v0.2.0

Added

• [breaking] add C# structural support (#69)

v0.1.9

Added

• (scanner/imports) detect policy imports across languages (#67)

v0.1.8

Added

• bound public API surface + fix broken CLI surface (OSS P0) (#47)

v0.1.7

Added

• (output) promote externalization percentage to headline (#54)
• scanner output follow-ups (surface, snippet fallback, enforcement_points) (#55)
• (rules) corpus shakedown rule pass — coverage for Gitea, Ghost, Cal.com, OpenMRS, Zulip (#50)
• (deep) unwrap claude-code envelope and broaden Go authz coverage (#48)

Fixed

• (output) add missing surface field to test Finding constructors (#59)

v0.1.6

Fixed

• match bare-function middleware values in gin/echo rule (#44)

v0.1.5

Added

• add Go structural scanning support (#32)
• add Python structural scanning support (#29)

v0.1.4

Fixed

• (rules/java) require principal-side getter in ownership-check (#25)

v0.1.3

Added

• (deep) subprocess transport via --agent-cmd (#22)
• (mcp) add zift mcp subcommand exposing scanner, prompt, and Rego primitives over stdio (#21)
• (deep) OpenAI-compatible HTTP transport for --deep mode (#17)

Fixed

• (deep) error prefix, semantic pattern_rule lineage, category serialization (#23)

v0.1.2

Added

• (rules/java) heuristic detection of custom authz service calls (#13)
• detect namespace, require, and destructured policy imports (#9)

Fixed

• (scanner/imports) use code-side alias for named ES imports (#14)
• (rules/java) match non-literal args in role/permission checks (#12)
• (rules/java) repair invalid query in security-interface-impl (#11)

v0.1.1

Added

• add Java language support with 18 authz detection rules (#3)