Skip to content

v0.6.0

Choose a tag to compare

@ack1d ack1d released this 06 Mar 00:12

Highlights

  • CI-native workflow - --quiet, --strict, SARIF, JUnit, GitHub Action, pre-commit hook. Everything needed to run asgion in CI pipelines with zero friction.

  • Custom HTTP requests - test any endpoint with --method, -H, -d, and method prefixes:

    asgion check myapp:app --path "POST:/api/users" -H "Content-Type: application/json" -d '{}'
    
  • SARIF & JUnit output - --format sarif for GitHub Code Scanning / VS Code, --format junit for Jenkins / GitLab CI / Azure DevOps.

  • GitHub Action - one-line CI integration:

    - uses: ack1d/asgion@v0
      with:
        app: myapp:app
        args: --strict --min-severity warning
  • pre-commit hook - add to .pre-commit-config.yaml:

    - repo: https://github.com/ack1d/asgion
      rev: v0.6.0
      hooks:
        - id: asgion
          args: [myapp:app, --strict]
  • asgion init - generate .asgion.toml config scaffold with commented-out defaults.

Features

  • check and trace: -q/--quiet - suppress stdout, exit code only.
  • check: --select - rule allowlist with glob support (e.g. --select "HF-*,SEM-001").
  • check: --layer filter (repeatable) with granular values (http.fsm, http.semantic, etc.).
  • check: --out FILE - write output to file (strips ANSI).
  • check and trace: --timeout (default 5.0s) - configurable per-scope timeout.
  • trace: --strict - exit 1 on violations, respects --min-severity.
  • check: wall time in summary footer.
  • Config paths: define default paths in config file. CLI --path overrides.
  • Violation.scope_index + Inspector.violations_by_scope - per-request violation isolation.
  • Public API: re-export deserialize, TraceViolation, TraceFormatError, TraceEnvironment.

Fixes

  • --exclude-rules and --select: warning on unknown rule IDs and glob patterns matching no rules.
  • rules RULE_ID --layer/--severity now warns that filters are ignored when a specific rule is requested.

Breaking Changes

  • Rule IDs renumbered: WF-009..WF-012 are now WF-008..WF-011 (dead WF-008 removed). Update any configs referencing old IDs.

Full changelog: CHANGELOG.md