gnezim/clawsec
1
0
Fork 0
mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-13 05:28:02 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e48a955ccf7f9a4b5d4aaedfbb9f47779348595
clawsec/skills/soul-guardian/CHANGELOG.md
T
David Abutbul 1e48a955cc fix(release): exclude tests from skill payloads (#230) 
* fix(release): exclude tests from skill payloads

* fix(release): normalize test path filtering

* fix(release): prefer GitHub artifacts for non-OpenClaw installs

* fix(release): keep legacy ClawHub publishing

* fix(release): address skill packaging review feedback

* chore(skills): bump release versions

* feat(skills): surface recommended platforms

* docs(skills): add signed release verification

* fix(skills): normalize PR version bumps

---------

Co-authored-by: David Abutbul <David.a@prompt.security>
2026-05-14 14:38:58 +03:00

2.8 KiB
Raw Blame History

Changelog

[0.0.6] - 2026-05-14

Security

  • Added explicit signed release artifact verification instructions for standalone installs, including checksums.json, checksums.sig, signing-public.pem, archive hash verification, and SKILL.md/skill.json checksum checks.

All notable changes to soul-guardian will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.0.5] - 2026-04-14

Added

  • Regression coverage for launchd label migration so the installer documents and cleans up the previous Clawdbot-era label before starting the new default label.

Changed

  • scripts/install_launchd_plist.py now documents the legacy launchd label/plist in dry-run output and attempts a best-effort disable/bootout of com.clawdbot.soul-guardian.<agentId> before installing com.openclaw.soul-guardian.<agentId>.
  • The --label help now explains that non-legacy labels trigger legacy-job cleanup, while explicitly selecting the legacy label skips that migration path.

Security

  • Reduced the chance of duplicate launchd jobs or split monitoring state by making the old-label cleanup path explicit and warning the operator when manual launchd cleanup is still required.

[0.0.4] - 2026-04-14

Added

  • Regression coverage for launchd state-directory selection so existing legacy installs keep using their current guardian state unless the operator explicitly chooses a new location.

Changed

  • scripts/install_launchd_plist.py now reuses ~/.clawdbot/soul-guardian/<agentId>/ when that legacy state directory already exists and otherwise keeps the new ~/.openclaw/... default.
  • The launchd installer now prints an explicit migration warning with the --state-dir value to use when switching an existing install to the new OpenClaw path.

Security

  • Prevented silent state-directory drift for existing launchd-based installs that would otherwise create a second guardian state tree and lose visibility into the approved baselines they were already enforcing.

[0.0.3] - 2026-04-14

Added

  • Operational notes that describe restore behavior, state-directory sensitivity, and optional scheduling integrations.
  • Metadata for persistence, network posture, and operator review expectations.

Changed

  • Declared optional integration runtimes used by the documented workflows (openclaw, launchctl, bash) alongside the required python3 runtime.
  • Normalized the documented product/runtime naming to OpenClaw, including cron examples, default external state paths, and launchd labels.

Security

  • Made it explicit that restore mode can overwrite protected files back to baseline and that guardian state directories may contain sensitive snapshots, diffs, and quarantined content.
Reference in New Issue View Git Blame Copy Permalink