Skip to content

v0.1.0 — first tagged release

Choose a tag to compare

View all tags
@jstockdi jstockdi released this 29 Apr 12:00
· 17 commits to main since this release
v0.1.0
This tag was signed with the committer’s verified signature.
jstockdi
SSH Key Fingerprint: W8MJ//YX11x2uSRI0/JrX4qgdHMqkLfocQvDvosyc3g
Verified
Learn about vigilant mode.
57ee368
This commit was signed with the committer’s verified signature.
jstockdi
SSH Key Fingerprint: W8MJ//YX11x2uSRI0/JrX4qgdHMqkLfocQvDvosyc3g
Verified
Learn about vigilant mode.

0.1.0 — 2026-04-29

First tagged release. The CLI is functional end-to-end against GitHub.com,
covering ten built-in rules with NIST 800-53 control mappings.

Added

  • audit, diff, and apply commands covering ten rules: branch_protection,
    merge_settings, secret_scanning, required_files, codeowners,
    dependabot_security, workflow_permissions, workflow_yaml,
    signed_commits, and teams_only_access.
  • init command with three opinionated presets (minimal, standard,
    strict). Templates are heavily commented and double as the live schema
    reference via repocat init --preset strict --stdout.
  • repo add <name> for appending a repo entry to an existing baseline while
    preserving comments.
  • Top-level defaults: block. Per-repo entries overlay defaults: scalars
    override, vec fields extend and dedupe, nested struct fields recurse with the
    same rules.
  • --format json and --format sarif output for audit, suitable for
    downstream tooling and GitHub Code Scanning upload.
  • Preflight OAuth scope check on apply so runs that need the workflow scope
    fail fast with an explicit gh auth refresh hint.
  • Prebuilt binaries on each tagged release for Linux (x86_64, aarch64), macOS
    (x86_64, aarch64), and Windows (x86_64).
Assets 12
Loading