Release changelogs now credit contributors inline (Bun-style):
- Per-entry "thanks @user!" for community code contributions
- Per-entry "thanks @user for the report!" for bug reporters
- "Thanks to N contributors!" summary section at bottom of each release
- Core team (lawrencecchen, austinywang) excluded from per-entry callouts
Root cause: update-homebrew.yml triggered on release:published, which fires
before softprops/action-gh-release finishes uploading assets. The workflow
downloaded a 404 page instead of the DMG and committed its SHA.
Fix:
- Change trigger from release:published to workflow_run (fires after the
release workflow completes, guaranteeing assets are uploaded)
- Add download validation with retries and file size checks
- Add SHA verification step before committing to the cask
- Add homebrew cask update to build-sign-upload.sh for local releases
- Add regression test (tests/test_homebrew_sha.sh)
- Update /release and /release-local skills with homebrew verification steps
Fixes#110
- New /pull command: pulls main and updates submodules locally
- sync-branch: never pushes automatically, asks user first
- No pushing to submodules; all changes land via PRs
- New /release-nightly: end-to-end version bump + local build + release
- Fix /release-local: source secrets directly, use signing hash to avoid
keychain ambiguity, correct create-dmg --codesign flag, export
SPARKLE_PRIVATE_KEY for appcast generation
- Add `say` notification on completion/failure to all release skills
* Socket access control: process ancestry check + file permissions
Redesign socket control modes from (off, notifications, full) to
(off, cmuxOnly, allowAll):
- cmuxOnly (default): uses LOCAL_PEERPID + sysctl process tree walk to
verify the connecting process is a descendant of cmux. External
processes (SSH, other terminals) are rejected.
- allowAll: hidden mode accessible only via CMUX_SOCKET_MODE=allowAll
env var, skips ancestry check. Legacy "full"/"notifications" env
values map here for backward compat.
- off: disables socket entirely.
Security hardening:
- Server: chmod 0600 on socket after bind (owner-only access)
- CLI: stat() ownership check before connect (reject fake sockets)
Removes per-command allow-list (isCommandAllowed) — once a process
passes the ancestry check, all commands are available.
Includes migration for persisted UserDefaults values and env var
aliases (cmux_only, cmux-only, allow_all, allow-all).
* Add /sync-branch skill for submodule + main sync
Add a local release skill that builds, signs, notarizes, and uploads
releases without GitHub Actions. Set up direnv to load Apple signing
secrets from ~/.secrets/cmuxterm.env.
Update release skill to exclude internal/developer changes like
setup scripts, CI, docs, and tests from the changelog. Only
user-facing features, bug fixes, and UI changes should be included.
