex-plugin/plugin.json +++ b/.codex-plugin/plugin.json @@ -2,7 +2,7 @@ "name": "axonflow", "displayName": "AxonFlow Governance", "description": "Policy enforcement, PII detection, and audit trails for OpenAI Codex. Hybrid governance — enforces policies on terminal commands (exec_command) via hooks, provides advisory governance for other tools via implicit-activation skills, and records compliance-grade audit trails. Self-hosted via Docker — all data stays on your infrastructure.", - "version": "1.1.0", + "version": "1.2.0", "author": { "name": "AxonFlow", "email": "hello@getaxonflow.com", diff --git a/CHANGELOG.md b/CHANGELOG.md index 785b1cf..5c8f092 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,24 @@ ## [Unreleased] +## [1.2.0] - 2026-05-06 — V1 paid Pro tier wire-up + X-Axonflow-Client header + +Companion plugin release to platform v7.7.0. Surfaces the V1 SaaS Plugin +Pro tier — license token paste activates Pro features immediately, plus +the agent-side scope-validation header on every governed request via +`.mcp.json`'s `http_headers` block. + +### Added + +- **`X-Axonflow-Client: codex/` header** on every governed + agent request. Declared via `.mcp.json`'s `http_headers` block (set up + by `scripts/install-mcp-with-headers.sh` at install time) and exported + as `${AXONFLOW_CLIENT_HEADER}` by `pre-tool-check.sh` on every + hook-invoke. Agents at v7.7.0+ derive request scope from this header + and reject cross-quadrant token misuse (e.g. a SaaS Plugin Pro token + paired with an SDK request) at the validator boundary. Older agents + (pre-v7.7.0) ignore the header and continue to work unchanged. + ### Changed - **`scripts/recover.sh status` tier line now surfaces Pro license expiry date.** The status output's `tier` line parses the JWT `exp` claim from the configured Pro license token and renders one of three shapes: `Pro tier active (expires YYYY-MM-DD, N days remaining)` when active, `Free tier (Pro expired YYYY-MM-DD — visit https://getaxonflow.com/pro to renew)` when the token is on disk but its `exp` has passed (plugin will not forward an expired token), or `Free tier (no AXON- license token configured)` when no token is loaded. Lets users see their renewal date without hitting the agent and catches the lapsed-token state before their next governed call. Display only — JWT signature validation remains the platform's job. Pre-existing `Pro tier active` and `Free tier` substring assertions still hold.