Skip to content

ConfigSentinel v0.1.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@Guteentak Guteentak released this 06 Jun 14:29
· 4 commits to main since this release
v0.1.0
d652a02

ConfigSentinel v0.1.0

ConfigSentinel v0.1.0 is an early alpha baseline release and functional MVP. It exists to establish the initial offline CLI, scanner, parser, reporter, and rule foundation for future hardening work.

This release is not production-ready. The current rules are useful for early validation, but they may produce false positives or false negatives and should not be treated as complete security coverage.

The project is currently focused on core functionality hardening. Promotion, contributor-growth work, and OSS application preparation are paused until the core rule behavior, fixtures, false positive review, false negative review, and real-world validation are stronger.

Included baseline functionality

  • configsentinel scan PATH
  • configsentinel scan PATH --format text
  • configsentinel scan PATH --format json
  • configsentinel explain RULE_ID
  • MCP config JSON scanning rules CS-MCP-001 through CS-MCP-005
  • Claude Code settings JSON scanning rules CS-CLAUDE-001 through CS-CLAUDE-005
  • GitHub Actions workflow YAML scanning rules CS-GHA-001 through CS-GHA-005
  • Human-readable text output
  • Deterministic JSON output
  • Offline-only local execution

Current limitations

  • This is an alpha MVP, not a hardened production release.
  • Rule findings mostly do not include exact line and column positions yet.
  • Secret detection is simple pattern matching and needs false positive / false negative review.
  • GitHub Actions validation is not a full GitHub Actions schema validator.
  • Claude Code settings validation is based on a v0.1 approximation and may need updates as upstream settings evolve.
  • MCP schema support is intentionally minimal.
  • Fixtures and examples need more realistic coverage before promotion.
  • No SARIF output, suppression, baseline, or pre-commit integration is included in v0.1.0.

Project principles

ConfigSentinel v0.1.0 runs locally and is offline-only. It does not send telemetry, call LLM APIs, use cloud services, require a database, or include a web UI.

Current focus

The next priority is core hardening: rule correctness, realistic fixtures, false positive and false negative reduction, line number reporting for high-value rules, and dogfooding against real configuration examples.

Assets 2
Loading