Releases: alibaba/anolisa
Releases · alibaba/anolisa
tokenless v0.2.0
os-skills v0.3.0
agentsight v0.3.0
agent-sec-core v0.3.0
agent-sec-core v0.3.0
What's Changed
Prompt Scanner — Multi-layer prompt injection & jailbreak detection
- Added prompt injection/jailbreak detection scanner architecture with L1 rule engine (YAML-based) and L2 ML classifier (Prompt Guard 2). (#253)
- Integrated prompt scanner into cosh hook and openclaw plugin with security middleware lifecycle. (#261, #294)
- Added
list-scannerscommand, improved CLI help, and made--scanner-versionoptional. (#284) - Added prompt scan summary and backend tests. (#294)
- Added prompt-scanner skill definition. (#256)
- Added model warmup, audit logging, and comprehensive documentation. (#253)
- Stabilized batch scanning and verdict logic with thread-safe model loading. (#253)
- Unified prompt scanner response to use "ask" instead of "block". (#341)
- Added prompt-scanner e2e test suite and Makefile target. (#352)
Code Scanner — Static code security analysis
- Added code scanner component with rule-based detection for obfuscation, permission abuse, and more. (#234)
- Integrated code scanner into cosh hook (with ask decision support) and openclaw plugin adapter. (#234)
- Added code scanner CLI entry, error codes, and unit tests. (#234)
- Fixed code scan bugs and added e2e test. (#342)
Skill Ledger — Skill integrity tracking and signing
- Added skill-ledger CLI with middleware integration for skill integrity verification. (#252)
- Added skill-ledger skill definition. (#266)
- Added skill-ledger cosh hook for PreToolUse and openclaw-plugin capability. (#292, #281)
- Improved skill-ledger CLI and cleaned up imports. (#284)
- Restructured skill-ledger config defaults and documentation. (#296)
- Aligned skill-ledger tool name and added path validation. (#317)
- Reworked skill-ledger status, output, and check signing. (#335)
- Skill-ledger hook hardening, e2e suite, and posture integration. (#339)
Security Middleware & Event System
- Added security middleware framework with unified CLI entry point and metrics integration. (#121, #220)
- Added sqldb writer & reader with query command at CLI interface for security event persistence. (#254)
- Fixed cross-process event loss in SecurityEventWriter. (#226)
- Applied corruption whitelist to stop false-positive DB rebuilds. (#338)
- Added e2e test and fixed bugs revealed during testing. (#330)
Linux Sandbox
- Added sandbox guard and failure handler hooks. (#362)
OpenClaw Integration
- Added hook plugin for openclaw with integrated security scanning capabilities. (#242)
- Added jq requires for openclaw hook package. (#370)
Cosh Extension Integration
- Integrated with new cosh extension API and added builtin commands. (#302)
Performance
- Lazy-load ML dependencies to speed up non-ML subcommands. (#318)
Toolchain & CI
- Migrated Python toolchain to uv package manager and pinned Python 3.11.6. (#227)
- Added sec-core RPM build CI and adapted nightly build pipeline. (#295)
- Initialized code format check CI with python-code-pretty. (#229)
- Added e2e test in RPM build CI. (#369)
Bug Fixes
- Preserved seharden wrapper defaults. (#236)
- Removed dynamic import at middleware router. (#277)
- Improved missing loongshield guidance. (#289)
- Fixed build errors. (#288)
- Removed openclaw hook examples and fixed documentation. (#282)
Full Changelog: sec-core/v0.2.0...sec-core/v0.3.0
copilot-shell v2.2.0
copilot-shell v2.2.0
This release includes new features such as ask decision support for hooks, interactive Skills TUI Panel, configurable status bar, /export command, and various bug fixes for API key validation, memory leaks, and extension lifecycle reliability.
What's Changed
- Added
askdecision support for UserPromptSubmit hook. (#328) - Added new command for Clawhub CLI. (#313)
- Added interactive Skills TUI Panel with enable/disable support. (#311)
- Added variable substitution and display control for extension TOML commands. (#291)
- Added immediate hook activation on extension install/uninstall. (#283)
- Added
askdecision support for PreToolUse hooks. (#276) - Added configurable status bar. (#251)
- Added
/exportcommand for session history. (#245) - Fixed API key validation to skip non-Dashscope providers. (#337)
- Fixed PreToolUse ask dialog by unifying it to info type with diff preview. (#345)
- Fixed memory leak in memory management. (#309)
- Fixed extension lifecycle reliability. (#298)
- Fixed hook registry sync on extension enable/disable. (#298)
- Fixed interface crash caused by leftBottomContent of Box nested in Text in Footer. (#293)
- Fixed
/hooks installcommand by removing it and adding default help. (#287) - Fixed extension examples installation and package configuration. (#271)
Full Changelog: cosh/v2.1.0...cosh/v2.2.0
ws-ckpt v0.1.0
ws-ckpt v0.1.0
What's Changed
Full Changelog: https://github.com/alibaba/anolisa/commits/ckpt/v0.1.0
copilot-shell v2.1.0
copilot-shell v2.1.0
Release Copilot Shell v2.1.0 with various fixes and usability improvements.
What's Changed
- Added startup bash entry and simplified manual auth dialog. (#217)
- Added async fzf-based tab completion optimization. (#214)
- Fixed OpenAI API key and model validation via /models endpoint on auth. (#243)
- Fixed API key retention when navigating to apiKey field in auth dialog. (#241)
- Fixed node-pty native binary bundling for both linux architectures. (#232)
- Fixed stream redaction by replacing integer offset with committed text reference. (#210)
- Fixed missing fields in hook system. (#188)
Full Changelog: cosh/v2.0.4.1...cosh/v2.1.0
os-skills v0.2.2
os-skills v0.2.2
Release OS Skills v0.2.2 with various fixes and usability improvements.
What's Changed
- Support enable AgentSight dashboard in
agentsightskill.
Full Changelog: skill/v0.2.1...skill/v0.2.2
os-skills v0.2.1
os-skills v0.2.1
Release OS Skills v0.2.1 with various fixes and usability improvements.
What's Changed
- Upgraded
xlsxskill with MiniMax open-source implementation. (#218) - Updated skill descriptions from "suitable for alinux4" to "rpm-base linux". (#182)
Full Changelog: skill/v0.2...skill/v0.2.1