v0.2.1 — ecosystem-wide adopt detection + enforced security docs
Recall OS v0.2.1 — better detection on real repos, and a threat model the tool actually makes you write.
Adopt detection, generalized across ecosystems
- Package manager is chosen by primary ecosystem (
go.mod,Cargo.toml,composer.json,Gemfile, Python, JVM, Swift, Dart) — a toolingpackage.jsonno longer mislabels a Go/PHP/Ruby repo as npm. - Test detection works everywhere via a bounded, read-only walk:
*_test.go,*.test.*/*.spec.*,test_*.py,*Test.(java|kt),*Test.php,*_spec.rb— not just atests/dir or npm script. - Added PHP / Laravel and Ruby / Rails detection.
- Reviewable provenance: every detected signal now reports the file it was inferred from, so you can confirm or correct it. Nothing is accepted automatically.
Detection at recall init too
recall init now surfaces the detected stack (read-only, proposed — no decisions baked in), with the same "correct the source if it's wrong" guidance and a pointer to recall adopt to persist it.
Security docs you actually fill in
- Richer, guided
SECURITY_MODEL.mdandTHREAT_MODEL.mdtemplates: assets, entry points, trust boundaries, STRIDE-style threats, mitigations, authentication/authorization, secrets, and dependencies. recall doctornow warns when those sections are left as stubs — but only once the repository has real work (a feature, module, or accepted ADR). A barerecall initstays green.
Install
```bash
npm install -g recall-os@latest
```