v0.8.0

Sage v0.8.0

White-label branding

Product name, banner text, and extension command palette entries are now configurable per installation via ~/.sage/branding.json. All connectors (Claude Code, OpenClaw, OpenCode, Cursor/VS Code) respect branding throughout user-facing messages, tool descriptions, and status line output.

Community IQ

New community intelligence feature to improve detection capabilities across installations.

OpenClaw: native approval dialogs

Replace the sage_approve gate tool with OpenClaw's native requireApproval mechanism. Ask verdicts now surface through the platform's built-in approval UI (Telegram buttons, Discord interactions, /approve command). Selecting "Allow always" persists an exception rule to ~/.sage/exceptions.json. Requires OpenClaw 2026.3.28 or later.

Legacy allowlist is now read-only

~/.sage/allowlist.json is no longer written to. Existing entries are still honored for backwards compatibility. New persistent approvals use the exceptions system (~/.sage/exceptions.json) instead.

Package checker improvements

Package version validation no longer incorrectly handles shortened or composite version specifications for npm packages. PyPI package check is more robust and only validates exact version specifications.

v0.7.0

What's New

Exceptions — finer-grained control over detections

Replaces the old allowlist (now read-only) with a more flexible exceptions system for precise block/allow control over individual rules and artifacts.

Detection notifications

Per-session detection activity is now surfaced across all platforms:

• Claude Code — auto-configured status line
• Cursor / VS Code — IDE notifications
• OpenCode — TUI toasts

MCP server for false positive reporting

New @gendigital/sage-mcp package adds MCP tools for browsing the audit log and reporting false positives directly from the agent session.

Cursor / VS Code auto-re-enable

The extension automatically re-enables itself after a session restart if it was previously active.

Fixes

• Fixed OpenClaw security check false positives
• Fixed marketplace migration check for new known_marketplaces.json object format
• Unified hook timeout across all connectors

v0.6.0

Core (@gendigital/sage-core 0.6.0)

• 17 new threat rules: credential copy/move evasion, .env/database/.git deletion protection, file path rules for cloud creds, private keys, Terraform state, kubeconfig, and more
• JS/TS command extraction from plugin files (Node.js/Bun/zx APIs, .mjs/.mts support)
• Org rename: @sage/* → @gendigital/sage-*, GitHub org avast/sage → gendigitalinc/sage
• Stale cache entries ignored and auto-removed
• Prepack guard rejects publish with unresolved workspace: references

Claude Code (@gendigital/sage-claude-code 0.6.0)

• Org rename + one-time migration banner for users on the old marketplace URL
• JS/TS command extraction in plugin scanning

OpenClaw (@gendigital/sage-openclaw 0.6.0)

• Org rename
• Fixed false positives from OpenClaw's own security check on Sage installation
• Moved sage-core to devDependencies (bundled via esbuild)

OpenCode (@gendigital/sage-opencode 0.6.0)

• Org rename

Cursor/VS Code (sage-cursor 0.6.0)

• Org rename
• Moved sage-core to devDependencies (bundled via esbuild)

v0.5.3

• only OpenClaw connector updated to 0.5.3

v0.5.2

What's Changed

• fix: use getUTCFullYear() in package-registry-client.test.ts by jirisembera in #14
• feat: file output hardening — rotation, atomicity & cleanup by Vaclav Belak (@vaclavbelak) in #15
• chore: change publisher id for shared extension by Tomáš Ďuriš (@TommYDeeee) in #17
• chore: add npm keywords to openclaw package by Vaclav Belak (@vaclavbelak) in #16
• fix(threats): CLT-PERSIST-006 — match absolute paths to authorized_keys by Johannes Roth (@IonCode23) in #19
• chore: rename package by Tomáš Ďuriš (@TommYDeeee) in #18
• fix(threats): widen username pattern in CLT-PERSIST-006 regex by Tomáš Ďuriš (@TommYDeeee) in #20
• feat: Add Opencode Plugin by Feiyou Guo (@FeiyouG) in #21

New Contributors

• Johannes Roth (@IonCode23) made their first contribution in #19
• Feiyou Guo (@FeiyouG) made their first contribution in #21

Full Changelog: v0.4.3...v0.5.2

v0.4.3

What's Changed

• chore: change logo by Tomáš Ďuriš (@TommYDeeee) in #8
• Publish OpenClaw package as @gendigital/sage by Vaclav Belak (@vaclavbelak) in #9
• fix: align Node.js minimum to 18 + bump 0.4.1 by Vaclav Belak (@vaclavbelak) in #10
• Rename OpenClaw package to @gendigital/sage-openclaw by Vaclav Belak (@vaclavbelak) in #11
• fix: expect also utf16 not just utf8 by Peter Kováč (@PeterKovacGen) in #12
• fix: include MCP server bundle in plugin distribution by Vaclav Belak (@vaclavbelak) in #13

Full Changelog: v0.4.0...v0.4.3

v0.4.0 — Initial Public Release

First public release of Sage — Agent Detection & Response for AI agents.