CodeTitan Action v1 — engine core 1.1.4
Cross-file-taint FP/FN arc (2026-05-19 Codex audit closure):
- #314 forward-slash path canonicalization (external API consumers no longer get 0 findings on Windows)
- #319 SQL_INJECTION bracket-bind heuristic (
db.query('... ?', [id])no longer false-positives) - #320 ESM arrow export capture gap (
export const fn = (params) =>now scanned; + bare-arrow + CJS pattern-5) - #384 wave-progress wording (tasks, not files)
Engine: @noalia/codetitan-core@1.1.4. Consume as Noa-Lia/codetitan-action@v1.