|
1 | 1 | # Changelog |
2 | 2 |
|
3 | | -All notable changes to `@kilocode/openclaw-security-advisor` are documented here. |
| 3 | +All notable changes to `@kilocode/shell-security` (formerly |
| 4 | +`@kilocode/openclaw-security-advisor`) are documented here. |
4 | 5 |
|
5 | 6 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), |
6 | 7 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). |
7 | 8 |
|
8 | 9 | ## [Unreleased] |
9 | 10 |
|
10 | | -## [0.1.5] - Migration stub |
| 11 | +### Fixed |
11 | 12 |
|
12 | | -This release is a migration stub. The plugin has been renamed to `@kilocode/shell-security`. Installing or invoking `@kilocode/openclaw-security-advisor@0.1.5` no longer runs a security checkup. Both the `/security-checkup` slash command and the `kilocode_security_advisor` tool return a notice explaining how to install the new package. |
| 13 | +- `getPublicIp()` now clears its 5-second abort timer on error paths as |
| 14 | + well as success, so repeated checkups on a flaky network don't leak |
| 15 | + dangling timeouts. |
| 16 | +- Device-auth poll requests now carry a per-request `AbortController` |
| 17 | + (10s) so a hung HTTP call can no longer outlive the overall 30s |
| 18 | + `POLL_TIMEOUT_MS` budget. Sleep interval and request timeout are |
| 19 | + both clamped to the remaining budget at each iteration, so |
| 20 | + `pollDeviceAuth()` honors its advertised deadline even when a |
| 21 | + fetch is started late in the cycle. |
| 22 | +- Expired plugin-managed auth tokens now fall through to the file-based |
| 23 | + auto re-auth path (Path B) instead of returning the "update your |
| 24 | + openclaw.json" message. `runShellSecurityFlow` inspects the raw |
| 25 | + config via `isPluginManagedAuthToken()` and skips Path 0 when the |
| 26 | + `authToken` is a SecretRef pointing at our own provider — that shape |
| 27 | + is only ever written by `writeStoredToken()` after device auth, so |
| 28 | + the plugin (not the user) owns recovery. |
| 29 | +- `pollDeviceAuth()` now `encodeURIComponent()`s the device-auth code |
| 30 | + before interpolating it into the poll URL. Defense-in-depth against |
| 31 | + a compromised or MITM-ed server returning a code with URL meta-chars |
| 32 | + that would silently redirect polling to a different endpoint. |
| 33 | +- `submitAudit()` now validates that `report.markdown` is a string on |
| 34 | + the success path. A malformed server response previously surfaced as |
| 35 | + a confusing `TypeError: Cannot read properties of undefined (reading |
| 36 | +'markdown')`; it now throws a clear |
| 37 | + "unexpected response shape" error. |
13 | 38 |
|
14 | 39 | ### Changed |
15 | 40 |
|
16 | | -- `index.ts` rewritten as a two-entry-point stub that returns the migration notice. The previous audit flow, auth flow, platform detection, client, and token-store modules are removed from this release (via `git rm` so the commit can be cleanly reverted on the renamed repo). |
17 | | -- `openclaw.plugin.json` description and name reflect the deprecation; config schema removed (stub requires no config). |
18 | | -- `README.md` replaced with a migration page. |
| 41 | +- Removed the unreachable `{ kind: "pending" }` variant from |
| 42 | + `DeviceAuthPollResult`. `pollDeviceAuth()` loops internally and only |
| 43 | + returns terminal states or `timeout`, so the `"pending"` branch in |
| 44 | + `runShellSecurityFlow` was dead code and confused the contract. |
| 45 | +- Renumbered the ordered list in `src/platform.ts`'s module doc |
| 46 | + comment. Signals 2–5 are now 1–4. |
19 | 47 |
|
20 | | -### Removed |
| 48 | +## [0.2.0] |
| 49 | + |
| 50 | +First release under the new `@kilocode/shell-security` name. The plugin |
| 51 | +was renamed from `@kilocode/openclaw-security-advisor` to `ShellSecurity` |
| 52 | +to reflect a broader mission than any single agent-shell runtime. |
| 53 | +Functionally identical to `@kilocode/openclaw-security-advisor@0.1.4`. |
| 54 | + |
| 55 | +### Changed |
| 56 | + |
| 57 | +- npm package: `@kilocode/openclaw-security-advisor` → `@kilocode/shell-security`. |
| 58 | +- GitHub repo: `Kilo-Org/openclaw-security-advisor` → `Kilo-Org/shell-security` (old URLs redirect). |
| 59 | +- OpenClaw plugin id: `openclaw-security-advisor` → `shell-security`. |
| 60 | +- Plugin display name: `OpenClaw Security Advisor` → `ShellSecurity`. |
| 61 | +- Tool name: `kilocode_security_advisor` → `kilocode_shell_security`. |
| 62 | +- Install dir: `~/.openclaw/extensions/openclaw-security-advisor/` → `~/.openclaw/extensions/shell-security/`. |
| 63 | +- Secret file: `~/.openclaw/secrets/openclaw-security-advisor-auth-token` → `~/.openclaw/secrets/shell-security-auth-token`. |
| 64 | + |
| 65 | +### Added |
| 66 | + |
| 67 | +- New `/shell-security` slash command, the canonical name matching the |
| 68 | + plugin id. The existing `/security-checkup` command is also registered |
| 69 | + and works identically, so users migrating from the old plugin can keep |
| 70 | + typing the command they're used to. Both are routed to the same handler. |
| 71 | + |
| 72 | +### Migration |
| 73 | + |
| 74 | +Existing users of `@kilocode/openclaw-security-advisor` should run: |
21 | 75 |
|
22 | | -- `src/audit.ts`, `src/client.ts`, `src/platform.ts`, `src/auth/device-auth.ts`, `src/auth/token-store.ts`. |
23 | | -- Tests that exercised the removed modules (`audit`, `device-auth`, `token-store`, `platform`). |
| 76 | +``` |
| 77 | +openclaw plugins install @kilocode/shell-security |
| 78 | +openclaw plugins enable shell-security |
| 79 | +openclaw gateway restart |
| 80 | +openclaw plugins uninstall openclaw-security-advisor |
| 81 | +``` |
24 | 82 |
|
25 | | -### Migration path for existing users |
| 83 | +Device auth runs fresh on first use of the new plugin. The old plugin |
| 84 | +remains installable from npm (deprecated) but is no longer receiving |
| 85 | +updates. |
26 | 86 |
|
27 | | -1. `openclaw plugins install @kilocode/shell-security` |
28 | | -2. `openclaw plugins enable shell-security` |
29 | | -3. `openclaw gateway restart` |
30 | | -4. `openclaw plugins uninstall openclaw-security-advisor` |
31 | | -5. Run `/security-checkup` and complete device auth once on the new plugin. |
| 87 | +## [0.1.5] - 2026-04-22 |
32 | 88 |
|
33 | | -The new plugin's runtime behavior is identical to 0.1.4 (including the `source.channel` forwarding added in 0.1.4). The rename is strictly a name change — no feature regressions. |
| 89 | +Migration stub. Final release under `@kilocode/openclaw-security-advisor`. |
34 | 90 |
|
35 | | -Published with provenance attestation via npm OIDC trusted publishing; verify with `npm audit signatures`. |
| 91 | +- Replaced the audit flow with a short migration notice directing users to |
| 92 | + `@kilocode/shell-security`. The `/security-checkup` slash command and |
| 93 | + the `kilocode_security_advisor` tool both return the notice; no audit |
| 94 | + runs, no network call, no auth flow. |
| 95 | +- npm package `@kilocode/openclaw-security-advisor` marked deprecated with |
| 96 | + the same migration message. |
36 | 97 |
|
37 | | -## [0.1.4] - 2026-04-21 |
| 98 | +## [0.1.4] - 2026-04-20 |
38 | 99 |
|
39 | 100 | ### Added |
40 | 101 |
|
@@ -83,5 +144,7 @@ Initial dev release. |
83 | 144 | - Audit output validated with a Zod schema at the plugin boundary. |
84 | 145 | - Public IP detection via `ifconfig.me` with IPv4/IPv6 validation. |
85 | 146 |
|
86 | | -[Unreleased]: https://github.com/Kilo-Org/openclaw-security-advisor/compare/v0.1.0-dev.1...HEAD |
87 | | -[0.1.0-dev.1]: https://github.com/Kilo-Org/openclaw-security-advisor/releases/tag/v0.1.0-dev.1 |
| 147 | +[0.2.0]: https://github.com/Kilo-Org/shell-security/compare/v0.1.5...v0.2.0 |
| 148 | +[0.1.5]: https://github.com/Kilo-Org/shell-security/compare/v0.1.4...v0.1.5 |
| 149 | +[0.1.4]: https://github.com/Kilo-Org/shell-security/compare/v0.1.0-dev.1...v0.1.4 |
| 150 | +[0.1.0-dev.1]: https://github.com/Kilo-Org/shell-security/releases/tag/v0.1.0-dev.1 |
0 commit comments