fix: switch stdio transport from Content-Length framing to newline-de…

…limited JSON

MCP spec requires stdio messages delimited by newlines, not LSP-style
Content-Length headers. mcp-proxy (used by Glama) sends newline-delimited
JSON — the old parser never found Content-Length headers and never responded.

- Replace raw Buffer + Content-Length parser with readline interface
- Send responses as JSON + newline (no Content-Length header)
- Bump v0.5.15

fix: keep event loop alive for mcp-proxy ping, update MCP protocol ve…

…rsion

- Add process.stdin.resume() to prevent premature Node.js exit
- Update protocolVersion to 2025-03-26
- Add stdin error handler for graceful shutdown
- Bump v0.5.14

fix: add shellward bin entry for npx shellward, bump v0.5.13

feat: add glama.json, bin entry for MCP server, bump v0.5.12

- Add glama.json for Glama platform inspection and scoring
- Add bin.shellward-mcp entry so npx shellward-mcp works
- Include server.json in npm files array
- Fix mcp-server.ts shebang to #!/usr/bin/env node
- Bump version to 0.5.12

bump v0.5.10 — npm keyword optimization

v0.5.0: Core engine refactor — DLP model, SDK mode, 8-layer defense

Major architecture changes:
- Extract platform-agnostic core engine (src/core/engine.ts)
- Layers become thin adapters calling core engine methods
- L2 Output Scanner: audit-only (no redaction), data returns in full
- L7 Data Flow Guard: block external sends after sensitive data access
- Add bash network exfiltration detection (curl POST, wget, nc bypass)
- Add auto-check on startup (OpenClaw vulns, plugin risks, MCP config)
- Add supported platforms to README (OpenClaw, Claude Code, Cursor, LangChain, etc.)
- Demo: 7 scenarios (ZH + EN), covering APT attack chain simulation
- Tests: 112 passing (38 integration + 42 edge + 32 SDK)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

v0.4.0: hook error handling, update notifications, remote vuln DB

Major changes:
- Add createSafeApi() wrapper: try-catch on all 8 defense layer hooks,
  fail-safe (block on security hooks, pass on others)
- Add non-blocking version update check with notification dedup
  (same version only notified once, 24h check interval)
- Add remote vulnerability database (17 real CVEs/GHSAs + 1 supply chain alert)
  with 24h cache and local fallback
- Fix ReDoS in email regex (333x speedup on 200KB text)
- Fix fork bomb regex broken by splitCommands
- Fix injection gaps: expand zh_new_role/zh_no_restriction rules,
  add zh_mixed_lang_injection rule (26 total injection rules)
- Add defensive type conversion for non-string toolName/params
- Fix scan-plugins regex global flag state pollution
- 100 tests passing (37 integration + 42 edge cases + 21 update check)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

v0.3.4: highlight Chinese PII & bilingual in descriptions

v0.3.3: add homepage, update keywords for npm

Fix install.sh: verify npm package structure, fallback to git if outd…

…ated