chore(clawsec-suite): add 0.1.5 changelog entry (#174)

* chore(clawsec-suite): add 0.1.5 changelog release notes * fix(ci): enforce release notes for bumped skills
2026-06-17 07:21:21 +03:00 · 2026-04-08 23:35:16 +03:00
parent b996cff4bd
commit ad8121e2ae
2 changed files with 43 additions and 2 deletions
@@ -74,6 +74,10 @@ jobs:
            rm -f "$tmp_file"
          }

+          escape_regex() {
+            printf '%s' "$1" | sed -e 's/[][(){}.^$*+?|\\]/\\&/g'
+          }
+
          touched_skills_file="$(mktemp)"
          git diff --name-only "${BASE_SHA}...${HEAD_SHA}" -- 'skills/*/skill.json' 'skills/*/SKILL.md' \
            | awk -F/ 'NF >= 3 {print $1 "/" $2}' \
@@ -175,6 +179,36 @@ jobs:
            fi

            echo "Version parity OK for ${skill_dir}: ${head_json_version}"
+
+            changelog_path="${skill_dir}/CHANGELOG.md"
+            if [ ! -f "${changelog_path}" ]; then
+              echo "::error file=${changelog_path}::Missing CHANGELOG.md for bumped skill version ${head_json_version}."
+              failures=$((failures + 1))
+              continue
+            fi
+
+            escaped_version="$(escape_regex "${head_json_version}")"
+            if ! grep -Eq "^## \\[${escaped_version}\\] - [0-9]{4}-[0-9]{2}-[0-9]{2}$" "${changelog_path}"; then
+              echo "::error file=${changelog_path}::Missing required release-notes heading: ## [${head_json_version}] - YYYY-MM-DD"
+              failures=$((failures + 1))
+              continue
+            fi
+
+            changelog_entry="$(awk -v version="${head_json_version}" '
+              BEGIN { in_section = 0; found = 0 }
+              $0 ~ ("^## \\[" version "\\] - [0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$") { in_section = 1; found = 1; next }
+              in_section && found && /^---/ { exit }
+              in_section && found && /^## / { exit }
+              in_section { print }
+            ' "${changelog_path}" | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}')"
+
+            if [ -z "${changelog_entry}" ]; then
+              echo "::error file=${changelog_path}::Changelog entry for ${head_json_version} is empty. Add release notes under the version heading."
+              failures=$((failures + 1))
+              continue
+            fi
+
+            echo "Release notes check OK for ${skill_dir}: ${head_json_version}"
          done < "${touched_skills_file}"

          rm -f "${touched_skills_file}"
@@ -185,11 +219,11 @@ jobs:
          fi

          if [ "${failures}" -gt 0 ]; then
-            echo "::error::Found ${failures} version parity issue(s) across ${checked_skills} bumped skill(s)."
+            echo "::error::Found ${failures} skill metadata/release-notes issue(s) across ${checked_skills} bumped skill(s)."
            exit 1
          fi

-          echo "Validated ${checked_skills} bumped skill(s): skill.json and SKILL.md versions are present and equal."
+          echo "Validated ${checked_skills} bumped skill(s): version parity and changelog release notes are present."

  release:
    if: github.event_name == 'pull_request'
@@ -5,6 +5,13 @@ All notable changes to the ClawSec Suite will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [0.1.5] - 2026-04-08
+
+### Fixed
+
+- Fixed heartbeat update detection to rely on GitHub release metadata for latest-version resolution, addressing false update status results reported in [#168](https://github.com/prompt-security/clawsec/issues/168).
+- Hardened fallback behavior when release API auth/config is unavailable so version checks still resolve the correct latest release.
+
 ## [0.1.4] - 2026-02-28

 ### Added