v1.0.1: fix non-macOS build (log::warn, not tracing)

The cfg(not(macos)) sandbox degrade path referenced tracing::warn!
but this crate logs via the log facade -- never compiled locally on
macOS, broke every Linux/Windows release build. crates.io 1.0.0 is
affected (cargo install fails off-macOS); 1.0.1 supersedes it.

v0.9.1: MCP Registry OCI ownership label + registry metadata

- Dockerfile: add io.modelcontextprotocol.server.name label (required
  by the official MCP Registry's OCI package ownership check)
- server.json: switch to the oci package path (production registry
  does not accept cargo packages yet) and bump to 0.9.1
- README: registry name token casing matches the org namespace
  (io.github.AperionAI/shield)

No code changes; patch release exists so CI rebuilds and pushes the
GHCR image with the new label.

aperion-shield v0.9.0 -- Streamable HTTP transport + MCP supply-chain…

… protection

shield v0.8.0 -- shell shims + --explain

aperion-shield v0.7.0

The release that closes the MCP-bypass gap.

Headline features:
1. Git pre-commit + pre-push hooks (--install-hooks). Same engine,
   same shieldset.yaml, now enforced on every commit/push even when
   the agent reaches around MCP via a direct shell.
2. --suggest-rules. Read your own shield_eval audit log and get
   text/markdown/yaml-patch suggestions for which rules never fire,
   which get consistently demoted, and which are noisy Warns.
3. Four new IDE quickstarts: Cline, Continue, Windsurf, Zed
   (joining Cursor + Claude Code).

192 tests passing (was 148 in v0.6.0).

Full notes: https://github.com/AperionAI/shield/releases/tag/shield-v0.7.0

aperion-shield v0.6.0 -- dep upgrade closes 3 advisories + native --diff

aperion-shield v0.5.0

First release with identity gates and org-mode bridge to Smartflow.
See the commit body and README for full notes.

Aperion Shield v0.3.0 -- rule-quality pass against 13k real commands

Wide-scale testing exposed a 73% false-positive approval rate in v0.2.
This release cuts it to 1.5% by:

  - Requiring an actual write verb for fs.sensitive_path_write_or_delete
  - Excluding tool flags (ssh -i, --kubeconfig, KUBECONFIG=, ...)
    from path extraction
  - Narrowing /usr/** to specific sensitive subdirs
  - Treating /dev/null redirects as discard idioms, not writes
  - Letting `curl | python -c CODE` / `python -m json.tool` through
    (stdin is data, not code, when the interpreter takes code from args)

New: scripts/extract-cursor-corpus.py to harvest your own Cursor
history into a check-mode corpus -- the exact tool used to drive
these improvements.

Backward compatible: 95 tests still green, golden corpus 55/55 PASS,
all 10 real-world blocks preserved.

Aperion Shield v0.2.1 -- one-shot --check mode for wide-scale testing

The check subcommand lets you run any tool-call descriptor through
the full engine pipeline without MCP, IDE, or upstream plumbing.
JSON-Lines in, JSON-Lines out, optional `expect` fields for pass/fail
grading, deterministic exit codes -- designed for CI gates, red-team
exploration, and rapid rule validation.

Bundles a 55-case golden corpus that covers every shipping rule plus
negative cases, and a `scripts/check-corpus.sh` runner that formats
the output for humans and propagates exit code.

No rule or schema changes. Backward compatible with all v0.2.0
shieldsets, MCP integrations, and adaptive layers.

aperion-shield v0.2.0 — adaptive guardrails (Dockerfile fix)