Releases: peg/rampart
Releases · peg/rampart
v0.9.10
Changelog
- 22fcac0 feat: POST /v1/rules/learn — always-allow writeback API for OpenClaw plugin
- 2fc6b07 feat: auto-detect OpenClaw version
- 64b7621 feat: persist pending approvals to disk — survive rampart serve restarts
- 6a2fa7f feat: polish log output, install.sh UX, doctor summary
- 871c458 feat: v1.0 plugin integration — learn endpoint, setup --plugin, openclaw.yaml profile, doctor checks
- a01bc62 fix: add read/write tool coverage to env policy, add --since to audit verify
- 9bb4703 fix: harden BuildAllowPattern — no trailing wildcard for high-risk prefixes
- 77297ee fix: harden BuildAllowPattern — no trailing wildcard for high-risk prefixes
- f5966f6 fix: path traversal bypass + sudo wrapper bypass in glob safety checks
- 200b661 fix: revert homebrew_casks to brews — casks schema lacks install/test fields
- 1739434 fix: set USERPROFILE in learn handler tests for Windows compatibility
- aca6dff fix: setup panic + mutex writes + doc corrections
- 288032a fix: setup panic + mutex writes + doc corrections
- c1f28d6 fix: skip ShimOnlyFlag test on macOS CI (launchd requires OpenClaw installed)
- b8cf95e fix: suppress web_fetch/browser/message/exec patch warnings when plugin is installed
- 35caf51 fix: update dist patches for OpenClaw 2026.3.x bundle changes
- 9120f55 fix: update e2e.yaml require_approval → ask, add toolList YAML unmarshaler
- b39f2b0 fix: use forward-slash path matching in isSensitivePathToken (Windows CI)
- 749dcf5 fix: v1.0 prep — doctor ask check, smart allow-always globs, name-based deletion, MCP agent identity
v0.9.9
Changelog
- 6849852 feat: v0.9.9 — deprecation removal, watch UX, require_approval removed
- 185d61b fix: populate pendingCommands for ask-deferred approvals to enable allow-always writeback
- a7250a8 fix: set USERPROFILE in TestWriteAllowAlwaysRule for Windows compatibility
- 24d0553 fix: update generate templates and tests to use ask instead of require_approval
v0.9.8
Changelog
- 890c22f feat: bridge cross-resolves pending shim approvals via Discord
- fe4c0bb feat: rampart policy rules — show all active policies with source files
- 84011eb fix: API consistency — add allowed bool + suggestions to all tool call responses
- 45e6d7d fix: align approval timeout with OpenClaw's 130s window (was 1h)
- e3905e9 fix: always include suggestions field in tool call responses (empty array on allow)
- 42fbf18 fix: bridge defers ASK decisions to OpenClaw's Discord UI instead of escalating to serve
- ea2e1be fix: goreleaser homebrew tap repo name (homebrew-rampart → homebrew-tap)
v0.9.7
Changelog
- 0b62014 feat: add persisted field to allow-always approval responses for shim writeback
- dee01de feat: improve rampart doctor — granular patch checks + --fix flag
- 181d4e8 feat: patch exec tool in OpenClaw dist + fix default port 19090 → 9090
- 9294fa9 fix: MCP input enrichment, policy explain URL params, ngrok.io bare domain
- f418447 fix: device identity in bridge connect handshake — scopes now preserved
- 060cd21 fix: log handshake completion with client id and scopes for diagnostics
- dc57ed9 fix: migrate old allow-always glob patterns on startup + document exec patch safety
- 5695419 fix: remove space before glob in GeneralizeCommand so exact command matches its own allow-always rule
v0.9.6
Changelog
- 37099d2 Revert "fix: landing polish — reorder sections, fix stats, add quickstart hints"
- acd96b3 feat(landing): fix section order, polish CSS, improve animations, 2-col YAML, responsive fixes
- 89e3306 feat(landing): polish pass — agent pills, GitHub stars, threat blocked badges, MCP row, founder quote prominence, rampart-verify mention, stats sub-labels
- b598b8a feat(landing): stat counter animation, a11y, scroll hint, SEO files, polish
- 42802bb feat: add og.png for social media previews
- 31bba7f feat: add robots.txt, sitemap.xml; trim verbose log label
- 1058711 feat: agent card layout with copyable setup commands, restore hero copy, mobile-friendly
- 931180f feat: rampart.sh landing page redesign (2026)
- af2121f feat: show live GitHub star count in nav
- 908eaa3 fix: 5-card grid layout (6-col subgrid 3+3), humanize copy across all sections
- 76f420f fix: Archivo font, hot-pink brand color (#FF6392), full-viewport hero, 800-weight headlines, log line border accents
- cb478dc fix: CSS verdict tokens (no emoji), live timestamps, log after threat section, min 12px fonts
- 554ec8c fix: add version and platform to bridge connect params (gateway validation requires both)
- 9e090b7 fix: allow-always writes user override rule and hot-reloads engine (closes #233)
- 6a567dc fix: center quickstart section, tighten stats padding, left-align step content
- f2a832f fix: consistent left-alignment across all sections — no more mixed alignment
- bfd18ff fix: correct Homebrew tap path in README (peg/tap/rampart)
- ead7678 fix: dedupe h1/h2, add copyable agent cmds, response scan in log demo, OS-layer feature card polish
- e4a8235 fix: extend block-exfil-domains to web_fetch tool
- 8d6335c fix: landing polish — reorder sections, fix stats, add quickstart hints
- eb2f431 fix: left-align YAML block content and section
- 20fce3a fix: left-align quickstart steps, tighten stats padding
- f2e9a7a fix: make Snare ecosystem card clickable, fix Docs link
- fa037a9 fix: move quickstart above compatibility, link rampart-verify, remove em dashes, fix section order
- 0b5e7c0 fix: patch browser and message tools in OpenClaw dist (closes #220, closes #221)
- 5f02bac fix: polish pass — remove emoji icons, numbered feature cards, better grid layout, expanded social proof, tighten copy
- 3b456e6 fix: polish policy log — wider, better spacing, correct traffic-light dots, faster streaming, more log variety, intro label
- 99abf75 fix: rebuild landing with correct Rampart brand (Archivo font, pink accent)
- 106b780 fix: remove em dashes from feature cards, more readable prose
- 8f8a7e7 fix: remove em dashes from quote context paragraph
- 3b49f8e fix: remove footer disambiguation line
- efbd06c fix: restore real Rampart logo SVG in nav + favicon
- 8ca8b39 fix: use valid gateway-client id + runtime.GOOS platform in bridge connect params
- 1f23535 fix: user-overrides.yaml — use block-style policies: not inline []
- 6515905 fix: verdict labels — plain colored text, no background box, proper column width
- 6acc9a1 landing: hero load-in animations, verdict border accents, policy log heading restored, stats count-up, ambient glow
- 4f86ac2 landing: polish pass — 5th stat, section labels, copy refinements, favicon
- 1883500 landing: polish pass — watch verdict colors, stagger reveals, copy sharpening, prompt injection feature rename
v0.9.5
Changelog
- dc5505d docs+status: v0.9.5 — openclaw integration guide rewrite, status shows bridge
- 71bebb1 feat: OpenClaw native bridge — auto-start in rampart serve (v0.9.5)
- a58d25c fix: bridge discovers serve URL from serve.state, not hardcoded port
- f77b859 fix: correct connect handshake, fix defer leak in poll loop
- 6a2e7f1 fix: nil dereference on http error in escalateToServe
- 60c6ed3 fix: remove rampart bridge subcommand — bridge is auto-started by serve
- e4eb8e9 fix: retry resolve on current conn after reconnect
- f88fac4 fix: update bridge tests for type-frame protocol, add Close(), fix shutdown/reconnect bugs
v0.9.4
Changelog
- 31f67ad feat: patch web_fetch tool in OpenClaw dist files (#219)
- d43998b fix: add ~/.local/lib to pi-agent tool and dist patch search paths
- 4802f4b fix: auto-select openclaw profile when OpenClaw is detected
- 45ccc07 fix: block bare 'cat .env' (no path prefix) — glob **/.env missed it
- 6f96234 fix: coverage summary shows [!] when patch-tools fails, not false [P]
- 12cfb00 fix: policy explain uses engine evaluation path for accurate results
- 3b3c86c fix: uninstall now removes OpenClaw drop-in and restores patched tool files
- 7ce7fc5 security: block base64 decode-and-exec pipeline patterns
v0.9.3
Changelog
- 168f977 fix: review findings — audit ordering, regex minimums, dashboard SSE error, CHANGELOG
- acfcaa7 fix: sandbox card copy, dead space, readable yaml snippet
- 211e279 fix: skip file permission check on Windows (0o600 not enforced)
- 1e883f5 fix: tighten feature card copy for accuracy
- 69c3a92 security: v0.9.3 fixes — SSE auth, HMAC persist, perms, policy gaps
- 6bf9c73 site: 3 feature cards with human copy, inline compat, drop compat section
- cfe88dd site: landing page redesign — visual weight, wider terminal, better cards
v0.9.2
Changelog
- 2b070d1 feat: rampart report export — shareable audit summary
- 3a2da5b fix: docs accuracy — OWASP counts, ASI05 downgrade, broken anchors, version refs
- da9ff81 fix: drop 'Security Engineer' from footer, keep just name + GitHub link
- 6d9cf1d fix: localhost search false positives, drop review artifacts, fix falsepositive test
- af28461 fix: pre-merge cleanup — gofmt, OWASP accuracy, CHANGELOG link, version header
- 8251f8a fix: remove em dash from hero, restore feature cards, clean up install section
- 52e787f fix: serve/upgrade self-bypass, Windows registry approval, test fixes
- 3c4a119 fix: staging review — self-bypass, serve TLS state, eval scope docs, changelog
- efda7fe security: fix critical findings from GPT-5.4 code review
- e6aac0e security: self-protection policies, interpreter obfuscation, upgrade restart fix
- abc50ae site refresh: terminal up top, tighter features, human hero copy
- 63da136 site: interactive policy explorer with category tabs
- 42039c5 site: profile-based animated terminal (standard/paranoid/monitor)
- b65026b site: trim compatibility chips to only claimed integrations