cleanlib-cli 0.1.1

Terminal interface to CleanLibrary — query dependency verdicts and scan package manifests for ALLOW / DENY / WARN signals from the terminal or CI pipelines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# Changelog — cleanlib-cli

All notable changes to the `cleanlib-cli` tool will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this crate adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

### Planned
- Pre-built cross-platform binaries (Linux, macOS, Windows) so customers without a Rust toolchain can install via `curl | sh` without `cargo install`
- Homebrew tap for `brew install` on macOS

## [0.1.1] — 2026-06-05

### Fixed

- **`cleanlib audit` now reaches the right endpoint.** The transport layer
  hit `/v1/customer/audit` (404 on live App) instead of `/v1/audit` (200 —
  the App's `verbs_router` mount). Verified live against
  cleanapp.clnstrt.dev 2026-06-05; the command was completely broken on
  every prior release. Fix lives in `cleanlib_client::transport::Client::audit`.

### Added

- **Leading `decision:` line** in `cleanlib verdict` text output. The
  at-a-glance signal (ALLOW / WARN / DENY) now appears as the FIRST line,
  styled via the existing `style_decision` palette (green / yellow / red
  on TTY). The detail-level `verdict:` label (VECTOR_VERDICT / ...,
  customer-facing-masked via `mask_engine_tag`) stays as the second line.
  Customers reading from a terminal can scan a wall of `cleanlib verdict`
  output and pick out DENY rows immediately.
- **Multi-line `suggested:` rendering.** Single-action verdicts still
  print inline (`suggested:        <one string>`); multi-action verdicts
  now render as a bulleted list under a bare `suggested:` header. The
  prior semicolon-joined run-on string was unreadable for the
  CLEANLIB-72 populator output (3–4 advice strings per ALLOW_BY_ABSENCE
  / policy-DENY case).
- **`cleanlib scan --packages` accepts JSON-array input.** Auto-detected
  via leading `[` character. Each element is
  `{"name": "...", "version": "..."}`. The text-only `name@version`
  per-line format remains the default. Common customer-facing producer
  paths (`npm ls --json | jq ...`, package-list outputs from CI tools)
  now work without a translation step.

### Notes

- No breaking changes to existing flag surface, exit codes, or env vars.
- `--output json` machine path unchanged; the text-mode `decision:` /
  bulleted `suggested:` adjustments are TTY presentation only.

## [0.1.0] — 2026-06-03

### Added
- Inaugural crates.io release: `cargo install cleanlib-cli`
- Ten commands: `status`, `login`, `logout`, `verdict`, `scan`, `policy preview`, `risk-accept`, `audit`, `fetch`, `config init`
- Four ecosystem wrappers: `cleanlib pip`, `cleanlib npm`, `cleanlib cargo`, `cleanlib go`
- CI-gating exit-code semantics: `rc=0` on `ALLOW`, `rc=1` on `DENY`, `rc=2` on `WARN` with `--strict-warn`
- Cached verdicts with configurable TTL (default 300 seconds)
- Per-ecosystem proxy configuration emission (`.npmrc`, `pip.conf`, Go env)
- Empty-bearer fail-loud at `login` and `config init` (rejects silent-misconfig modes)
- Engine-tag masking at render: AI-derived signal sources surface as `AI-derived` to customers
- Transactional `config init` output (no partial writes on invalid input)

[0.1.0]: https://crates.io/crates/cleanlib-cli/0.1.0