v1.2.0 — AutoShip rebrand + security hardening

AutoShip v1.2.0

This release rebrands the plugin from Beacon to AutoShip and ships a full security hardening pass across all shell hooks.

Rebrand

• Plugin renamed from Beacon to AutoShip. Install command is now:

  claude plugin marketplace add Maleick/AutoShip && claude plugin install autoship@autoship
  

• All commands renamed: /autoship:start, /autoship:plan, /autoship:stop, /autoship:status
• New banner graphic, full README rewrite with mermaid diagrams and benchmarks
• GitHub Pages landing site at https://maleick.github.io/AutoShip/
• Wiki published: Architecture, Configuration, Design Decisions, Troubleshooting

Security Hardening (9 findings addressed)

Critical

• Added ^issue-[0-9]+$ validation at all script entry points to prevent path traversal via malformed ISSUE_KEY (cleanup-worktree.sh, dispatch-codex-appserver.sh, update-state.sh)
• Eliminated rm -rf path traversal vector in cleanup-worktree.sh

High

• Replaced manual JSON-RPC string construction with jq -n --arg in dispatch-codex-appserver.sh and monitor-agents.sh to prevent JSON injection
• Fixed lockf subshell injection in beacon-init.sh and update-state.sh by passing paths as positional arguments instead of interpolating into bash -c strings
• Added credential exclusions to .gitignore: .env, *.pem, *.key, credentials.json

Medium

• FIFOs created with mkfifo -m 600 (owner-only permissions)
• Added chmod 600 to temp files before writing in beacon-init.sh and update-state.sh
• Added Step 0.5 to verification pipeline: path canonicalization guard + mandatory FAIL on empty git diff

Other

• Added prompt injection disclaimers to all 3 agent dispatch templates
• Wiki link and security badge added to README
• ISSUE_ID format validation added to update-state.sh
• AutoShip ran on itself to ship 3 issues in this release