Changelog

Release notes for every version. Based on Keep a Changelog.

v0.7.0

Breaking
  • Remote shell and agent daemon removedamesh agent start/stop, amesh shell, amesh grant, and amesh reset commands removed. The @authmesh/agent npm package is deprecated. amesh now focuses on device-bound M2M authentication.
Security
  • Reduced attack surface — removing the agent daemon (PTY spawning, shell cipher, frame protocol) eliminates the highest-risk component.
  • Relay simplified — agent registration, challenge-response, and shell routing handlers removed.

v0.6.0

Added
  • SAS confirmation protocol — controller waits for target to verify the 6-digit code before adding to allow list. Prevents one-sided trust.
Security
  • Relay per-session data cap — 5 MB maximum forwarded per session to prevent bulk data streaming abuse.

v0.5.3

Fixed
  • amesh invite crash on duplicate device — no longer throws when the target is already in the allow list. Automatically updates the existing entry with fresh handshake data.
  • Handshake timeout errors now show actionable recovery guidance instead of raw error messages.
  • amesh listen SAS prompt now includes Ctrl+C hint and clearer mismatch recovery message.
  • amesh init next-steps uses plain language instead of controller/target jargon.
  • Install script at authmesh.dev/install for headless CLI installation.
Added
  • amesh provision discoverability — non-interactive pairing now surfaced in listen, init, and README quickstart.
  • Trust model legend in amesh list output — explains what [controller] and [target] mean.
  • Pairing troubleshooting section in docs covering 6 common failure scenarios.

v0.5.2

Added
  • Install script at authmesh.dev/install — one-liner install for headless devices.
  • arm64 .deb package — release workflow now produces both amd64 and arm64 Debian packages.
  • Blog post — "Your AI just wrote another .env file".

v0.5.1

Added
  • Community files — SECURITY.md, CONTRIBUTING.md, CODE_OF_CONDUCT.md, issue templates, PR template.
  • Social preview image for GitHub link sharing.
  • GitHub Discussions enabled for community Q&A.

v0.5.0

Security
  • Full security audit — 18 fixes across 2 critical, 4 high, 7 medium, 5 low severity issues.
  • Relay redeployed with AMESH_TRUST_PROXY=1 for correct IP rate limiting behind Cloud Run.
Added
  • Docker smoke test suite — 11 post-release tests verifying npm packages, binaries, and relay.

v0.3.3

Fixed
  • Device ID derivation mismatchinvite and listen derived device IDs with raw base64url(pubkey) while init used SHA-256(pubkey) per the protocol spec. Existing pairings need re-pairing.
  • Compiled binary brokensea.ts entry point restored with all 8 commands.

v0.3.1

Fixed
  • macOS Keychain stale key accumulationSecItemDelete only removes one Keychain item per call; multiple amesh init --force runs accumulated stale keys, causing selfSig verification failed on remote peers during pairing.
Added
  • Key Storage doc page — explains the 3-tier fallback: Secure Enclave → macOS Keychain → TPM 2.0 → encrypted file.
  • macOS Keychain driver tests — sign/verify round-trip, stale key regression test, key overwrite verification.
Changed
  • Security claims softened — "replay-proof" → "replay protection", "MITM-proof" → "MITM-resistant", "hardware-bound" → "protected by Keychain, TPM, or encrypted file".
  • Footer disclaimer added — clarifies security claims describe design goals, not guarantees.

v0.3.0

Added
  • Auto-generated passphrase for encrypted-file backend — --passphrase flag removed; a 256-bit random passphrase is generated and stored in identity.json automatically.
  • Detection verbosityamesh init now shows which backend tiers were checked and which was selected.
  • Identity info in amesh list — new "This device" section at top showing device ID, friendly name, backend, and created date.
  • Docs sidebar — persistent left navigation on all doc pages.
  • ADR-010 — documents the passphrase-colocation security decision and threat analysis.
Security
  • Passphrase stripped from memory after KeyStore creation at all 6 call sites.
  • Atomic write for identity.json in SDK bootstrap (tmp + rename pattern).
  • Bun runtime guard added to relay start — clear error message when run on Node.js.

v0.1.3

Fixed
  • macOS Keychain not detected in Homebrew installs — the Swift Secure Enclave helper (amesh-se-helper) was not bundled in release tarballs, causing silent fallback to the encrypted-file backend on macOS.
Changed
  • Swift helper bundled in macOS releasesamesh-se-helper is now compiled and included in darwin tarballs.

v0.1.2

Changed
  • CLI binary migrated from Node.js SEA to Bun compile — binary size reduced from 123MB to 61MB (~50%), fixes segfault on macOS.
  • WebSocket client switched from ws to native WebSocket API — works in both Bun and Node.js, removes a runtime dependency.
  • Release pipeline simplified — 4-step SEA build replaced with single bun build --compile.

v0.1.1

Security
  • AllowList HMAC now derived from private key material or a stored random secret, not the public key which was publicly known.
  • Bootstrap token embeds controller public key — signature verified against trusted embedded key, not untrusted relay message.
  • ECDH shared secret returns raw 32-byte x-coordinate per NIST SP 800-56A.
  • File permissions: all sensitive files written with 0o600/0o700.
  • Relay hardening: per-OTC brute-force tracking (max 5 per OTC), maxPayload 64KB, connection limit 10K, bootstrap watcher TTL + cleanup.
  • Nonce store bounded at 1M entries to prevent memory exhaustion.
  • Canonical string rejects newlines in fields to prevent injection.
  • Error responses no longer leak allow_list_integrity_failure to clients.

v0.1.0

Initial release
  • Core crypto — P-256 ECDSA signing/verification, canonical request strings, nonce-based replay detection, HMAC integrity, HKDF key derivation, ECDH key exchange. 84 tests including adversarial scenarios (replay, tamper, MITM, clock boundary, body swap).
  • Key storage — Secure Enclave (macOS), TPM 2.0 (Linux), OS keyring, and AES-256-GCM + Argon2id encrypted-file fallback.
  • SDKamesh.fetch() signing client and amesh.verify() Express/Connect middleware.
  • CLIinit, listen, invite, list, revoke, provision commands via oclif v4.
  • Relay — WebSocket pairing relay with OTC session management, IP-based rate limiting.
  • Protocol specification v2.0.0 with full wire format, crypto details, and security model.

For the raw source, see CHANGELOG.md on GitHub.

Reference
Troubleshooting
Related
Doc What is amesh
Start here if you're new
Doc Quickstart
Install, pair, and sign your first request