fix: v0.20.3 — preserve settings on upgrade, trim changelog

init_from_env() now only seeds settings.json for keys not yet saved
(checks _load_raw() instead of load()). Previously env vars from addon
config overwrote web UI settings on every restart. CHANGELOG.md trimmed
to show only the latest version for HA Supervisor panel.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jrx-code

ha-sandbox/CHANGELOG.md

@@ -1,172 +1,8 @@
 # Changelog
 
-## [0.13.0] - 2026-03-10
-
-### Added
-- **PDF export** — `/api/report/{id}/pdf` endpoint + PDF button in UI; uses fpdf2 with DejaVu Unicode font (Alpine) and Helvetica fallback
-
-### Changed
-- **AI model** — default switched from gemma3:12b to qwen2.5-coder:14b (4/4 category coverage, 0/10 on malicious code vs 2/10, 9/10 on safe code vs 5/10)
-- **AI prompt rewrite** — single-step Ollama call (was 2-step losing context), system prompt now used for Ollama (was missing), explicit "do not repeat static findings" instruction
-- **AI deduplication** — AI findings that duplicate static findings (same category+file) are filtered before report; eliminates duplicate noise
-- **AI confidence** — improved from 50% to 95% on benchmark test case
-
-### Fixed
-- **Findings display bug** — HTML in `code` field (e.g. `innerHTML = '<div...'`) was parsed as real DOM elements, hiding subsequent findings; all report fields now HTML-escaped before rendering
-- **XSS hardening** — `ai_summary`, `description`, `code`, `file`, `category` escaped via `esc()` helper; `onclick` handlers use `JSON.stringify()` instead of manual backtick escaping
-- **HTML export** — same HTML-escape fix applied to standalone HTML export
-
-## [0.12.2] - 2026-03-10
+## [0.20.3] - 2026-03-10
 
 ### Fixed
-- **Ingress double-slash** — `GET //` from Supervisor proxy now redirects to `/` (was returning 404)
-- **Startup race condition** — retry loop waits for Supervisor API before reading config (fixes "Unable to access the API, forbidden" on fresh install)
-- **MQTT graceful fallback** — no more error when MQTT service not configured in Supervisor
-
-## [0.12.1] - 2026-03-10
-
-### Fixed
-- **AppArmor install error** — removed custom `apparmor.txt` profile that caused `Can't load profile` / `exit status 1` on HAOS (AppArmor 3.1.2); Supervisor now uses default Docker AppArmor profile
-- Reproduced and verified on fresh HAOS 14.2 KVM VM
-
-## [0.12.0] - 2026-03-09
-
-### Improved (Actionable Finding Descriptions)
-- **JS scanner** — all descriptions rewritten: eval→JSON.parse, innerHTML→textContent/DOMPurify, fetch→verify URL, localStorage→check stored data
-- **Python scanner** — subprocess, pickle, exec, os.system, requests descriptions now include specific remediation
-- **HA scanner** — services.call, bus.fire, auth access, dynamic entity descriptions include attack scenarios
-- **Pattern**: "What was detected → Why it's risky → What to do" across all scanners
-- No new tests needed (descriptions only, 265 tests still passing)
-
-## [0.11.0] - 2026-03-09
-
-### Added (Dependency Scanner Enhancement — 3/5 → 5/5)
-- **npm/package.json scanning** — parse dependencies + devDependencies, query OSV.dev with ecosystem=npm
-- **requirements.txt auto-discovery** — find and scan all `requirements*.txt` files in repo
-- **pyproject.toml parsing** — extract `[project.dependencies]` for CVE checking
-- **Known malicious package detection** — 30+ PyPI + 25+ npm typosquatting/supply chain packages (CRITICAL severity)
-- **OSV.dev batch query** — `/v1/querybatch` for efficient bulk CVE lookup (100 per batch)
-- **Repo-wide dependency scan** — `check_cve_repo()` discovers all dep files automatically
-- **Pipeline integration** — Phase 1c scans repo deps in addition to manifest requirements
-- 21 new tests (265 total)
-
-## [0.10.0] - 2026-03-09
-
-### Added (YAML Scanner Enhancement — 2/5 → 4/5)
-- **Structural YAML parsing** via `yaml.safe_load()` — analyzes parsed tree, not just regex
-- **Automation flow injection detection** — `service_template`, dynamic `service` with templates, template values in `data` flowing to `shell_command`
-- **Nested action scanning** — follows `choose/sequence/then/else/default` structures
-- **rest_command HTTP detection** — flags `rest_command` and `rest` using HTTP (not HTTPS)
-- **!include path validation** — detects template paths, absolute paths, parent traversal (`..`)
-- **Secrets in comments** — finds password/token/api_key values accidentally left in YAML comments
-- **Per-file finding cap** — max 3 per category per file (consistent with Python/JS/HA scanners)
-- **Standalone automation list support** — scans list-at-root automation files
-- 22 new tests (244 total)
-
-## [0.9.0] - 2026-03-09
-
-### Improved (batch scan on 50 HACS repos)
-- **Noise reduction**: findings cut by 90%+ on large repos (e.g. 804→13 for waste_collection_schedule)
-- `re.compile()` no longer flagged as code injection (only bare `compile()`)
-- `compile()` severity reduced from HIGH to MEDIUM (legitimate use common)
-- Per-file finding cap: max 3 findings per category per file
-- Network import aggregation: max 5 kept + summary for repos with many modules
-- `parse_info` aggregated: 1 per repo instead of 1 per file (412→1 for large cards)
-- Removed noisy `appendChild` detection (LOW value, extreme volume)
-- Vendor/third-party JS files skipped (docsify, prism, marked, etc.)
-- `docs/` directory excluded from JS scanning
-- 8 new tests for noise reduction (222 total)
-
-## [0.8.0] - 2026-03-09
-
-### Added
-- **Code Learning** — 4-module learning pipeline:
-  - L.1 Pattern Fingerprinting — extract structural fingerprints (imports, HA APIs, network domains, file types)
-  - L.2 Baseline / Norm Database — statistical profiling from scan history, deviation detection (z-score > 2σ)
-  - L.3 Whitelist / False Positives — "Ignoruj" button in UI, pattern-based whitelist with category+file matching
-  - L.4 Reputation Score — track safety score trends across versions with ↑/↓/→ trend indicators
-- Reputation display in report modal (scan count, average score, trend)
-- CSV/HTML export buttons in report modal
-- REST API endpoints: `/api/whitelist` (CRUD), `/api/reputation` (per-domain + all)
-- 25 new tests covering all learning modules (208 total)
-
-### Changed
-- Scan pipeline now filters whitelisted findings before report generation
-- Fingerprint and reputation data recorded automatically after each scan
-
-## [0.7.0] - 2026-03-09
-
-### Added
-- JavaScript AST parser using esprima with regex fallback for ES2020+
-- Python taint tracking — data flow analysis from user input to dangerous sinks
-- HA API pattern validator — detects risky hass.services, event bus, auth access
-- Batch scanning with SQLite-backed queue and progress tracking
-- Report export: CSV and standalone HTML (print/PDF ready)
-- Finding deduplication with category aliases and severity merge
-- Structured AI prompting with scoring rubric, few-shot examples, confidence scores
-
-## [0.6.0] - 2026-03-09
-
-### Added
-- YAML/Jinja2 scanner (shell_command, hardcoded secrets, unsafe HTTP, injection)
-- CVE database lookup via OSV.dev for dependency scanning
-- SQLite job persistence (survives restarts)
-- MQTT scans_total counter (persisted across restarts)
-
-### Fixed
-- MQTT TLS connection with proper certificate verification
-
-## [0.5.1] - 2026-03-07
-
-### Fixed
-- Active scans no longer stay visible after completion
-- Failed scans show red badge instead of spinner
-
-### Added
-- Version tag visible in UI header (both pages)
-- Findings sorted by severity in report details (critical → info)
-
-## [0.5.0] - 2026-03-07
-
-### Changed
-- Converted to HA Add-on format (config.yaml, run.sh, build.yaml)
-- Dockerfile uses HA base images (Alpine + Python 3.13)
-- Version sourced from config.yaml (single source of truth)
-- Added HA Ingress support (X-Ingress-Path, SSO)
-- MQTT auto-detects Supervisor MQTT service
-- HA token auto-injected via Supervisor API
-- Data stored in /share/ha-sandbox/
-
-## [0.4.0] - 2026-03-06
-
-### Added
-- Settings page with dual AI provider support (Ollama/Public API)
-- Clear Results button on dashboard
-- Centralized version constant
-- Test suite (87 tests) covering all phases
-
-### Fixed
-- 3 production bugs found via test suite
-
-## [0.3.0] - 2026-03-06
-
-### Changed
-- UI theme switched from dark blue to Nord color palette
-
-## [0.2.0] - 2026-03-06
-
-### Added
-- MQTT auto-discovery for Home Assistant
-- Static analysis for JavaScript/TypeScript
-- AI review via Ollama with code context
-- Report generation with JSON persistence
-- Installed HACS component listing via WebSocket
-
-## [0.1.0] - 2026-03-06
-
-### Added
-- Initial release
-- Repository cloning and manifest parsing
-- Static Python analysis (AST-based)
-- FastAPI web dashboard
-- Background scan pipeline
+- **Settings preserved on upgrade** — env vars from addon config now only seed settings.json on first start; web UI settings survive restarts and upgrades
+- **OpenRouter 401 Forbidden** — addon config API key (set in HA UI) synced to settings.json on first start
+- **Changelog** — now shows only latest version (was showing full history)

ha-sandbox/app/settings.py

@@ -111,24 +111,27 @@ def _apply_to_runtime(data: dict) -> None:
 
 
 def init_from_env() -> None:
-    """On startup, merge env vars into saved settings (env takes precedence for secrets).
+    """On startup, seed settings.json from env vars (only for keys not yet saved).
 
     The HA addon config UI sets options that run.sh exports as SANDBOX_* env vars.
-    These must be synced into settings.json so that settings.load() returns them.
-    Without this, _get_ai_config() would return empty defaults and API calls fail (401).
+    On first start these seed settings.json so _get_ai_config() picks them up.
+    On subsequent restarts/upgrades, saved values (from web UI settings page)
+    are preserved — env vars never overwrite existing settings.
     """
     import os
-    data = load()
+    raw = _load_raw()  # only what's explicitly saved (no defaults)
+    data = {**DEFAULTS, **raw}
+
     env_token = os.environ.get("HA_TOKEN", "")
-    if env_token and not data.get("ha_token"):
+    if env_token and not raw.get("ha_token"):
         data["ha_token"] = env_token
     env_mqtt_pass = os.environ.get("MQTT_PASS", "")
-    if env_mqtt_pass and not data.get("mqtt_pass"):
+    if env_mqtt_pass and not raw.get("mqtt_pass"):
         data["mqtt_pass"] = env_mqtt_pass
 
-    # Sync addon config options (SANDBOX_* env vars from run.sh) into settings.json.
-    # Env takes precedence over saved settings for these fields, because the user
-    # sets them in the HA addon config UI and expects them to take effect immediately.
+    # Seed addon config options into settings.json on first start.
+    # Only set values not already saved — this way web UI settings
+    # (written to settings.json via /api/settings) survive restarts.
     env_map = {
         "SANDBOX_AI_PROVIDER": "ai_provider",
         "SANDBOX_PUBLIC_PROVIDER": "public_provider",
@@ -140,7 +143,7 @@ def init_from_env() -> None:
     }
     for env_var, setting_key in env_map.items():
         val = os.environ.get(env_var, "")
-        if val:
+        if val and setting_key not in raw:
             data[setting_key] = val
 
     save(data)

ha-sandbox/config.yaml

@@ -1,5 +1,5 @@
 name: "HA Security Sandbox"
-version: "0.20.2"
+version: "0.20.3"
 slug: ha_security_sandbox
 description: "Security scanner for Home Assistant custom components — static analysis + AI review"
 url: "https://github.com/jrx-code/ha-security-sandbox"