Skip to content

v0.2.1 — ecosystem-wide adopt detection + enforced security docs

Choose a tag to compare

@Karthick-Ramachandran Karthick-Ramachandran released this 20 Jun 19:32

Recall OS v0.2.1 — better detection on real repos, and a threat model the tool actually makes you write.

Adopt detection, generalized across ecosystems

  • Package manager is chosen by primary ecosystem (go.mod, Cargo.toml, composer.json, Gemfile, Python, JVM, Swift, Dart) — a tooling package.json no longer mislabels a Go/PHP/Ruby repo as npm.
  • Test detection works everywhere via a bounded, read-only walk: *_test.go, *.test.*/*.spec.*, test_*.py, *Test.(java|kt), *Test.php, *_spec.rb — not just a tests/ dir or npm script.
  • Added PHP / Laravel and Ruby / Rails detection.
  • Reviewable provenance: every detected signal now reports the file it was inferred from, so you can confirm or correct it. Nothing is accepted automatically.

Detection at recall init too

recall init now surfaces the detected stack (read-only, proposed — no decisions baked in), with the same "correct the source if it's wrong" guidance and a pointer to recall adopt to persist it.

Security docs you actually fill in

  • Richer, guided SECURITY_MODEL.md and THREAT_MODEL.md templates: assets, entry points, trust boundaries, STRIDE-style threats, mitigations, authentication/authorization, secrets, and dependencies.
  • recall doctor now warns when those sections are left as stubs — but only once the repository has real work (a feature, module, or accepted ADR). A bare recall init stays green.

Install

```bash
npm install -g recall-os@latest
```