Releases · iicky/murk

19 Jun 01:14

v0.7.0

4ae9fbb

v0.7.0 Latest

Latest

Vault format: 0.7.0 introduces integrity-MAC schemes v6–v9 (blake3v4:–blake3v7:), added incrementally as you use recipient groups, agent grants, access policy, and post-revoke rotation tracking. A vault written by 0.7.0 that uses any of these features cannot be verified by murk 0.6.2 or earlier — upgrade all collaborators together. Vaults that use none of them stay byte-compatible with older murk. This is an expected pre-1.0 forward-incompatibility.

[0.7.0] - 2026-06-19

Added

add murk agent plan for schema-only agent context
add murk agent exec strict execution mode
add scan happy-path integration tests
add MSRV check to CI
feat: zeroize generated and prompted secrets in memory
feat: label added keys with their SSH type in TOFU pin-change diff
add per-secret rotation metadata and expiry checks
feat: add --rotate to circle revoke
feat: add MURK_STRICT to fail closed when edit can't stay in RAM
feat: refuse export/get to a file under MURK_STRICT
add per-secret recipient groups
add grants vault metadata and MAC v7 (blake3v5)
add agent grant/ls/revoke and fail-closed key discovery under MURK_STRICT
add agent access policy: tag allow-list in vault header (MAC v8), enforced on agent exec/grant

Changed

bump rand to 0.8.6 and js-yaml to 4.2.0 to clear vuln alerts
refactor: route murk init key discovery through env's single read path

Documentation

document missing commands and flags in SPEC.md and README, fix blake3v2 integrity description
document agent plan and agent exec in SPEC.md and README
document agent grants in SPEC and THREAT_MODEL
document agent grants in docs/ai-agents.md
docs: document git as the agent admin audit trail
docs: document binding policy enforcement in ai-agents

Fixed

fix: bump pyo3 to 0.29 for two python-binding security advisories
fix: run on a larger-stack thread to avoid clap stack overflow on Windows

Other

drop (MAC ok) from verify output, use ✦ for scoped edit update, document ✦ marker
collect resolve_secrets straight into BTreeMap, no intermediate plaintext map
ignore RUSTSEC-2026-0173 in deny.toml, build-time proc-macro only
test: sandbox integration tests in a temp HOME
test: require help text and coverage for every command
ci: run parser fuzz targets nightly
drop vault_name from agent plan output
preserve windows system env vars in exec --clean-env
show rotation and expiry in info
keep agent grant scoped copy in sync when a granted key is rotated
rename scoped secret tier to private (wire format unchanged)
accept # Recipient: header in age plugin identity files
expand YubiKey hardware-key walkthrough in README
enforce agent policy in python and node bindings
run murk via execFileSync in node tests, no shell
ci: smoke-test the install.sh path against a local fixture
test: enforce secret-handling invariants as source-level lints
flag secrets that still need rotating after a revoke
assert main's branch-protection baseline in release preflight
point preflight at PREFLIGHT_APP_* secrets
release v0.7.0