Codezero
Product changelog

What's new in Cordon

Public release notes for Cordon, Codezero's local credential containment layer. Newest updates appear first.

Cordonv0.3.0

Cordon v0.3.0

This release sharpens Cordon's diagnostics and reliability, with new doctor checks for post-upgrade service state and tool network isolation, plus fixes to CA bundle handling and logging.

Added

  • `cordon doctor` now warns when the running service is older than the installed binary after an upgrade, and shows the command to restart it.
  • `cordon doctor` now warns when a Go-based tool is missing the network-isolation setting it needs to route through Cordon.

Fixed

  • Linux builds now target an older glibc, so Cordon installs and runs on older distributions such as Ubuntu 18.04 without library version errors.
  • Disabling a single integration no longer removes the shared CA bundle that other integrations and tools depend on.
  • Service tracing now writes to stderr, so `cordon service log` shows startup errors and diagnostics in one chronological stream.
  • 1Password errors are now surfaced when a secret fetch fails, making misconfigurations easier to diagnose.
Install or upgrade Cordon
Cordonv0.2.7

Cordon v0.2.7

This release improves Cordon's local security model with audience-bound default and client tokens, adds OpenClaw setup support, and makes upgrades and service management smoother.

Added

  • New setup flows now create tokenized proxy URLs automatically for supported integrations.
  • Default and client tokens can now protect matched credential routes before Cordon injects upstream credentials.
  • Tokenized proxy URLs now include a local scope audience so tokens generated for one Cordon daemon are rejected by another.
  • New token commands list, rotate, and revoke local tokens.
  • Token status indicators and warnings in `cordon status` and `cordon doctor`.
  • Cordon can now upgrade itself through a dedicated `cordon upgrade` command and interactive update prompts.
  • OpenClaw setup configures Cordon-managed proxying, CA trust, daemon restart, and agent skill installation.
  • Service logs are now available directly from the CLI with `cordon service log`.
  • Added support for selecting a specific 1Password account in route secret configuration.

Improved

  • Service installation now verifies readiness before returning.
  • Existing services no longer prompt for reinstall unnecessarily.
  • Service commands preserve the logical config path used by the selected scope.
  • Doctor checks now only validate integration skill freshness when that integration is configured.
  • Expired cached TLS leaf certificates are automatically re-minted instead of reused.
  • Token redaction and git-safety checks now recognize audience-bound proxy URLs without flagging unrelated localhost credentials.
  • Update and telemetry checks now validate event names and payload shapes more strictly, while isolating telemetry failures from update-check responses.

Fixed

  • Clarified the error shown when attempting to revoke the non-revocable instance token.
  • Fixed setup and doctor behavior around service state and integration configuration.
  • Improved reliability around background service installation and startup detection.

Migration Notes

  • Existing configurations keep legacy behavior until tokens.toml is created.
  • To enable tokens for an existing config, initialize tokens for that config, then refresh any integration setup or shell environment that uses Cordon.
  • Tokenized proxy URLs now use `http://<audience>:<token>@127.0.0.1:<port>` instead of the earlier fixed `cordon` username; re-run setup or `cordon env` when refreshing tokenized integration files.
  • Tokenized proxy URLs should be treated as sensitive local configuration. New setup flows protect against writing token-bearing files into tracked or unignored Git paths.
Install or upgrade Cordon