Codezero
Product changelog

What's new in Cordon

Public release notes for Cordon, Codezero's local credential containment layer. Newest updates appear first.

Cordonv0.2.7

Cordon v0.2.7

This release improves Cordon's local security model with default and client tokens, adds OpenClaw setup support, and makes upgrades and service management smoother.

Added

  • New setup flows now create tokenized proxy URLs automatically for supported integrations.
  • Default and client tokens can now protect matched credential routes before Cordon injects upstream credentials.
  • New token commands list, rotate, and revoke local tokens.
  • Token status indicators and warnings in `cordon status` and `cordon doctor`.
  • Anonymous telemetry forwarding to PostHog for install and upgrade events.
  • Cordon can now upgrade itself through a dedicated `cordon upgrade` command and interactive update prompts.
  • OpenClaw setup configures Cordon-managed proxying, CA trust, daemon restart, and agent skill installation.
  • Service logs are now available directly from the CLI with `cordon service log`.
  • Added support for selecting a specific 1Password account in route secret configuration.

Improved

  • Service installation now verifies readiness before returning.
  • Existing services no longer prompt for reinstall unnecessarily.
  • Service commands preserve the logical config path used by the selected scope.
  • Doctor checks now only validate integration skill freshness when that integration is configured.
  • Expired cached TLS leaf certificates are automatically re-minted instead of reused.
  • Update and telemetry checks now validate event names and payload shapes more strictly, while isolating telemetry failures from update-check responses.

Fixed

  • Clarified the error shown when attempting to revoke the non-revocable instance token.
  • Fixed setup and doctor behavior around service state and integration configuration.
  • Improved reliability around background service installation and startup detection.

Migration Notes

  • Existing configurations keep legacy behavior until tokens.toml is created.
  • To enable tokens for an existing config, initialize tokens for that config, then refresh any integration setup or shell environment that uses Cordon.
  • Tokenized proxy URLs should be treated as sensitive local configuration. New setup flows protect against writing token-bearing files into tracked or unignored Git paths.
Install or upgrade Cordon