diff --git a/.cursor-plugin/plugin.json b/.cursor-plugin/plugin.json index 437ba6c..965b2d0 100644 --- a/.cursor-plugin/plugin.json +++ b/.cursor-plugin/plugin.json @@ -2,7 +2,7 @@ "name": "axonflow", "displayName": "AxonFlow Governance", "description": "Policy enforcement, PII detection, and audit trails for Cursor. Automatically evaluates governed tool inputs against 80+ governance policies, scans outputs for sensitive data, and records every decision in a compliance-grade audit trail. Self-hosted via Docker — all data stays on your infrastructure.", - "version": "1.1.0", + "version": "1.2.0", "author": { "name": "AxonFlow", "email": "hello@getaxonflow.com", diff --git a/CHANGELOG.md b/CHANGELOG.md index d9e10dc..8d5f042 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,24 @@ ## [Unreleased] +## [1.2.0] - 2026-05-06 — V1 paid Pro tier wire-up + X-Axonflow-Client header + +Companion plugin release to platform v7.7.0. Surfaces the V1 SaaS Plugin +Pro tier — `AXONFLOW_LICENSE_TOKEN` paste activates Pro features +immediately, plus the agent-side scope-validation header on every governed +request via `mcp.json`'s `headers` field. + ### Added +- **`X-Axonflow-Client: cursor/` header** on every governed + agent request. Declared via `mcp.json`'s `headers` field with + `${AXONFLOW_CLIENT_HEADER}` interpolation; `pre-tool-check.sh` + exports the env var on every hook-invoke. Agents at v7.7.0+ derive + request scope from this header and reject cross-quadrant token misuse + (e.g. a SaaS Plugin Pro token paired with an SDK request) at the + validator boundary. Older agents (pre-v7.7.0) ignore the header and + continue to work unchanged. + - **`scripts/status.sh` tier line now surfaces Pro license expiry date.** The status output's `tier` line parses the JWT `exp` claim from the configured Pro license token and renders one of three shapes: `Pro