v0.2.12

What's Changed

• Responsive/mobile fixups by @josh-collinsworth in #680
• feat(config): add basic auth credential by @rajiteh in #685
• Update h1 value prop by @josh-collinsworth in #686

New Contributors

• @rajiteh made their first contribution in #685

Full Changelog: v0.2.11...v0.2.12

v0.2.11

What's Changed

• run: quiet macOS setup chatter unless CLAWPATROL_DEBUG by @piscisaureus in #675
• site: add Tunnels docs page by @ry in #673
• discovery: document HITL and expose approval-status polling on the internal API by @arnauorriols in #666
• docs(security-model): note egress interception is best-effort by @piscisaureus in #678
• join: recover from tsnet's wedged interactive login (auth-path 410) by @piscisaureus in #679

Full Changelog: v0.2.10...v0.2.11

v0.2.10

What's Changed

• feat(pluginsdk): support external HTTP credential plugins by @dhruvkelawala in #656

New Contributors

• @dhruvkelawala made their first contribution in #656

Full Changelog: v0.2.9...v0.2.10

v0.2.9

What's Changed

• run: use passwordless sudo for setup so the wrapped command can sudo by @piscisaureus in #663
• postgres: parse psql \d catalog queries with COLLATE default by @piscisaureus in #664
• dashboard: fix copy buttons in non-secure contexts by @piscisaureus in #667
• join: prevent --login hangs (unbounded requests + stale login URL) by @piscisaureus in #668
• run: fix DNS in passwordless-sudo path (resolv.conf perms) by @piscisaureus in #669
• run: stop leaking resolv.conf bind-mounts to the host (sudo path) by @piscisaureus in #671
• daemon: stable runtime dir so only one daemon runs per identity by @piscisaureus in #670
• docs: describe the passwordless-sudo path for clawpatrol run by @piscisaureus in #672

Full Changelog: v0.2.8...v0.2.9

v0.2.8

What's Changed

• onboard: assign profile on claim; fix --whole-machine completion output by @piscisaureus in #660
• onboard: propagate profile reassignment across the IP alias group by @piscisaureus in #661
• run: on a --whole-machine device, exec directly instead of spawning the daemon by @piscisaureus in #662

Full Changelog: v0.2.7...v0.2.8

v0.2.7

What's Changed

• onboarding: surface profile assignment at approval time by @piscisaureus in #657
• run: quiet relay diagnostics, fix log prefix, document no-root by @piscisaureus in #659

Full Changelog: v0.2.6...v0.2.7

v0.2.6

What's Changed

• [WIP] Landing page refresh by @josh-collinsworth in #635
• Another LP pass by @josh-collinsworth in #636
• refactor: decouple llm approver summaries by @magurotuna in #638
• Pre-launch checkup by @josh-collinsworth in #639
• tailscale tunnel: OAuth-client auth via oauth_client_secret by @piscisaureus in #641
• fix: honor wireguard.listen_port instead of silently ignoring it (cl-94cf) by @arnauorriols in #646
• aws_credential: re-sign non-EKS proxied requests + inject placeholder AWS env vars by @arnauorriols in #644
• feat: profile-scoped endpoint/credential discovery endpoint by @arnauorriols in #645
• gateway: handle tsnet exit-node UDP via GetUDPHandlerForFlow by @piscisaureus in #643
• gateway: advertise dnsvip CIDRs as Tailscale subnet routes by @piscisaureus in #654

Full Changelog: v0.2.5...v0.2.6

v0.2.5

What's Changed

• Intercept raw-IP HTTPS endpoints on declared ports by @divybot in #611
• fix: drive relay recv/send through SyscallConn.Read/Write (cl-0jsq) by @arnauorriols in #585
• feat: per-agent HITL channel routing, device-page pending bar, Slack verdict sync by @littledivy in #613
• Add schema_version to gateway config by @piscisaureus in #616
• run: forward wrapped-cmd 127.0.0.0/8 connects to host loopback (cl-1clt) by @arnauorriols in #589
• fix: resolve credential before rule matching on HTTPS path by @magurotuna in #619
• feat: configurable body caps for rules engine and actions table (cl-ipw8) by @arnauorriols in #623
• feat: passthrough credential type for credential-less endpoints (cl-snuf) by @arnauorriols in #621
• fix: stop k8s tunnel jump pods leaking (cl-acxv) by @arnauorriols in #627
• ci: set DO_NOT_TRACK=1 to keep CI out of telemetry by @ry in #628
• telemetry: drop dev-version pings on both ends by @ry in #629
• dashboard: require typed confirmation to change device profile by @ry in #631
• Add ssh-family security rules by @piscisaureus in #618
• docs: document the gateway { } block in config-reference by @ry in #632
• fix: enable Claude Code /remote-control under clawpatrol env pushdown by @divybot in #576
• Block requests like this by @ry in #614
• rules: fail closed via viral CEL unknowns instead of dispatch gates by @piscisaureus in #633

Full Changelog: v0.2.4...v0.2.5

v0.2.4

What's Changed

• telemetry: track install.sh runs in D1 by @ry in #590
• fix: add inline verdicts to live requests by @littledivy in #592
• chore: go best-practices pass for errors, shutdown, and cleanup by @divybot in #566
• feat(config): support directory-mode HCL loading (Terraform-style) by @divybot in #577
• Show endpoint hostname instead of VIP in dashboard for tunneled postgres by @piscisaureus in #605
• Use "approve" verb consistently for HITL decisions in dashboard by @piscisaureus in #606
• Show more of the SQL query/body in Slack approval messages by @piscisaureus in #607
• Live requests: show approval status in leading column, lock in verb slot by @piscisaureus in #608
• Show pending approvals on the device page by @piscisaureus in #609

Full Changelog: v0.2.3...v0.2.4

v0.2.3

What's Changed

• join: print QR code for tailnet-only verify URLs by @littledivy in #540
• join: --login bootstraps tsnet for tailnet-only gateways by @piscisaureus in #560
• clawpatrol: fix Go lint findings by @divybot in #564
• perf: audit binary size and trim avoidable dependency bloat by @divybot in #565
• site: snapshot telemetry counts daily for time-series tracking by @ry in #555
• Unify shared assets between /site and /dashboard by @josh-collinsworth in #569
• fix: keep daemon sessions alive while quiet by @divybot in #563
• ci: auto-deploy demo on push to main by @littledivy in #570
• UI/UX pass by @josh-collinsworth in #571
• Replace demo image with live iframe by @josh-collinsworth in #572
• fix: propagate join write errors; improve daemon mode-missing error by @divybot in #575
• Devices table: let hostname flex, fix IP column width by @divybot in #579
• site: add Credentials doc page and placeholder-dispatch example by @ry in #581
• fix: scope settings credential Profiles column to each profile's own list by @arnauorriols in #582
• fix: decouple tailscale credential status from tunnel liveness (cl-eh83) by @arnauorriols in #583
• dashboard: copy-to-clipboard buttons on action detail page (cl-ik9t) by @arnauorriols in #588

Full Changelog: v0.2.2...v0.2.3