runbeam-cli 0.10.0

chore: update sdk

runbeam-cli 0.8.0

chore: release

runbeam-cli 0.7.8

fix: add a step to publish the release

runbeam-cli 0.7.4

fix: try a different release strategy

runbeam-cli 0.7.0

chore: release

0.3.0

Runbeam CLI v0.3.0 Release Notes

Release Date: October 26, 2025

🔐 Major Feature: JWT RS256 Verification

This release introduces local JWT token verification using RS256 asymmetric cryptography, significantly enhancing security and enabling key rotation capabilities.

Key Features

1. RS256 Token Verification

• Validates JWT tokens using public keys from JWKS endpoint
• Asymmetric cryptography (RS256) replaces symmetric HS256
• Automatic signature validation before using tokens
• Compatible with industry-standard JWT/JWKS specifications

2. New verify Command

runbeam verify

Displays comprehensive token information:

• Token validity status (valid/expired/invalid)
• Issuer and subject claims
• User and team details from JWT
• Expiration timestamp and time remaining
• Clear error messages with troubleshooting guidance

3. Automatic Verification on Login

After successful authentication, tokens are automatically verified:

✅ Authentication successful!
   Logged in as: admin (user@example.com)
   JWT saved to ~/.runbeam/auth.json
   Token expires in 24 hours
   Token verified using RS256 ✓

4. JWKS Caching

• Public keys are cached locally for 1 hour (default)
• Reduces network calls while maintaining security
• Configurable via RUNBEAM_JWKS_TTL environment variable
• Automatic refresh on cache expiry

5. Key Rotation Support

• Supports Key ID (kid) in JWT header or payload
• Automatic key selection from JWKS endpoint
• Graceful fallback to first RS256 key when kid is missing
• Compatible with both standard JWT and tymon/jwt-auth libraries

🔧 Technical Improvements

Enhanced Error Handling

• Better error messages for authentication failures
• Improved handling of non-success HTTP responses
• Network error detection (timeout, connection refused, DNS)
• Detailed JWT validation error reporting

Security Enhancements

• Asymmetric Verification: Tokens verified using public keys instead of shared secrets
• Issuer Validation: URL normalization for flexible issuer claim matching
• Signature Validation: Cryptographic verification of token integrity
• Expiration Checking: Automatic detection of expired tokens

New Dependencies

• jsonwebtoken (v9): JWT decoding and RS256 verification
• base64 (v0.22): Base64url encoding/decoding for JWKS
• url (v2): URL parsing and normalization

📚 Documentation Updates

• Updated README with token verification examples
• Added comprehensive inline documentation for JWT module
• Updated WARP.md with new command usage
• Created CHANGELOG.md following Keep a Changelog format

🚀 Breaking Changes

None. This release is fully backward compatible with v0.2.0.

📦 Installation

From GitHub Releases

# macOS (Apple Silicon)
curl -LO https://github.com/aurabx/runbeam-cli/releases/download/v0.3.0/runbeam-macos-aarch64-v0.3.0.tar.gz
tar -xzf runbeam-macos-aarch64-v0.3.0.tar.gz
chmod +x runbeam
sudo mv runbeam /usr/local/bin/

# Linux (x86_64)
curl -LO https://github.com/aurabx/runbeam-cli/releases/download/v0.3.0/runbeam-linux-x86_64-v0.3.0.tar.gz
tar -xzf runbeam-linux-x86_64-v0.3.0.tar.gz
chmod +x runbeam
sudo mv runbeam /usr/local/bin/

# Windows (x86_64)
# Download runbeam-windows-x86_64-v0.3.0.zip from releases page
# Extract and add to PATH

From Crates.io

cargo install runbeam-cli --version 0.3.0

From Source

git clone https://github.com/aurabx/runbeam-cli
cd runbeam-cli
git checkout v0.3.0
cargo install --path .

🔄 Upgrade Guide

From v0.2.0

1. Download and install the new v0.3.0 binary
2. No configuration changes required
3. Existing authentication tokens will continue to work
4. Run runbeam verify to check your token status

Environment Variables

New optional environment variable:

• RUNBEAM_JWKS_TTL: Set JWKS cache duration in seconds (default: 3600)

Example:

export RUNBEAM_JWKS_TTL=7200  # 2 hours

🐛 Bug Fixes

• Improved error reporting for authentication polling failures
• Better handling of network errors during login
• Enhanced debug logging for troubleshooting JWT verification
• Fixed error messages to show actual HTTP status and response body

📋 Full Changelog

See CHANGELOG.md for complete details.

🙏 Acknowledgments

This release includes significant security enhancements that align the CLI with industry-standard JWT practices and enable seamless integration with modern authentication systems.

---

Full Changelog: v0.2.0...v0.3.0