v0.3.0
What's new in 0.3.0
This release focuses on DX and configuration: rule filtering from pyproject.toml,
built-in profiles, WebSocket support in the CLI, and a full integration test suite
across FastAPI, Litestar, and Starlette.
Highlights
- Configuration -
[tool.asgion]inpyproject.tomlor.asgion.toml:
min_severity,include_rules,exclude_rules,categories, glob patterns ("SEM-*"). - Built-in profiles -
--profile strict / recommended / minimalin CLI,
orBUILTIN_PROFILES["recommended"]in Python API. - WebSocket checking -
asgion check myapp:app --path ws:/ws/chat.
Protocol prefix (ws:,wss:,http:,https:) determines scope type. - SEM-012 - CORS misconfiguration:
Access-Control-Allow-Origin: *+
Access-Control-Allow-Credentials: true(WARNING). - SEM-013 -
text/*response missingcharsetinContent-Type(INFO). - CLI deduplication - repeated violations across multiple
--pathvalues
are grouped in text output and collapsed in JSON (count,paths,summary.unique).
Breaking Changes
Rule IDs changed. All gaps in ID sequences eliminated — if you reference
rule IDs in config files or suppression lists, update them:
| Series | Old range | New range |
|---|---|---|
HE |
005, 010–028 | 004, 005–023 |
HF |
003–015 | 002–012 |
WE |
002–023 | 001–016 |
LE |
003, 004, 006 | 002, 003, 004 |
EX-001..008 |
(extension field rules) | HE-016..023 |
Layer names renamed in categories config:
"extension"->"http.extension""semantic"->"http.semantic"
--url renamed to --path in asgion check.