@delegance/claude-autopilot 7.2.0 → 7.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,51 @@
|
|
|
2
2
|
|
|
3
3
|
- v5.6 Phase 7 (docs reconciliation) — pending.
|
|
4
4
|
|
|
5
|
+
## 7.2.1 (2026-05-10)
|
|
6
|
+
|
|
7
|
+
**v7.2.1 — v8 spec codex pass-2 amendment.** Docs-only PR. Folds
|
|
8
|
+
the codex pass on the merged v8 spec (PR #152) into a new
|
|
9
|
+
"Codex pass 2 amendment" section. 3 CRITICAL + 6 WARNING + 1 NOTE
|
|
10
|
+
all surfaced real productization gaps; all locked into the spec
|
|
11
|
+
rather than left as open questions.
|
|
12
|
+
|
|
13
|
+
**Key trust-model decisions now locked in the spec** (were
|
|
14
|
+
open-questions before):
|
|
15
|
+
|
|
16
|
+
* **C1 — Policy pinning.** `.autopilot/policy.yaml` loaded only from
|
|
17
|
+
default branch at run-start SHA; frozen for the run; daemon's own
|
|
18
|
+
PRs cannot mutate active permissions. `.autopilot/**`,
|
|
19
|
+
`.github/workflows/**`, lockfiles in default `protected_paths`.
|
|
20
|
+
* **C2 — Auth scope.** Default to fine-grained PAT (issues +
|
|
21
|
+
PRs + branch-prefixed contents-write only); `gh` CLI labeled
|
|
22
|
+
"unsafe/dev mode"; hosted uses per-org GitHub App.
|
|
23
|
+
* **C3 — Sandboxed phase execution.** Per-phase Docker/Podman
|
|
24
|
+
container locally; per-run isolated worker hosted; credential
|
|
25
|
+
mounts blocked; egress allowlist (GitHub + Anthropic + OpenAI +
|
|
26
|
+
package registries).
|
|
27
|
+
* **W3 — Auto-merge.** Requires distinct `automerge.*` policy
|
|
28
|
+
block with `required_checks`, `require_codeowner_approval`,
|
|
29
|
+
`max_risk_level`, `allowed_paths`, `rollback_plan_required`.
|
|
30
|
+
* **W4 — Phase-level idempotency.** Operation IDs + side-effect
|
|
31
|
+
markers; restart reconciles GitHub state before resuming.
|
|
32
|
+
* **N1 — OS keychain** for local secrets (macOS Keychain / Linux
|
|
33
|
+
Secret Service / Windows Credential Manager via `keytar`);
|
|
34
|
+
fallback to `~/.claude-autopilot/keys.json` 0600 with warning.
|
|
35
|
+
|
|
36
|
+
**Updated stabilization criteria** add:
|
|
37
|
+
* Sandbox-escape attempt suite (planted-payload tests verify
|
|
38
|
+
malicious `npm test` cannot read `~/.ssh/`, `~/.aws/`, host
|
|
39
|
+
`gh` token).
|
|
40
|
+
* Phase-level idempotency suite (kill daemon mid-phase × 100;
|
|
41
|
+
restart produces zero duplicate side-effects).
|
|
42
|
+
|
|
43
|
+
3 smaller open questions remain for v8.0-beta lock (container
|
|
44
|
+
runtime fallback, hosted worker latency, sandbox network
|
|
45
|
+
allowlist customization).
|
|
46
|
+
|
|
47
|
+
No code change; bumping to 7.2.1 to keep CHANGELOG/version in
|
|
48
|
+
lockstep with master HEAD.
|
|
49
|
+
|
|
5
50
|
## 7.2.0 (2026-05-10)
|
|
6
51
|
|
|
7
52
|
**v7.2.0 — `claude-autopilot scaffold --from-spec <path>`.** Closes
|