v0.6.0
Highlights
-
CI-native workflow -
--quiet,--strict, SARIF, JUnit, GitHub Action, pre-commit hook. Everything needed to run asgion in CI pipelines with zero friction. -
Custom HTTP requests - test any endpoint with
--method,-H,-d, and method prefixes:asgion check myapp:app --path "POST:/api/users" -H "Content-Type: application/json" -d '{}' -
SARIF & JUnit output -
--format sariffor GitHub Code Scanning / VS Code,--format junitfor Jenkins / GitLab CI / Azure DevOps. -
GitHub Action - one-line CI integration:
- uses: ack1d/asgion@v0 with: app: myapp:app args: --strict --min-severity warning
-
pre-commit hook - add to
.pre-commit-config.yaml:- repo: https://github.com/ack1d/asgion rev: v0.6.0 hooks: - id: asgion args: [myapp:app, --strict]
-
asgion init- generate.asgion.tomlconfig scaffold with commented-out defaults.
Features
checkandtrace:-q/--quiet- suppress stdout, exit code only.check:--select- rule allowlist with glob support (e.g.--select "HF-*,SEM-001").check:--layerfilter (repeatable) with granular values (http.fsm,http.semantic, etc.).check:--out FILE- write output to file (strips ANSI).checkandtrace:--timeout(default 5.0s) - configurable per-scope timeout.trace:--strict- exit 1 on violations, respects--min-severity.check: wall time in summary footer.- Config
paths: define default paths in config file. CLI--pathoverrides. Violation.scope_index+Inspector.violations_by_scope- per-request violation isolation.- Public API: re-export
deserialize,TraceViolation,TraceFormatError,TraceEnvironment.
Fixes
--exclude-rulesand--select: warning on unknown rule IDs and glob patterns matching no rules.rules RULE_ID --layer/--severitynow warns that filters are ignored when a specific rule is requested.
Breaking Changes
- Rule IDs renumbered: WF-009..WF-012 are now WF-008..WF-011 (dead WF-008 removed). Update any configs referencing old IDs.
Full changelog: CHANGELOG.md