Skip to content

Releases: Rakosn1cek/oversight

v0.5.7: Helper-agnostic diff engine and custom helper support

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 04 Jul 22:03

[0.5.7] - 2026-07-04

Added

  • Added support for custom AUR helpers via the AUDIT_HELPER environment variable.

Changed

  • Updated the git diff parser regex to be helper-agnostic, allowing the tool to parse incoming package names from various cache directory structures (such as yay, paru, or Shelly).
  • Removed hardcoded path logic to ensure fallback compatibility across different distribution setups.

Full Changelog: v0.5.6...v0.5.7

v0.5.6: Multi-package tabs, navigation decoupled, and supply-chain protections

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 27 Jun 10:51

[0.5.6] — 2026-06-27

Added

  • Multi-Package Tab Layout Matrix: Introduced a dynamic input parser that intercepts unified git diff headers on the fly. The TUI now scales automatically, generating separate, dedicated source code tabs for every package found in a batch update queue.
  • Dynamic Hotkey Navigation Tracker: Mapped numeric key bindings (0 through 9) to allow instant jumping between active data streams alongside standard Tab cycling.
  • Clean Stream Pager Fallback: Refactored the core vertical layout constraints. When a script passes analysis with a zero risk score, the interface stays open to present a fully interactive text pager for manual validation.
  • Multi-File Context Discovery: Expanded the package tracking architecture to scan the full cache directory layout (~/.cache/yay/<package_name>/). The engine now automatically locates and audits accompanying components like *.install scripts and *.patch files.
  • Supply-Chain Malware Protections: Added specific heuristic profiles targeting malicious runtime installer invocations (npm, yarn, pnpm, bun) inside the build profile to block real-world build-time injection attacks.
  • ANSI and Manpage Stream Sanitisation: Integrated an internal regular expression filter that strips raw formatting backspaces and ANSI escape positioning parameters on the fly, preventing layout corruption from piped manual pages or colourized diff inputs.

Changed

  • Fluid Viewport Engine: Replaced the automated widget scrolling logic with a dynamic vector-slicing paragraph component that wraps long text collections cleanly and renders only visible layout lines to optimize performance.
  • Consolidated Behavioral Data Models: Swapped out the multi-row heuristic scoring architecture for a flat [GLOB] behavioral entry system, protecting risk calculations from scoring bloat while keeping trace workflows intact.
  • Decoupled Heat Map Rendering Loop: Rewrote the Map sidebar layout engine to calculate relative vertical line indexes from individual tab text collections rather than anchoring to the top-level findings arrays, clearing borrow checker constraints.
  • Unified Directory Risk Profiles: Refactored the core calculation engine to compile threat indices from all discovered companion files into a single, cohesive macro evaluation per package tab.

Fixed

  • Dependency Optimization: Pruned non-imported dependencies and macro components from the crate manifest configuration files to ensure minimalist, safety-first compilation bounds.
  • Git Patch Token Stripping: Adjusted the whitespace trim sequence to accurately strip leading + and - tokens from live diff paths, eliminating false syntax markers during security evaluations.
  • Option Trait Compiler Error: Resolved an invalid parenthesis alignment inside the synthetic clean findings structure that broke string trait implementations during cargo release cycles.
  • Single-File Verification Deficit: Replaced the solitary Path::new("PKGBUILD") local file check with a dynamic user home cache directory lookup query matching upstream package identifiers.

Full Changelog: v0.5.5...v0.5.6

v0.5.5: The Interface Stability Update

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 18 Jun 10:01

[v0.5.0] 2026-06-18 - The Interface Stability Update

Added

  • Dynamic Four-Column Layout Split: Implemented a contextual horizontal TUI transformation that splits the viewport into four segments (20% Findings, 50% Context, 25% Highlights, 5% Heat Map) dynamically when a global rule is highlighted.
  • Stateful Scrolling Highlights Panel: Added a text-wrapped, vertically scrollable panel mapping out exact code context points for complex behavioural life-cycles.
  • Contextual Input Routing: Synchronised keyboard bindings to automatically toggle scroll tracking inside sub-windows based on list focus.
  • Base64 Macro Tracker Heuristics: Extended the data matching block to capture static variable structures (e.g., DATA=) exceeding 40 characters.

Changed

  • Adaptive TUI Contrast Design: Stripped solid block background highlights from inactive text view tracks, preventing content from becoming invisible on light terminal emulators.
  • Refined Life-cycle Behaviour Weights: Scaled standard script installation sequences lacking background anti-forensics or execution silence to a Medium risk classification to minimise false-alarm overhead.

Fixed

  • Horizontal Text Clipping: Fixed a layout clipping bug by introducing native line wrapping to structural context panels.
  • Behavioural Mismatch Errors: Re-synchronised the view compilation logic to run 1:1 against the core perform_analysis engine rules, eradicating layout mismatches like line 685 overrides.

v0.5.0: The Stealth Update

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 15 May 11:39

[v0.5.0] 2026-05-15 - The Stealth Update

This release moves Oversight from a static pattern matcher to a heuristic behavioural engine. The focus is on detecting "living off the land" attacks and obfuscated payloads that bypass traditional string-based scanners.

Added

  • Shannon Entropy Engine: New module in heuristics.rs to calculate string randomness. This identifies base64-encoded payloads and packed data blocks with a default threshold of 4.5.
  • Malicious Lifecycle Tracker: Implemented a stateful tracker to identify the "Fetch-Modify-Execute" chain. It links independent commands across a file to detect trojan-style installers.
    -Security Heat Map: Added a vertical sidebar to the TUI. It provides a compressed visual overview of the entire file, marking high-risk zones with red blocks and global threats with directional arrows.
  • Behavioural Trace Summaries: Global findings now display a detailed "Trace" in the context window, listing exactly which lines contributed to a suspicious lifecycle.
  • Anti-Forensic Detection: Added heuristics for self-deletion commands (rm $0), history tampering (history -c), and silent execution via /dev/null redirection.
  • Persistence Monitoring: Detection for reboot hooks and auto-start mechanisms including crontab, systemctl, and .bashrc modifications.

Changed

  • TUI Layout: Redesigned the interface into a three-column split (20% Findings, 75% Context, 5% Heat Map) for better information density.
  • Risk Score Weighting: Re-balanced the scoring engine. Critical behavioural findings now carry a 60-point weight, ensuring a "Dangerous" verdict for confirmed malicious chains.
  • Finding Labels: Updated the list view to use [L#] for line-specific findings and [GLOB] for file-wide heuristic findings.

Fixed

  • Score Reactivity: Fixed a bug where the risk score header did not always update immediately after suppressing a finding.
  • Path Detection: Improved the execution tracker to correctly identify absolute paths and RAM-only storage in /dev/shm.
  • Regex Performance: Optimised the rule compilation step to prevent UI lag on files with high line counts.

Full Changelog: v0.4.5...v0.5.0

v0.4.5: Interactive triage and Go support

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 07 May 08:59

[0.4.5] 2026-05-08

  • Implemented a weighted risk scoring system (0 to 100) with dynamic header labels.
  • Added a fix field to the rules engine to provide actionable remediation advice for every finding.
  • Introduced line level suppression via the S key to toggle code sanitisation in the TUI.
  • Refactored the versioning system to pull directly from Cargo metadata using the env macro.
  • Updated the Potential Command Obfuscation rule to use a non-backtracking regex pattern for better stability.
  • Added HashSet tracking for suppressed indices to ensure real-time score updates during triage.
  • Expanded the rules engine to include Go (Golang) and universal system-level threat patterns.
  • Synchronised the Zsh, Bash, and Fish wrappers with enhanced interpreter detection.
  • Fixed the AuditFinding mapping to ensure remediation tips are displayed correctly in the TUI footer.

Full Changelog: v0.4.0...v0.4.5

v0.4.0 Add OSV vulnerability scanning

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 01 May 07:05

[0.4.0] 2026-05-01

  • Added vulnerability intelligence engine via OSV.dev API integration.
  • Implemented network communication logic within a dedicated intel module.
  • Refined regex patterns in rules.json to capture package names and versions for pip and cargo.
  • Extended the main analysis loop to trigger automatic vulnerability scanning on detected installation commands.
  • Updated TUI output to render security vulnerabilities alongside static analysis findings.
  • Added serde and reqwest to Cargo.toml for JSON handling and API requests.

Full Changelog: v0.3.5...v0.4.0

v0.3.5: Multi-language context-aware auditing

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 28 Apr 14:27

[0.3.5] - 2026-04-28

Added

  • Multi-Language Support: Expanded the auditing engine to support Python (.py) alongside Shell scripts, targeting cross-language risks like subprocess spawning and socket creation.
  • Context-Aware Auditing: Implemented an 11-line code window (5 before, 5 after) for every finding to reveal variable definitions and logic blocks.
  • Syntax Highlighting: Added Yellow/Bold highlighting for the specific flagged line within the context block for better scannability.
  • Dynamic Rules Engine: Decoupled security patterns from the source code. Patterns are now stored in an external rules.json file for easier updates without recompilation.
  • Enhanced Analysis Metadata: Audit findings now include categories and reference URLs to provide users with deeper context on specific security risks.
  • Reference Support in TUI: The analysis view now displays external documentation links for every flagged security pattern.
  • JSON Serialization: Integrated serde and serde_json for robust management of the external security database.

Changed

  • TUI Rendering Logic: Refactored the Code Context view to handle multi-line Paragraph widgets and styled Line/Span elements.
  • Architectural Shift: Moved security intelligence logic from hardcoded Rust enums to a flexible JSON-driven data structure.
  • Optimised Deployment: Updated the installer to handle multi-path deployment, ensuring rules.json is correctly placed in ~/.local/share/oversight/.
  • Release Profile Default: Standardised the installer to build the binary using the --release profile for maximum scanning performance.
  • Improved Shell Wrappers: Refined Bash, Zsh, and Fish hooks to point to consolidated share paths and match the project's updated naming convention.

Fixed

  • TUI Indentation: Disabled automatic trimming in the Paragraph widget to preserve code structure and indentation for Python/Shell scripts.
  • Rule Path Resolution: Resolved an issue where the binary would fail to find security patterns if executed from outside the installation directory.
  • TUI Type Mismatch: Fixed a bug where string-based severity levels from the rules engine weren't correctly mapping to UI colours.
  • Installer Logic Gap: Patched the setup script to ensure the local rules database is deployed alongside the binary and shell hooks.

Full Changelog: v0.3.0...v0.3.5

v0.3.0: TUI Dashboard and Universal Installer

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 25 Apr 21:13

[0.3.0] - 2026-04-25

Added

  • Interactive TUI: Introduced a terminal-based dashboard using ratatui for side-by-side code and security analysis.
  • Remote Auditing: Support for fetching and scanning scripts directly from Raw URLs (GitHub/Gists) without writing to disk (memory-only analysis).
  • Universal Shell Support: Added native hooks for Bash and Fish, ensuring parity with the existing Zsh integration.
  • Mend-Style Automated Installer: A new install.sh that handles dependency checks, compilation, and automatic shell hook injection.
  • Final Verdict Logic: Added a summary message providing a clear recommendation (Safe/Caution/Dangerous) based on audit results.
  • Word Boundary Detection: Implemented \b regex boundaries to significantly reduce false positives in benign scripts (e.g., encode vs nc).

Changed

  • Engine Pivot: Transitioned from a Landlock-based "Enforcement" model to a Static Analysis "Intelligence" model for better portability.
  • Global Deployment: The installer now deploys Oversight to ~/.local/bin, moving it out of the development directory for system-wide use.
  • Wrapper Logic: Unified the shell logic to focus on a thin "glue" layer, moving the intelligence into the core Rust binary.

Fixed

  • Pattern Noise: Fixed an issue where variable names containing command fragments (like 'nc') triggered high-severity network warnings.
  • Resource Cleanup: All remote audits are now performed in volatile memory, ensuring no temporary files or sensitive data are left behind.

Full Changelog: v0.1.0...v0.3.0

v0.1.1 - Implement persistent auditing and strict isolation

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 20 Apr 14:44

[0.1.1] - 2026-04-20

Added

  • Dynamic Filtering: Implemented a real-time output filter to intercept "Permission denied" and "Operation not permitted" errors.
  • Heuristic Detection: Added support for catching coreutils failsafes (e.g. rm preserve-root warnings) in the audit log.
  • Log Management: Established a persistent log directory at ~/oversight/logs/ with timestamped sessions.
  • Janitor Service: Added a start-up check to prompt the user to clear previous session logs, keeping the environment tidy.
  • Wait Synchronisation: Integrated the wait command to ensure background processes (like sneaky curl calls) are captured before the audit closes.

Changed

  • Security Policy: Tightened Landlock restrictions. The sandbox now defaults to Read-Only (-r) for the current directory and Write-access (-w) only for the specific session log folder.
  • Documentation: Updated all project materials to UK English.
  • UI: Refined the fzf widget to include a footer displaying the current session path and cleanup instructions.

Full Changelog: https://github.com/Rakosn1cek/oversight/commits/v0.1.1

v0.1.0 Oversight: Initial release

Pre-release

Choose a tag to compare

@Rakosn1cek Rakosn1cek released this 20 Apr 14:41

[0.1.0] - 2026-04-19

Added

  • Initial Release: Core Rust engine with Landlock integration.
  • Zsh Wrapper: Initial sbox function for scanning and execution.
  • Regex Scanner: Basic pattern matching for common malicious shell commands.
  • Basic Sandbox: Preliminary filesystem isolation using the Landlock LSM.