RockyGuard

Changelog

Release notes

RockyGuard follows Semantic Versioning 2.0.0. The format below mirrors Keep a Changelog; the source-of-truth file is shipped in the repo as CHANGELOG.md.

v1.2.1

2026-05-11

Second release

  • Runtime version-range enforcement: LicenseVerifier::check_version() consults the version_range field that v1.2.0 carried but did not enforce. Glob form ("3.*", "3.1.*") and comparator form (">=3.0,<4.0", "!=3.5.0") both supported.
  • Auto-detect signature algorithm: SignatureAlgorithm::AutoDetect is now the LicenseVerifier default; inspects the loaded key and dispatches to Ed25519 or RSA without the caller tracking the algorithm. Same applies to license_create --algo auto.
  • Per-machine seat cap for floating licenses: new max_leases_per_machine_id YAML key bounds the concurrent leases any one workstation can hold. Denied checkouts surface as MachineSeatLimitReached even when the global pool still has seats.
  • Floating-server log rotation: log_max_bytes (default 100 MiB) and log_keep_count (default 5, capped at 100). Replaces v1.2.0 unbounded growth; opt out by setting log_max_bytes <= 0.
  • License metadata pass-through: license_create --metadata key=value attaches arbitrary metadata that round-trips through sign / verify and surfaces as License::metadata. New --show-count flag for read-only inspection of the generation counter.
  • Debug-CRT static library on Windows: rockyguard_mdd.lib ships alongside rockyguard.lib so Debug-CRT consumers no longer hit LNK2038 / LNK1319 (closes GA-013).
  • AI-agent integration guide: AI_INTEGRATION_GUIDE.md at the customer-zip root and a dedicated page at /docs/ai-integration so customers can hand the integration to Claude Code, Cursor, Copilot, etc.
  • Phase 4.1 library defect closed: check_node_locked() with threshold == 0 and an empty hardware_fingerprint now ACCEPTS the license (the documented "intentionally not hardware-locked" opt-out), matching what the docs already promised.
  • ABI-compatible with v1.2.0: +5 customer-facing exported symbols (check_version + four gen_counter::* helpers), 0 removals. DUMPBIN /EXPORTS and nm -D probes both verify.
  • Test count: 59 / 56 (Win / Linux) at v1.2.0 grew to 69 / 66 at v1.2.1 (+10 each). Two new QA harnesses (ghost_checkout_exhaustion, log_rotation) both pass on Windows + Linux.

v1.2.0

2026-04-23

Inaugural shipping release

  • First public release. v1.2.0 is the inaugural shipping version of the library.
  • Linux x86_64 support (glibc 2.34 or newer) shipped alongside Windows x64 in per-platform zips.
  • Ten-phase pre-release QA plan now gates every release; full plan published as docs/RockyGuard_QA_Plan.txt.
  • Three independent Phase 4.1 customer-onboarding dry-runs (Windows + Linux full Stages 0-5) by isolated cold-read sub-agents; 16 gaps surfaced and 8 fixed in-session, the rest deferred to v1.2.1 with full transparency in the Phase 4.1 Report.
  • Eight late-cycle defects closed: WMI UTF-8 narrowing on Chinese / Japanese locale; floating-server JSON type-error crash-DoS; Windows system cert store not loaded for time-anchor TLS; sha256_file_hex short-read on locked DLL; Windows tools missing Control Flow Guard; session_secret leaked into debug logs via signed-envelope redaction; Quick Start linking docs missing libssl on Windows AND Linux; Release-CRT library cannot link Debug consumer builds (Windows).
  • 74 numbered code-review issues addressed across four review rounds (three internal + one external).
  • Per-platform README split, per-platform CMake build directories, append-only archives/MANIFEST.txt for audit-grade artifact tracking.

More detail