Releases: Rakosn1cek/oversight
Releases · Rakosn1cek/oversight
Release list
v0.5.7: Helper-agnostic diff engine and custom helper support
[0.5.7] - 2026-07-04
Added
- Added support for custom AUR helpers via the
AUDIT_HELPERenvironment variable.
Changed
- Updated the git diff parser regex to be helper-agnostic, allowing the tool to parse incoming package names from various cache directory structures (such as yay, paru, or Shelly).
- Removed hardcoded path logic to ensure fallback compatibility across different distribution setups.
Full Changelog: v0.5.6...v0.5.7
v0.5.6: Multi-package tabs, navigation decoupled, and supply-chain protections
[0.5.6] — 2026-06-27
Added
- Multi-Package Tab Layout Matrix: Introduced a dynamic input parser that intercepts unified git diff headers on the fly. The TUI now scales automatically, generating separate, dedicated source code tabs for every package found in a batch update queue.
- Dynamic Hotkey Navigation Tracker: Mapped numeric key bindings (
0through9) to allow instant jumping between active data streams alongside standardTabcycling. - Clean Stream Pager Fallback: Refactored the core vertical layout constraints. When a script passes analysis with a zero risk score, the interface stays open to present a fully interactive text pager for manual validation.
- Multi-File Context Discovery: Expanded the package tracking architecture to scan the full cache directory layout (
~/.cache/yay/<package_name>/). The engine now automatically locates and audits accompanying components like*.installscripts and*.patchfiles. - Supply-Chain Malware Protections: Added specific heuristic profiles targeting malicious runtime installer invocations (npm, yarn, pnpm, bun) inside the build profile to block real-world build-time injection attacks.
- ANSI and Manpage Stream Sanitisation: Integrated an internal regular expression filter that strips raw formatting backspaces and ANSI escape positioning parameters on the fly, preventing layout corruption from piped manual pages or colourized diff inputs.
Changed
- Fluid Viewport Engine: Replaced the automated widget scrolling logic with a dynamic vector-slicing paragraph component that wraps long text collections cleanly and renders only visible layout lines to optimize performance.
- Consolidated Behavioral Data Models: Swapped out the multi-row heuristic scoring architecture for a flat
[GLOB]behavioral entry system, protecting risk calculations from scoring bloat while keeping trace workflows intact. - Decoupled Heat Map Rendering Loop: Rewrote the Map sidebar layout engine to calculate relative vertical line indexes from individual tab text collections rather than anchoring to the top-level findings arrays, clearing borrow checker constraints.
- Unified Directory Risk Profiles: Refactored the core calculation engine to compile threat indices from all discovered companion files into a single, cohesive macro evaluation per package tab.
Fixed
- Dependency Optimization: Pruned non-imported dependencies and macro components from the crate manifest configuration files to ensure minimalist, safety-first compilation bounds.
- Git Patch Token Stripping: Adjusted the whitespace trim sequence to accurately strip leading
+and-tokens from live diff paths, eliminating false syntax markers during security evaluations. - Option Trait Compiler Error: Resolved an invalid parenthesis alignment inside the synthetic clean findings structure that broke string trait implementations during cargo release cycles.
- Single-File Verification Deficit: Replaced the solitary
Path::new("PKGBUILD")local file check with a dynamic user home cache directory lookup query matching upstream package identifiers.
Full Changelog: v0.5.5...v0.5.6
v0.5.5: The Interface Stability Update
[v0.5.0] 2026-06-18 - The Interface Stability Update
Added
- Dynamic Four-Column Layout Split: Implemented a contextual horizontal TUI transformation that splits the viewport into four segments (20% Findings, 50% Context, 25% Highlights, 5% Heat Map) dynamically when a global rule is highlighted.
- Stateful Scrolling Highlights Panel: Added a text-wrapped, vertically scrollable panel mapping out exact code context points for complex behavioural life-cycles.
- Contextual Input Routing: Synchronised keyboard bindings to automatically toggle scroll tracking inside sub-windows based on list focus.
- Base64 Macro Tracker Heuristics: Extended the data matching block to capture static variable structures (e.g.,
DATA=) exceeding 40 characters.
Changed
- Adaptive TUI Contrast Design: Stripped solid block background highlights from inactive text view tracks, preventing content from becoming invisible on light terminal emulators.
- Refined Life-cycle Behaviour Weights: Scaled standard script installation sequences lacking background anti-forensics or execution silence to a Medium risk classification to minimise false-alarm overhead.
Fixed
- Horizontal Text Clipping: Fixed a layout clipping bug by introducing native line wrapping to structural context panels.
- Behavioural Mismatch Errors: Re-synchronised the view compilation logic to run 1:1 against the core
perform_analysisengine rules, eradicating layout mismatches like line 685 overrides.
v0.5.0: The Stealth Update
[v0.5.0] 2026-05-15 - The Stealth Update
This release moves Oversight from a static pattern matcher to a heuristic behavioural engine. The focus is on detecting "living off the land" attacks and obfuscated payloads that bypass traditional string-based scanners.
Added
- Shannon Entropy Engine: New module in heuristics.rs to calculate string randomness. This identifies base64-encoded payloads and packed data blocks with a default threshold of 4.5.
- Malicious Lifecycle Tracker: Implemented a stateful tracker to identify the "Fetch-Modify-Execute" chain. It links independent commands across a file to detect trojan-style installers.
-Security Heat Map: Added a vertical sidebar to the TUI. It provides a compressed visual overview of the entire file, marking high-risk zones with red blocks and global threats with directional arrows. - Behavioural Trace Summaries: Global findings now display a detailed "Trace" in the context window, listing exactly which lines contributed to a suspicious lifecycle.
- Anti-Forensic Detection: Added heuristics for self-deletion commands (rm $0), history tampering (history -c), and silent execution via /dev/null redirection.
- Persistence Monitoring: Detection for reboot hooks and auto-start mechanisms including crontab, systemctl, and .bashrc modifications.
Changed
- TUI Layout: Redesigned the interface into a three-column split (20% Findings, 75% Context, 5% Heat Map) for better information density.
- Risk Score Weighting: Re-balanced the scoring engine. Critical behavioural findings now carry a 60-point weight, ensuring a "Dangerous" verdict for confirmed malicious chains.
- Finding Labels: Updated the list view to use [L#] for line-specific findings and [GLOB] for file-wide heuristic findings.
Fixed
- Score Reactivity: Fixed a bug where the risk score header did not always update immediately after suppressing a finding.
- Path Detection: Improved the execution tracker to correctly identify absolute paths and RAM-only storage in /dev/shm.
- Regex Performance: Optimised the rule compilation step to prevent UI lag on files with high line counts.
Full Changelog: v0.4.5...v0.5.0
v0.4.5: Interactive triage and Go support
[0.4.5] 2026-05-08
- Implemented a weighted risk scoring system (0 to 100) with dynamic header labels.
- Added a fix field to the rules engine to provide actionable remediation advice for every finding.
- Introduced line level suppression via the S key to toggle code sanitisation in the TUI.
- Refactored the versioning system to pull directly from Cargo metadata using the env macro.
- Updated the Potential Command Obfuscation rule to use a non-backtracking regex pattern for better stability.
- Added HashSet tracking for suppressed indices to ensure real-time score updates during triage.
- Expanded the rules engine to include Go (Golang) and universal system-level threat patterns.
- Synchronised the Zsh, Bash, and Fish wrappers with enhanced interpreter detection.
- Fixed the AuditFinding mapping to ensure remediation tips are displayed correctly in the TUI footer.
Full Changelog: v0.4.0...v0.4.5
v0.4.0 Add OSV vulnerability scanning
[0.4.0] 2026-05-01
- Added vulnerability intelligence engine via
OSV.dev APIintegration. - Implemented network communication logic within a dedicated intel module.
- Refined regex patterns in rules.json to capture package names and versions for
pipandcargo. - Extended the main analysis loop to trigger automatic vulnerability scanning on detected installation commands.
- Updated TUI output to render security vulnerabilities alongside static analysis findings.
- Added
serdeandreqwestto Cargo.toml for JSON handling and API requests.
Full Changelog: v0.3.5...v0.4.0
v0.3.5: Multi-language context-aware auditing
[0.3.5] - 2026-04-28
Added
- Multi-Language Support: Expanded the auditing engine to support Python (.py) alongside Shell scripts, targeting cross-language risks like subprocess spawning and socket creation.
- Context-Aware Auditing: Implemented an 11-line code window (5 before, 5 after) for every finding to reveal variable definitions and logic blocks.
- Syntax Highlighting: Added Yellow/Bold highlighting for the specific flagged line within the context block for better scannability.
- Dynamic Rules Engine: Decoupled security patterns from the source code. Patterns are now stored in an external
rules.jsonfile for easier updates without recompilation. - Enhanced Analysis Metadata: Audit findings now include categories and reference URLs to provide users with deeper context on specific security risks.
- Reference Support in TUI: The analysis view now displays external documentation links for every flagged security pattern.
- JSON Serialization: Integrated
serdeandserde_jsonfor robust management of the external security database.
Changed
- TUI Rendering Logic: Refactored the Code Context view to handle multi-line Paragraph widgets and styled Line/Span elements.
- Architectural Shift: Moved security intelligence logic from hardcoded Rust enums to a flexible JSON-driven data structure.
- Optimised Deployment: Updated the installer to handle multi-path deployment, ensuring
rules.jsonis correctly placed in~/.local/share/oversight/. - Release Profile Default: Standardised the installer to build the binary using the
--releaseprofile for maximum scanning performance. - Improved Shell Wrappers: Refined Bash, Zsh, and Fish hooks to point to consolidated share paths and match the project's updated naming convention.
Fixed
- TUI Indentation: Disabled automatic trimming in the Paragraph widget to preserve code structure and indentation for Python/Shell scripts.
- Rule Path Resolution: Resolved an issue where the binary would fail to find security patterns if executed from outside the installation directory.
- TUI Type Mismatch: Fixed a bug where string-based severity levels from the rules engine weren't correctly mapping to UI colours.
- Installer Logic Gap: Patched the setup script to ensure the local rules database is deployed alongside the binary and shell hooks.
Full Changelog: v0.3.0...v0.3.5
v0.3.0: TUI Dashboard and Universal Installer
[0.3.0] - 2026-04-25
Added
- Interactive TUI: Introduced a terminal-based dashboard using
ratatuifor side-by-side code and security analysis. - Remote Auditing: Support for fetching and scanning scripts directly from Raw URLs (GitHub/Gists) without writing to disk (memory-only analysis).
- Universal Shell Support: Added native hooks for Bash and Fish, ensuring parity with the existing Zsh integration.
- Mend-Style Automated Installer: A new
install.shthat handles dependency checks, compilation, and automatic shell hook injection. - Final Verdict Logic: Added a summary message providing a clear recommendation (Safe/Caution/Dangerous) based on audit results.
- Word Boundary Detection: Implemented
\bregex boundaries to significantly reduce false positives in benign scripts (e.g.,encodevsnc).
Changed
- Engine Pivot: Transitioned from a Landlock-based "Enforcement" model to a Static Analysis "Intelligence" model for better portability.
- Global Deployment: The installer now deploys Oversight to
~/.local/bin, moving it out of the development directory for system-wide use. - Wrapper Logic: Unified the shell logic to focus on a thin "glue" layer, moving the intelligence into the core Rust binary.
Fixed
- Pattern Noise: Fixed an issue where variable names containing command fragments (like 'nc') triggered high-severity network warnings.
- Resource Cleanup: All remote audits are now performed in volatile memory, ensuring no temporary files or sensitive data are left behind.
Full Changelog: v0.1.0...v0.3.0
v0.1.1 - Implement persistent auditing and strict isolation
[0.1.1] - 2026-04-20
Added
- Dynamic Filtering: Implemented a real-time output filter to intercept "Permission denied" and "Operation not permitted" errors.
- Heuristic Detection: Added support for catching coreutils failsafes (e.g.
rmpreserve-root warnings) in the audit log. - Log Management: Established a persistent log directory at
~/oversight/logs/with timestamped sessions. - Janitor Service: Added a start-up check to prompt the user to clear previous session logs, keeping the environment tidy.
- Wait Synchronisation: Integrated the
waitcommand to ensure background processes (like sneakycurlcalls) are captured before the audit closes.
Changed
- Security Policy: Tightened Landlock restrictions. The sandbox now defaults to Read-Only (
-r) for the current directory and Write-access (-w) only for the specific session log folder. - Documentation: Updated all project materials to UK English.
- UI: Refined the
fzfwidget to include a footer displaying the current session path and cleanup instructions.
Full Changelog: https://github.com/Rakosn1cek/oversight/commits/v0.1.1
v0.1.0 Oversight: Initial release
[0.1.0] - 2026-04-19
Added
- Initial Release: Core Rust engine with Landlock integration.
- Zsh Wrapper: Initial
sboxfunction for scanning and execution. - Regex Scanner: Basic pattern matching for common malicious shell commands.
- Basic Sandbox: Preliminary filesystem isolation using the Landlock LSM.