codexctl 0.7.1

Codex Controller - Full control plane for Codex CLI
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

# Changelog

All notable changes to this project will be documented in this file.

## [0.7.1] - 2026-04-12

### Fixed

- Preserved file permissions and byte-level content during profile save/load paths to avoid cross-platform corruption.
- Stopped rewriting copied profile files during `save`; now only `auth.json` (when encrypted) and `profile.json` are written.
- Preserved file modes when decrypting `auth.json` into staging during profile load.
- Enabled tar permission preservation during profile import.
- Fixed import path validation to accept safe `./` tar entries while still rejecting path traversal.

### Added

- Added atomic write helper for safe file replacement while preserving existing permissions.
- Added regression tests for byte fidelity (including CRLF/non-UTF8 payloads) and Unix permission preservation.

## [0.7.0] - 2026-04-11

### Changed

- Optimized CI execution by removing duplicated cross-target packaging from regular CI while keeping full release matrix builds.
- Optimized Docker build/runtime layers and release trigger behavior for faster pipeline runs and lower image overhead.
- Simplified Dependabot npm scope to the wrapper package (`/npm`) to avoid repeated scans on platform-only packages.
- Consolidated duplicated utility test modules by removing mirrored `*_test.rs` files and relying on in-module tests.

### Security

- Added signed release blobs via keyless `cosign` in release workflow.
- Added generated `SHA256SUMS` and SPDX SBOM release assets for each tagged release.
- Added GitHub provenance attestation and SBOM attestation steps for release artifacts.

## [0.6.3] - 2026-04-11

### Changed

- Reframed product messaging around Codex Controller for Codex CLI.
- Aligned command/help/docs examples around the active `codexctl` command surface.
- Updated Rust and npm dependency sets and lockfile.
- Updated npm wrapper and platform package versions to `0.6.3`.

### Security

- Removed `age` `ssh` feature dependency path to reduce transitive crypto exposure.
- Added GitHub security automation:
  - Rust advisory scan
  - npm audit scan
  - secret scanning
  - CodeQL
  - dependency review on PRs
- Added repository security policy and community governance docs.