v3.0.0

Release Date: 2026-03-10
Focus: Credential Backend Overhaul (Keychain-First) + Auth Hardening

⚠️ Breaking Changes

• Credential persistence model is now backend-driven and no longer reads legacy plaintext ~/.leetcode/credentials.json.
• Existing users with only legacy plaintext credentials must run leetcode login again.
• Default credential backend is now OS keychain (keytar).

🔐 Security & Auth

• Added deterministic credential backend resolver:
  • env-readonly mode when LEETCODE_SESSION and LEETCODE_CSRF_TOKEN are both set.
  • keychain backend by default.
  • Explicit encrypted-file backend via LEETCODECLI_CREDENTIAL_BACKEND=file + LEETCODECLI_MASTER_KEY.
• Added typed auth storage status/reason handling across CLI and TUI:
  • ENV_PARTIAL, KEYCHAIN_UNAVAILABLE, KEYCHAIN_ERROR, FILE_MISSING_MASTER_KEY, FILE_DECRYPT_FAILED, LEGACY_CREDENTIALS_IGNORED.
• Updated login, logout, whoami, and shared auth checks with consistent remediation messaging.

⚙️ Runtime & Platform

• Added Linux keychain prerequisites in CI for deterministic native module builds (libsecret-1-dev, pkg-config).
• Updated Docker image build/runtime dependencies for keytar compatibility in Linux containers.
• Docker/headless guidance now documents env-readonly auth usage.

🧪 Testing

• Added dedicated credential-store tests for resolver precedence, reason states, encrypted file read/write, and legacy-ignore behavior.
• Added CLI and TUI auth tests for env-readonly mode and keychain-unavailable handling.

🔧 Additional Merged Fixes

• Included merged PR #5:
  • Config file write normalization: config writes now include a trailing newline for POSIX-friendly file formatting.

---

What's Changed

Other Changes

• fix(config): add '\n' when writing to config files for POSIX compliance by @greymistcube in #5

Full Changelog: v2.4.1...v3.0.0

v2.4.1

Release Date: 2026-03-08
Focus: TUI Config Editing Hotfix

🐛 Bug Fixes

• TUI Config Key Hijacking (#3): Fixed an issue where global navigation hotkeys (h, l, tab) would intercept keystrokes while editing a config field in the TUI. For example, typing python3 as the default language would fail because the h key triggered a focus-toggle instead of inserting text. The fix ensures that when a config field is in edit mode (isEditing), text input takes precedence over all interface hotkeys.

---

What's Changed

Other Changes

• fix(tui): fixed config editing that wasn't working as intended by @greymistcube in #3

New Contributors

• @greymistcube made their first contribution in #3

Full Changelog: v2.4.0...v2.4.1

v2.4.0

Release Date: 2026-02-28
Focus: SQL Language Support + Cross-OS CLI E2E Coverage + Sync Security Hardening

🚀 Features

• Added sql as a first-class supported language for CLI and TUI flows.
• leetcode config -l sql and leetcode pick ... -l sql are now supported.
• SQL solution files are generated and recognized with .sql extension.

⚙️ Improvements

• Centralized language normalization and slug resolution logic in a shared utility.
• Added SQL dialect resolution fallback (mysql default) for test/submit compatibility.
• Updated config and help surfaces to display SQL as a supported language.
• Replaced shell-interpolated command strings in sync with argument-vector execution for dynamic values.
• Updated git commit -m, git remote add origin, and gh repo create dynamic flows to safer execFileSync(command, args) usage.

🔒 Security

• Resolves CodeQL alert js/incomplete-sanitization by removing custom shell-escaping dependence for user/config-derived arguments.

🧪 Testing

• Added dedicated SQL language unit tests for mapping, extension detection, and slug resolution.
• Added deterministic cross-OS CLI E2E command-flow tests (config/workspace/snapshot/help) running in Linux/macOS/Windows CI matrix.

---

Full Changelog: v2.3.0...v2.4.0

v2.3.0

Release Date: 2026-02-11
Focus: TUI Functionality + Stability + Cross-Platform Fixes

✅ Compatibility

This is a minor, non-breaking release.

• Existing CLI command signatures are unchanged.
• Existing problem action shortcuts remain available in TUI (p/t/s/h/H/V/b/n/e).

🚀 Highlights

TUI Functionality (leetcode)

• Running leetcode (no args, interactive terminal) launches full-screen TUI mode.
• Problem screen uses a single-column statement layout with a unified bottom drawer for hints, submissions, snapshots, notes, diff, and status/test/submit output.
• Added focus toggle (Tab) between statement body and drawer, with j/k and arrows scrolling the focused region.
• Action shortcuts are available in problem view: p/t/s/h/H/V/b/n/e.
• Close behavior is consistent: Esc closes drawer first, then navigates back.
• Rendering and terminal handling include full-screen redraw and cleanup guards (ANSI reset, cursor/raw-mode restoration) to reduce residue/flicker issues.

Cross-Platform Sync Fixes

• Fixed sync repository-name extraction on Windows by using path.basename() instead of Unix-style path splitting.
• Updated shell argument escaping to use double quotes for better cross-platform behavior.

🧪 Quality

• Added dedicated TUI tests for problem-screen drawer routing and state transitions.
• Verified with npm run typecheck, npm run test, and npm run build.

---

What's Changed

Other Changes

• fix(sync): fixed the issue of commiting in windows by @g7vind in #1

New Contributors

• @g7vind made their first contribution in #1

Full Changelog: v2.2.2...v2.3.0

v2.2.2

Release Date: 2026-01-18
Focus: Critical Bug Fix (Update Command)

🐛 Bug Fixes

• Update Command: Fixed a logic inversion where leetcode update would incorrectly report "You're on the latest version" even when updates were available. It now correctly prompts for updates.

---

v2.2.1

Release Date: 2026-01-17
Focus: Security Hotfix & CI/CD Enhancements

🔒 Security Fixes

• HTML Injection: Fixed vulnerabilities in problem descriptions, hints, and code templates by replacing regex-based sanitization with striptags (#security).
• Double Escaping: Fixed issue where HTML entities (like ") could be double-unescaped (#security).
• Dependencies: Updated CodeQL actions to v4 and added Dependency Review workflow.

🔧 Improvements

• CI/CD: Added Stale issue management and optimized Docker builds with caching.
• Linting: Resolved all ESLint warnings and enforced stricter type safety.

---

v2.2.0

Release Date: 2026-01-17
Focus: Problem Hints & Performance

🚀 New Features

Hint Command (leetcode hint)

Get hints for a problem when you're stuck.

• leetcode hint <id> - Show hints one at a time (press Enter for next)
• leetcode hint <id> --all - Show all hints at once
• Supports both problem ID and slug
• Cleans HTML formatting for terminal display
• Alias: h

⚡ Performance Improvements

Submission Polling Optimization

• Exponential backoff: Reduced API calls by 60% (30 → 12 calls)
• Faster results: 500ms initial delay for quicker feedback
• Network resilience: Added retry logic for transient network errors
• Better error messages: "Test" vs "Submission" context in timeouts

---

v2.1.1

Release Date: 2026-01-17
Focus: Refactoring & Robustness

🔧 Improvements

• Code Refactoring: Extracted shared semver utility for consistent version comparison
• Improved Parsing: Enhanced changelog parser regex to handle various version formats
• Robustness: Integration tests now verify against real npm/GitHub APIs
• Network Reliability: Fixed potential hangs by enforcing strict 10s total timeout for registry checks

v2.1.0

🚀 New Features

Update Command (leetcode update)

Check for CLI updates from npm registry with automatic notifications.

• Visual notification box when updates are available
• Detects breaking changes (major version bumps) and warns users
• 24-hour caching to avoid excessive registry calls
• --force flag to bypass cache and re-check

Changelog Command (leetcode changelog)

View release notes directly from the CLI.

• Fetches changelog from GitHub (works for global installs)
• Default: shows only versions newer than your installed version
• --all - Show full changelog
• --latest - Show only latest version
• --breaking - Filter to breaking changes only

Startup Update Notifications

Non-blocking check on startup shows a subtle banner if updates are available.

⚡ Performance Improvements

• Build minification enabled: bundle size reduced ~40% (163KB → 98KB)
• Tree-shaking for better dead code elimination

📦 Install/Update

npm install -g @night-slayer18/leetcode-cli

v2.0.1

🔒 Security Hotfix

This release addresses critical security vulnerabilities discovered in file path handling and shell command execution.

Security Fixes

Path Traversal Prevention

• Fixed vulnerability where test, submit, and diff --file commands accepted file paths outside the configured workspace
• Now validates that files are inside workDir before reading/submitting
• Prevents potential execution of malicious code from downloaded solutions

Command Injection Prevention

• Fixed sync command to sanitize repository names before shell execution
• Added git URL format validation to prevent malicious URL injection
• Properly escapes shell arguments in commit messages

What's Changed

• Added isPathInsideWorkDir() validation function
• Added sanitizeRepoName(), isValidGitUrl(), escapeShellArg() security utilities
• Added 6 new security tests (202 total)

Upgrade

npm update @night-slayer18/leetcode-cli

Full Changelog: https://github.com/night-slayer18/leetcode-cli/blob/main/docs/releases.md