Skip to content

Commit 6411f33

Browse files
release: v0.5.0 (2026-04-29) (#29)
* chore(release): cut [Unreleased] → [0.5.0] - 2026-04-29 Cuts the Unreleased section over to a versioned 0.5.0 release dated 2026-04-29 UTC, drops one internal cross-reference, softens "required CI gate" → "CI gate", and tightens "in-flight `flock`" → "in-flight lock" since this release also ships the macOS `mkdir`- based fallback. Source files (.codex-plugin/plugin.json, .codex-plugin/marketplace.json) already pin 0.5.0 from the merged feat branch. No behavioral change in this commit beyond the CHANGELOG cutover. * docs(release): prepend "Upgrade strongly recommended" banner to release notes Surfaces the family-wide hardening message at the top of the 2026-04-29 release section so it lands in the GitHub Release body when the tag is cut. Users browsing the CHANGELOG at any future point also see it as the first line of the release notes. The line is identical across all 4 plugins + 4 SDKs in this same-day release train. * docs(release): canonicalize telemetry entries + restructure plugins to BREAKING-first Aligns the common DNT removal + 7-day heartbeat + deprecation-warning removal entries to identical compact wording across all 4 plugins + 4 SDKs. Plugins now use the same `### BREAKING` section header as the SDKs (was: `**BREAKING:**` inline under `### Removed`), so the four sections — BREAKING / Added / Changed / Fixed / Security — read in the same order whether you're looking at a plugin or an SDK CHANGELOG. Telemetry change descriptions trimmed: kept the substantive contract (7-day cadence, stamp-on-delivery, transient-failure resilience, in-flight de-dup, restricted-runtime fallback), dropped the implementation detail (specific syscall names, cache dir paths, 1-hour in-memory cache) — the bullets in BREAKING / Changed / Fixed all carry the headline behaviour without restating it three times. The "Upgrade strongly recommended" banner above and the bullets below cover the message; this commit just removes redundancy. No semantic content removed. Anyone who wants the implementation details can read the source. Anyone who wants to know what changed sees it in three or four lines. * docs: surface security framing + GHSA links + README upgrade banner Mirrors the format of axonflow-enterprise#1772: - Restore CHANGELOG H2 suffix to "— Production, quality, and security hardening — upgrade encouraged". - Add "Security highlights" block under the upgrade-recommended banner citing the three vulnerability fixes shipped in this cycle plus a link to the per-plugin advisory GHSA-8wrg-fpx5-87f7 and the consolidated platform advisory GHSA-9h64-2846-7x7f. - Add "Reliability and bug-fix highlights" block citing the three operator-facing fixes. - Add upgrade-recommended banner near the top of README.md with links to v0.5.0 release notes, per-plugin GHSA, and platform GHSA. Diff is CHANGELOG.md + README.md only; no code or test changes. * docs(readme): switch upgrade banner to evergreen format Mirrors axonflow-enterprise#1774. The banner no longer hard-codes the current version or specific GHSA IDs — instead it links to the canonical /releases/latest and /security/advisories surfaces of this repository so the README doesn't need a re-edit on every release. Same one-paragraph blockquote near the top of the README, just with evergreen links.
1 parent 672f6dd commit 6411f33

2 files changed

Lines changed: 29 additions & 15 deletions

File tree

CHANGELOG.md

Lines changed: 27 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,45 @@
11
# Changelog
22

3-
## [Unreleased]
3+
## [0.5.0] - 2026-04-29 — Production, quality, and security hardening — upgrade encouraged
44

5-
### Changed
5+
**Upgrade strongly recommended.** Over the past month we've shipped substantial production, quality, and security hardening across the AxonFlow plugin and platform — upgrade to the latest version for a more secure, reliable, and bug-free experience.
6+
7+
**Security highlights from this release cycle:**
8+
- **Plugin cache and credential-file permission hardening** (this release). `~/.config/axonflow/` and `~/.cache/axonflow/` are tightened to mode `0700` on every invocation (was: only set on creation, leaving pre-existing world-readable directories unchanged); `try-registration.json` is written with mode `0600`. Pre-existing world-readable credential files are detected and refused on first load. Documented in [`GHSA-8wrg-fpx5-87f7`](https://github.com/getaxonflow/axonflow-codex-plugin/security/advisories/GHSA-8wrg-fpx5-87f7).
9+
- **Cross-platform bootstrap reliability** (this release). macOS Community-SaaS bootstrap was silently no-op'ing because `flock(1)` is Linux-only; now uses a portable `mkdir`-based atomic lock with stale-lock reclamation, so first-install registration runs on macOS too.
10+
- **Telemetry opt-out reliability** (this release). `DO_NOT_TRACK` was unreliable because Codex CLI itself injects `DO_NOT_TRACK=1` into hook subprocesses regardless of user intent; the canonical opt-out is now `AXONFLOW_TELEMETRY=off`, an AxonFlow-scoped signal hosts can't unilaterally set.
11+
12+
The full set of platform-side security fixes shipped alongside this release — including multi-tenant isolation in MAP execution, cross-tenant audit-log isolation, and SQLi enforcement on the Community SaaS endpoint — is documented in the consolidated platform advisory [`GHSA-9h64-2846-7x7f`](https://github.com/getaxonflow/axonflow/security/advisories/GHSA-9h64-2846-7x7f).
613

7-
- **Plugin defaults to AxonFlow Community SaaS on first run** when neither `AXONFLOW_ENDPOINT` nor `AXONFLOW_AUTH` is set. Existing self-hosted installs (anyone who has set either env var) are honoured untouched — no silent endpoint override. Hooks emit a one-line canary on stderr every invocation: `[AxonFlow] Connected to AxonFlow at <URL> (mode=community-saas|self-hosted)`. A required CI gate parses this canary and asserts it matches the actual outbound destination so users can never be misled about which AxonFlow they're connected to.
8-
- **Anonymous telemetry switched to a 7-day heartbeat** with stamp-on-delivery semantics. Previously: a single stamp at install time, then silence forever. Now: at most one ping per machine per 7 days, gated by an in-flight `flock` so concurrent hook invocations don't stampede, and the stamp file mtime advances ONLY after the HTTP POST returns 2xx. A transient network failure no longer silences telemetry for 7 days.
14+
**Reliability and bug-fix highlights:**
15+
- **7-day delivered-heartbeat with stamp-on-success** (this release). Telemetry stamp advances only after the POST returns 2xx, so a transient network failure no longer silences telemetry until the next 7-day window. Concurrent invocations are de-duplicated by an in-flight gate.
16+
- **Mode-clarity canary log line** on every hook init (this release). Stderr emits `[AxonFlow] Connected to AxonFlow at <URL> (mode=...)` and a PR-blocking CI gate asserts the canary matches the actual outbound destination, guarding against silent endpoint drift.
17+
- **PR-blocking install-to-use smoke against the live community stack** (this release). Catches plugin-side regressions against `try.getaxonflow.com` before they reach a user's terminal.
18+
19+
### BREAKING
20+
21+
- **`DO_NOT_TRACK` is no longer honored as an AxonFlow telemetry opt-out.** Use `AXONFLOW_TELEMETRY=off` instead. Host tools and CLIs commonly inject `DO_NOT_TRACK=1` regardless of user intent, which makes it unreliable as a signal.
922

1023
### Added
1124

12-
- **First-run Community-SaaS bootstrap** (`scripts/community-saas-bootstrap.sh`) registers against `try.getaxonflow.com/api/v1/register` and persists `{tenant_id, secret, expires_at, endpoint}` to `~/.config/axonflow/try-registration.json` (mode 0600 inside a 0700 directory). The Basic-auth credential is loaded into `AXONFLOW_AUTH` for the rest of the hook lifecycle. Refuses to load a registration file with non-0600 permissions to prevent silent credential leak via a world-readable file. Honours HTTP 429 with a 1-hour backoff stamp.
13-
- **One-time setup disclosure** on first Community-SaaS connection: a positive, journey-based message recommending self-host for real workflows. Stamped at `~/.cache/axonflow/codex-plugin-disclosure-shown` so it fires exactly once per install.
14-
- **Mode-clarity gate** (`tests/mode-clarity.sh`) covers all 5 input combinations of `AXONFLOW_ENDPOINT` × `AXONFLOW_AUTH`. Anti-spoof: parses the URL and compares scheme + host + port (a lookalike domain like `try.getaxonflow.com.attacker.com` cannot pass a substring check).
15-
- **Plugin/platform version compatibility check.** A new `scripts/version-check.sh` runs once per install (stamp-file guard) on the first hook invocation. It queries the AxonFlow agent's `/health` endpoint and reads the new `plugin_compatibility.min_plugin_version["codex"]` field. If the plugin's runtime version is below the floor the platform expects, the script logs a single upgrade hint to stderr; below recommended-but-above-min logs an info-level note; at or above recommended is silent. Fire-and-forget; failures never block hook execution. Skippable via `AXONFLOW_PLUGIN_VERSION_CHECK=off`. Mirrors the SDK-side downgrade-warning gate that has run since v4.8.0.
25+
- **First-run Community-SaaS bootstrap** — plugin connects to AxonFlow Community SaaS at `https://try.getaxonflow.com` when neither `AXONFLOW_ENDPOINT` nor `AXONFLOW_AUTH` is set. Registers via `/api/v1/register` on first run and persists `{tenant_id, secret, expires_at, endpoint}` to `~/.config/axonflow/try-registration.json` (mode 0600 inside a 0700 directory). Refuses to load a registration file with non-0600 permissions. HTTP 429 → 1-hour backoff. Existing self-hosted installs (`AXONFLOW_ENDPOINT` or `AXONFLOW_AUTH` set) are honoured untouched.
26+
- **Mode-clarity canary** on every hook init: `[AxonFlow] Connected to AxonFlow at <URL> (mode=community-saas|self-hosted)` on stderr. A CI gate parses this canary and asserts it matches the actual outbound destination.
27+
- **One-time setup disclosure** on first Community-SaaS connection. Stamped at `~/.cache/axonflow/codex-plugin-disclosure-shown` so it fires exactly once per install.
28+
- **Plugin/platform version compatibility check** (`scripts/version-check.sh`). Queries the agent's `/health` endpoint and warns if the plugin runtime is below the platform's expected floor. Skippable via `AXONFLOW_PLUGIN_VERSION_CHECK=off`.
1629

17-
### Removed
30+
### Changed
1831

19-
- **BREAKING:** `DO_NOT_TRACK=1` is no longer honored as an AxonFlow telemetry opt-out in this plugin. Use `AXONFLOW_TELEMETRY=off` instead. The Codex CLI injects `DO_NOT_TRACK=1` into every hook subprocess regardless of user intent, so it cannot represent a real user choice in this context.
32+
- **Telemetry switched to a 7-day delivered-heartbeat.** At most one anonymous ping per environment every 7 days, with the stamp advanced only after the POST returns 2xx — a transient network failure doesn't silence telemetry until the next window. Concurrent invocations are de-duplicated by an in-flight gate.
2033

2134
### Fixed
2235

23-
- Telemetry ping now fires once per install on Codex. The previous behavior silently exited at the `DO_NOT_TRACK=1` check (injected by Codex), so the install ping never reached the stamp-file guard.
24-
- The deprecation warning no longer leaks to stderr on every `PreToolUse` hook invocation, eliminating the noise that was getting concatenated with `AxonFlow policy violation` messages on blocked commands.
25-
- Telemetry heartbeat now correctly classifies Community-SaaS sessions. The previous endpoint resolution fell into the localhost branch after the Community-SaaS bootstrap exported `AXONFLOW_AUTH` but intentionally left `AXONFLOW_ENDPOINT` unset; `/health` probes targeted localhost, `platform_version` shipped as `null`, and `deployment_mode` was tagged `production`. Resolution now keys off `AXONFLOW_MODE` first, so Community-SaaS users see the canonical endpoint and a dedicated `deployment_mode=community-saas` value.
26-
- Community-SaaS bootstrap and telemetry heartbeat now run on macOS. Both scripts gated their in-flight lock on `flock(1)`, which ships in stock Linux but not in stock macOS; a missing `flock` short-circuited the entire bootstrap, leaving Community-SaaS users unauthenticated, and silenced the telemetry heartbeat. Both paths now fall back to a `mkdir`-based atomic lock with stale-lock reclamation when `flock` is unavailable.
36+
- The `DO_NOT_TRACK=1 is deprecated...` warning is no longer emitted on every hook invocation when `DO_NOT_TRACK=1` is set.
37+
- Telemetry heartbeat now correctly classifies Community-SaaS sessions (was tagged `production` because the bootstrap-injected `AXONFLOW_AUTH` shadowed the resolver, sending `/health` probes to localhost and `platform_version=null` with the wrong `deployment_mode`).
38+
- Bootstrap and heartbeat now run on macOS — `flock(1)` isn't on stock macOS, so the in-flight lock falls back to a `mkdir`-based atomic lock with stale-lock reclamation when `flock` is unavailable.
2739

2840
### Security
2941

30-
- `~/.config/axonflow/` and `~/.cache/axonflow/` now have their permissions restored to `0700` on every invocation (was: only set on creation via `mkdir -m 0700`). A user who already had `~/.config/` at the conventional `0755` would otherwise hold the `0600` registration credential file inside a traversable directory.
42+
- `~/.config/axonflow/` and `~/.cache/axonflow/` permissions tightened to `0700` on every invocation (was: only set on creation via `mkdir -m 0700`, which left existing 0755 dirs unchanged).
3143

3244
## [0.4.2] - 2026-04-22
3345

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66

77
> **→ Full integration walkthrough:** **[docs.getaxonflow.com/docs/integration/codex](https://docs.getaxonflow.com/docs/integration/codex/)** — architecture, the hybrid governance model, policy examples, troubleshooting, and the 10 MCP tools the platform exposes.
88
9+
> **Upgrade strongly recommended.** AxonFlow ships substantial monthly security and quality hardening; staying on the latest major is the security-supported release line. [Latest release](https://github.com/getaxonflow/axonflow-codex-plugin/releases/latest) · [Security advisories](https://github.com/getaxonflow/axonflow-codex-plugin/security/advisories)
10+
911
---
1012

1113
## Why you'd add this

0 commit comments

Comments
 (0)