Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: actradeck/actradeck

ActraDeck v0.4.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 03:59

ActraDeck v0.4.0

Signed, provenance-attested release. Assets: source tarball, CycloneDX SBOM
(sbom.cdx.json), and checksums.txt.

Verify before you run it

Confirm this tarball was built by this repository's release workflow (SLSA
build provenance, keyless Sigstore signature):

gh attestation verify actradeck-0.4.0.tar.gz --repo actradeck/actradeck
sha256sum -c checksums.txt

Or let the installer verify for you:

ACTRADECK_VERIFY=1 ACTRADECK_REF=v0.4.0 \
  ACTRADECK_REPO=https://github.com/actradeck/actradeck sh scripts/install.sh

See CHANGELOG.md for what changed.

ActraDeck v0.3.0

Choose a tag to compare

@github-actions github-actions released this 05 Jul 03:17

ActraDeck v0.3.0

Signed, provenance-attested release. Assets: source tarball, CycloneDX SBOM
(sbom.cdx.json), and checksums.txt.

Verify before you run it

Confirm this tarball was built by this repository's release workflow (SLSA
build provenance, keyless Sigstore signature):

gh attestation verify actradeck-0.3.0.tar.gz --repo actradeck/actradeck
sha256sum -c checksums.txt

Or let the installer verify for you:

ACTRADECK_VERIFY=1 ACTRADECK_REF=v0.3.0 \
  ACTRADECK_REPO=https://github.com/actradeck/actradeck sh scripts/install.sh

See CHANGELOG.md for what changed.

v0.2.0 — Approval policy & governance layer

Choose a tag to compare

@TKMD TKMD released this 30 Jun 16:23

Local-first, vendor-neutral control plane for coding agents (Claude Code & Codex): approval gating, secret redaction before persist, and a replayable audit trail.

Highlights since v0.1.0 — Approval policy & governance layer

  • Per-repo approval policy with bypass / YOLO category gating: under --dangerously-skip-permissions / --yolo, operator-enabled high-risk categories (recursive-rm, disk-destroy, history-rewrite, db-drop, fork-bomb, secret-egress, high-risk-other) fall back to the Web UI approval card (emit → hold → allow/deny; unattended timeout → deny). Default-on safe preset; env kill-switch to revert.
  • Daemon-addressed policy relay — set per-repo policy even with no agent session, via any connected policy-capable daemon. (approve / interrupt / diff / allowlist stay session-scoped.)
  • Capability gating — observe-only daemons are excluded from policy addressing.
  • Policy settings UI with a read-only last-known cache (zero-connection viewing).
  • Memory-authoritative policy with delta read-modify-write disk persistence; crash-safe control-channel disk writes.

Trust boundary

Single-operator / loopback / local-fs. Cross-vendor approval relay is Managed Mode; Attach mode is observe-only (see the support matrix).

License

Apache-2.0.

v0.1.0 — first public preview

Choose a tag to compare

@TKMD TKMD released this 27 Jun 08:13

ActraDeck v0.1.0 — first public preview

The vendor-neutral control plane for coding-agent approvals, secrets, and audit.

ActraDeck runs beside your coding agents — Claude Code, Codex, and whatever comes next — as a local-first sidecar + web cockpit: approve what they do, stop secrets before they are stored, and keep one audit trail across vendors. Nothing leaves your machine.

Status: early / active development (pre-1.0). The pieces below work today; expect rough edges and breaking changes before 1.0.

What works today

  • Live wall — real-time view of every active agent session, with liveness-by-evidence (multiple heartbeats composed, not a naive "running" flag).
  • Secret redaction before persist — secrets are masked at the sidecar before anything is written to local SQLite or sent onward; the cockpit shows per-kind redaction counts, never raw values.
  • Approval inbox — high-risk operations gate on human approval; deny-by-default on timeout.
  • Cross-vendor audit — Claude Code and Codex normalized into one event trail.
  • Session replay — reconstruct a session from its recorded event timeline.

Getting started

Local-first, no cloud required. See the README, docs/getting-started.md, and scripts/quickstart. A ~90s walkthrough is in docs/demo-90s.md.

Roadmap (not yet shipped)

Declarative policy engine · tamper-evident audit export · team features.

Notes

  • Licensed under Apache-2.0.
  • The test suite intentionally contains fake secrets (e.g. AKIA…EXAMPLE, glpat-…) to prove the redactor catches them — they are not real credentials.

🤖 First public snapshot synced from the private monorepo via scripts/sync-oss.sh (curated tree, synthetic history).