diff --git a/CHANGELOG.md b/CHANGELOG.md index c8c522d..5e61a81 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## 0.16.0 — 2026-07-02 + +### Security + +- **taskState store hardened** — prototype-pollution-safe task map (null-prototype via schema preprocess), fail-closed on a corrupt persisted state file (no silent overwrite), Linear sync-comment **trust filter** (marker/prefix + author allowlist, `OPENSWARM_TASK_STATE_TRUSTED_COMMENT_USERS` for extras) with an issueId mismatch guard against cross-issue poisoning. (INT-2316) +- **Telemetry privacy tightened** — `command`/`adapter`/`event` labels are sanitized to a strict token shape so dynamic strings can never leak paths or prompt text; `installId` is shape-validated; the send timeout is unref'd so fire-and-forget telemetry cannot keep the process alive. (INT-2316) +- **Web dashboard auth: linear-time bearer parse** — replaced a polynomially-backtracking `Bearer` header regex (CodeQL `js/polynomial-redos`) with a regex-free parse. (INT-2316) +- **BS detector catches env-fallback secrets** — `process.env.X || "hardcoded-secret"` is now flagged (any line mentioning `process.env` used to be excluded wholesale). (INT-2316) + +### Changed + +- **Audit hardening batch landed** — two full-codebase `openswarm review --max --fix` passes (~130 files) applied per-area fixes: R5 Linear reconcile extended to done→reopened transitions, fix-loop worker errors surfaced (all-failed round stops early), `readOnly` adapter option plumbed through the tool layer, locale key coverage, GraphQL resolver and memory-ops cleanups — plus **13 new test files** (suite 1326 → 1389). (INT-2316) + ## 0.15.0 — 2026-07-02 ### Added diff --git a/README.md b/README.md index c27b36f..45fd68c 100644 --- a/README.md +++ b/README.md @@ -514,9 +514,9 @@ the CLI (fire-and-forget with a short timeout, and failures are silently ignored Full version history lives in **[CHANGELOG.md](CHANGELOG.md)** and the [GitHub Releases](https://github.com/unohee/OpenSwarm/releases) page. -Latest — **v0.15.0**: `openswarm fix` goes multi-language — auto-detects npm, -Cargo (Rust), and Python (ruff/mypy/pytest) checks; any other toolchain via an -`openswarm.json` `"checks"` map. See CHANGELOG.md for the rest. +Latest — **v0.16.0**: security hardening batch from dogfooded `review --max --fix` +audits — task-state store pollution/poisoning guards, telemetry label sanitization, +ReDoS-free web auth — plus 13 new test files. See CHANGELOG.md for the rest. --- diff --git a/package-lock.json b/package-lock.json index 1632380..e58e7d9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@intrect/openswarm", - "version": "0.15.0", + "version": "0.16.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@intrect/openswarm", - "version": "0.15.0", + "version": "0.16.0", "license": "MIT", "dependencies": { "@anthropic-ai/sdk": "^0.72.1", diff --git a/package.json b/package.json index e47faa8..66529de 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@intrect/openswarm", - "version": "0.15.0", + "version": "0.16.0", "description": "Autonomous AI agent orchestrator — Claude, GPT, Codex, and local models (Ollama/LMStudio/llama.cpp)", "license": "MIT", "type": "module",