Releases: ppiankov/pastewatch
Releases · ppiankov/pastewatch
v0.25.8
v0.25.7
Fixed
- Launch command strips leading
--from passthrough args (fixesexecvp: No such file or directory)
v0.25.6
Added
- Proxy alert now includes actionable fix suggestion per secret type (use env vars, store in key file, use detectable keywords)
v0.25.5
Added
- Credential storage rules in CLAUDE.md snippet — prevents agents from echoing or storing plaintext credentials
- Setup step added to Quick Start —
pastewatch-cli setup claude-codeis now essential, not optional
v0.25.4
Fixed
- Credential false positives — documentation text like
password: rotated,token: POSTno longer triggers detection - Proxy stderr log suppressed in launch mode to prevent TUI interference with interactive CLIs
- Added
--quietflag toproxycommand
v0.25.3
Fixed
- Launch command uses fork/exec for proper TTY passthrough to interactive agents
v0.25.2
Fixed
- Launch command now passes TTY through to agent for interactive CLIs
v0.25.1
Added
- Bash command argument scanning — guard now scans full command string for inline secrets (DSNs, API keys, tokens)
- Bash tool handling in shell guard hook — blocks commands containing secrets before execution
- Test credential exclusions — AWS EXAMPLE keys and Stripe
sk_test_keys bypass guard blocking - CodeQL code scanning and Dependabot dependency monitoring
Fixed
- VS Code extension workflow skips publish when version unchanged
v0.25.0
Added
launchcommand: one-step proxy + agent startup (pastewatch-cli launch claude)- Starts proxy in background, waits for TCP readiness, launches agent with
ANTHROPIC_BASE_URLset - Cleans up proxy on agent exit, forwards exit codes
--quietflag to suppress proxy messages- Universal macOS binary (arm64 + x86_64) in release workflow
- Multi-platform Homebrew formula (macOS, Linux amd64, Linux arm64)
v0.24.1
Fixed
- Workledger key regex now matches 32+ base64url chars (was exactly 44, real keys are 43)
- Standalone
wl_sk_keys withoutKEY=context now detected