v0.4.1

[0.4.1] - 2026-04-19

Added

• Smoke E2E scenario at tests/e2e/smoke-block-context.sh — runs pre-tool-check.sh against a reachable AxonFlow stack and asserts the hook exits 2 with AxonFlow policy violation + Plugin Batch 1 richer-context markers on stderr. Exits 0 (SKIP:) when no stack is reachable.
• .github/workflows/smoke-e2e.yml — workflow_dispatch triggered job running the smoke scenario. Requires an operator-supplied endpoint (GitHub-hosted runners have no local stack), so not wired to PR events — PR smoke gating needs a self-hosted runner with a live stack.

Full install-and-use matrix lives in axonflow-enterprise/tests/e2e/plugin-batch-1/codex-install/.

Compatibility

Companion to platform v7.1.1. No code changes vs v0.4.0 — the patch bump only adds the smoke E2E. Users on v0.4.0 against platform v7.1.1 still get the full richer-context block shape automatically.

v0.4.0 — Plugin Batch 1

[0.4.0] - 2026-04-18

Added

• Richer block reason surfaced to Codex on exec_command blocks. When
  the AxonFlow platform is v7.1.0+, the stderr message accompanying the
  exit 2 block now includes [decision: <id>, risk: <level>, active override: <ov>] or a pointer to the explain_decision MCP tool. Older
  platforms see the prior v0.3.0 message — fields are omitted when not
  returned.
• Access to platform MCP tools explain_decision, create_override,
  delete_override, list_overrides — available via the agent's MCP
  server when connected to a v7.1.0+ platform. Codex's existing audit-search
  skill pattern applies analogously for these new tools.

Compatibility

Companion to platform v7.1.0 and SDKs v5.4.0 / v6.4.0. Back-compatible.

v0.3.0

What's New

Telemetry

• Anonymous telemetry ping on first hook invocation. Sends plugin version, OS/arch/bash version, and AxonFlow platform version
• Stamp file guard at $HOME/.cache/axonflow/codex-plugin-telemetry-sent prevents repeat pings
• Opt out with DO_NOT_TRACK=1 or AXONFLOW_TELEMETRY=off

Marketplace Readiness

• New marketplace.json for plugin distribution

Fixed

• UTF-8 safe content truncation — character-level cut -c1-2000 instead of byte-level head -c 2000
• Consistent curl error reporting — post-tool-audit.sh uses -sS matching pre-tool-check.sh
• Corrected 6 copy-paste references from "Cursor" to "Codex" across 3 scripts

Changed

• Hook timeout increased from 10s to 15s
• CI workflow suppresses telemetry with DO_NOT_TRACK=1
• SECURITY.md timestamp updated to April 2026

v0.2.1

Added

• Decision-matrix regression tests for the v0.2.0 hook fail-open/fail-closed behavior. Mock-server cases for every JSON-RPC error branch.

v0.2.0 — Hook fail-open hardening + uninstall helper

See CHANGELOG.md.

• Hook fail-open/fail-closed hardening (matches axonflow-enterprise v6.2.0 #1545 Direction 3)
• New scripts/uninstall.sh cleanup helper for Codex CLI plugin cache leftover

v0.1.0

Added

• Hybrid governance model: enforcement via hooks for terminal commands (exec_command), advisory via skills for other tools
• PreToolUse hook: evaluates terminal commands against AxonFlow policies before execution (exit code 2 = block). Matcher covers Bash|exec_command|shell.
• PostToolUse hook: records executions in audit trail and scans output for PII/secrets
• MCP server integration with 6 governance tools: check_policy, check_output, audit_tool_call, list_policies, get_policy_stats, search_audit_events
• 6 governance skills for advisory governance with implicit activation
• PII write detection via improved skill descriptions
• Regression tests (22 tests), CI workflow, E2E testing playbook (10 verified tests)

Configuration

• MCP server configured in ~/.codex/config.toml (TOML format)
• Hooks placed at ~/.codex/hooks.json
• Plugin discovered via $CWD/.agents/plugins/marketplace.json, installed via /plugins